[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-FgjxFsJNZQ4Dy-_Ur0yjk241-P7Ii50QUDRIN9aHig":3,"$fgQHc93weU0mJZDcb-g6WXiwmnM7mg6-xEjujB6FqW5w":373,"$f2gqkmy6IFxkZ6t473Ih28u4suM_sYRgHhZ9-LWbje7s":377},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":49,"crawl_stats":36,"alternatives":55,"analysis":163,"fingerprints":352},"express-pay","ExpressPay Payment Module","1.4.0","Сервис \"Экспресс Платежи\"","https:\u002F\u002Fprofiles.wordpress.org\u002Fexpresspayby\u002F","\u003Cp>Express Pay Payment Module is a WordPress plugin that integrates your website with Express Pay service, allowing you to accept payments through ERIP, bank cards, and E-POS methods.\u003C\u002Fp>\n\u003Cp>The plugin adds a payment form to your site using a shortcode and provides payment method settings and invoice management through the WordPress admin panel in the \u003Cstrong>Express Payments\u003C\u002Fstrong> menu.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add multiple payment methods in admin panel (ERIP, card, E-POS types)\u003C\u002Fli>\n\u003Cli>Display payment form on site using shortcode with customizable amount and payment description\u003C\u002Fli>\n\u003Cli>Generate invoice parameters and signatures (HMAC-SHA1) for Express Pay API v1\u003C\u002Fli>\n\u003Cli>Test mode support using sandbox environment and test credentials\u003C\u002Fli>\n\u003Cli>Incoming notification signature verification\u003C\u002Fli>\n\u003Cli>Allow customers to modify name, address, and amount during payment (optional)\u003C\u002Fli>\n\u003Cli>Send notifications to customers via email\u002FSMS (optional)\u003C\u002Fli>\n\u003Cli>Display QR code for ERIP\u002FE-POS payments\u003C\u002Fli>\n\u003Cli>Invoice list and payment status management in admin panel\u003C\u002Fli>\n\u003Cli>Support for multiple payment methods on one site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Database Tables\u003C\u002Fh4>\n\u003Cp>The plugin creates and uses the following WordPress database tables:\u003Cbr \u002F>\n* \u003Ccode>{$wpdb->prefix}expresspay_options\u003C\u002Fcode> — payment methods and their parameters\u003Cbr \u002F>\n* \u003Ccode>{$wpdb->prefix}expresspay_invoices\u003C\u002Fcode> — created invoices and their statuses\u003C\u002Fp>\n\u003Ch4>Notification Endpoint\u003C\u002Fh4>\n\u003Cp>For receiving payment notifications, the plugin uses WordPress AJAX endpoint:\u003Cbr \u002F>\n    \u002Fwp-admin\u002Fadmin-ajax.php?action=receive_notification&type_id=\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to WordPress admin panel \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Cstrong>Express Payments\u003C\u002Fstrong> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Cstrong>Settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add a new payment method by clicking “Add Payment Method”\u003C\u002Fli>\n\u003Cli>Configure the following parameters:\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>General Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Name\u003C\u002Fstrong> — Display name of payment method (e.g., “ExpressPay (ERIP)”)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Type\u003C\u002Fstrong> — Payment method type: \u003Ccode>erip\u003C\u002Fcode>, \u003Ccode>card\u003C\u002Fcode>, or \u003Ccode>epos\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token\u003C\u002Fstrong> — API access token from Express Pay service\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service ID\u003C\u002Fstrong> — Service number in Express Pay system\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secret Word\u003C\u002Fstrong> — Secret key for signing payment requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secret Word for Notification\u003C\u002Fstrong> — Secret key for verifying incoming notifications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API URLs\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>API URL\u003C\u002Fstrong> — Production API base URL (e.g., \u003Ccode>https:\u002F\u002Fapi.express-pay.by\u002Fv1\u002F\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sandbox URL\u003C\u002Fstrong> — Sandbox API base URL (e.g., \u003Ccode>https:\u002F\u002Fsandbox-api.express-pay.by\u002Fv1\u002F\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Mode\u003C\u002Fstrong> — Enable\u002Fdisable sandbox mode for testing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Payment Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>ERIP Path\u003C\u002Fstrong> — Path in ERIP tree shown to users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show QR Code\u003C\u002Fstrong> — Display QR code for ERIP\u002FE-POS payments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Use Signature for Notification\u003C\u002Fstrong> — Verify incoming notification signatures\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Can Change Name\u003C\u002Fstrong> — Allow customers to modify name during payment\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Can Change Address\u003C\u002Fstrong> — Allow customers to modify address during payment\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Can Change Amount\u003C\u002Fstrong> — Allow customers to modify amount during payment\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Send Email\u003C\u002Fstrong> — Send payment notifications via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Send SMS\u003C\u002Fstrong> — Send payment notifications via SMS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>E-POS Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Provider Code\u003C\u002Fstrong> — E-POS provider code\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service E-POS Code\u003C\u002Fstrong> — E-POS service code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch4>Adding Payment Form to Page\u003C\u002Fh4>\n\u003Cp>Create or edit a page and add the payment form shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[expresspay_payment amount=25.5 edit_amount=true info=\"Payment description\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode Parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>amount\u003C\u002Fstrong> — Payment amount (e.g., \u003Ccode>25.5\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>edit_amount\u003C\u002Fstrong> — Allow customer to change amount (e.g., \u003Ccode>true\u003C\u002Fcode> or \u003Ccode>false\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>info\u003C\u002Fstrong> — Payment description\u002Fpurpose\u003C\u002Fli>\n\u003Cli>\u003Cstrong>method_id\u003C\u002Fstrong> — Specific payment method ID (optional, shows all if not specified)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Payment Flow\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Customer visits page with payment form\u003C\u002Fli>\n\u003Cli>Customer selects payment method and enters details\u003C\u002Fli>\n\u003Cli>Customer submits payment\u003C\u002Fli>\n\u003Cli>Plugin generates invoice parameters and signature\u003C\u002Fli>\n\u003Cli>Customer is redirected to Express Pay service for payment\u003C\u002Fli>\n\u003Cli>After successful payment, customer is returned to the page\u003C\u002Fli>\n\u003Cli>Plugin verifies payment signature and marks invoice as paid\u003C\u002Fli>\n\u003Cli>Express Pay server sends additional notification webhook\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Testing in Sandbox Mode\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Enable \u003Cstrong>Test Mode\u003C\u002Fstrong> in payment method settings\u003C\u002Fli>\n\u003Cli>Verify that \u003Cstrong>Sandbox URL\u003C\u002Fstrong> is being used\u003C\u002Fli>\n\u003Cli>Complete test payment through Express Pay sandbox environment\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 4.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 5.6 or higher\u003C\u002Fli>\n\u003Cli>Outgoing HTTPS access to Express Pay API:\n\u003Cul>\n\u003Cli>Production: \u003Ccode>https:\u002F\u002Fapi.express-pay.by\u002Fv1\u002F\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Sandbox: \u003Ccode>https:\u002F\u002Fsandbox-api.express-pay.by\u002Fv1\u002F\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Public URL accessibility for receiving webhooks (if site is behind firewall or requires authentication, webhooks will not be delivered)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For installation and configuration instructions, visit:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fexpress-pay.by\u002Fcms-extensions\u002Fwordpress\" rel=\"nofollow ugc\">Express Pay CMS Extensions\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Watch video tutorials on our YouTube channel:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fc\u002Fexpress-pay-by\" rel=\"nofollow ugc\">Express Pay YouTube\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin code and documentation is proprietary and provided by Express Pay service.\u003Cbr \u002F>\nAll rights reserved. Please refer to LICENSE file in plugin directory for details.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to Express Pay service for payment processing:\u003Cbr \u002F>\n* Service URL: https:\u002F\u002Fexpress-pay.by\u002F\u003Cbr \u002F>\n* API Documentation: https:\u002F\u002Fexpress-pay.by\u002Fdocs\u002Fapi\u002Fv1\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fexpress-pay.by\u002Fdocs\u003C\u002Fp>\n\u003Cp>By using this plugin, you agree to Express Pay Terms of Service.\u003C\u002Fp>\n","WordPress plugin for accepting payments through Express Pay service via ERIP, bank cards and E-POS.",20,3000,0,"2026-04-08T13:13:00.000Z","6.9.4","4.0","5.6",[19,20,21,22],"bank-cards","e-pos","erip","payment","https:\u002F\u002Fexpress-pay.by\u002Fcms-extensions\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.4.0.zip",98,1,"2024-11-19 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":27,"updated_date":43,"references":44,"days_to_patch":46,"patch_diff_files":47,"patch_trac_url":36,"research_status":36,"research_verified":48,"research_rounds_completed":13,"research_plan":36,"research_summary":36,"research_vulnerable_code":36,"research_fix_diff":36,"research_exploit_outline":36,"research_model_used":36,"research_started_at":36,"research_completed_at":36,"research_error":36,"poc_status":36,"poc_video_id":36,"poc_summary":36,"poc_steps":36,"poc_tested_at":36,"poc_wp_version":36,"poc_php_version":36,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":48,"poc_model_used":36,"poc_verification_depth":36},"CVE-2024-52474","express-payments-module-unauthenticated-sql-injection-via-typeid","Express Payments Module \u003C= 1.1.8 - Unauthenticated SQL Injection via type_id","The Express Payments Module plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.1.8","1.1.9","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2024-11-26 17:40:26",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F74c169b9-4207-4cd8-89df-084db2bb947b?source=api-prod",8,[],false,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":52,"avg_patch_time_days":46,"trust_score":53,"computed_at":54},"expresspayby",4,100,94,"2026-05-20T08:58:47.959Z",[56,77,98,120,143],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":52,"num_ratings":26,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":75,"download_link":76,"security_score":52,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":28},"wc-postfinance-checkout-subscription","PostFinance Checkout Subscription","1.1.8","wallee","https:\u002F\u002Fprofiles.wordpress.org\u002Fcustomwebgmbh\u002F","\u003Cp>This plugin adds support to process WooCommerce Subscription with PostFinance Checkout.\u003C\u002Fp>\n\u003Cp>Customer behavior and desires in terms of product consumption have changed in the digital age.\u003Cbr \u002F>\nThey’re looking for new ways to engage with businesses. Consumers today have a new set of expectations.\u003Cbr \u002F>\nThey want outcomes, not ownership.\u003C\u002Fp>\n\u003Cp>Please note this plugin enhances the features of the basic PostFinance Checkout Payment Plugin.\u003Cbr \u002F>\nTherefore, it is necessary that you install the this plugin as well.\u003C\u002Fp>\n","Plugin to process Woocommerce Subscriptions with PostFinance Checkout.",10,1111,"2025-10-02T09:48:00.000Z","6.7.5","4.7","",[71,22,72,73,74],"e-commerce","postfinance-checkout","woocommerce","woocommerce-postfinance-checkout","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-postfinancecheckout-subscription","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-postfinance-checkout-subscription.1.1.8.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":53,"num_ratings":87,"last_updated":88,"tested_up_to":15,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":94,"download_link":95,"security_score":96,"vuln_count":51,"unpatched_count":13,"last_vuln_date":97,"fetched_at":28},"duplicate-post","Yoast Duplicate Post","4.6","Yoast","https:\u002F\u002Fprofiles.wordpress.org\u002Fyoast\u002F","\u003Cp>This plugin allows users to clone posts of any type, or copy them to new drafts for further editing.\u003C\u002Fp>\n\u003Cp>How it works:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>In ‘Edit Posts’\u002F’Edit Pages’, you can click on ‘Clone’ link below the post\u002Fpage title: this will immediately create a copy and return to the list.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In ‘Edit Posts’\u002F’Edit Pages’, you can select one or more items, then choose ‘Clone’ in the ‘Bulk Actions’ dropdown to copy them all at once.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In ‘Edit Posts’\u002F’Edit Pages’, you can click on ‘New Draft’ link below the post\u002Fpage title.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On the post edit screen, you can click on ‘Copy to a new draft’ above “Cancel”\u002F”Move to trash” or in the admin bar.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>While viewing a post as a logged in user, you can click on ‘Copy to a new draft’ in the admin bar.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>3, 4 and 5 will lead to the edit page for the new draft: change what you want, click on ‘Publish’ and you’re done.\u003C\u002Fp>\n\u003Cp>There is also a \u003Cstrong>template tag\u003C\u002Fstrong>, so you can put it in your templates and clone your posts\u002Fpages from the front-end. Clicking on the link will lead you to the edit page for the new draft, just like the admin bar link.\u003C\u002Fp>\n\u003Cp>Duplicate Post has many useful settings to customize its behavior and restrict its use to certain roles or post types. Check out the extensive documentation on \u003Ca href=\"https:\u002F\u002Fyoast.com\u002Fwordpress\u002Fplugins\u002Fduplicate-post\u002F\" rel=\"nofollow ugc\">yoast.com\u003C\u002Fa> and our \u003Ca href=\"https:\u002F\u002Fdeveloper.yoast.com\u002Fduplicate-post\u002Foverview\u002F\" rel=\"nofollow ugc\">developer docs\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you find this useful and if you want to contribute, there are two ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Submit your bug reports, suggestions and requests for features on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYoast\u002Fduplicate-post\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>;\u003C\u002Fli>\n\u003Cli>If you want to translate it to your language (there are just a few lines of text), you can use the \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fduplicate-post\" rel=\"nofollow ugc\">translation project\u003C\u002Fa>;\u003C\u002Fli>\n\u003C\u002Fol>\n","The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature.",4000000,38996013,529,"2026-03-09T10:34:00.000Z","6.8","7.4",[92,93,78],"clone","copy","https:\u002F\u002Fyoast.com\u002Fwordpress\u002Fplugins\u002Fduplicate-post\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduplicate-post.4.6.zip",90,"2026-03-17 20:54:49",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":15,"requires_at_least":111,"requires_php":69,"tags":112,"homepage":116,"download_link":117,"security_score":25,"vuln_count":118,"unpatched_count":13,"last_vuln_date":119,"fetched_at":28},"duplicate-page","Duplicate Page","4.5.7","mndpsingh287","https:\u002F\u002Fprofiles.wordpress.org\u002Fmndpsingh287\u002F","\u003Cp>Duplicate Posts, Pages and Custom Posts easily using single click. You can duplicate your pages, posts and custom post by just one click and it will save as your selected options (draft, private, public, pending).\u003C\u002Fp>\n\u003Ch4>Key Features in Duplicate Page Pro Editions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>User Roles:\u003C\u002Fstrong> Allow User Roles To access Duplicate Page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Types:\u003C\u002Fstrong> Filter to show Duplicate Page link in post types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clone Link Location:\u003C\u002Fstrong> Option where to show clone link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Status:\u003C\u002Fstrong> Option to select Duplicate Posts Status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection:\u003C\u002Fstrong> Option to Redirect after click on clone link..\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clone Link Title:\u003C\u002Fstrong> Option to change Duplicate Post Link Title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Prefix:\u003C\u002Fstrong> Option to add Post Prefix.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Suffix:\u003C\u002Fstrong> Option to add Post Suffix.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editor\u003C\u002Fstrong>: And Many More Filters and Features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduplicatepro.com\u002Fpro\u002F?utm_source=Wordpress.org&utm_medium=Website&utm_campaign=Duplicate%20Page%20Pro\" rel=\"nofollow ugc\">Buy Pro Version\u003C\u002Fa>\u003C\u002Fstrong> with various features & support.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduplicatepro.com\u002Fcontact\u002F?utm_source=Wordpress.org&utm_medium=Website&utm_campaign=Duplicate%20Page%20Pro\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>\u003C\u002Fstrong> for Support Only Pro Version Users.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduplicatepro.com\u002Fpro\u002F?utm_source=Wordpress.org&utm_medium=Website&utm_campaign=Duplicate%20Page%20Pro\" rel=\"nofollow ugc\">Upgrade to Pro Version\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFj8BHxvebXs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Col>\n\u003Cli>First Activate Plugin.\u003C\u002Fli>\n\u003Cli>Go Select to Duplicate Page settings Menu from Settings Tab and savings settings. \u003C\u002Fli>\n\u003Cli>Then Create New Post\u002FPage or Use old.\u003C\u002Fli>\n\u003Cli>After click on duplicate this link, then duplicate post\u002F page will be created and saved as draft,publish,pending,private depending upon settings.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Minimum requirements for Duplicate Page\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 3.3+\u003C\u002Fli>\n\u003Cli>PHP 5.x\u003C\u002Fli>\n\u003Cli>MySQL 5.x\u003C\u002Fli>\n\u003C\u002Ful>\n","Duplicate Posts, Pages and Custom Posts easily using single click",3000000,37401635,96,449,"2026-03-19T10:33:00.000Z","3.4",[113,99,78,114,115],"duplicate-custom-posts","page-duplicate","post-duplicate","https:\u002F\u002Fduplicatepro.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduplicate-page.zip",3,"2021-08-28 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":15,"requires_at_least":133,"requires_php":90,"tags":134,"homepage":138,"download_link":139,"security_score":140,"vuln_count":141,"unpatched_count":13,"last_vuln_date":142,"fetched_at":28},"woocommerce-payments","WooPayments: Integrated WooCommerce Payments","10.6.0","WooCommerce","https:\u002F\u002Fprofiles.wordpress.org\u002Fwoocommerce\u002F","\u003Cp>\u003Cstrong>Payments made simple, with no monthly fees – designed exclusively for WooCommerce stores.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Securely accept major credit and debit cards, and allow customers to pay you directly without leaving your WooCommerce store. View and manage transactions from one convenient place – your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>See payments, track cash flow into your bank account, manage refunds, and stay on top of disputes without the hassle of having to log into a separate payment processor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage transactions from the comfort of your store\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Features previously only available on your payment provider’s website are now part of your store’s \u003Cstrong>integrated payments dashboard\u003C\u002Fstrong>. This enables you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View the details of \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoopayments\u002Fmanaging-money\u002F\" rel=\"nofollow ugc\">payments, refunds, and other transactions\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>View and respond to \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoopayments\u002Ffraud-and-disputes\u002Fmanaging-disputes\u002F\" rel=\"nofollow ugc\">disputes and chargebacks\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoopayments\u002Fpayouts\u002F\" rel=\"nofollow ugc\">Track payouts\u003C\u002Fa> into your bank account or debit card.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Pay as you go\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WooPayments is \u003Cstrong>free to install\u003C\u002Fstrong>, with \u003Cstrong>no setup fees or monthly fees\u003C\u002Fstrong>. Our pay-as-you-go pricing model means we’re incentivized to help you succeed! \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoopayments\u002Ffees\u002F\" rel=\"nofollow ugc\">Read more about transaction fees\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported by the WooCommerce team\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Our global support team is available to answer questions you may have about WooPayments installation, setup, or use. For assistance, \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fmy-account\u002Fcontact-support\u002F?select=5278104\" rel=\"nofollow ugc\">open a ticket on woocommerce.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Getting Started\u003C\u002Fh3>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 6.0 or newer.\u003C\u002Fli>\n\u003Cli>WooCommerce 7.6 or newer.\u003C\u002Fli>\n\u003Cli>PHP 7.3 or newer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Try it now\u003C\u002Fh4>\n\u003Cp>To try WooPayments (previously WooCommerce Payments) on your store, simply \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce-payments\u002F#installation\" rel=\"ugc\">install it\u003C\u002Fa> and follow the prompts. Please see our \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoopayments\u002Fstartup-guide\u002F\" rel=\"nofollow ugc\">Startup Guide\u003C\u002Fa> for a full walkthrough of the process.\u003C\u002Fp>\n","Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.",900000,42522589,62,145,"2026-03-11T15:29:00.000Z","6.0",[135,136,137,22,121],"apple-pay","credit-card","google-pay","https:\u002F\u002Fwoocommerce.com\u002Fpayments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-payments.10.6.0.zip",89,7,"2026-03-30 16:13:16",{"slug":144,"name":145,"version":146,"author":124,"author_profile":125,"description":147,"short_description":148,"active_installs":149,"downloaded":150,"rating":151,"num_ratings":152,"last_updated":153,"tested_up_to":154,"requires_at_least":155,"requires_php":90,"tags":156,"homepage":160,"download_link":161,"security_score":52,"vuln_count":26,"unpatched_count":13,"last_vuln_date":162,"fetched_at":28},"woocommerce-paypal-payments","WooCommerce PayPal Payments","4.0.2","\u003Cp>WooCommerce PayPal Payments is an \u003Cstrong>all-in-one solution\u003C\u002Fstrong> to help you \u003Cstrong>maximize conversions\u003C\u002Fstrong> by offering PayPal, Venmo (US), Pay Later options, credit and debit cards, and more.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instant access\u003C\u002Fstrong> to funds while payment is processing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fraud detection\u003C\u002Fstrong> and \u003Cstrong>global compliance\u003C\u002Fstrong> (including PCI, PSD2, and 3D Secure).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Faster checkout\u003C\u002Fstrong> via PayPal buttons on product pages and in-cart.\u003C\u002Fli>\n\u003Cli>Convenience to \u003Cstrong>pay over time\u003C\u002Fstrong> with PayPal Pay Later.\u003C\u002Fli>\n\u003Cli>Allow Venmo shoppers (US only) to \u003Cstrong>share purchases\u003C\u002Fstrong> with friends.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Standard\u003C\u002Fstrong> and \u003Cstrong>Advanced Card Processing\u003C\u002Fstrong> options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Country-specific\u003C\u002Fstrong> payment methods to build global trust.\u003C\u002Fli>\n\u003Cli>Multiple \u003Cstrong>subscription payment\u003C\u002Fstrong> options to help drive repeat business.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get started\u003C\u002Fh4>\n\u003Cp>If you’re new to PayPal, \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoocommerce-paypal-payments\u002F\" rel=\"nofollow ugc\">add it to your store today\u003C\u002Fa>. Existing user? \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoocommerce-paypal-payments\u002Fpaypal-payments-upgrade-guide\u002F\" rel=\"nofollow ugc\">Upgrade your integration\u003C\u002Fa> now to access these exciting new features.\u003C\u002Fp>\n\u003Ch4>It pays to PayPal\u003C\u002Fh4>\n\u003Cp>Get \u003Cstrong>instant access to funds\u003C\u002Fstrong> in your PayPal business account while payment is processing. Save time and money with \u003Cstrong>fraud detection\u003C\u002Fstrong> and Seller Protection features†.\u003C\u002Fp>\n\u003Cp>Plus, you’ll meet \u003Cstrong>global compliance standards\u003C\u002Fstrong> (such as PCI, PSD2, SCA, and 3D Secure), bringing international markets within reach.\u003C\u002Fp>\n\u003Cp>†Available on eligible purchases. Limits apply.\u003C\u002Fp>\n\u003Ch4>Flexible payment options\u003C\u002Fh4>\n\u003Cp>Shoppers are nearly \u003Cstrong>three times more likely to buy\u003C\u002Fstrong> when you offer PayPal.¹ Increase conversions by automatically \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoocommerce-paypal-payments\u002F#section-35\" rel=\"nofollow ugc\">displaying PayPal buttons\u003C\u002Fa> on product pages, in-cart, and at checkout.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoocommerce-paypal-payments\u002F#pay-later\" rel=\"nofollow ugc\">PayPal Pay Later\u003C\u002Fa> options help boost conversion rates and \u003Cstrong>increase cart sizes by 39%\u003C\u002Fstrong>.² Let customers pay over time while you get paid upfront — at no additional cost. Available in select countries. \u003Ca href=\"https:\u002F\u002Fdeveloper.paypal.com\u002Fdocs\u002Fcheckout\u002Fpay-later\u002Fus\u002F\" rel=\"nofollow ugc\">Learn more about Pay Later messaging\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Venmo users spend 2.2 times more annually\u003C\u002Fstrong> on online purchases than other online buyers.³ Now you can \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoocommerce-paypal-payments\u002F#pay-with-venmo\" rel=\"nofollow ugc\">reach Venmo shoppers\u003C\u002Fa> (US only) and allow them to share their purchases with friends.\u003C\u002Fp>\n\u003Ch4>Country-specific payments\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard Card Processing:\u003C\u002Fstrong> Suitable for all business and personal seller accounts. Card transactions are managed via a prebuilt user experience, simplifying compliance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Card Processing:\u003C\u002Fstrong> Customize the look, feel, and placement of debit and credit card payment fields. You can also use fraud protection tools to set up personal risk tolerance filters.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Earn recurring revenue through subscriptions\u003C\u002Fh4>\n\u003Cp>Drive repeat business for stable, predictable income using \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fwoocommerce-subscriptions\u002F\" rel=\"nofollow ugc\">WooCommerce Subscriptions\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fwebapps\u002Fmpp\u002Fsubscription-payments\" rel=\"nofollow ugc\">PayPal Subscriptions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You can also use PayPal’s \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Fbrc\u002Farticle\u002Fsecurely-store-payments\" rel=\"nofollow ugc\">Vaulting\u003C\u002Fa> feature to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Offer flexible plans with fixed or quantity-based pricing.\u003C\u002Fli>\n\u003Cli>Set billing cycles for any period.\u003C\u002Fli>\n\u003Cli>Offer discounted trial periods or prorated payments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With no monthly or setup fees, it’s simple for your customers — and \u003Cstrong>great for your business\u003C\u002Fstrong> (\u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fwoocommerce-paypal-payments\u002F#get-vaulting-approval\" rel=\"nofollow ugc\">account approval required\u003C\u002Fa>).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Legal Disclosures:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>*For Australian users, the PayPal service is provided by PayPal Australia Pty Limited AFSL 304962. Any information provided is general only and does not take into account your objectives, financial situation, or needs. Please read and consider the CFSGPDS (paypal.com.au) before acquiring or using the service. See website for TMD.\u003C\u002Fp>\n\u003Col>\n\u003Cli>An online study commissioned by PayPal and conducted by Netfluential in November 2020, involving 1,000 US online shoppers ages 18-39.\u003C\u002Fli>\n\u003Cli>PayPal Q2 Earnings 2021.\u003C\u002Fli>\n\u003Cli>Edison Trends commissioned by PayPal, April 2020 to March 2021. Edison Trends conducted a behavioral panel of email receipts from 306,939 US consumers and 3.4+ M purchases at a vertical level between Pay with Venmo and non-Venmo users during a 12-month period.\u003C\u002Fli>\n\u003C\u002Fol>\n","PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit\u002Fdebit cards, alternative digital wallets and bank accounts.",800000,24838061,56,539,"2026-04-02T14:59:00.000Z","7.0","6.5",[136,157,158,159,73],"ecommerce","payments","paypal","https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fwoocommerce-paypal-payments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-paypal-payments.4.0.2.zip","2023-06-20 00:00:00",{"attackSurface":164,"codeSignals":209,"taintFlows":229,"riskAssessment":341,"analyzedAt":351},{"hooks":165,"ajaxHandlers":172,"restRoutes":201,"shortcodes":202,"cronEvents":207,"entryPointCount":64,"unprotectedCount":208},[166],{"type":167,"name":168,"callback":169,"file":170,"line":171},"action","admin_menu","expresspay_add_plugin_menu","expresspay.payment.php",44,[173,177,180,184,186,190,192,195,197],{"action":174,"nopriv":48,"callback":175,"hasNonce":48,"hasCapCheck":48,"file":170,"line":176},"expresspay_receive_notification","receive_notification",50,{"action":174,"nopriv":178,"callback":175,"hasNonce":48,"hasCapCheck":48,"file":170,"line":179},true,51,{"action":181,"nopriv":48,"callback":182,"hasNonce":48,"hasCapCheck":48,"file":170,"line":183},"expresspay_get_form_data","get_form_data",54,{"action":181,"nopriv":178,"callback":182,"hasNonce":48,"hasCapCheck":48,"file":170,"line":185},55,{"action":187,"nopriv":48,"callback":188,"hasNonce":48,"hasCapCheck":48,"file":170,"line":189},"expresspay_check_invoice","check_invoice",58,{"action":187,"nopriv":178,"callback":188,"hasNonce":48,"hasCapCheck":48,"file":170,"line":191},59,{"action":193,"nopriv":48,"callback":194,"hasNonce":48,"hasCapCheck":48,"file":170,"line":130},"expresspay_get_test_mode_params","get_test_mode_params",{"action":193,"nopriv":178,"callback":194,"hasNonce":48,"hasCapCheck":48,"file":170,"line":196},63,{"action":198,"nopriv":48,"callback":199,"hasNonce":48,"hasCapCheck":48,"file":170,"line":200},"expresspay_payment_options","payment_setting_options",65,[],[203],{"tag":204,"callback":205,"file":170,"line":206},"expresspay_payment","payment_callback",47,[],9,{"dangerousFunctions":210,"sqlUsage":211,"outputEscaping":214,"fileOperations":226,"externalRequests":26,"nonceChecks":227,"capabilityChecks":26,"bundledLibraries":228},[],{"prepared":212,"raw":13,"locations":213},15,[],{"escaped":215,"rawEcho":118,"locations":216},373,[217,221,223],{"file":218,"line":219,"context":220},"src\u002Fclass.expresspay.payment.php",163,"raw output",{"file":218,"line":222,"context":220},260,{"file":224,"line":225,"context":220},"src\u002Fclass.payment.settings.php",201,2,5,[],[230,249,263,273,282,295,303,314,331],{"entryPoint":231,"graph":232,"unsanitizedCount":26,"severity":248},"\u003Cclass.expresspay> (class.expresspay.php:0)",{"nodes":233,"edges":246},[234,240],{"id":235,"type":236,"label":237,"file":238,"line":239},"n0","source","$_SERVER","class.expresspay.php",421,{"id":241,"type":242,"label":243,"file":238,"line":244,"wp_function":245},"n1","sink","file_put_contents() [File Write]",426,"file_put_contents",[247],{"from":235,"to":241,"sanitized":48},"medium",{"entryPoint":250,"graph":251,"unsanitizedCount":13,"severity":262},"get_form_data (src\u002Fclass.expresspay.payment.php:47)",{"nodes":252,"edges":260},[253,256],{"id":235,"type":236,"label":254,"file":218,"line":255},"$_REQUEST",64,{"id":241,"type":242,"label":257,"file":218,"line":258,"wp_function":259},"get_row() [SQLi]",69,"get_row",[261],{"from":235,"to":241,"sanitized":178},"low",{"entryPoint":264,"graph":265,"unsanitizedCount":13,"severity":262},"check_invoice (src\u002Fclass.expresspay.payment.php:174)",{"nodes":266,"edges":271},[267,269],{"id":235,"type":236,"label":254,"file":218,"line":268},188,{"id":241,"type":242,"label":257,"file":218,"line":270,"wp_function":259},200,[272],{"from":235,"to":241,"sanitized":178},{"entryPoint":274,"graph":275,"unsanitizedCount":13,"severity":262},"\u003Cclass.expresspay.payment> (src\u002Fclass.expresspay.payment.php:0)",{"nodes":276,"edges":280},[277,279],{"id":235,"type":236,"label":278,"file":218,"line":255},"$_REQUEST (x3)",{"id":241,"type":242,"label":257,"file":218,"line":258,"wp_function":259},[281],{"from":235,"to":241,"sanitized":178},{"entryPoint":283,"graph":284,"unsanitizedCount":13,"severity":262},"payment_setting_options (src\u002Fclass.payment.settings.list.php:49)",{"nodes":285,"edges":293},[286,289],{"id":235,"type":236,"label":237,"file":287,"line":288},"src\u002Fclass.payment.settings.list.php",132,{"id":241,"type":242,"label":290,"file":287,"line":291,"wp_function":292},"update_option() [Settings Manipulation]",133,"update_option",[294],{"from":235,"to":241,"sanitized":178},{"entryPoint":296,"graph":297,"unsanitizedCount":13,"severity":262},"\u003Cclass.payment.settings.list> (src\u002Fclass.payment.settings.list.php:0)",{"nodes":298,"edges":301},[299,300],{"id":235,"type":236,"label":237,"file":287,"line":288},{"id":241,"type":242,"label":290,"file":287,"line":291,"wp_function":292},[302],{"from":235,"to":241,"sanitized":178},{"entryPoint":304,"graph":305,"unsanitizedCount":13,"severity":262},"get_payment_setting_page (src\u002Fclass.payment.settings.php:10)",{"nodes":306,"edges":312},[307,310],{"id":235,"type":236,"label":308,"file":224,"line":309},"$_GET",22,{"id":241,"type":242,"label":257,"file":224,"line":311,"wp_function":259},37,[313],{"from":235,"to":241,"sanitized":178},{"entryPoint":315,"graph":316,"unsanitizedCount":13,"severity":262},"\u003Cclass.payment.settings> (src\u002Fclass.payment.settings.php:0)",{"nodes":317,"edges":328},[318,319,320,324],{"id":235,"type":236,"label":308,"file":224,"line":309},{"id":241,"type":242,"label":257,"file":224,"line":311,"wp_function":259},{"id":321,"type":236,"label":322,"file":224,"line":323},"n2","$_POST",97,{"id":325,"type":242,"label":326,"file":224,"line":225,"wp_function":327},"n3","echo() [XSS]","echo",[329,330],{"from":235,"to":241,"sanitized":178},{"from":321,"to":325,"sanitized":178},{"entryPoint":332,"graph":333,"unsanitizedCount":26,"severity":39},"receive_notification (src\u002Fclass.expresspay.payment.php:328)",{"nodes":334,"edges":339},[335,337],{"id":235,"type":236,"label":254,"file":218,"line":336},344,{"id":241,"type":242,"label":257,"file":218,"line":338,"wp_function":259},355,[340],{"from":235,"to":241,"sanitized":48},{"summary":342,"deductions":343},"The express-pay plugin v1.4.0 exhibits a mixed security posture. On the positive side, it demonstrates strong practices with 100% of its SQL queries using prepared statements and nearly all output being properly escaped, indicating good defense against common web vulnerabilities. The absence of dangerous functions and bundled outdated libraries is also encouraging.\n\nHowever, significant concerns arise from the attack surface. With a total of 10 entry points, a concerning 9 of them are AJAX handlers that lack authentication checks. This creates a substantial vulnerability if these handlers are susceptible to manipulation. The taint analysis further highlights this, revealing one high-severity flow, which, when combined with the unprotected AJAX handlers, suggests a potential for exploitation. The vulnerability history, including a past high-severity SQL injection vulnerability, reinforces the need for vigilance, especially regarding input validation and access control, even though the current version has no unpatched CVEs.\n\nIn conclusion, while the plugin employs good practices in SQL and output handling, the numerous unprotected AJAX endpoints represent a critical weakness. The past SQL injection vulnerability and the current high-severity taint flow necessitate careful review and remediation of these access control issues to mitigate the risk of unauthorized actions.",[344,346,349],{"reason":345,"points":64},"9 unprotected AJAX handlers",{"reason":347,"points":348},"1 high severity taint flow",12,{"reason":350,"points":212},"1 high severity historical CVE","2026-04-16T11:26:31.458Z",{"wat":353,"direct":364},{"assetPaths":354,"generatorPatterns":358,"scriptPaths":359,"versionParams":360},[355,356,357],"\u002Fwp-content\u002Fplugins\u002Fexpress-pay\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fexpress-pay\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fexpress-pay\u002Fcss\u002Fadmin.css",[],[],[361,362,363],"express-pay\u002Fcss\u002Fstyles.css?ver=","express-pay\u002Fcss\u002Fbootstrap.min.css?ver=","express-pay\u002Fcss\u002Fadmin.css?ver=",{"cssClasses":365,"htmlComments":366,"htmlAttributes":367,"restEndpoints":368,"jsGlobals":370,"shortcodeOutput":371},[],[],[],[369],"\u002Fwp-json\u002Fexpresspay\u002F",[],[372],"[expresspay_payment]",{"error":178,"url":374,"statusCode":375,"statusMessage":376,"message":376},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fexpress-pay\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":378,"versions":379},14,[380,385,392,399,405,412,420,428,436,444,452,460,468,476],{"version":6,"download_url":24,"svn_tag_url":381,"released_at":36,"has_diff":48,"diff_files_changed":382,"diff_lines":36,"trac_diff_url":383,"vulnerabilities":384,"is_current":178},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.3.0&new_path=%2Fexpress-pay%2Ftags%2F1.4.0",[],{"version":386,"download_url":387,"svn_tag_url":388,"released_at":36,"has_diff":48,"diff_files_changed":389,"diff_lines":36,"trac_diff_url":390,"vulnerabilities":391,"is_current":48},"1.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.2.1&new_path=%2Fexpress-pay%2Ftags%2F1.3.0",[],{"version":393,"download_url":394,"svn_tag_url":395,"released_at":36,"has_diff":48,"diff_files_changed":396,"diff_lines":36,"trac_diff_url":397,"vulnerabilities":398,"is_current":48},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.9&new_path=%2Fexpress-pay%2Ftags%2F1.2.1",[],{"version":38,"download_url":400,"svn_tag_url":401,"released_at":36,"has_diff":48,"diff_files_changed":402,"diff_lines":36,"trac_diff_url":403,"vulnerabilities":404,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.8&new_path=%2Fexpress-pay%2Ftags%2F1.1.9",[],{"version":59,"download_url":406,"svn_tag_url":407,"released_at":36,"has_diff":48,"diff_files_changed":408,"diff_lines":36,"trac_diff_url":409,"vulnerabilities":410,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.7&new_path=%2Fexpress-pay%2Ftags%2F1.1.8",[411],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":413,"download_url":414,"svn_tag_url":415,"released_at":36,"has_diff":48,"diff_files_changed":416,"diff_lines":36,"trac_diff_url":417,"vulnerabilities":418,"is_current":48},"1.1.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.6&new_path=%2Fexpress-pay%2Ftags%2F1.1.7",[419],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":421,"download_url":422,"svn_tag_url":423,"released_at":36,"has_diff":48,"diff_files_changed":424,"diff_lines":36,"trac_diff_url":425,"vulnerabilities":426,"is_current":48},"1.1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.5&new_path=%2Fexpress-pay%2Ftags%2F1.1.6",[427],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":429,"download_url":430,"svn_tag_url":431,"released_at":36,"has_diff":48,"diff_files_changed":432,"diff_lines":36,"trac_diff_url":433,"vulnerabilities":434,"is_current":48},"1.1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.4&new_path=%2Fexpress-pay%2Ftags%2F1.1.5",[435],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":437,"download_url":438,"svn_tag_url":439,"released_at":36,"has_diff":48,"diff_files_changed":440,"diff_lines":36,"trac_diff_url":441,"vulnerabilities":442,"is_current":48},"1.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.3&new_path=%2Fexpress-pay%2Ftags%2F1.1.4",[443],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":445,"download_url":446,"svn_tag_url":447,"released_at":36,"has_diff":48,"diff_files_changed":448,"diff_lines":36,"trac_diff_url":449,"vulnerabilities":450,"is_current":48},"1.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.2&new_path=%2Fexpress-pay%2Ftags%2F1.1.3",[451],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":453,"download_url":454,"svn_tag_url":455,"released_at":36,"has_diff":48,"diff_files_changed":456,"diff_lines":36,"trac_diff_url":457,"vulnerabilities":458,"is_current":48},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.1&new_path=%2Fexpress-pay%2Ftags%2F1.1.2",[459],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":461,"download_url":462,"svn_tag_url":463,"released_at":36,"has_diff":48,"diff_files_changed":464,"diff_lines":36,"trac_diff_url":465,"vulnerabilities":466,"is_current":48},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.1.0&new_path=%2Fexpress-pay%2Ftags%2F1.1.1",[467],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":469,"download_url":470,"svn_tag_url":471,"released_at":36,"has_diff":48,"diff_files_changed":472,"diff_lines":36,"trac_diff_url":473,"vulnerabilities":474,"is_current":48},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fexpress-pay%2Ftags%2F1.0.0&new_path=%2Fexpress-pay%2Ftags%2F1.1.0",[475],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38},{"version":477,"download_url":478,"svn_tag_url":479,"released_at":36,"has_diff":48,"diff_files_changed":480,"diff_lines":36,"trac_diff_url":36,"vulnerabilities":481,"is_current":48},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-pay.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fexpress-pay\u002Ftags\u002F1.0.0\u002F",[],[482],{"id":32,"url_slug":33,"title":34,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":38}]