[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fD-U1YNkPoLn-TkUUXZL8h5-mEv8Ji9ZZiUDtco4nRWk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":78},"delete-items-from-woo-card","Delete items from the WooCommerce cart button","1.0","Benjamin Hagh Parast","https:\u002F\u002Fprofiles.wordpress.org\u002Fhaghs\u002F","\u003Cp>This code defines a shortcode [delete_cart_items_button] that generates a button. When the button is clicked, it triggers an AJAX request to the server, and the delete_cart_items_ajax_handler function empties the WooCommerce cart.\u003C\u002Fp>\n","You can use this shortcode by placing [delete_cart_items_button] in a post, page, or widget.",0,507,"2026-01-09T17:23:00.000Z","6.9.4","6.9","8.0",[4],"https:\u002F\u002Fwordtune.me\u002Fwt-blog","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdelete-items-from-woo-card.1.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":20,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"haghs",18,330,30,94,"2026-04-04T09:53:08.795Z",[],{"attackSurface":33,"codeSignals":61,"taintFlows":70,"riskAssessment":71,"analyzedAt":77},{"hooks":34,"ajaxHandlers":44,"restRoutes":53,"shortcodes":54,"cronEvents":59,"entryPointCount":60,"unprotectedCount":11},[35,41],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","wp_enqueue_scripts","wtdi_enqueue_jquery","DeleteItemFromWooCart.php",21,{"type":36,"name":37,"callback":42,"file":39,"line":43},"wtdi_localize_ajax_script",27,[45,51],{"action":46,"nopriv":47,"callback":48,"hasNonce":49,"hasCapCheck":47,"file":39,"line":50},"wtdi_delete_cart_items",false,"wtdi_delete_cart_items_ajax_handler",true,72,{"action":46,"nopriv":49,"callback":48,"hasNonce":49,"hasCapCheck":47,"file":39,"line":52},73,[],[55],{"tag":56,"callback":57,"file":39,"line":58},"wordtune_delete_cart_items_button","wtdi_delete_cart_items_button_shortcode",64,[],3,{"dangerousFunctions":62,"sqlUsage":63,"outputEscaping":65,"fileOperations":11,"externalRequests":11,"nonceChecks":68,"capabilityChecks":11,"bundledLibraries":69},[],{"prepared":11,"raw":11,"locations":64},[],{"escaped":66,"rawEcho":11,"locations":67},5,[],1,[],[],{"summary":72,"deductions":73},"The \"delete-items-from-woo-card\" plugin v1.0 exhibits a generally strong security posture based on the provided static analysis. All identified entry points (AJAX handlers and shortcodes) are reported as not requiring authentication, which is a positive sign. The code utilizes prepared statements for all SQL queries and correctly escapes all output, mitigating common injection and XSS risks. The absence of file operations and external HTTP requests further reduces the attack surface.  There is also a single nonce check present.  However, a significant concern is the complete lack of capability checks on any of the entry points. This means any user, regardless of their role or permissions, could potentially trigger the functionality of the AJAX handlers or shortcodes.  The plugin's vulnerability history is clean, with no known CVEs, which is encouraging, but this should not be a substitute for robust security practices within the code itself.\n\nWhile the code demonstrates good practices in SQL and output handling, the absence of capability checks on its entry points is a notable weakness. This could allow for privilege escalation or unauthorized actions if the plugin's functionality is sensitive.  The lack of taint analysis data is also a potential unknown, though the absence of dangerous functions suggests this might not be a significant issue.  Overall, the plugin has a solid foundation but requires attention to its authorization mechanisms to be considered truly secure.",[74],{"reason":75,"points":76},"No capability checks on entry points",10,"2026-03-17T06:19:50.018Z",{"wat":79,"direct":84},{"assetPaths":80,"generatorPatterns":81,"scriptPaths":82,"versionParams":83},[],[],[],[],{"cssClasses":85,"htmlComments":86,"htmlAttributes":87,"restEndpoints":89,"jsGlobals":90,"shortcodeOutput":92},[],[],[88],"id=\"delete-cart-items\"",[],[91],"ajax_object",[93],"\u003Cbutton id=\"delete-cart-items\">Delete Cart Items\u003C\u002Fbutton>"]