[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAqxxCd13vRFQVZOdOa6PvGuPCw-wwhdWhv2hU_MPakA":3,"$fZX-Y2WUI1oL0X_vusWAnDQ_0mV5Y1Z-Sz7He4sC9JEQ":311,"$faQqcxTiltPhqIRPwnVguENwzmackX7KJzLnWGgQpfHI":316},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":34,"analysis":115,"fingerprints":295},"digipay-payment-gateway","DigiPay Payment Gateway","2.0.2","digipay","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigipay\u002F","\u003Cp>\u003Cstrong>DigiPay Payment Gateway\u003C\u002Fstrong> allow you to accept Credit Card payments.\u003C\u002Fp>\n","Accept credit card payments with full payment and installment.",20,5585,0,"2022-12-27T03:32:00.000Z","6.0.11","4.4","",[7,19,20,21,22],"e-commerce","payment-gateway","woocommerce","wordpress-e-commerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigipay-payment-gateway.2.0.2.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-05-20T06:58:30.290Z",[35,55,73,86,105],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":17,"download_link":53,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"e-transactions-wc","Up2pay e-Transactions WooCommerce Payment Gateway","3.0.9","Verifone e-commerce","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaybox\u002F","\u003Cp>This module adds a Up2pay e-Transactions Payment Gateway to your Installation of WooCommerce.\u003C\u002Fp>\n\u003Cp>Up2pay e-Transactions is a Payment Services Provider in Europe, part of the Crédit Agricole Bank.\u003C\u002Fp>\n\u003Cp>plugin actions in wordpress:\u003C\u002Fp>\n\u003Cp>this plugin offers an admin panel from the order section to the settings of Woocommerce.\u003Cbr \u002F>\nit adds payment information to the orders details and changes the status of orders (upon reception of an IPN, see below.) and adds payment means on the checkout page.\u003C\u002Fp>\n\u003Cp>This plugin takes information from the order and creates a form containing the details of the payment to be made, including parameters configured in the admin panel of the module that identify the mechant.\u003C\u002Fp>\n\u003Cp>The plugin checks for availability of the Up2pay e-Transactions platform, through a call to our servers.\u003Cbr \u002F>\nIt then submits with javascript the form to the first available server.\u003C\u002Fp>\n\u003Cp>the customer is then presented with a payment page, hosted on the Up2pay e-Transactions Platform (urls above).\u003C\u002Fp>\n\u003Cp>The Up2pay e-Transactions Platform sends an Instant Payment Notification (IPN) to the server when the customer actually made the payment, indicating to the merchant the status of the payment.\u003C\u002Fp>\n\u003Cp>the plugin generates a url that can catch the IPN call from Up2pay e-Transactions’s server, filtering incoming calls to the Up2pay e-Transactions IP address.\u003C\u002Fp>\n\u003Cp>if payment is successfull, then the plugin validates the order though woocommerce.\u003C\u002Fp>\n","This plugin is a Up2pay e-Transactions payment gateway for WooCommerce 4.x",4000,76738,46,13,"2025-05-19T13:31:00.000Z","6.8.5","5.0.0",[19,51,52,20,21],"orders","payment","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fe-transactions-wc.3.0.9.zip",100,{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":13,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":17,"download_link":72,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"hyperpay-gateways","HyperPay Payments","6.3.5","HyperPay","https:\u002F\u002Fprofiles.wordpress.org\u002Fhyperpayproducts\u002F","\u003Cp>Payments Gateways provided by Gate2Play, to make you able to add Credit Card, Mada, STCpay and more payments method.\u003Cbr \u002F>\nto be able to use this plugin, you should be one of HyperPay’s customers.\u003Cbr \u002F>\nvisit https:\u002F\u002Fhyperpay.com for more information.\u003C\u002Fp>\n\u003Cp>The data extracted is quite sensitive and contains information that may be used to check the vulnerability of your WordPress site. Be wary of you share this data with.\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>The plugin has been tested with\u003Cbr \u002F>\nWC 8.3.1\u003Cbr \u002F>\nwordpress 6.9\u003Cbr \u002F>\nPHP 7.2\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Hyperpay API to process payments and check transaction status.\u003Cbr \u002F>\n– Data sent: Payment details, order information, and merchant credentials are sent when processing payments.\u003Cbr \u002F>\n– When: Data is sent when a customer initiates a payment or when the plugin checks payment status.\u003Cbr \u002F>\n– Service: Hyperpay https:\u002F\u002Foppwa.com\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fwww.aciworldwide.com\u002Fterms-of-use\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fwww.aciworldwide.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Third Party Libraries\u003C\u002Fh3>\n\u003Cp>This plugin includes or depends on the following third-party libraries via Composer. All libraries are licensed under GPL-compatible licenses:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>symfony\u002Fpolyfill-php80\u003C\u002Fstrong> (MIT License)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fsymfony\u002Fpolyfill-php80\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>psr\u002Flog\u003C\u002Fstrong> (MIT License)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fphp-fig\u002Flog\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>guzzlehttp\u002Fguzzle\u003C\u002Fstrong> (MIT License)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fguzzle\u002Fguzzle\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>twig\u002Ftwig\u003C\u002Fstrong> (BSD-3-Clause License)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Ftwigphp\u002FTwig\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For details, see each library’s LICENSE file in the \u003Ccode>vendor\u002F\u003C\u002Fcode> directory or their respective repositories.\u003C\u002Fp>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>The uncompressed source code for compiled assets (e.g., JavaScript and CSS) is available in the \u003Ccode>\u002Fsrc\u002Fassets\u002F\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Cp>Build tools used:\u003Cbr \u002F>\n– Node.js\u003Cbr \u002F>\n– Webpack\u003C\u002Fp>\n\u003Cp>To build:\u003Cbr \u002F>\n1. Run \u003Ccode>npm install\u003C\u002Fcode>\u003Cbr \u002F>\n2. Run \u003Ccode>npm run build\u003C\u002Fcode>\u003C\u002Fp>\n","Payments Gateways provided by Gate2Play, to make you able to add Credit Card, Mada, STCpay and more payments method.",600,14465,"2026-02-27T18:09:00.000Z","6.9.4","5.3","7.1",[19,70,71,20,21],"gate2play","merchant","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhyperpay-gateways.6.3.6.zip",{"slug":74,"name":75,"version":76,"author":39,"author_profile":40,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":66,"requires_at_least":49,"requires_php":17,"tags":84,"homepage":17,"download_link":85,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"paybox-woocommerce-gateway","Paybox WooCommerce Payment Gateway","0.9.9.9","\u003Cp>This module adds a Paybox Payment Gateway to your Installation of WooCommerce.\u003C\u002Fp>\n\u003Cp>Paybox is a Payment Services Provider in Europe, part of the Verifone Group.\u003C\u002Fp>\n\u003Cp>plugin actions in wordpress:\u003C\u002Fp>\n\u003Cp>this plugin offers an admin panel from the order section to the settings of Woocommerce.\u003Cbr \u002F>\nit adds payment information to the orders details and changes the status of orders (upon reception of an IPN, see below.) and adds payment means on the checkout page.\u003C\u002Fp>\n\u003Cp>This plugin takes information from the order and creates a form containing the details of the payment to be made, including parameters configured in the admin panel of the module that identify the mechant.\u003C\u002Fp>\n\u003Cp>The plugin checks for availability of the Paybox platform, through a call to our servers.\u003Cbr \u002F>\nIt then submits with javascript the form to the first available server.\u003C\u002Fp>\n\u003Cp>the customer is then presented with a payment page, hosted on the Paybox Platform (urls above).\u003C\u002Fp>\n\u003Cp>The Paybox Platform sends an Instant Payment Notification (IPN) to the server when the customer actually made the payment, indicating to the merchant the status of the payment.\u003C\u002Fp>\n\u003Cp>the plugin generates a url that can catch the IPN call from Paybox’s server, filtering incoming calls to the Paybox IP address.\u003C\u002Fp>\n\u003Cp>if payment is successfull, then the plugin validates the order though woocommerce.\u003C\u002Fp>\n","This plugin is a Paybox payment gateway for WooCommerce 4.x",500,22733,60,4,"2026-03-17T09:56:00.000Z",[19,51,52,20,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaybox-woocommerce-gateway.0.9.9.9.zip",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":31,"num_ratings":96,"last_updated":97,"tested_up_to":66,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":103,"download_link":104,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"kueskipay-gateway","KueskiPay Gateway","2.4.1","edgarnomesque","https:\u002F\u002Fprofiles.wordpress.org\u002Fedgarnomesque\u002F","\u003Cp>Choose how many fortnights to pay with Kueski Pay\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 6.2 or newer.\u003C\u002Fli>\n\u003Cli>WooCommerce 7.6 or newer.\u003C\u002Fli>\n\u003Cli>PHP 7.4 or newer is recommended.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Notices\u003C\u002Fh3>\n\u003Cp>This plugin connects to a third-party services to perform its functions. Below are the circunstances under wich these connections are made:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>CDN Service for Promotional Widgets\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Name:\u003C\u002Fstrong> KueskiPay CDN\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Description:\u003C\u002Fstrong> This plugin uses the CDN service at https:\u002F\u002Fcdn.kueskipay.com\u002F to display promotional widgets on the product and cart pages in WooCommerce.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> The following data is sent to this service via GET request:\n\u003Cul>\n\u003Cli>\u003Cstrong>Authorization:\u003C\u002Fstrong> The public key provided at the time of integration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration:\u003C\u002Fstrong> The platform being integrated, in this case, WooCommerce.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Version:\u003C\u002Fstrong> The current version of this plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sandbox:\u003C\u002Fstrong> Indicates whether the current environment is sandbox or production.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fcdn.kueskipay.com\u002Fwidgets.js\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Example URL:\u003C\u002Fstrong> https:\u002F\u002Fcdn.kueskipay.com\u002Fwidgets.js?authorization=[public_key]&integration=woocommerce&version=[plugin_version]&sandbox[true\u002Ffalse]\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Files Involved:\u003C\u002Fstrong> public\u002Fclass-wc-kuesku-gategay-public.php (Line 227)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use and Policy:\u003C\u002Fstrong> https:\u002F\u002Fpreguntas.frecuentes.kueski.com\u002Fhc\u002Fes\u002Farticles\u002F12385599806747-PRIVACY-NOTICE-FOR-THIRD-PARTIES-AND-COMMERCIAL-ALLIES-OF-KUESKI-SAPI-DE-CV-SOFOM-ENR\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Payment Order Creation and Management\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Name:\u003C\u002Fstrong> KueskiPay Payment API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Description:\u003C\u002Fstrong> This plugin uses the following services to create and manage payment orders:\n\u003Cul>\n\u003Cli>\u003Cstrong>Sandbox:\u003C\u002Fstrong> https:\u002F\u002Fwoocommerce-middleware-go.staging-pay.kueski.codes\u002Fapi\u002Fv1\u002Forder\u002Fcreate\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Production:\u003C\u002Fstrong> https:\u002F\u002Fwoocommerce-middleware-go.production-pay.kueski.com\u002Fapi\u002Fv1\u002Forder\u002Fcreate\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Usage:\u003C\u002Fstrong> The plugin sends the current cart order details to create an order and then redirects the user to the service site to complete their payment.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> The following data is sent to this service:\n\u003Cul>\n\u003Cli>\u003Cstrong>Order Description\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order Amounts:\u003C\u002Fstrong> total, shipping, discounts and taxes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order Items:\u003C\u002Fstrong> Details of each order item.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shipping Address:\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Billing Address:\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Files Involved:\u003C\u002Fstrong> includes\u002Fclass-wc-kueski-gateway-api.php (Lines 57, 92, 151, 221)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use and Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Fpreguntas.frecuentes.kueski.com\u002Fhc\u002Fes\u002Farticles\u002F12385430001563-Aviso-de-privacidad-integral-para-clientes-y-usuarios-de-Kueski-S-A-P-I-de-C-V-SOFOM-E-N-R\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Add Kueski gateway to buy now and pay later on your store.",200,4017,2,"2026-01-19T17:17:00.000Z","6.2","7.4",[19,101,102,20,21],"ecommerce","kueski","https:\u002F\u002Fwww.kueskipay.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkueskipay-gateway.2.4.1.zip",{"slug":106,"name":107,"version":108,"author":39,"author_profile":40,"description":109,"short_description":110,"active_installs":54,"downloaded":111,"rating":13,"num_ratings":13,"last_updated":112,"tested_up_to":66,"requires_at_least":49,"requires_php":17,"tags":113,"homepage":17,"download_link":114,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wc-sofinco-3xcb","Sofinco 3XCB","0.9.9.7","\u003Cp>This module adds a Sofinco Payment Gateway to your Installation of WooCommerce.\u003C\u002Fp>\n\u003Cp>Sofinco is a Payment Services Provider in Europe, part of the Verifone Group.\u003C\u002Fp>\n\u003Cp>plugin actions in wordpress:\u003C\u002Fp>\n\u003Cp>this plugin offers an admin panel from the order section to the settings of Woocommerce.\u003Cbr \u002F>\nit adds payment information to the orders details and changes the status of orders (upon reception of an IPN, see below.) and adds payment means on the checkout page.\u003C\u002Fp>\n\u003Cp>This plugin takes information from the order and creates a form containing the details of the payment to be made, including parameters configured in the admin panel of the module that identify the mechant.\u003C\u002Fp>\n\u003Cp>The plugin checks for availability of the Sofinco platform, through a call to our servers.\u003Cbr \u002F>\nIt then submits with javascript the form to the first available server.\u003C\u002Fp>\n\u003Cp>the customer is then presented with a payment page, hosted on the Sofinco Platform (urls above).\u003C\u002Fp>\n\u003Cp>The Sofinco Platform sends an Instant Payment Notification (IPN) to the server when the customer actually made the payment, indicating to the merchant the status of the payment.\u003C\u002Fp>\n\u003Cp>the plugin generates a url that can catch the IPN call from Sofinco’s server, filtering incoming calls to the Sofinco IP address.\u003C\u002Fp>\n\u003Cp>if payment is successfull, then the plugin validates the order though woocommerce.\u003C\u002Fp>\n","This plugin is a Sofinco 3x CB payment gateway for WooCommerce",6681,"2026-01-20T15:04:00.000Z",[19,51,52,20,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-sofinco-3xcb.0.9.9.7.zip",{"attackSurface":116,"codeSignals":148,"taintFlows":169,"riskAssessment":281,"analyzedAt":294},{"hooks":117,"ajaxHandlers":144,"restRoutes":145,"shortcodes":146,"cronEvents":147,"entryPointCount":13,"unprotectedCount":13},[118,124,130,134,138,141],{"type":119,"name":120,"callback":121,"file":122,"line":123},"filter","woocommerce_payment_gateways","add_gateways","digipay-redirect-payment-gateway.php",37,{"type":125,"name":126,"callback":127,"priority":128,"file":129,"line":128},"action","plugins_loaded","wc_digipay_construct_request",11,"includes\u002Fdigipay-construct-request.php",{"type":125,"name":126,"callback":131,"priority":128,"file":132,"line":133},"wc_digipay_signature","includes\u002Fdigipay-signature.php",3,{"type":125,"name":126,"callback":135,"priority":128,"file":136,"line":137},"wc_digipay_fullpayment_gateway","includes\u002Ffullpayment\u002Fdigipay-fullpayment-gateway.php",16,{"type":125,"name":126,"callback":139,"priority":128,"file":140,"line":137},"wc_digipay_installment_gateway","includes\u002Finstallment\u002Fdigipay-installment-gateway.php",{"type":125,"name":126,"callback":142,"priority":128,"file":143,"line":137},"wc_digipay_qr_gateway","includes\u002Fqr\u002Fdigipay-qr-gateway.php",[],[],[],[],{"dangerousFunctions":149,"sqlUsage":150,"outputEscaping":152,"fileOperations":13,"externalRequests":96,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":168},[],{"prepared":13,"raw":13,"locations":151},[],{"escaped":153,"rawEcho":154,"locations":155},56,6,[156,159,161,163,165,167],{"file":136,"line":157,"context":158},77,"raw output",{"file":136,"line":160,"context":158},161,{"file":140,"line":162,"context":158},76,{"file":140,"line":164,"context":158},159,{"file":143,"line":166,"context":158},78,{"file":143,"line":160,"context":158},[],[170,198,207,218,232,240,251,262,270],{"entryPoint":171,"graph":172,"unsanitizedCount":196,"severity":197},"wc_digipay_fullpayment_gateway (includes\u002Ffullpayment\u002Fdigipay-fullpayment-gateway.php:18)",{"nodes":173,"edges":192},[174,179,185,188],{"id":175,"type":176,"label":177,"file":136,"line":178},"n0","source","$_REQUEST (x4)",115,{"id":180,"type":181,"label":182,"file":136,"line":183,"wp_function":184},"n1","sink","wp_redirect() [Open Redirect]",146,"wp_redirect",{"id":186,"type":176,"label":187,"file":136,"line":178},"n2","$_REQUEST",{"id":189,"type":181,"label":190,"file":136,"line":160,"wp_function":191},"n3","echo() [XSS]","echo",[193,195],{"from":175,"to":180,"sanitized":194},false,{"from":186,"to":189,"sanitized":194},5,"medium",{"entryPoint":199,"graph":200,"unsanitizedCount":96,"severity":197},"payment_update (includes\u002Ffullpayment\u002Fdigipay-fullpayment-gateway.php:102)",{"nodes":201,"edges":205},[202,204],{"id":175,"type":176,"label":203,"file":136,"line":178},"$_REQUEST (x2)",{"id":180,"type":181,"label":182,"file":136,"line":183,"wp_function":184},[206],{"from":175,"to":180,"sanitized":194},{"entryPoint":208,"graph":209,"unsanitizedCount":196,"severity":197},"\u003Cdigipay-fullpayment-gateway> (includes\u002Ffullpayment\u002Fdigipay-fullpayment-gateway.php:0)",{"nodes":210,"edges":215},[211,212,213,214],{"id":175,"type":176,"label":177,"file":136,"line":178},{"id":180,"type":181,"label":182,"file":136,"line":183,"wp_function":184},{"id":186,"type":176,"label":187,"file":136,"line":178},{"id":189,"type":181,"label":190,"file":136,"line":160,"wp_function":191},[216,217],{"from":175,"to":180,"sanitized":194},{"from":186,"to":189,"sanitized":194},{"entryPoint":219,"graph":220,"unsanitizedCount":82,"severity":197},"wc_digipay_installment_gateway (includes\u002Finstallment\u002Fdigipay-installment-gateway.php:18)",{"nodes":221,"edges":229},[222,225,227,228],{"id":175,"type":176,"label":223,"file":140,"line":224},"$_REQUEST (x3)",113,{"id":180,"type":181,"label":182,"file":140,"line":226,"wp_function":184},144,{"id":186,"type":176,"label":187,"file":140,"line":224},{"id":189,"type":181,"label":190,"file":140,"line":164,"wp_function":191},[230,231],{"from":175,"to":180,"sanitized":194},{"from":186,"to":189,"sanitized":194},{"entryPoint":233,"graph":234,"unsanitizedCount":96,"severity":197},"payment_update (includes\u002Finstallment\u002Fdigipay-installment-gateway.php:101)",{"nodes":235,"edges":238},[236,237],{"id":175,"type":176,"label":203,"file":140,"line":224},{"id":180,"type":181,"label":182,"file":140,"line":226,"wp_function":184},[239],{"from":175,"to":180,"sanitized":194},{"entryPoint":241,"graph":242,"unsanitizedCount":82,"severity":197},"\u003Cdigipay-installment-gateway> (includes\u002Finstallment\u002Fdigipay-installment-gateway.php:0)",{"nodes":243,"edges":248},[244,245,246,247],{"id":175,"type":176,"label":223,"file":140,"line":224},{"id":180,"type":181,"label":182,"file":140,"line":226,"wp_function":184},{"id":186,"type":176,"label":187,"file":140,"line":224},{"id":189,"type":181,"label":190,"file":140,"line":164,"wp_function":191},[249,250],{"from":175,"to":180,"sanitized":194},{"from":186,"to":189,"sanitized":194},{"entryPoint":252,"graph":253,"unsanitizedCount":196,"severity":197},"wc_digipay_qr_gateway (includes\u002Fqr\u002Fdigipay-qr-gateway.php:18)",{"nodes":254,"edges":259},[255,256,257,258],{"id":175,"type":176,"label":177,"file":143,"line":178},{"id":180,"type":181,"label":182,"file":143,"line":183,"wp_function":184},{"id":186,"type":176,"label":187,"file":143,"line":178},{"id":189,"type":181,"label":190,"file":143,"line":160,"wp_function":191},[260,261],{"from":175,"to":180,"sanitized":194},{"from":186,"to":189,"sanitized":194},{"entryPoint":263,"graph":264,"unsanitizedCount":96,"severity":197},"payment_update (includes\u002Fqr\u002Fdigipay-qr-gateway.php:102)",{"nodes":265,"edges":268},[266,267],{"id":175,"type":176,"label":203,"file":143,"line":178},{"id":180,"type":181,"label":182,"file":143,"line":183,"wp_function":184},[269],{"from":175,"to":180,"sanitized":194},{"entryPoint":271,"graph":272,"unsanitizedCount":196,"severity":197},"\u003Cdigipay-qr-gateway> (includes\u002Fqr\u002Fdigipay-qr-gateway.php:0)",{"nodes":273,"edges":278},[274,275,276,277],{"id":175,"type":176,"label":177,"file":143,"line":178},{"id":180,"type":181,"label":182,"file":143,"line":183,"wp_function":184},{"id":186,"type":176,"label":187,"file":143,"line":178},{"id":189,"type":181,"label":190,"file":143,"line":160,"wp_function":191},[279,280],{"from":175,"to":180,"sanitized":194},{"from":186,"to":189,"sanitized":194},{"summary":282,"deductions":283},"The \"digipay-payment-gateway\" plugin v2.0.2 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL queries without prepared statements, and file operations is highly positive. The high percentage of properly escaped output also suggests good practices for preventing cross-site scripting vulnerabilities.  However, the analysis highlights a significant concern with taint analysis, where 100% of the analyzed flows involve unsanitized paths, although no critical or high severity issues were identified. This indicates a potential for vulnerabilities if user-supplied data is not handled with extreme care in these flows.  Additionally, the complete lack of nonce checks and capability checks across all identified entry points (though the attack surface is zero) is a substantial weakness. While there are no recorded CVEs, this does not guarantee future safety, and the presence of unsanitized flows coupled with missing authorization checks is a concerning combination.",[284,287,290,292],{"reason":285,"points":286},"Taint flows with unsanitized paths detected",15,{"reason":288,"points":289},"No nonce checks on potential entry points",10,{"reason":291,"points":289},"No capability checks on potential entry points",{"reason":293,"points":196},"External HTTP requests without context","2026-04-16T11:26:35.814Z",{"wat":296,"direct":304},{"assetPaths":297,"generatorPatterns":301,"scriptPaths":302,"versionParams":303},[298,299,300],"\u002Fwp-content\u002Fplugins\u002Fdigipay-payment-gateway\u002Fincludes\u002Finstallment\u002Fdigipay-installment-gateway.php","\u002Fwp-content\u002Fplugins\u002Fdigipay-payment-gateway\u002Fincludes\u002Ffullpayment\u002Fdigipay-fullpayment-gateway.php","\u002Fwp-content\u002Fplugins\u002Fdigipay-payment-gateway\u002Fincludes\u002Fqr\u002Fdigipay-qr-gateway.php",[],[],[],{"cssClasses":305,"htmlComments":306,"htmlAttributes":307,"restEndpoints":308,"jsGlobals":309,"shortcodeOutput":310},[],[],[],[],[],[],{"error":312,"url":313,"statusCode":314,"statusMessage":315,"message":315},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdigipay-payment-gateway\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":154,"versions":317},[318,323,330,337,344,351],{"version":6,"download_url":23,"svn_tag_url":319,"released_at":25,"has_diff":194,"diff_files_changed":320,"diff_lines":25,"trac_diff_url":321,"vulnerabilities":322,"is_current":312},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdigipay-payment-gateway\u002Ftags\u002F2.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdigipay-payment-gateway%2Ftags%2F2.0.1&new_path=%2Fdigipay-payment-gateway%2Ftags%2F2.0.2",[],{"version":324,"download_url":325,"svn_tag_url":326,"released_at":25,"has_diff":194,"diff_files_changed":327,"diff_lines":25,"trac_diff_url":328,"vulnerabilities":329,"is_current":194},"2.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigipay-payment-gateway.2.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdigipay-payment-gateway\u002Ftags\u002F2.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdigipay-payment-gateway%2Ftags%2F2.0.0&new_path=%2Fdigipay-payment-gateway%2Ftags%2F2.0.1",[],{"version":331,"download_url":332,"svn_tag_url":333,"released_at":25,"has_diff":194,"diff_files_changed":334,"diff_lines":25,"trac_diff_url":335,"vulnerabilities":336,"is_current":194},"2.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigipay-payment-gateway.2.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdigipay-payment-gateway\u002Ftags\u002F2.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdigipay-payment-gateway%2Ftags%2F1.1.0&new_path=%2Fdigipay-payment-gateway%2Ftags%2F2.0.0",[],{"version":338,"download_url":339,"svn_tag_url":340,"released_at":25,"has_diff":194,"diff_files_changed":341,"diff_lines":25,"trac_diff_url":342,"vulnerabilities":343,"is_current":194},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigipay-payment-gateway.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdigipay-payment-gateway\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdigipay-payment-gateway%2Ftags%2F1.0.1&new_path=%2Fdigipay-payment-gateway%2Ftags%2F1.1.0",[],{"version":345,"download_url":346,"svn_tag_url":347,"released_at":25,"has_diff":194,"diff_files_changed":348,"diff_lines":25,"trac_diff_url":349,"vulnerabilities":350,"is_current":194},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigipay-payment-gateway.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdigipay-payment-gateway\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdigipay-payment-gateway%2Ftags%2F1.0.0&new_path=%2Fdigipay-payment-gateway%2Ftags%2F1.0.1",[],{"version":352,"download_url":353,"svn_tag_url":354,"released_at":25,"has_diff":194,"diff_files_changed":355,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":356,"is_current":194},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigipay-payment-gateway.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdigipay-payment-gateway\u002Ftags\u002F1.0.0\u002F",[],[]]