[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEngqSJFAnenyW98ziXSaTaRxl6TjH0WzZvPtxZDj9mM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":55,"analysis":149,"fingerprints":728},"g-ffl-checkout","g-FFL Checkout","2.1.4","garidium","https:\u002F\u002Fprofiles.wordpress.org\u002Fgaridium\u002F","\u003Ch3>Built by a FFL, for FFL’s. This plugin will add a FFL search & selection widget to your checkout page for products requiring FFL Shipment.\u003C\u002Fh3>\n\u003Cp>FFL Checkout was originally built to meet the operational needs of my own FFL business. Over time, it has grown into the most complete FFL Checkout solution for WooCommerce — refined through input from hundreds of licensed dealers. The plugin empowers FFLs to stay compliant by capturing required information, enforcing shipping restrictions, and guiding customers through the purchasing process for firearms and ammunition. See the plugin in-action on \u003Ca href=\"https:\u002F\u002Fgaridium.com\" rel=\"nofollow ugc\">garidium.com\u003C\u002Fa>, and make sure to look at the FAQ section. Thank You, Gary (FFL Cockpit\u002FCheckout Founder)\u003C\u002Fp>\n\u003Ch3>Feature Highlights:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Advanced FFL Search & Selection\u003C\u002Fstrong> – Easy-to-use FFL searching by zip code, distance, and name with intelligent list view on checkout page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Interactive Mapping\u003C\u002Fstrong> – Optional map view with no Google Maps API key required, reducing costs and complexity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mixed Cart Intelligence\u003C\u002Fstrong> – Seamlessly handle orders with both FFL and non-FFL items, automatically managing shipping addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>State Compliance Management\u003C\u002Fstrong> – Configurable ammunition compliance with automatic FFL routing for restricted states\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Document Management System\u003C\u002Fstrong> – Secure customer upload portal for state licenses (FID\u002FFOID\u002FFSC cards) with state-specific requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>C&R License Integration\u003C\u002Fstrong> – Direct API validation and document management for Curio & Relic licenses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>FFL Dealer Controls\u003C\u002Fstrong> – Blacklist problematic dealers and prioritize customer favorite FFLs in search results\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Address Validation & Security\u003C\u002Fstrong> – PO Box blocking, billing\u002Fshipping address matching enforcement, and name verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>State Shipping Restrictions\u003C\u002Fstrong> – Block firearms, ammunition, or all products by state with custom error messaging\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Order Management\u003C\u002Fstrong> – One-click ATF ezCheck integration, FFL document upload\u002Fdownload, and comprehensive order details\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure eFile System\u003C\u002Fstrong> – Crowd-sourced FFL document storage with protected access for streamlined fulfillment\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Compliance\u003C\u002Fstrong> – Automatic detection of document requirements based on shipping state and cart contents\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Subscription Required\u003C\u002Fh3>\n\u003Cp>While the plugin is free to download and install, it does require you to purchase a subscription. The plugin will not be useful without the subscription allows the plugin to connect to the required data services, providing the following features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Access to a database we manage that synchronizes weekly to the ATF FFL database\u003C\u002Fli>\n\u003Cli>Access to the eFile system to download and upload FFL documentation\u003C\u002Fli>\n\u003Cli>Access to Mapping and Geocoding features for displaying FFL locations on a map\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>To purchase a key, visit the g-FFL Checkout product page:\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffflcockpit.com\u002Fffl-checkout\u002F\" rel=\"nofollow ugc\">FFL Checkout Product Page\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Please review our Terms and Conditions:\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffflcockpit.com\u002Fterms_of_sale\u002F\" rel=\"nofollow ugc\">Terms and Conditions\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Troubleshooting Guide\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffflcockpit.com\u002Fproblem-displaying-checkout-have-a-new-site\u002F\" rel=\"nofollow ugc\">Click here for the Installation\u002FTroubleshooting Guide\u003C\u002Fa>\u003C\u002Fp>\n","Built by a FFL, for FFL's. This plugin will add a FFL search & selection widget to your checkout page for products requiring FFL Shipment.",600,12288,100,4,"2026-02-21T17:06:00.000Z","6.9.4","5.0","7.0",[20,21,22,23,24],"ecommerce-checkout","ffl","ffl-gun-dealers","map-api","woocommerce","http:\u002F\u002Fgaridium.com\u002Fg-ffl-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fg-ffl-checkout.2.1.4.zip",94,1,0,"2026-01-15 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-68001","g-ffl-checkout-unauthenticated-arbitrary-file-upload","g-FFL Checkout \u003C= 2.1.0 - Unauthenticated Arbitrary File Upload","The g-FFL Checkout plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",null,"\u003C=2.1.0","2.1.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2026-01-19 20:32:16",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffbc8c188-dd68-481c-9584-f9d856db8b7d?source=api-prod",5,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":14,"trust_score":53,"computed_at":54},2,1100,96,97,"2026-04-04T15:38:04.298Z",[56,77,97,114,133],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":74,"download_link":75,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":76},"ff-dealers","FFL Dealers","2.0.2","Shafiq","https:\u002F\u002Fprofiles.wordpress.org\u002Fshafiqul6171\u002F","\u003Cp>FFL Dealers WooCommerce plugin only works on the websites that has WooCommerce plugin. These eCommerce stores can implement user-friendly features that benefit the dealers and their customers. FFL Dealers provides a service that everybody needs in the process of buying FFL products online. the plugin will provide you very latest dealers information nearby you. the plugin has more than 80  thousands unique dealers available and dealers information will be updating  from atf.gov in every month automatically.  it’s totally free of cost\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fffl.fraxzon.com\u002Fffl-dealer-ducumentation\u002F\" rel=\"nofollow ugc\">Learn More\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Free of cost\u003C\u002Fh3>\n\u003Cp>the plugin is created  totaly with free of cost and no need instalation fee.\u003C\u002Fp>\n\u003Ch3>Checkout modal\u003C\u002Fh3>\n\u003Cp>you can show or hide modal in checkout page for displaying company message. you can change color of modal. you can use banner or text in the modal.\u003C\u002Fp>\n\u003Ch3>Map icon\u003C\u002Fh3>\n\u003Cp>There is a default icon for google map locator. you can change the icon from setting page easily.\u003C\u002Fp>\n\u003Ch3>show map by specific category\u003C\u002Fh3>\n\u003Cp>you can show dealers locator map under specific category in checkout page.\u003C\u002Fp>\n\u003Ch3>Blacklist\u003C\u002Fh3>\n\u003Cp>You can hide some licenses and zipcode from search\u003C\u002Fp>\n\u003Ch3>Deafault Dealers\u003C\u002Fh3>\n\u003Cp>You can show some dealers in checkout page after loading the checkout page.\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fffl.fraxzon.com\u002Fcheckout\u002F?production=fiddlys-ak-4\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshafiq6171\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Licence\u003C\u002Fh3>\n\u003Cp>GPL Version 3\u003C\u002Fp>\n","FFL Dealers  simplifies the checkout phase on online gun stores that can implement user-friendly features for the benefit to the dealers and their cus &hellip;",10,2242,3,"","6.5.8","5.8","7.4",[72,20,73,22,24],"atf-gov","ffl-dealers","https:\u002F\u002Ffraxzon.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fff-dealers.2.0.2.zip","2026-03-15T10:48:56.248Z",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":64,"last_updated":88,"tested_up_to":89,"requires_at_least":69,"requires_php":70,"tags":90,"homepage":95,"download_link":96,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"advance-bank-payment-transfer-gateway","Advance Bank Payment Transfer Gateway","1.0.0","Ramesh Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeveloperramesh\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Requires: WooCommerce 2.1+\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin clones the Direct Bank Transfer gateway to create another offline payment method. This can be used to create a testing payment method if you use the Advance Bank Transfer gateway.\u003Cbr \u002F>\nFor example, this could be used for manual invoices or other offline payment methods.\u003C\u002Fp>\n\u003Cp>Upload the Bank Payment Receipt is require on the checkout page before submit the page, When an order is submitted the order will be placed “on-hold” after reviewing order by admin then order status will be changed.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcapsquery.com\u002F\" rel=\"nofollow ugc\"> Visit Our Website \u003C\u002Fa>\u003C\u002Fp>\n","Short Description: This plugin clones the Direct Bank Transfer gateway to create another offline payment method. License: GPLv2 or later",1000,24215,90,"2026-01-08T13:10:00.000Z","6.8.5",[91,92,93,94,24],"bank-transfer","manual-payment","offline-payment","payment-gateway","https:\u002F\u002Fgithub.com\u002Fdeveloper-ramesh","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvance-bank-payment-transfer-gateway.1.0.0.zip",{"slug":98,"name":99,"version":100,"author":7,"author_profile":8,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":13,"num_ratings":50,"last_updated":105,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":106,"homepage":110,"download_link":111,"security_score":112,"vuln_count":50,"unpatched_count":29,"last_vuln_date":113,"fetched_at":31},"g-ffl-cockpit","g-FFL Cockpit","2.0.5","\u003Cp>\u003Cstrong>Built by a FFL, for FFL’s.\u003C\u002Fstrong> This plugin will synchronize site inventory and automate order fulfillment with multiple firearm distributors.\u003C\u002Fp>\n\u003Cp>It was built to support our businesses, and we know it will help yours. Please contact us at sales@garidium.com before purchasing a license key so we can discuss your needs.\u003C\u002Fp>\n\u003Ch4>Feature Highlights\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Configure 1-to-many supported distributors and feed products into your WooCommerce website.\u003C\u002Fli>\n\u003Cli>We currently support over a dozen distributors and counting..\u003C\u002Fli>\n\u003Cli>Fulfillment automation, to automate Drop-shipping Workflow \u003C\u002Fli>\n\u003Cli>Fulfillment automation includes monitoring distributors for shipping updates, and notifying both you and your customer.\u003C\u002Fli>\n\u003Cli>This plugin also supports feeding product to AmmoSeek, Gunbroker, Gun.deals, WikiArms, Armsagora, AmmoBrowser, and GunAmmo.deals\u003C\u002Fli>\n\u003Cli>Inventory and Listings are then updated every 20-minutes to ensure quantity and pricing are updated continuously.\u003C\u002Fli>\n\u003Cli>Easily set pricing and listing options, along with configuring the inclusion\u002Fexclusion of specific items.\u003C\u002Fli>\n\u003Cli>Keep your customers updated on the order status with configurable email templates\u003C\u002Fli>\n\u003Cli>View a report of all items being listed, including pricing from each distributor, there is also an Excel export.\u003C\u002Fli>\n\u003Cli>Works tightly with the g-FFL Checkout plugin to automatically mark firearms as requiring FFL selection during checkout.\u003C\u002Fli>\n\u003Cli>Integrated Help Videos and Help Center\u003C\u002Fli>\n\u003Cli>Integrated Log files, so you can monitor the status of your inventory synchronization\u003C\u002Fli>\n\u003Cli>Fulfillment Reports\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Subscription Required\u003C\u002Fh4>\n\u003Cp>While the plugin is free to download and install, it does require you to purchase a license for a personalized API key. We also have a one-time setup fee. The plugin will not be useful without this key. The API key allows the plugin to connect to the required data services, providing the following features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Access to a data services we manage that synchronizes distributor product data\u003C\u002Fli>\n\u003Cli>Ability to create fulfillment orders\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>To purchase a key, visit the FFL Cockpit product page:\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffflcockpit.com\" rel=\"nofollow ugc\">FFL Cockpit Product Page\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Please review our Terms and Conditions:\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffflcockpit.com\u002Fterms_of_sale\u002F\" rel=\"nofollow ugc\">Terms and Conditions\u003C\u002Fa>\u003C\u002Fp>\n","Built by a FFL, for FFL's. Automate inventory synchronization and order fulfillment with multiple distributors.",500,20585,"2026-03-11T00:26:00.000Z",[107,21,108,109,24],"distributor","firearms","fulfillment","https:\u002F\u002Fgaridium.com\u002Fg-ffl-cockpit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fg-ffl-cockpit.2.0.5.zip",98,"2025-12-05 17:38:56",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":68,"requires_at_least":127,"requires_php":67,"tags":128,"homepage":130,"download_link":131,"security_score":132,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"raffle-ticket-generator","Raffle Ticket Generator – Woocommerce","6.0.4","teoleonard","https:\u002F\u002Fprofiles.wordpress.org\u002Fteoleonard\u002F","\u003Cp>The free version of this plugin generates 500 unique raffle ticket numbers and then recycles.  It starts with ticket number 100 and increments each ticket number by 1 until 599.  The 501st ticket will be assigned number 100 again and so on.  This is designed for small raffles.  Upon completing checkout in WooCommerce, the customer is emailed the ticket numbers.\u003C\u002Fp>\n\u003Cp>To setup the raffle, simple install the plugin as described below.  Then create a product in WooCommerce and put in the number of raffle tickets for the product.  Example, if you put 5 in the number of tickets field, that product will generate 5 tickets.\u003C\u002Fp>\n\u003Cp>Please use https:\u002F\u002Fwpraffle.com for support.  If you open a support ticket there, you will receive much faster support.  For some reason we are having problems getting alerted to support requests on the repository here at wordpress.org.\u003C\u002Fp>\n\u003Cp>Informational videos and FAQs are can be found at https:\u002F\u002Fwpraffle.com\u003C\u002Fp>\n\u003Cp>The Silver and Gold versions of this plugin includes unlimited unique raffle ticket numbers and the number format are fully configurable.  It also allows for a prefix and suffix declaration and can define multiple raffles with different ticket numbers in the same cart.   The Silver Version also included the option to generate graphical ticket images from a selection of stock images and includes a pick a winner feature to select a winner for your raffle and embed it in a page or post using shortcodes.\u003C\u002Fp>\n\u003Cp>The Gold version includes Archiving, Backup and Restore capabilities, a 50-50 or Split the Pot Raffle Feature, use custom raffle ticket images, and the ability to manage and limit ticket sales for a specific raffle.  The Gold version also has a successive number feature to put refunded tickets back into stock to be reassigned for events such as a ball drop or duck race.\u003C\u002Fp>\n","This plugin is used with WooCommerce to generate raffle ticket numbers that are emailed to customers.",200,30172,86,9,"2024-12-11T13:03:00.000Z","3.0.1",[129,24],"raffle","http:\u002F\u002Fwpraffle.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fraffle-ticket-generator.zip",92,{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":67,"short_description":139,"active_installs":140,"downloaded":141,"rating":142,"num_ratings":50,"last_updated":67,"tested_up_to":143,"requires_at_least":144,"requires_php":67,"tags":145,"homepage":67,"download_link":148,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":76},"woocommerce-phone-order-gateway","Phone Order Gateway for WooCommerce","1.1","Yonatan Ganot","https:\u002F\u002Fprofiles.wordpress.org\u002Fxxxyonixxx\u002F","This plugin adds Phone Order gateway to the WooCommerce plugin.",80,3073,60,"5.0.25","3.3.1",[146,93,147,24],"gateway","phone-order","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-phone-order-gateway.1.1.zip",{"attackSurface":150,"codeSignals":472,"taintFlows":559,"riskAssessment":718,"analyzedAt":727},{"hooks":151,"ajaxHandlers":339,"restRoutes":462,"shortcodes":463,"cronEvents":464,"entryPointCount":470,"unprotectedCount":471},[152,158,162,165,168,172,176,181,185,190,195,199,201,204,207,209,212,215,218,221,224,227,231,235,239,244,248,251,255,258,262,266,270,274,278,281,285,288,291,295,298,301,304,308,311,314,318,321,323,327,330,335],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","admin_notices","ammunition_bulk_action_notices","admin\\class-ffl-api-admin.php",58,{"type":153,"name":159,"callback":160,"file":156,"line":161},"admin_init","reset_ffl_api_options",61,{"type":153,"name":154,"callback":163,"file":156,"line":164},"reset_success_notice",64,{"type":153,"name":159,"callback":166,"file":156,"line":167},"register_ffl_api_settings",139,{"type":153,"name":169,"callback":170,"file":156,"line":171},"woocommerce_product_options_general_product_data","ffl_option_group",140,{"type":153,"name":173,"callback":174,"priority":64,"file":156,"line":175},"woocommerce_process_product_meta","ffl_save_fields",141,{"type":177,"name":178,"callback":179,"file":156,"line":180},"filter","bulk_actions-edit-product","add_ammunition_bulk_actions",144,{"type":177,"name":182,"callback":183,"priority":64,"file":156,"line":184},"handle_bulk_actions-edit-product","handle_ammunition_bulk_actions",145,{"type":153,"name":186,"callback":187,"file":188,"line":189},"before_woocommerce_init","closure","g-ffl-api.php",82,{"type":153,"name":191,"callback":192,"file":193,"line":194},"wp_loaded","maybe_start_session","includes\\class-ffl-api.php",85,{"type":153,"name":196,"callback":197,"file":193,"line":198},"admin_enqueue_scripts","anonymous",148,{"type":153,"name":196,"callback":197,"file":193,"line":200},149,{"type":153,"name":202,"callback":197,"file":193,"line":203},"admin_menu",151,{"type":153,"name":205,"callback":197,"file":193,"line":206},"wp_enqueue_scripts",173,{"type":153,"name":205,"callback":197,"file":193,"line":208},174,{"type":153,"name":210,"callback":197,"file":193,"line":211},"woocommerce_before_checkout_form",175,{"type":153,"name":213,"callback":197,"file":193,"line":214},"woocommerce_after_checkout_validation",185,{"type":153,"name":216,"callback":197,"file":193,"line":217},"woocommerce_checkout_order_processed",186,{"type":177,"name":178,"callback":219,"file":193,"line":220},"ffl_bulk_actions",283,{"type":177,"name":182,"callback":222,"priority":64,"file":193,"line":223},"ffl_bulk_action_handler",294,{"type":153,"name":154,"callback":225,"file":193,"line":226},"ffl_update_messages",334,{"type":177,"name":228,"callback":229,"file":193,"line":230},"manage_edit-product_columns","firearm_product_col",369,{"type":153,"name":232,"callback":233,"priority":50,"file":193,"line":234},"manage_product_posts_custom_column","firearm_product_col_data",378,{"type":177,"name":236,"callback":237,"file":193,"line":238},"manage_edit-product_sortable_columns","firearm_product_col_sort",396,{"type":177,"name":240,"callback":241,"file":242,"line":243},"woocommerce_checkout_fields","ffl_checkout_fields","includes\\ffl_ordering.php",20,{"type":153,"name":245,"callback":246,"priority":64,"file":242,"line":247},"woocommerce_checkout_create_order","add_custom_order_metadata",347,{"type":153,"name":216,"callback":249,"priority":64,"file":242,"line":250},"ensure_ffl_address_replacement",475,{"type":177,"name":252,"callback":253,"priority":64,"file":242,"line":254},"woocommerce_order_formatted_shipping_address","modify_ffl_shipping_address_display",521,{"type":153,"name":213,"callback":256,"priority":64,"file":242,"line":257},"ffl_checkout_validation",556,{"type":153,"name":259,"callback":260,"file":242,"line":261},"add_meta_boxes","ffl_order_meta_box",674,{"type":153,"name":263,"callback":264,"priority":64,"file":242,"line":265},"woocommerce_email_order_meta","display_ffl_info_in_email",1324,{"type":153,"name":267,"callback":268,"priority":64,"file":242,"line":269},"woocommerce_admin_order_data_after_shipping_address","display_ffl_address_in_order_details",1898,{"type":153,"name":271,"callback":272,"priority":48,"file":242,"line":273},"woocommerce_order_details_after_customer_details","display_ffl_info_customer_order",1956,{"type":153,"name":275,"callback":276,"file":242,"line":277},"wp_head","ffl_hide_extra_fields",2462,{"type":153,"name":275,"callback":279,"file":242,"line":280},"ffl_add_mixed_cart_styles",2514,{"type":153,"name":282,"callback":283,"file":242,"line":284},"wp_footer","ffl_add_mixed_cart_scripts",2575,{"type":153,"name":282,"callback":286,"priority":28,"file":242,"line":287},"ffl_add_client_side_validation",2669,{"type":153,"name":205,"callback":289,"file":242,"line":290},"ffl_enqueue_checkout_scripts",2890,{"type":153,"name":191,"callback":292,"file":293,"line":294},"maybe_init_session","public\\class-ffl-api-public.php",74,{"type":153,"name":213,"callback":296,"priority":64,"file":293,"line":297},"validate_restricted_states",78,{"type":153,"name":213,"callback":299,"priority":243,"file":293,"line":300},"validate_po_box_addresses",79,{"type":153,"name":213,"callback":302,"priority":303,"file":293,"line":140},"validate_address_match",30,{"type":153,"name":213,"callback":305,"priority":306,"file":293,"line":307},"validate_ffl_name_match",40,81,{"type":153,"name":213,"callback":309,"priority":310,"file":293,"line":189},"validate_required_documents",50,{"type":153,"name":213,"callback":312,"priority":142,"file":293,"line":313},"validate_billing_phone_required",83,{"type":153,"name":213,"callback":315,"priority":316,"file":293,"line":317},"validate_ffl_local_pickup_conflict",70,84,{"type":153,"name":216,"callback":319,"priority":64,"file":293,"line":320},"save_order_documents",87,{"type":177,"name":240,"callback":322,"file":293,"line":87},"make_billing_phone_required",{"type":153,"name":324,"callback":325,"file":293,"line":326},"ffl_document_cleanup","cleanup_old_documents",119,{"type":153,"name":328,"callback":187,"priority":64,"file":293,"line":329},"woocommerce_checkout_shipping",461,{"type":153,"name":331,"callback":332,"priority":333,"file":293,"line":334},"woocommerce_checkout_before_order_review","add_document_upload_section",15,473,{"type":153,"name":282,"callback":336,"priority":337,"file":293,"line":338},"render_shipping_field_validation",99,474,[340,346,350,354,357,361,365,369,373,377,380,383,386,389,391,393,395,397,400,403,405,408,410,413,417,419,423,425,429,431,435,437,439,440,442,443,445,446,450,452,455,458,460],{"action":341,"nopriv":342,"callback":343,"hasNonce":344,"hasCapCheck":344,"file":156,"line":345},"search_ffl_for_blacklist",false,"ajax_search_ffl_for_blacklist",true,67,{"action":347,"nopriv":342,"callback":348,"hasNonce":344,"hasCapCheck":344,"file":156,"line":349},"add_ffl_to_blacklist","ajax_add_ffl_to_blacklist",68,{"action":351,"nopriv":342,"callback":352,"hasNonce":344,"hasCapCheck":344,"file":156,"line":353},"remove_ffl_from_blacklist","ajax_remove_ffl_from_blacklist",69,{"action":355,"nopriv":342,"callback":356,"hasNonce":344,"hasCapCheck":344,"file":156,"line":316},"get_blacklist_content","ajax_get_blacklist_content",{"action":358,"nopriv":342,"callback":359,"hasNonce":344,"hasCapCheck":344,"file":156,"line":360},"bulk_remove_ffl_from_blacklist","ajax_bulk_remove_ffl_from_blacklist",71,{"action":362,"nopriv":342,"callback":363,"hasNonce":344,"hasCapCheck":344,"file":156,"line":364},"ffl_management_upload_ffl_document","ajax_management_upload_ffl_document",72,{"action":366,"nopriv":342,"callback":367,"hasNonce":344,"hasCapCheck":344,"file":156,"line":368},"ffl_download_document","ajax_download_document",75,{"action":370,"nopriv":342,"callback":371,"hasNonce":344,"hasCapCheck":344,"file":156,"line":372},"ffl_admin_download_document","ajax_admin_download_document",76,{"action":374,"nopriv":342,"callback":375,"hasNonce":344,"hasCapCheck":344,"file":156,"line":376},"ffl_admin_upload_document","ajax_admin_upload_document",77,{"action":378,"nopriv":342,"callback":379,"hasNonce":344,"hasCapCheck":344,"file":156,"line":297},"ffl_admin_delete_document","ajax_admin_delete_document",{"action":381,"nopriv":342,"callback":382,"hasNonce":344,"hasCapCheck":344,"file":156,"line":300},"ffl_admin_delete_admin_document","ajax_admin_delete_admin_document",{"action":384,"nopriv":342,"callback":385,"hasNonce":344,"hasCapCheck":344,"file":156,"line":189},"ffl_cleanup_documents_now","ajax_cleanup_documents_now",{"action":387,"nopriv":342,"callback":388,"hasNonce":344,"hasCapCheck":344,"file":156,"line":313},"ffl_get_cleanup_stats","ajax_get_cleanup_stats",{"action":374,"nopriv":342,"callback":197,"hasNonce":342,"hasCapCheck":342,"file":193,"line":390},154,{"action":378,"nopriv":342,"callback":197,"hasNonce":342,"hasCapCheck":342,"file":193,"line":392},155,{"action":381,"nopriv":342,"callback":197,"hasNonce":342,"hasCapCheck":342,"file":193,"line":394},156,{"action":370,"nopriv":342,"callback":197,"hasNonce":342,"hasCapCheck":342,"file":193,"line":396},157,{"action":398,"nopriv":342,"callback":197,"hasNonce":342,"hasCapCheck":342,"file":193,"line":399},"ffl_admin_download_admin_document",158,{"action":401,"nopriv":342,"callback":197,"hasNonce":342,"hasCapCheck":342,"file":193,"line":402},"ffl_upload_document",179,{"action":401,"nopriv":344,"callback":197,"hasNonce":342,"hasCapCheck":342,"file":193,"line":404},180,{"action":406,"nopriv":342,"callback":197,"hasNonce":342,"hasCapCheck":342,"file":193,"line":407},"ffl_delete_document",181,{"action":406,"nopriv":344,"callback":197,"hasNonce":342,"hasCapCheck":342,"file":193,"line":409},182,{"action":411,"nopriv":342,"callback":411,"hasNonce":342,"hasCapCheck":342,"file":242,"line":412},"update_order_ffl",691,{"action":414,"nopriv":342,"callback":415,"hasNonce":344,"hasCapCheck":342,"file":242,"line":416},"check_cart_ammunition","handle_check_cart_ammunition",2938,{"action":414,"nopriv":344,"callback":415,"hasNonce":344,"hasCapCheck":342,"file":242,"line":418},2939,{"action":420,"nopriv":342,"callback":421,"hasNonce":344,"hasCapCheck":342,"file":242,"line":422},"check_cart_compliance","handle_check_cart_compliance",2942,{"action":420,"nopriv":344,"callback":421,"hasNonce":344,"hasCapCheck":342,"file":242,"line":424},2943,{"action":426,"nopriv":342,"callback":427,"hasNonce":344,"hasCapCheck":342,"file":242,"line":428},"search_ffl_dealers","ajax_search_ffl_dealers",3007,{"action":426,"nopriv":344,"callback":427,"hasNonce":344,"hasCapCheck":342,"file":242,"line":430},3008,{"action":432,"nopriv":342,"callback":433,"hasNonce":344,"hasCapCheck":342,"file":242,"line":434},"get_mapbox_token","ajax_get_mapbox_token",3011,{"action":432,"nopriv":344,"callback":433,"hasNonce":344,"hasCapCheck":342,"file":242,"line":436},3012,{"action":414,"nopriv":342,"callback":414,"hasNonce":344,"hasCapCheck":342,"file":293,"line":438},93,{"action":414,"nopriv":344,"callback":414,"hasNonce":344,"hasCapCheck":342,"file":293,"line":27},{"action":401,"nopriv":342,"callback":441,"hasNonce":344,"hasCapCheck":342,"file":293,"line":53},"handle_document_upload",{"action":401,"nopriv":344,"callback":441,"hasNonce":344,"hasCapCheck":342,"file":293,"line":112},{"action":406,"nopriv":342,"callback":444,"hasNonce":344,"hasCapCheck":342,"file":293,"line":337},"handle_document_delete",{"action":406,"nopriv":344,"callback":444,"hasNonce":344,"hasCapCheck":342,"file":293,"line":13},{"action":447,"nopriv":342,"callback":448,"hasNonce":344,"hasCapCheck":342,"file":293,"line":449},"ffl_upload_candr_document","handle_candr_upload",103,{"action":447,"nopriv":344,"callback":448,"hasNonce":344,"hasCapCheck":342,"file":293,"line":451},104,{"action":453,"nopriv":342,"callback":453,"hasNonce":342,"hasCapCheck":342,"file":293,"line":454},"test_candr_ajax",107,{"action":456,"nopriv":342,"callback":456,"hasNonce":342,"hasCapCheck":342,"file":293,"line":457},"refresh_document_upload_section",110,{"action":456,"nopriv":344,"callback":456,"hasNonce":342,"hasCapCheck":342,"file":293,"line":459},111,{"action":453,"nopriv":344,"callback":453,"hasNonce":342,"hasCapCheck":342,"file":293,"line":461},116,[],[],[465,468],{"hook":324,"callback":324,"file":466,"line":467},"includes\\class-ffl-api-activator.php",46,{"hook":324,"callback":324,"file":293,"line":469},123,43,14,{"dangerousFunctions":473,"sqlUsage":474,"outputEscaping":479,"fileOperations":554,"externalRequests":555,"nonceChecks":556,"capabilityChecks":557,"bundledLibraries":558},[],{"prepared":29,"raw":28,"locations":475},[476],{"file":293,"line":477,"context":478},2443,"$wpdb->get_results() with variable interpolation",{"escaped":480,"rawEcho":481,"locations":482},411,37,[483,486,488,490,492,494,496,498,500,502,504,506,508,510,512,513,515,517,519,521,523,525,527,528,530,532,534,536,538,539,541,542,544,546,548,550,552],{"file":156,"line":484,"context":485},654,"raw output",{"file":156,"line":487,"context":485},2218,{"file":156,"line":489,"context":485},2277,{"file":156,"line":491,"context":485},2318,{"file":156,"line":493,"context":485},2387,{"file":156,"line":495,"context":485},2413,{"file":156,"line":497,"context":485},2416,{"file":156,"line":499,"context":485},2458,{"file":156,"line":501,"context":485},2593,{"file":156,"line":503,"context":485},2636,{"file":156,"line":505,"context":485},2738,{"file":156,"line":507,"context":485},2777,{"file":156,"line":509,"context":485},2819,{"file":156,"line":511,"context":485},2876,{"file":156,"line":422,"context":485},{"file":156,"line":514,"context":485},4392,{"file":156,"line":516,"context":485},4403,{"file":156,"line":518,"context":485},4424,{"file":156,"line":520,"context":485},4467,{"file":156,"line":522,"context":485},4507,{"file":242,"line":524,"context":485},937,{"file":242,"line":526,"context":485},959,{"file":242,"line":526,"context":485},{"file":242,"line":529,"context":485},1335,{"file":242,"line":531,"context":485},1337,{"file":242,"line":533,"context":485},1339,{"file":242,"line":535,"context":485},1383,{"file":242,"line":537,"context":485},2412,{"file":242,"line":495,"context":485},{"file":242,"line":540,"context":485},2425,{"file":242,"line":477,"context":485},{"file":293,"line":543,"context":485},467,{"file":293,"line":545,"context":485},1776,{"file":293,"line":547,"context":485},1777,{"file":293,"line":549,"context":485},1778,{"file":293,"line":551,"context":485},1779,{"file":293,"line":553,"context":485},1780,19,6,27,18,[],[560,590,600,610,626,655,666,679,689,700],{"entryPoint":561,"graph":562,"unsanitizedCount":28,"severity":589},"\u003Cffl_ordering> (includes\\ffl_ordering.php:0)",{"nodes":563,"edges":585},[564,569,575,579,583],{"id":565,"type":566,"label":567,"file":242,"line":568},"n0","source","$_POST (x24)",425,{"id":570,"type":571,"label":572,"file":242,"line":573,"wp_function":574},"n1","sink","echo() [XSS]",896,"echo",{"id":576,"type":566,"label":577,"file":242,"line":578},"n2","$_POST",819,{"id":580,"type":581,"label":582,"file":242,"line":578},"n3","transform","→ display_item_shipment_breakdown_admin()",{"id":584,"type":571,"label":572,"file":242,"line":495,"wp_function":574},"n4",[586,587,588],{"from":565,"to":570,"sanitized":344},{"from":576,"to":580,"sanitized":342},{"from":580,"to":584,"sanitized":342},"medium",{"entryPoint":591,"graph":592,"unsanitizedCount":28,"severity":589},"ffl_woo_checkout (public\\class-ffl-api-public.php:390)",{"nodes":593,"edges":598},[594,597],{"id":565,"type":566,"label":595,"file":293,"line":596},"$_COOKIE",465,{"id":570,"type":571,"label":572,"file":293,"line":543,"wp_function":574},[599],{"from":565,"to":570,"sanitized":342},{"entryPoint":601,"graph":602,"unsanitizedCount":28,"severity":589},"ffl_init_map (public\\class-ffl-api-public.php:477)",{"nodes":603,"edges":608},[604,606],{"id":565,"type":566,"label":595,"file":293,"line":605},515,{"id":570,"type":571,"label":572,"file":293,"line":607,"wp_function":574},534,[609],{"from":565,"to":570,"sanitized":342},{"entryPoint":611,"graph":612,"unsanitizedCount":28,"severity":589},"handle_candr_upload (public\\class-ffl-api-public.php:1962)",{"nodes":613,"edges":623},[614,617,619],{"id":565,"type":566,"label":615,"file":293,"line":616},"$_FILES",2028,{"id":570,"type":581,"label":618,"file":293,"line":616},"→ upload_candr_to_api()",{"id":576,"type":571,"label":620,"file":293,"line":621,"wp_function":622},"file_get_contents() [SSRF\u002FLFI]",2049,"file_get_contents",[624,625],{"from":565,"to":570,"sanitized":342},{"from":570,"to":576,"sanitized":342},{"entryPoint":627,"graph":628,"unsanitizedCount":28,"severity":589},"\u003Cclass-ffl-api-public> (public\\class-ffl-api-public.php:0)",{"nodes":629,"edges":649},[630,632,633,635,636,638,643,645,647],{"id":565,"type":566,"label":631,"file":293,"line":596},"$_COOKIE (x2)",{"id":570,"type":571,"label":572,"file":293,"line":543,"wp_function":574},{"id":576,"type":566,"label":615,"file":293,"line":634},2011,{"id":580,"type":571,"label":620,"file":293,"line":621,"wp_function":622},{"id":584,"type":566,"label":577,"file":293,"line":637},1918,{"id":639,"type":571,"label":640,"file":293,"line":641,"wp_function":642},"n5","update_option() [Settings Manipulation]",2428,"update_option",{"id":644,"type":566,"label":615,"file":293,"line":616},"n6",{"id":646,"type":581,"label":618,"file":293,"line":616},"n7",{"id":648,"type":571,"label":620,"file":293,"line":621,"wp_function":622},"n8",[650,651,652,653,654],{"from":565,"to":570,"sanitized":344},{"from":576,"to":580,"sanitized":344},{"from":584,"to":639,"sanitized":344},{"from":644,"to":646,"sanitized":342},{"from":646,"to":648,"sanitized":342},{"entryPoint":656,"graph":657,"unsanitizedCount":29,"severity":665},"ajax_management_upload_ffl_document (admin\\class-ffl-api-admin.php:3567)",{"nodes":658,"edges":663},[659,661],{"id":565,"type":566,"label":615,"file":156,"line":660},3585,{"id":570,"type":571,"label":620,"file":156,"line":662,"wp_function":622},3601,[664],{"from":565,"to":570,"sanitized":344},"low",{"entryPoint":667,"graph":668,"unsanitizedCount":29,"severity":665},"ajax_download_document (admin\\class-ffl-api-admin.php:3707)",{"nodes":669,"edges":677},[670,673],{"id":565,"type":566,"label":671,"file":156,"line":672},"$_GET (x2)",3718,{"id":570,"type":571,"label":674,"file":156,"line":675,"wp_function":676},"header() [Header Injection]",3752,"header",[678],{"from":565,"to":570,"sanitized":344},{"entryPoint":680,"graph":681,"unsanitizedCount":29,"severity":665},"ajax_admin_download_document (admin\\class-ffl-api-admin.php:3763)",{"nodes":682,"edges":687},[683,685],{"id":565,"type":566,"label":671,"file":156,"line":684},3774,{"id":570,"type":571,"label":674,"file":156,"line":686,"wp_function":676},3808,[688],{"from":565,"to":570,"sanitized":344},{"entryPoint":690,"graph":691,"unsanitizedCount":29,"severity":665},"handle_admin_document_download (admin\\class-ffl-api-admin.php:4865)",{"nodes":692,"edges":698},[693,696],{"id":565,"type":566,"label":694,"file":156,"line":695},"$_GET",4876,{"id":570,"type":571,"label":674,"file":156,"line":697,"wp_function":676},4911,[699],{"from":565,"to":570,"sanitized":344},{"entryPoint":701,"graph":702,"unsanitizedCount":29,"severity":665},"\u003Cclass-ffl-api-admin> (admin\\class-ffl-api-admin.php:0)",{"nodes":703,"edges":714},[704,705,706,708,709,712],{"id":565,"type":566,"label":615,"file":156,"line":660},{"id":570,"type":571,"label":620,"file":156,"line":662,"wp_function":622},{"id":576,"type":566,"label":707,"file":156,"line":672},"$_GET (x6)",{"id":580,"type":571,"label":674,"file":156,"line":675,"wp_function":676},{"id":584,"type":566,"label":710,"file":156,"line":711},"$_POST (x5)",3962,{"id":639,"type":571,"label":572,"file":156,"line":713,"wp_function":574},4304,[715,716,717],{"from":565,"to":570,"sanitized":344},{"from":576,"to":580,"sanitized":344},{"from":584,"to":639,"sanitized":344},{"summary":719,"deductions":720},"The g-ffl-checkout v2.1.4 plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping (92% properly escaped) and has a relatively low number of critical taint flows, several areas raise significant concerns. The plugin has a substantial attack surface with 14 unprotected AJAX handlers, representing a considerable risk for unauthorized actions. The complete absence of prepared statements for its single SQL query is a major vulnerability that could lead to SQL injection attacks.  The plugin's vulnerability history includes one critical CVE related to unrestricted file uploads with dangerous types, and while it is currently patched, this pattern suggests potential for similar vulnerabilities if not rigorously monitored. The presence of file operations and external HTTP requests also warrants careful scrutiny to ensure these functions are not exploited.",[721,723,725],{"reason":722,"points":64},"Unprotected AJAX handlers",{"reason":724,"points":64},"SQL queries without prepared statements",{"reason":726,"points":333},"Critical CVE in history (Unrestricted Upload)","2026-03-16T19:29:45.381Z",{"wat":729,"direct":737},{"assetPaths":730,"generatorPatterns":732,"scriptPaths":733,"versionParams":734},[731],"\u002Fwp-content\u002Fplugins\u002Fg-ffl-checkout\u002Fadmin\u002Fcss\u002Fffl-api-admin.css",[],[],[735,736],"g-ffl-checkout\u002Fadmin\u002Fcss\u002Fffl-api-admin.css?ver=","g-ffl-api?ver=",{"cssClasses":738,"htmlComments":740,"htmlAttributes":741,"restEndpoints":743,"jsGlobals":763,"shortcodeOutput":765},[739],"ffl-api-settings",[],[742],"data-g-ffl-api-field",[744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762],"\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fffl\u002Fcheck","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fffl\u002Fsubmit","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fffl\u002Fupload","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fffl\u002Fget","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fffl\u002Fdelete","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fffl\u002Fbulk_delete","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fdocuments\u002Fupload","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fdocuments\u002Fdownload","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fdocuments\u002Fadmin\u002Fdownload","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fdocuments\u002Fadmin\u002Fupload","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fdocuments\u002Fadmin\u002Fdelete","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fdocuments\u002Fadmin\u002Fdelete_admin","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fcleanup\u002Fnow","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fcleanup\u002Fstats","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fblacklist\u002Fsearch","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fblacklist\u002Fadd","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fblacklist\u002Fremove","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fblacklist\u002Fget","\u002Fwp-json\u002Fg-ffl-api\u002Fv1\u002Fblacklist\u002Fbulk_remove",[764],"g_ffl_api_params",[]]