[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQEgvQ-51Eq3gJloMuKH7v26KNDMdJmojYKZxxOJD7DM":3,"$ftfcvmZksZZhaDfJ4mOPhTX_yvsxpe_olhoo6_2bEHoc":317,"$fVAx_SXmEWOP8MeycOpBq3N2ggQT3glOWpWl77JLY5U0":321},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":38,"analysis":133,"fingerprints":276},"dragon-ecommerce","Dragon Ecommerce Plugin for WordPress","1.0.3","v20202020","https:\u002F\u002Fprofiles.wordpress.org\u002Fv20202020\u002F","\u003Cp>Every company needs an ecommerce plugin to sell products on the WordPress website. This plugin sells your products to website visitors. This plugin is very easy to use. In WordPress admin page, click setting and click “Dragon Ecommerce”, you will go to the plugin setting page. Website visitors can order your products online. Database is MySQL. This plugin is a free version. You need to know the basic SQL query to play with a database. The database tool used in this document is MySQL Workbench. It’s free. You can also use other database tools such as phpMyAdmin. See install instructions to know how to install MySQL Workbench and use it.\u003C\u002Fp>\n\u003Cp>demo website:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fdragonecommercefree.herokuapp.com\u002Fdragonecommerce\u002F\u003C\u002Fp>\n\u003Cp>admin page:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fdragonecommercefree.herokuapp.com\u002Fwp-admin\u003C\u002Fp>\n\u003Cp>Log in WordPress admin page using\u003C\u002Fp>\n\u003Cp>username:\u003C\u002Fp>\n\u003Cp>admin_order\u003C\u002Fp>\n\u003Cp>password:\u003C\u002Fp>\n\u003Cp>m8Yl*KWKq4nEa5JUDk\u003C\u002Fp>\n\u003Cp>Then, go to\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fdragonecommercefree.herokuapp.com\u002Fwp-admin\u002Foptions-general.php?page=Dragon+Ecommerce\u003C\u002Fp>\n\u003Cp>to set up the admin page.\u003C\u002Fp>\n\u003Cp>Documentation website:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Forderfreedocu.herokuapp.com\u002F\u003C\u002Fp>\n\u003Cp>Platform and Database:\u003C\u002Fp>\n\u003Cp>You can run it on any platform: Windows, Mac, Linux.\u003C\u002Fp>\n\u003Cp>Database is MySQL. It’s free.\u003C\u002Fp>\n\u003Cp>PHP version: PHP 5 >= 5.5.0\u003C\u002Fp>\n\u003Cp>Attention: PHP version and WordPress version may have compatibility issues. For example, WordPress 5.4 may not match PHP 8. Check this website for details:\u003Cbr \u002F>\nhttps:\u002F\u002Fmake.wordpress.org\u002Fcore\u002Fhandbook\u002Freferences\u002Fphp-compatibility-and-wordpress-versions\u002F\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>resize product images: imagescale will works for (PHP 5 >= 5.5.0, PHP 7)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>PHP has support for the mysqli extension (to used for prepared statement)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Must use HTTPS, not http. If website use HTTP, tell the website admin – can not use the dragon ecommerce plugin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Since PHP 5.4 there are constants which can be used by json_encode() to format the json reponse how you want. To remove backslashes use: JSON_UNESCAPED_SLASHES. Like so: json_encode($response, JSON_UNESCAPED_SLASHES);\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Auto backup database weekly is for WordPress 5.4 and above.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Every company needs an ecommerce plugin to sell products on the WordPress website. This plugin sells your products to website visitors.",0,2106,100,1,"2025-05-16T17:43:00.000Z","6.8.5","5.4","",[20,21,22,23,24],"ecommerce","jquery","php","plugin","wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdragon-ecommerce.1.0.3.zip",92,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},5,20,89,30,86,"2026-07-15T12:20:53.562Z",[39,50,71,91,112],{"slug":40,"name":41,"version":42,"author":7,"author_profile":8,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":13,"num_ratings":14,"last_updated":46,"tested_up_to":47,"requires_at_least":17,"requires_php":18,"tags":48,"homepage":18,"download_link":49,"security_score":26,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"dragon-ecommerce-reserve-without-online-payment","Dragon Ecommerce Reserve Plugin Without Online Payment for WordPress","1.0.2","\u003Cp>Every company needs an ecommerce plugin to sell products on the WordPress website. This plugin sells your products to website visitors without online payment. This plugin is very easy to use. In WordPress admin page, click setting and click “Dragon Ecommerce Reserve”, you will go to the plugin setting page. Website visitors can reserve your products online without online payment. Then they can go to your store to buy it or use other ways to buy. Database is MySQL.\u003C\u002Fp>\n\u003Cp>demo website:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fmingsitservicesfree.infinityfreeapp.com\u002Fdragonecommercereserve\u002F\u003C\u002Fp>\n\u003Cp>admin page:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fmingsitservicesfree.infinityfreeapp.com\u002Fwp-admin\u003C\u002Fp>\n\u003Cp>Log in WordPress admin page using\u003C\u002Fp>\n\u003Cp>username:\u003C\u002Fp>\n\u003Cp>admin_order\u003C\u002Fp>\n\u003Cp>password:\u003C\u002Fp>\n\u003Cp>m8Yl*KWKq4nEa5JUDk\u003C\u002Fp>\n\u003Cp>Then, go to\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fmingsitservicesfree.infinityfreeapp.com\u002Fwp-admin\u003C\u002Fp>\n\u003Cp>click “setting”, click “dragon ecommerce reserve” to set up the admin page.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fmingsitservicesfree.infinityfreeapp.com\u002Fwp-admin\u002Foptions-general.php?page=Dragon+Ecommerce+Reserve\u003C\u002Fp>\n\u003Cp>Documentation:\u003C\u002Fp>\n\u003Cp>\u003Cp>\u003Ca href=\"https:\u002F\u002Fmingsitservicesfree.infinityfreeapp.com\u002Fwp-content\u002Fplugins\u002Fdragonecommercereserve\u002Fdocumentation_dragonecommercereservefree.pdf\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">Click to access documentation_dragonecommercereservefree.pdf\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Cp>Platform and Database:\u003C\u002Fp>\n\u003Cp>You can run it on any platform: Windows, Mac, Linux.\u003C\u002Fp>\n\u003Cp>Database is MySQL. It’s free.\u003C\u002Fp>\n\u003Cp>PHP version: PHP 5 >= 5.5.0\u003C\u002Fp>\n\u003Cp>Attention: PHP version and WordPress version may have compatibility issues. For example, WordPress 5.4 may not match PHP 8. Check this website for details: https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002Fhandbook\u002Freferences\u002Fphp-compatibility-and-wordpress-versions\u002F\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>resize product iamges: imagescale will works for (PHP 5 >= 5.5.0, PHP 7)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>PHP has support for the mysqli extension (to used for prepared statement)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Must use HTTPS, not http. If website use HTTP, tell the website admin – can not use the dragon ecommerce plugin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Since PHP 5.4 there are constants which can be used by json_encode() to format the json reponse how you want. To remove backslashes use: JSON_UNESCAPED_SLASHES. Like so: json_encode($response, JSON_UNESCAPED_SLASHES);\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Auto backup database weekly is for WordPress 5.4 and above.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Every company needs an ecommerce plugin to sell products on the WordPress website. This plugin sells your products to website visitors without online  &hellip;",2004,"2024-12-16T17:33:00.000Z","6.5.8",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdragon-ecommerce-reserve-without-online-payment.1.0.2.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":13,"num_ratings":60,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":18,"tags":64,"homepage":18,"download_link":69,"security_score":70,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"phpsword-disable-comments","PhpSword Disable Comments","1.1","Pradnyankur Nikam","https:\u002F\u002Fprofiles.wordpress.org\u002Fphpsword\u002F","\u003Cp>PhpSword Disable Comments WordPress plugin lets you disable comments from your WordPress website. You can either turn off comments for specific post types or completely remove comments from the whole website. You can also disable trackbacks & pingbacks on WordPress posts.\u003C\u002Fp>\n\u003Ch4>PhpSword Disable Comments WordPress Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Very simple and easy to use.\u003C\u002Fli>\n\u003Cli>No complex menus or setting.\u003C\u002Fli>\n\u003Cli>Just select and save couple of options.\u003C\u002Fli>\n\u003Cli>Completely enable or disable the comments from your WordPress website.\u003C\u002Fli>\n\u003Cli>Turn off comment for specific post types.\u003C\u002Fli>\n\u003Cli>Disable trackbacks & pingbacks on the posts.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress version 3.5 or more.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More Information and Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>More \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fphpsword\u002F\" title=\"List of WordPress plugins by author Pradnyankur Nikam\" rel=\"nofollow ugc\">WordPress plugins by Pradnyankur Nikam\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Plugin support and help\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Read more and Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>If you like our comments plugin, please provide your valuable feedback and suggestion to improve the quality of the plugin.\u003C\u002Fli>\n\u003Cli>Feel free to test the plugin in different WordPress versions and vote in the Compatibility section. So that other users can check compatibility and download appropriate version.\u003C\u002Fli>\n\u003Cli>Share your experience by rating the plugin.\u003C\u002Fli>\n\u003Cli>Read about the plugin news, updates and more on our website.\u003C\u002Fli>\n\u003Cli>Do not hesitate to ask question, report bug\u002Ferror or anything related to our plugin on support section, author website or plugin website.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disable Comments from your WordPress website.",400,6690,2,"2022-07-31T16:35:00.000Z","4.0.38","3.5",[65,66,67,68,24],"comment-plugin","comments","disable-comments","phpsword","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphpsword-disable-comments.zip",85,{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":13,"downloaded":79,"rating":80,"num_ratings":60,"last_updated":81,"tested_up_to":62,"requires_at_least":82,"requires_php":18,"tags":83,"homepage":89,"download_link":90,"security_score":70,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"tooltipster","Tooltipster","1.2","Md Rukon Shekh","https:\u002F\u002Fprofiles.wordpress.org\u002Frukon\u002F","\u003Cp>Tooltipster is a jquery tooltip plugin. you can use it very easy . you can add custom image , text , title.\u003Cbr \u002F>\nit has 10+ features .\u003Cbr \u002F>\nexample animation, position, title, text, image, speed, delay,icon ,theme, trigger etc.\u003C\u002Fp>\n\u003Cp>How to Use\u003C\u002Fp>\n\u003Cp>to Use Cteate a shortcode in your post like that\u003C\u002Fp>\n\u003Ch4>simple Activation\u003C\u002Fh4>\n\u003Cpre>\n[tooltip  text=\"Your Tooltip text here\"]\n    Tooltip\n[\u002Ftooltip]\n\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Add content with title, position\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\n[tooltip title=\"Helo World\"  position=\"top\" text=\"Welcome to WordPress. This is your first post. Edit or delete it, then start blogging! This is an tooltips This is an tooltips\"]This is an tooltips[\u002Ftooltip]\n\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>More Options\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\n[tooltip title=\"Helo World\" trigger='click' position=\"top\" image=\"http:\u002F\u002Fs27.postimg.org\u002F4by9zrilr\u002Flogo.jpg\" theme=\"tooltipster-light\" text=\"Welcome to WordPress. This is your first post. Edit or delete it, then start blogging! This is an tooltips This is an tooltips\"]\n    This is an tooltips\n[\u002Ftooltip]\n\u003C\u002Fpre>\n","Tooltipster is a jquery tooltip plugin. you can use it very easy . you can add custom image , text , title.",4365,80,"2014-12-03T21:24:00.000Z","3.0",[84,85,86,87,88],"content-tooltip","image-tooltip","jquery-tooltip-wordpress-plugin","tooltip","wordpress-tooltip-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002FTooltipster\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftooltipster.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":13,"downloaded":99,"rating":80,"num_ratings":100,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":18,"tags":104,"homepage":110,"download_link":111,"security_score":70,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"wp-images-lazy-loading","WP images lazy loading","1.3.1","Derick Payne","https:\u002F\u002Fprofiles.wordpress.org\u002Fpetrichorpost\u002F","\u003Cp>The WordPress images lazy loading plugin (WPILL) enables the jQuery lazy loading of images to improve page load times and increase your Google PageSpeed Score. It delays loading of images outside of the viewport (visible part of a web page). These images won’t be loaded before the user scrolls down to them. Using WPILL on long pages containing many large images makes the page load much faster. It will also reduce server load and save some bandwidth.\u003C\u002Fp>\n\u003Cp>For more information, go to http:\u002F\u002Fwww.petrichorpost.com\u002Fwordpress-images-lazy-loading-plugin\u002F or for a complete WordPress optimization guide, go to http:\u002F\u002Fwww.petrichorpost.com\u002Fhow-to-speed-up-wordpress\u002F\u003C\u002Fp>\n","WordPress optimization plugin that enables jQuery image lazy loading.",14535,4,"2016-05-05T00:30:00.000Z","4.5.33","2.8",[105,106,107,108,109],"google-pagespeed","images","jquery-lazy-load-plugin","optimize","optimize-wordpress","http:\u002F\u002Fwww.petrichorpost.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-images-lazy-loading.1.3.1.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":11,"num_ratings":11,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":131,"download_link":132,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"synchrony-payments","Synchrony Financing","1.0.9","syfwoocommerce","https:\u002F\u002Fprofiles.wordpress.org\u002Fsyfwoocommerce\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.synchrony.com\u002F\" rel=\"nofollow ugc\">Synchrony (SYF)\u003C\u002Fa> is a premier consumer financial services company delivering customized financing programs and award-winning banking products.\u003Cbr \u002F>\nWe’re the largest provider of private label credit cards in the United States (based on purchase volume and receivables) and offer a diverse range of credit products,\u003Cbr \u002F>\nincluding co-branded credit cards, promotional financing, installment lending and loyalty programs, as well as FDIC-insured savings products through Synchrony Bank.\u003Cbr \u002F>\nOur investments in technology across multiple platforms—in-store, online and mobile—allow us to engage consumers when and where they want.\u003Cbr \u002F>\nOur programs and tools strengthen the relationship between our business partners and their customers, driving growth and opportunity across the board.\u003Cbr \u002F>\nAdding the Synchrony Extension to your WooCommerce payments page enables easy integration of our Synchrony solution, which offers consumers the opportunity to apply\u003Cbr \u002F>\nfor revolving and installment financial products and to complete their purchase at checkout with a seamless apply and buy flow.  All authorizations, captures and refunds are processed through WooCommerce.\u003C\u002Fp>\n\u003Ch3>Privacy policy\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>https:\u002F\u002Fwww.synchrony.com\u002Fs\u002Flegal\u002Fprivacy-policy.html\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Terms and conditions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>https:\u002F\u002Fwww.synchrony.com\u002Flegal\u002Fterms-of-use\u003C\u002Fli>\n\u003C\u002Ful>\n","Boost your business with Synchrony",50,2002,"2026-02-09T19:37:00.000Z","6.9.4","5.3","7.2",[127,128,113,129,130],"synchrony","synchrony-checkout","synchrony-plugin","wordpress-ecommerce","https:\u002F\u002Fwww.synchronybusiness.com\u002Fplatforms-integrations.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsynchrony-payments.1.0.9.zip",{"attackSurface":134,"codeSignals":147,"taintFlows":231,"riskAssessment":265,"analyzedAt":275},{"hooks":135,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":146,"entryPointCount":11,"unprotectedCount":11},[136],{"type":137,"name":138,"callback":139,"priority":140,"file":141,"line":142},"action","wp_enqueue_scripts","high_priority_style",999,"dragonecommercezyx987_landingpage.php",273,[],[],[],[],{"dangerousFunctions":148,"sqlUsage":149,"outputEscaping":154,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":230},[],{"prepared":11,"raw":14,"locations":150},[151],{"file":141,"line":152,"context":153},287,"$wpdb->get_results() with unsafe: $productid",{"escaped":155,"rawEcho":156,"locations":157},136,38,[158,161,163,165,167,169,171,173,175,176,178,180,182,184,186,188,190,192,194,196,197,199,200,202,204,206,207,209,211,213,215,216,218,219,221,223,225,227],{"file":141,"line":159,"context":160},324,"raw output",{"file":141,"line":162,"context":160},345,{"file":141,"line":164,"context":160},346,{"file":141,"line":166,"context":160},355,{"file":141,"line":168,"context":160},1084,{"file":141,"line":170,"context":160},1146,{"file":141,"line":172,"context":160},2059,{"file":141,"line":174,"context":160},2082,{"file":141,"line":174,"context":160},{"file":141,"line":177,"context":160},2095,{"file":141,"line":179,"context":160},2313,{"file":141,"line":181,"context":160},2326,{"file":141,"line":183,"context":160},2370,{"file":141,"line":185,"context":160},2414,{"file":141,"line":187,"context":160},2441,{"file":141,"line":189,"context":160},2470,{"file":141,"line":191,"context":160},2511,{"file":141,"line":193,"context":160},2533,{"file":141,"line":195,"context":160},2693,{"file":141,"line":195,"context":160},{"file":141,"line":198,"context":160},2797,{"file":141,"line":198,"context":160},{"file":141,"line":201,"context":160},2856,{"file":141,"line":203,"context":160},2873,{"file":141,"line":205,"context":160},3696,{"file":141,"line":205,"context":160},{"file":141,"line":208,"context":160},4092,{"file":141,"line":210,"context":160},4265,{"file":141,"line":212,"context":160},4823,{"file":141,"line":214,"context":160},4886,{"file":141,"line":214,"context":160},{"file":141,"line":217,"context":160},4894,{"file":141,"line":217,"context":160},{"file":141,"line":220,"context":160},4896,{"file":141,"line":222,"context":160},4897,{"file":141,"line":224,"context":160},4970,{"file":141,"line":226,"context":160},4985,{"file":228,"line":229,"context":160},"template-dragonecommerce.php",12,[],[232],{"entryPoint":233,"graph":234,"unsanitizedCount":11,"severity":264},"\u003Cdragonecommercezyx987_landingpage> (dragonecommercezyx987_landingpage.php:0)",{"nodes":235,"edges":259},[236,241,246,249,252,256],{"id":237,"type":238,"label":239,"file":141,"line":240},"n0","source","$_SERVER",342,{"id":242,"type":243,"label":244,"file":141,"line":240,"wp_function":245},"n1","sink","echo() [XSS]","echo",{"id":247,"type":238,"label":248,"file":141,"line":155},"n2","$_GET (x4)",{"id":250,"type":243,"label":244,"file":141,"line":251,"wp_function":245},"n3",357,{"id":253,"type":238,"label":254,"file":141,"line":255},"n4","$_COOKIE (x2)",113,{"id":257,"type":243,"label":244,"file":141,"line":258,"wp_function":245},"n5",4864,[260,262,263],{"from":237,"to":242,"sanitized":261},true,{"from":247,"to":250,"sanitized":261},{"from":253,"to":257,"sanitized":261},"low",{"summary":266,"deductions":267},"The \"dragon-ecommerce\" plugin v1.0.3 presents a generally positive security posture based on the static analysis. The plugin demonstrates strong practices by having no identified critical or high severity taint flows, no dangerous functions, no file operations, and no external HTTP requests. The output escaping is also at a respectable 78%, indicating a good effort to prevent cross-site scripting vulnerabilities. The absence of any known CVEs further contributes to this favorable assessment.\n\nHowever, there are significant areas for concern. The most prominent issue is the presence of SQL queries that are not using prepared statements. This single SQL query represents a direct risk of SQL injection vulnerabilities, as user-supplied data could be manipulated to alter the database's behavior or expose sensitive information. Furthermore, the complete lack of nonce checks and capability checks across all entry points (if any existed) is a critical oversight. While the current attack surface appears to be zero, if any entry points were to be introduced or discovered, they would be entirely unprotected against CSRF and unauthorized access.\n\nIn conclusion, while the plugin has avoided historical vulnerabilities and shows good output escaping, the unescaped SQL query and the absence of any security checks on potential entry points represent critical weaknesses. The current score is high due to the limited attack surface and lack of historical issues, but these specific code-level concerns significantly detract from its overall security.",[268,271,273],{"reason":269,"points":270},"Raw SQL query without prepared statements",7,{"reason":272,"points":32},"No nonce checks on potential entry points",{"reason":274,"points":32},"No capability checks on potential entry points","2026-04-16T14:15:45.351Z",{"wat":277,"direct":304},{"assetPaths":278,"generatorPatterns":301,"scriptPaths":302,"versionParams":303},[279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300],"\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fbootstrap.rtl.min.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fowl.carousel.min.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fslick.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fslick-theme.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fresponsive.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fanimate.min.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fmagnific-popup.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fnormalize.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Fhover-min.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fjquery-3.6.0.min.js","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fowl.carousel.min.js","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fslick.min.js","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fjquery.magnific-popup.min.js","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fwow.min.js","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fisotope.min.js","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fcountdown.js","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fcustom.js","\u002Fwp-content\u002Fplugins\u002Fdragon-ecommerce\u002Fassets\u002Fjs\u002Fmain.js",[],[291,292,293,294,295,296,297,298,299,300],[],{"cssClasses":305,"htmlComments":312,"htmlAttributes":313,"restEndpoints":314,"jsGlobals":315,"shortcodeOutput":316},[306,307,308,309,310,311],"nohttps","nomysqli","dragonecommercezyx987_hidden","dragonecommercezyx987_loginuserbysubmitform","dragonecommercezyx987_logoutuserbysubmitform","dragonecommercezyx987_setcookiebysubmitform",[],[308,309,310,311],[],[],[],{"error":261,"url":318,"statusCode":319,"statusMessage":320,"message":320},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdragon-ecommerce\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":100,"versions":322},[323,329,335,342],{"version":6,"download_url":25,"svn_tag_url":324,"released_at":27,"has_diff":325,"diff_files_changed":326,"diff_lines":27,"trac_diff_url":327,"vulnerabilities":328,"is_current":261},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdragon-ecommerce\u002Ftags\u002F1.0.3\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdragon-ecommerce%2Ftags%2F1.0.2&new_path=%2Fdragon-ecommerce%2Ftags%2F1.0.3",[],{"version":42,"download_url":330,"svn_tag_url":331,"released_at":27,"has_diff":325,"diff_files_changed":332,"diff_lines":27,"trac_diff_url":333,"vulnerabilities":334,"is_current":325},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdragon-ecommerce.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdragon-ecommerce\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdragon-ecommerce%2Ftags%2F1.0.1&new_path=%2Fdragon-ecommerce%2Ftags%2F1.0.2",[],{"version":336,"download_url":337,"svn_tag_url":338,"released_at":27,"has_diff":325,"diff_files_changed":339,"diff_lines":27,"trac_diff_url":340,"vulnerabilities":341,"is_current":325},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdragon-ecommerce.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdragon-ecommerce\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdragon-ecommerce%2Ftags%2F1.0.0.0&new_path=%2Fdragon-ecommerce%2Ftags%2F1.0.1",[],{"version":343,"download_url":344,"svn_tag_url":345,"released_at":27,"has_diff":325,"diff_files_changed":346,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":347,"is_current":325},"1.0.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdragon-ecommerce.1.0.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdragon-ecommerce\u002Ftags\u002F1.0.0.0\u002F",[],[]]