[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXaKM-HPZQtAHgKS_p4TC0ofO0niAtPFKjrJeQFqFvz8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":31,"analysis":145,"fingerprints":571},"decfirebase","DEC firebase plugin","1.0.4","donggua211","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonggua211\u002F","\u003Cp>This is a plugin to manage firebase realtime database.\u003Cbr \u002F>\n* Firebase is a platform which can easily converting wordpress site to mobile APP.\u003Cbr \u002F>\n* You can get an account with firebase for free and start to use it by click the link: https:\u002F\u002Ffirebase.google.com\u002F\u003Cbr \u002F>\n* Firebase term: https:\u002F\u002Ffirebase.google.com\u002Fterms\u002F\u003Cbr \u002F>\n* Firebase privacy police: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n","This is a plugin to manage firebase realtime database. Firebase is a platform which can easily converting wordpress site to mobile APP.",0,1038,"2021-01-06T05:50:00.000Z","5.6.17","5.0","5.3",[18],"firebase","https:\u002F\u002Fdec4u.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdecfirebase.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":21,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},2,10,30,84,"2026-04-05T17:49:29.724Z",[32,56,77,99,122],{"slug":33,"name":34,"version":35,"author":36,"author_profile":37,"description":38,"short_description":39,"active_installs":40,"downloaded":41,"rating":42,"num_ratings":43,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":53,"download_link":54,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23},"fcm-push-notification-from-wp","FCM Push Notification from WP","1.9.1","Paulo Miranda","https:\u002F\u002Fprofiles.wordpress.org\u002Fdprogrammer\u002F","\u003Cp>Notifications for posts, pages and custom post types.\u003C\u002Fp>\n\u003Cp>Works with scheduled posts.\u003C\u002Fp>\n\u003Cp>Send notifications to users of your app from your website using Google’s service, Firebase Push Notification.\u003C\u002Fp>\n\u003Cp>The notification sent includes the block with the data message to be handled by the application, even when it is in the background.\u003C\u002Fp>\n\u003Cp>Configure the plugin to start sending notifications.\u003C\u002Fp>\n\u003Cp>Send custom field values ​​in the notification, in the data option.\u003C\u002Fp>\n\u003Cp>Send a notification when you post news or update your content. When editing, the option is deselected to send you to accidentally send a new notification. Check if you want to send a new notification when editing.\u003C\u002Fp>\n\u003Cp>Compatible with apps developed with the SDK Flutter.\u003C\u002Fp>\n\u003Cp>You need to register users on the same topic (fcm) that was informed in the plugin configuration. This plugin is not intended for sending notifications to websites.\u003C\u002Fp>\n\u003Cp>Support my work\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fdprogrammer\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.buymeacoffee.com\u002Fdprogrammer\u003C\u002Fa>\u003C\u002Fp>\n","Notify your users using Firebase Cloud Messaging (FCM) when content is published or updated.",600,14357,86,6,"2024-06-23T18:34:00.000Z","6.5.8","4.6","5.6.20",[49,50,18,51,52],"android","fcm","notification","push","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffcm-push-notification-from-wp.zip",92,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":40,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":72,"download_link":73,"security_score":74,"vuln_count":75,"unpatched_count":11,"last_vuln_date":76,"fetched_at":23},"integrate-firebase","Integrate Firebase","0.10.0","Dale Nguyen","https:\u002F\u002Fprofiles.wordpress.org\u002Fhanthuy\u002F","\u003Cp>The Firebase for WordPress Plugin will help a Firebase user to login to your WordPress interface – not to WordPress dashboard – from Firebase authentication. You can show user info and display data that is only available to your Firebase users.\u003C\u002Fp>\n\u003Cp>If you want a secured implementation, with much more features, check the \u003Ca href=\"https:\u002F\u002Ffirebase.dalenguyen.me\u002F\" rel=\"nofollow ugc\">Interate Firebase PRO\u003C\u002Fa> version.\u003C\u002Fp>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdalenguyen\u002Ffirebase-wordpress-plugin\" rel=\"nofollow ugc\">Github project page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdalenguyen\u002Ffirebase-wordpress-plugin\u002Fblob\u002Fmaster\u002FCHANGELOG.md\" rel=\"nofollow ugc\">View CHANGELOG\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Integrate Firebase is a plugin that helps to integrate Firebase features to WordPress",27641,100,20,"2024-12-04T22:22:00.000Z","6.7.5","4.0.0","5.2.4",[18],"https:\u002F\u002Fgithub.com\u002Fdalenguyen\u002Ffirebase-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintegrate-firebase.0.10.0.zip",91,1,"2024-12-11 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":66,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":97,"download_link":98,"security_score":65,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23},"firebase-authentication","Firebase Authentication","1.6.8","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Cstrong>WordPress Firebase Authentication Plugin\u003C\u002Fstrong> allows you to login to WordPress sites using your Firebase user login credentials or via Social Login.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-firebase-authentication\u002F\" rel=\"nofollow ugc\">WordPress Firebase Authentication\u003C\u002Fa> works using the default WordPress login page. We support \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ffirebase-woocommerce-integration\u002F\" rel=\"nofollow ugc\">Firebase WooCommerce Integration\u003C\u002Fa> and other third-party login pages along with custom login forms.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-into-wordpress-using-firebase-authentication\u002F\" rel=\"nofollow ugc\">WordPress Firebase Authentication\u003C\u002Fa>\u003C\u002Fstrong> : WordPress login using Firebase authentication user login credentials\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto Create Users\u003C\u002Fstrong> : After login using Firebase login credentials, new user automatically gets created in WordPress\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ffirebase-premium-and-enterprise-plugin-features\u002F\" rel=\"nofollow ugc\">Configurable login options\u003C\u002Fa>\u003C\u002Fstrong> :\u003Cbr \u002F>\nProvide option to login with,\u003Cbr \u002F>\na) Only Firebase credentials\u003Cbr \u002F>\nb) Only WordPress credentials\u003Cbr \u002F>\nc) Both Firebase and WordPress credentials\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto Register WooCommerce Users to Firebase\u003C\u002Fstrong> : Provide an option to sync a WordPress user to Firebase whenever an end-user registers into the WordPress site via the WooCommerce registration form. User is created in Firebase with only an email address and password.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support for Firebase Phone Authentication method\u003C\u002Fstrong> : Users will be asked to enter OTP provided via Firebase to login into WordPress (Passwordless login). This works for WooCommerce as well.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ffirebase-social-login-integration-for-wordpress\" rel=\"nofollow ugc\">Support for Firebase Social Login\u003C\u002Fa>\u003C\u002Fstrong> : With Firebase authentication, users will be provided an option to login in to WordPress using selected social login providers\u003Cbr \u002F>\nProviders supported are:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-google-using-firebase-authentication\" rel=\"nofollow ugc\">Google\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-facebook-using-firebase-authentication\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-apple-using-firebase-authentication\" rel=\"nofollow ugc\">Apple\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Github\u003C\u002Fli>\n\u003Cli>Yahoo\u003C\u002Fli>\n\u003Cli>Microsoft\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Firebase WooCommerce Integration\u003C\u002Fstrong> : Integrate WooCommerce with the WordPress Firebase Authentication plugin and allow users to log in to your WooCommerce site using firebase login credentials on WooCommerce Checkout and My account page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwoocommerce-cloud-firestore-integration\" rel=\"nofollow ugc\">WordPress Firestore Integration\u003C\u002Fa>\u003C\u002Fstrong>: Sync WordPress User Meta to Cloud Firestore Collections, WooCommerce products, orders, subscription sync to Firebase database.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support for Social Login buttons Shortcode\u003C\u002Fstrong> : Use a shortcode to place Firebase social login buttons anywhere in your Theme or Plugin\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Sync Firebase UID to WordPress\u003C\u002Fstrong> : Users can map email, Firebase user-id to their WordPress user profile using this WordPress Firebase Authentication feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Redirect Login and Logout URL\u003C\u002Fstrong> : Automatically Redirect users after successful login\u002Flogout. This works for WooCommerce as well.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support for Firebase Login and Registration form Shortcode\u003C\u002Fstrong> : Using login form shortcode, users can enter their Firebase credentials to login into the WP site, and using the registration form shortcode, users can register into the WordPress site, and that user is also auto created in Firebase with an email address and password.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WP Hooks for Different Events\u003C\u002Fstrong> : WordPress Firebase authentication provides support for different hooks for user defined functions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>  \u003Cstrong>WordPress login with Firebase JWT\u003C\u002Fstrong>: WordPress login with Firebase JWT allows you to create a user login session on a WordPress site using their Firebase JWT token, eliminating the need to enter their login credentials again. This is highly recommended when there are multiple websites\u002Fapplications and the user is already logged in to any of them.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows login into WordPress using Firebase user credentials and maps Firebase user data to WordPress user profile.",500,26163,80,"2025-05-20T17:48:00.000Z","6.8.5","3.0.1","7.0",[93,18,94,95,96],"authentication","jwt","login","woocommerce-integration","http:\u002F\u002Ffirebase-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffirebase-authentication.1.6.8.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":85,"downloaded":107,"rating":11,"num_ratings":11,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":118,"download_link":119,"security_score":120,"vuln_count":75,"unpatched_count":11,"last_vuln_date":121,"fetched_at":23},"push-notification-mobile-and-web-app","Push notification for Mobile and Web app","2.0.4","App Cheap","https:\u002F\u002Fprofiles.wordpress.org\u002Fappcheap\u002F","\u003Cp>Support push notification for mobile and the web app.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Fcirilla-multipurpose-flutter-wordpress-app\u002F31940668\" rel=\"nofollow ugc\">Demo app\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Push services support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Firebase HTTP V1\u003C\u002Fli>\n\u003Cli>Firebase HTTP legacy\u003C\u002Fli>\n\u003Cli>OneSignal\u003C\u002Fli>\n\u003Cli>Debug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How does it work\u003C\u002Fh3>\n\u003Cp>The Push Notification plugin is built with five part:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Trigger: When WordPress action execution (Post saved, Order status changed …)\u003C\u002Fli>\n\u003Cli>Recipients: One\u002F More recipients get the notification ( topic, registration ID, role, user, merge tag …)\u003C\u002Fli>\n\u003Cli>Conditionals: Determine whether notification send\u003C\u002Fli>\n\u003Cli>Action: The action when the user click to notification on device\u003C\u002Fli>\n\u003Cli>Merge Tag: That is dynamic information in that context\u003C\u002Fli>\n\u003Cli>String translation: Replace part of string on title and message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Comment Post: Fires immediately after a comment is inserted into the database.\u003C\u002Fli>\n\u003Cli>Post Type: Fires when a post is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>Save Post: Fires once a post has been saved.\u003C\u002Fli>\n\u003Cli>Order Status Changed: Fires when an order is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>Product Status Changed: Fires when a product is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>WCFM – Direct Messaging: Fires when vendor receive a message.\u003C\u002Fli>\n\u003Cli>BuddyPress: Fires Messages message sent, Activity Posted Update, Friends Friendship Accepted, Friends Friendship Requested, Groups Posted Update, Groups Send Invites\u003C\u002Fli>\n\u003C\u002Ful>\n","Push notification for Android, iOS and the Web",15918,"2025-12-06T07:06:00.000Z","6.6.5","5.8","7.4",[113,114,115,116,117],"android-notifications","app-builder","firebase-messages","ios-notifications","push-notification","https:\u002F\u002Fappcheap.io\u002Fpush-notification-mobile-and-web-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpush-notification-mobile-and-web-app.2.0.4.zip",99,"2025-05-16 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":65,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":143,"download_link":144,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23},"free-sms-verification-for-gravity-forms","Free SMS OTP Verification for Gravity Forms By Firebase","1.0.8","WiserSteps","https:\u002F\u002Fprofiles.wordpress.org\u002Fwisersteps\u002F","\u003Cp>The best free SMS verification plugin for Gravity Forms, Verify users numbers before submitting the forms, Use Google firebase to edit the sent message to phone numbers by adding your website name.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FGwHVKauTSuU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n– Verify 20,000 numbers each month for free\u003Cbr \u002F>\n– The Most stable SMS Verification service by Google\u003Cbr \u002F>\n– Supports 246 countries and 84 languages\u003Cbr \u002F>\n– Supports RTL (Right to left) style\u003Cbr \u002F>\n– Show selected countries to the user\u003C\u002Fp>\n\u003Cp>Important:\u003Cbr \u002F>\n– This is an integration with Firebase\u003Cbr \u002F>\n– https:\u002F\u002Ffirebase.google.com\u002Fdocs\u002Fauth\u002Fweb\u002Fphone-auth\u003Cbr \u002F>\n– Terms of service for Firebase https:\u002F\u002Ffirebase.google.com\u002Fterms\u002F\u003C\u002Fp>\n","The best free SMS verification plugin for Gravity Forms, Verify users numbers before submitting the forms.",200,9460,8,"2021-03-10T01:14:00.000Z","5.5.18","4.7","5.6",[138,139,140,141,142],"form-sms-otp","graivty-forms-otp","gravity-forms-firebase","gravity-forms-sms","gravity-forms-verification","https:\u002F\u002Fwww.wisersteps.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffree-sms-verification-for-gravity-forms.1.0.8.zip",{"attackSurface":146,"codeSignals":194,"taintFlows":345,"riskAssessment":561,"analyzedAt":570},{"hooks":147,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":11,"unprotectedCount":11},[148,155,159,162,166,170,172,176,180,184,187],{"type":149,"name":150,"callback":151,"priority":152,"file":153,"line":154},"action","admin_menu","decfirebase_admin_menu",9,"admin\\admin-init.php",37,{"type":149,"name":156,"callback":157,"priority":152,"file":153,"line":158},"admin_head","decfirebase_admin_head",47,{"type":149,"name":160,"callback":161,"file":153,"line":55},"admin_print_styles","decfirebase_admin_css",{"type":149,"name":163,"callback":164,"file":153,"line":165},"admin_enqueue_scripts","decfirebase_admin_scripts",97,{"type":149,"name":150,"callback":167,"file":168,"line":169},"admin_menus","admin\\includes\\welcome.php",26,{"type":149,"name":156,"callback":156,"file":168,"line":171},27,{"type":149,"name":173,"callback":174,"file":168,"line":175},"admin_init","welcome",28,{"type":149,"name":177,"callback":177,"priority":11,"file":178,"line":179},"init","decfirebase.php",55,{"type":149,"name":177,"callback":181,"file":182,"line":183},"decfirebase_ajax_get_users","hooks.php",13,{"type":149,"name":177,"callback":185,"file":182,"line":186},"decfirebase_ajax_get_user_notifications",14,{"type":149,"name":177,"callback":188,"file":182,"line":189},"decfirebase_ajax_delete_user_notification",15,[],[],[],[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":11,"externalRequests":343,"nonceChecks":26,"capabilityChecks":11,"bundledLibraries":344},[],{"prepared":11,"raw":11,"locations":197},[],{"escaped":169,"rawEcho":199,"locations":200},82,[201,205,206,207,209,211,214,216,217,218,219,221,223,225,227,229,231,233,235,237,239,241,242,243,245,247,249,250,253,255,256,258,259,260,261,263,265,267,268,270,273,275,277,280,282,283,284,286,288,290,291,293,295,297,298,299,301,302,303,305,307,309,311,312,313,314,315,317,318,320,321,323,325,327,329,330,331,334,336,337,339,341],{"file":202,"line":203,"context":204},"admin\\admin-function.php",16,"raw output",{"file":202,"line":66,"context":204},{"file":168,"line":21,"context":204},{"file":168,"line":208,"context":204},89,{"file":168,"line":210,"context":204},96,{"file":212,"line":213,"context":204},"admin\\pages\\edit_user.php",19,{"file":212,"line":215,"context":204},73,{"file":212,"line":87,"context":204},{"file":212,"line":74,"context":204},{"file":212,"line":165,"context":204},{"file":212,"line":220,"context":204},103,{"file":212,"line":222,"context":204},109,{"file":212,"line":224,"context":204},115,{"file":212,"line":226,"context":204},121,{"file":212,"line":228,"context":204},127,{"file":212,"line":230,"context":204},133,{"file":212,"line":232,"context":204},139,{"file":212,"line":234,"context":204},169,{"file":212,"line":236,"context":204},172,{"file":238,"line":213,"context":204},"admin\\pages\\edit_user_notification.php",{"file":238,"line":240,"context":204},66,{"file":238,"line":215,"context":204},{"file":238,"line":29,"context":204},{"file":238,"line":244,"context":204},90,{"file":238,"line":246,"context":204},102,{"file":238,"line":248,"context":204},112,{"file":238,"line":224,"context":204},{"file":251,"line":252,"context":204},"admin\\pages\\link.php",54,{"file":251,"line":254,"context":204},61,{"file":251,"line":215,"context":204},{"file":251,"line":257,"context":204},79,{"file":251,"line":21,"context":204},{"file":251,"line":74,"context":204},{"file":251,"line":165,"context":204},{"file":262,"line":213,"context":204},"admin\\pages\\new_user_notification.php",{"file":262,"line":264,"context":204},71,{"file":262,"line":266,"context":204},78,{"file":262,"line":208,"context":204},{"file":262,"line":269,"context":204},119,{"file":271,"line":272,"context":204},"admin\\pages\\setting.php",49,{"file":271,"line":274,"context":204},59,{"file":271,"line":276,"context":204},67,{"file":278,"line":279,"context":204},"admin\\pages\\user.php",52,{"file":278,"line":281,"context":204},53,{"file":278,"line":252,"context":204},{"file":278,"line":179,"context":204},{"file":278,"line":285,"context":204},56,{"file":278,"line":287,"context":204},57,{"file":278,"line":289,"context":204},58,{"file":278,"line":274,"context":204},{"file":278,"line":292,"context":204},60,{"file":278,"line":294,"context":204},64,{"file":278,"line":296,"context":204},65,{"file":278,"line":240,"context":204},{"file":278,"line":199,"context":204},{"file":278,"line":300,"context":204},95,{"file":278,"line":210,"context":204},{"file":278,"line":165,"context":204},{"file":278,"line":304,"context":204},98,{"file":278,"line":306,"context":204},105,{"file":308,"line":154,"context":204},"admin\\pages\\user_notification.php",{"file":308,"line":310,"context":204},63,{"file":308,"line":294,"context":204},{"file":308,"line":296,"context":204},{"file":308,"line":240,"context":204},{"file":308,"line":276,"context":204},{"file":308,"line":316,"context":204},68,{"file":308,"line":264,"context":204},{"file":308,"line":319,"context":204},72,{"file":308,"line":319,"context":204},{"file":308,"line":322,"context":204},93,{"file":308,"line":324,"context":204},106,{"file":308,"line":326,"context":204},107,{"file":308,"line":328,"context":204},108,{"file":308,"line":224,"context":204},{"file":308,"line":224,"context":204},{"file":332,"line":333,"context":204},"functions.php",22,{"file":332,"line":335,"context":204},42,{"file":332,"line":292,"context":204},{"file":332,"line":338,"context":204},312,{"file":332,"line":340,"context":204},318,{"file":332,"line":342,"context":204},322,4,[],[346,388,406,425,443,464,482,492,500,509,517,534,545,553],{"entryPoint":347,"graph":348,"unsanitizedCount":386,"severity":387},"do_decfirebase_edit_user (admin\\pages\\edit_user.php:10)",{"nodes":349,"edges":379},[350,354,359,362,366,371,373,376],{"id":351,"type":352,"label":353,"file":212,"line":189},"n0","source","$_GET (x10)",{"id":355,"type":356,"label":357,"file":212,"line":74,"wp_function":358},"n1","sink","echo() [XSS]","echo",{"id":360,"type":352,"label":361,"file":212,"line":252},"n2","$_GET",{"id":363,"type":364,"label":365,"file":212,"line":252},"n3","transform","→ decfirebase_update_data()",{"id":367,"type":356,"label":368,"file":332,"line":369,"wp_function":370},"n4","wp_remote_get() [SSRF]",229,"wp_remote_get",{"id":372,"type":352,"label":361,"file":212,"line":310},"n5",{"id":374,"type":364,"label":375,"file":212,"line":310},"n6","→ decfirebase_get_data()",{"id":377,"type":356,"label":368,"file":332,"line":378,"wp_function":370},"n7",202,[380,382,383,384,385],{"from":351,"to":355,"sanitized":381},false,{"from":360,"to":363,"sanitized":381},{"from":363,"to":367,"sanitized":381},{"from":372,"to":374,"sanitized":381},{"from":374,"to":377,"sanitized":381},12,"medium",{"entryPoint":389,"graph":390,"unsanitizedCount":386,"severity":387},"\u003Cedit_user> (admin\\pages\\edit_user.php:0)",{"nodes":391,"edges":400},[392,393,394,395,396,397,398,399],{"id":351,"type":352,"label":353,"file":212,"line":189},{"id":355,"type":356,"label":357,"file":212,"line":74,"wp_function":358},{"id":360,"type":352,"label":361,"file":212,"line":252},{"id":363,"type":364,"label":365,"file":212,"line":252},{"id":367,"type":356,"label":368,"file":332,"line":369,"wp_function":370},{"id":372,"type":352,"label":361,"file":212,"line":310},{"id":374,"type":364,"label":375,"file":212,"line":310},{"id":377,"type":356,"label":368,"file":332,"line":378,"wp_function":370},[401,402,403,404,405],{"from":351,"to":355,"sanitized":381},{"from":360,"to":363,"sanitized":381},{"from":363,"to":367,"sanitized":381},{"from":372,"to":374,"sanitized":381},{"from":374,"to":377,"sanitized":381},{"entryPoint":407,"graph":408,"unsanitizedCount":43,"severity":387},"do_decfirebase_edit_user_notification (admin\\pages\\edit_user_notification.php:10)",{"nodes":409,"edges":419},[410,412,413,414,415,416,417,418],{"id":351,"type":352,"label":411,"file":238,"line":189},"$_GET (x4)",{"id":355,"type":356,"label":357,"file":238,"line":29,"wp_function":358},{"id":360,"type":352,"label":361,"file":238,"line":158},{"id":363,"type":364,"label":365,"file":238,"line":158},{"id":367,"type":356,"label":368,"file":332,"line":369,"wp_function":370},{"id":372,"type":352,"label":361,"file":238,"line":285},{"id":374,"type":364,"label":375,"file":238,"line":285},{"id":377,"type":356,"label":368,"file":332,"line":378,"wp_function":370},[420,421,422,423,424],{"from":351,"to":355,"sanitized":381},{"from":360,"to":363,"sanitized":381},{"from":363,"to":367,"sanitized":381},{"from":372,"to":374,"sanitized":381},{"from":374,"to":377,"sanitized":381},{"entryPoint":426,"graph":427,"unsanitizedCount":43,"severity":387},"\u003Cedit_user_notification> (admin\\pages\\edit_user_notification.php:0)",{"nodes":428,"edges":437},[429,430,431,432,433,434,435,436],{"id":351,"type":352,"label":411,"file":238,"line":189},{"id":355,"type":356,"label":357,"file":238,"line":29,"wp_function":358},{"id":360,"type":352,"label":361,"file":238,"line":158},{"id":363,"type":364,"label":365,"file":238,"line":158},{"id":367,"type":356,"label":368,"file":332,"line":369,"wp_function":370},{"id":372,"type":352,"label":361,"file":238,"line":285},{"id":374,"type":364,"label":375,"file":238,"line":285},{"id":377,"type":356,"label":368,"file":332,"line":378,"wp_function":370},[438,439,440,441,442],{"from":351,"to":355,"sanitized":381},{"from":360,"to":363,"sanitized":381},{"from":363,"to":367,"sanitized":381},{"from":372,"to":374,"sanitized":381},{"from":374,"to":377,"sanitized":381},{"entryPoint":444,"graph":445,"unsanitizedCount":463,"severity":387},"do_decfirebase_new_user_notification (admin\\pages\\new_user_notification.php:10)",{"nodes":446,"edges":457},[447,448,449,450,452,454,455,456],{"id":351,"type":352,"label":361,"file":262,"line":189},{"id":355,"type":356,"label":357,"file":262,"line":208,"wp_function":358},{"id":360,"type":352,"label":361,"file":262,"line":272},{"id":363,"type":364,"label":451,"file":262,"line":272},"→ decfirebase_add_data()",{"id":367,"type":356,"label":368,"file":332,"line":453,"wp_function":370},257,{"id":372,"type":352,"label":361,"file":262,"line":287},{"id":374,"type":364,"label":365,"file":262,"line":287},{"id":377,"type":356,"label":368,"file":332,"line":369,"wp_function":370},[458,459,460,461,462],{"from":351,"to":355,"sanitized":381},{"from":360,"to":363,"sanitized":381},{"from":363,"to":367,"sanitized":381},{"from":372,"to":374,"sanitized":381},{"from":374,"to":377,"sanitized":381},3,{"entryPoint":465,"graph":466,"unsanitizedCount":463,"severity":387},"\u003Cnew_user_notification> (admin\\pages\\new_user_notification.php:0)",{"nodes":467,"edges":476},[468,469,470,471,472,473,474,475],{"id":351,"type":352,"label":361,"file":262,"line":189},{"id":355,"type":356,"label":357,"file":262,"line":208,"wp_function":358},{"id":360,"type":352,"label":361,"file":262,"line":272},{"id":363,"type":364,"label":451,"file":262,"line":272},{"id":367,"type":356,"label":368,"file":332,"line":453,"wp_function":370},{"id":372,"type":352,"label":361,"file":262,"line":287},{"id":374,"type":364,"label":365,"file":262,"line":287},{"id":377,"type":356,"label":368,"file":332,"line":369,"wp_function":370},[477,478,479,480,481],{"from":351,"to":355,"sanitized":381},{"from":360,"to":363,"sanitized":381},{"from":363,"to":367,"sanitized":381},{"from":372,"to":374,"sanitized":381},{"from":374,"to":377,"sanitized":381},{"entryPoint":483,"graph":484,"unsanitizedCount":26,"severity":387},"do_decfirebase_user_notification (admin\\pages\\user_notification.php:10)",{"nodes":485,"edges":490},[486,489],{"id":351,"type":352,"label":487,"file":308,"line":488},"$_GET (x2)",23,{"id":355,"type":356,"label":357,"file":308,"line":154,"wp_function":358},[491],{"from":351,"to":355,"sanitized":381},{"entryPoint":493,"graph":494,"unsanitizedCount":75,"severity":387},"decfirebase_ajax_get_users (functions.php:9)",{"nodes":495,"edges":498},[496,497],{"id":351,"type":352,"label":361,"file":332,"line":189},{"id":355,"type":356,"label":357,"file":332,"line":333,"wp_function":358},[499],{"from":351,"to":355,"sanitized":381},{"entryPoint":501,"graph":502,"unsanitizedCount":75,"severity":387},"decfirebase_ajax_get_user_notifications (functions.php:28)",{"nodes":503,"edges":507},[504,506],{"id":351,"type":352,"label":361,"file":332,"line":505},34,{"id":355,"type":356,"label":357,"file":332,"line":335,"wp_function":358},[508],{"from":351,"to":355,"sanitized":381},{"entryPoint":510,"graph":511,"unsanitizedCount":75,"severity":387},"decfirebase_ajax_delete_user_notification (functions.php:49)",{"nodes":512,"edges":515},[513,514],{"id":351,"type":352,"label":361,"file":332,"line":179},{"id":355,"type":356,"label":357,"file":332,"line":292,"wp_function":358},[516],{"from":351,"to":355,"sanitized":381},{"entryPoint":518,"graph":519,"unsanitizedCount":11,"severity":533},"do_decfirebase_setting_page (admin\\pages\\setting.php:13)",{"nodes":520,"edges":529},[521,523,527,528],{"id":351,"type":352,"label":522,"file":271,"line":333},"$_POST (x2)",{"id":355,"type":356,"label":524,"file":271,"line":525,"wp_function":526},"update_option() [Settings Manipulation]",29,"update_option",{"id":360,"type":352,"label":522,"file":271,"line":333},{"id":363,"type":356,"label":357,"file":271,"line":274,"wp_function":358},[530,532],{"from":351,"to":355,"sanitized":531},true,{"from":360,"to":363,"sanitized":531},"low",{"entryPoint":535,"graph":536,"unsanitizedCount":11,"severity":533},"\u003Csetting> (admin\\pages\\setting.php:0)",{"nodes":537,"edges":542},[538,539,540,541],{"id":351,"type":352,"label":522,"file":271,"line":333},{"id":355,"type":356,"label":524,"file":271,"line":525,"wp_function":526},{"id":360,"type":352,"label":522,"file":271,"line":333},{"id":363,"type":356,"label":357,"file":271,"line":274,"wp_function":358},[543,544],{"from":351,"to":355,"sanitized":531},{"from":360,"to":363,"sanitized":531},{"entryPoint":546,"graph":547,"unsanitizedCount":26,"severity":533},"\u003Cuser_notification> (admin\\pages\\user_notification.php:0)",{"nodes":548,"edges":551},[549,550],{"id":351,"type":352,"label":487,"file":308,"line":488},{"id":355,"type":356,"label":357,"file":308,"line":154,"wp_function":358},[552],{"from":351,"to":355,"sanitized":381},{"entryPoint":554,"graph":555,"unsanitizedCount":343,"severity":533},"\u003Cfunctions> (functions.php:0)",{"nodes":556,"edges":559},[557,558],{"id":351,"type":352,"label":411,"file":332,"line":189},{"id":355,"type":356,"label":357,"file":332,"line":333,"wp_function":358},[560],{"from":351,"to":355,"sanitized":381},{"summary":562,"deductions":563},"The decfirebase plugin v1.0.4 exhibits a mixed security posture, with some strengths offset by significant concerns.  On the positive side, there are no recorded vulnerabilities (CVEs) or critical\u002Fhigh severity issues identified in the taint analysis.  The plugin also demonstrates good practices in its handling of SQL queries, exclusively using prepared statements, and a limited attack surface with no direct entry points like AJAX handlers, REST API routes, or shortcodes. Nonce checks are present, though limited in number.  However, a major concern lies in the significantly low percentage of properly escaped output (24%), indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities.  Furthermore, a large number of taint flows (12 out of 14) were found with unsanitized paths, even though they did not reach critical or high severity in this analysis, this suggests potential for improper data handling that could be exploited in combination with other factors. The absence of capability checks is also a notable weakness, potentially allowing unauthorized users to trigger certain functionalities if they exist but are not explicitly protected.\n\nWhile the lack of known vulnerabilities and the use of prepared statements are positive indicators, the prevalent unescaped output and unsanitized paths present a substantial risk. The plugin needs immediate attention to address its output escaping issues and to implement proper capability checks on any functionalities that are not otherwise secured.  Without these improvements, the plugin is susceptible to common web vulnerabilities that could compromise user data and the security of the WordPress site. The current analysis does not reveal active exploitation pathways for critical vulnerabilities, but the underlying code quality issues are concerning and warrant remediation.",[564,566,568],{"reason":565,"points":189},"Low output escaping percentage",{"reason":567,"points":27},"High number of unsanitized paths",{"reason":569,"points":132},"No capability checks","2026-03-17T07:29:54.490Z",{"wat":572,"direct":578},{"assetPaths":573,"generatorPatterns":575,"scriptPaths":576,"versionParams":577},[574],"\u002Fwp-content\u002Fplugins\u002Fdecfirebase\u002Fassets\u002Fcss\u002Fadmin.css",[],[],[],{"cssClasses":579,"htmlComments":580,"htmlAttributes":581,"restEndpoints":582,"jsGlobals":584,"shortcodeOutput":585},[],[],[],[583],"\u002Fdecfirebase-api\u002F",[],[]]