[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHeDwkiCcpnYzfpqplQkgXSTXUlDilCW31kY9-UivsPw":3},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":62,"crawl_stats":36,"alternatives":67,"analysis":174,"fingerprints":264},"goodbarber","GoodBarber","1.0.28","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoodbarber\u002F","\u003Cp>GoodBarber plugin is a fork of JSON API created by dphiffer.\u003Cbr \u002F>\nGoodBarber plugin creates a communication interface between your WordPress and your GoodBarber account.\u003Cbr \u002F>\nIt is used to retrieve content from your WordPress so that you can sync it with your native app created with GoodBarber.\u003C\u002Fp>\n","GoodBarber plugin allows you to retrieve WordPress content in order to create a native app for iOS and\u002For Android",1000,79584,100,3,"2026-03-09T13:18:00.000Z","6.9.4","2.8","",[19,4,20,21,22],"android","ios","json","native-apps","https:\u002F\u002Fwww.goodbarber.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoodbarber.zip",98,2,0,"2025-04-16 00:00:00","2026-03-15T15:16:48.613Z",[31,47],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-39523","goodbarber-open-redirect","GoodBarber \u003C= 1.0.26 - Open Redirect","The GoodBarber plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.26. This is due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.",null,"\u003C=1.0.26","1.0.27","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","URL Redirection to Untrusted Site ('Open Redirect')","2025-04-23 17:52:29",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7be214ef-8111-435a-9191-d4b8389972ff?source=api-prod",8,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2023-45107","goodbarber-cross-site-request-forgery-via-adminoptions","GoodBarber \u003C= 1.0.23 - Cross-Site Request Forgery via admin_options","The GoodBarber plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.23. This is due to missing or incorrect nonce validation on the admin_options function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.0.23","1.0.24",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2023-10-06 00:00:00","2024-01-22 19:56:02",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F57774f93-e6c0-46e6-8019-eab00b2b48ff?source=api-prod",109,{"slug":4,"display_name":5,"profile_url":7,"plugin_count":63,"total_installs":10,"avg_security_score":25,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},1,59,87,"2026-04-06T09:28:19.378Z",[68,85,109,132,155],{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":27,"downloaded":76,"rating":27,"num_ratings":27,"last_updated":17,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":82,"download_link":83,"security_score":12,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":84},"menuthroughjson","MenuThroughJSON","1.1","simone1040","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimone1040\u002F","\u003Cp>Plugin che permette di creare un menu\\’ tramite pagine e post di wordpress per un uso tramite chiamata API. Consigliato per chi deve scorporare la creazione del menù dall\\’implementazione di un app IOS\u002FANDROID. Possibilità di inserire anche voci speciali\u003C\u002Fp>\n","Plugin che permette di creare un menu attraverso JSON",899,"4.9.29","4.9.6","5.4",[19,20,21,81],"menu","https:\u002F\u002Faionlab.it","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmenuthroughjson.zip","2026-03-15T10:48:56.248Z",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":15,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":104,"download_link":105,"security_score":106,"vuln_count":107,"unpatched_count":27,"last_vuln_date":108,"fetched_at":29},"wpappninja","WPMobile.App","11.75","Amauri","https:\u002F\u002Fprofiles.wordpress.org\u002Famauric\u002F","\u003Ch4>Android and iOS mobile app\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>💳 \u003Cstrong>LIFETIME LICENCE\u003C\u002Fstrong> – No subscription, no hidden fees.\u003Cbr \u002F>\n\u003Cem>Android 129€ \u002F\u002F iOS 129€ \u002F\u002F Android + iOS 239€\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🎉 \u003Cstrong>FREE TEST\u003C\u002Fstrong> – You can test your mobile app \u003Ca href=\"https:\u002F\u002Fwpmobile.app\u002Fen\u002Ftest-my-app\u002F\" rel=\"nofollow ugc\">with the demo app\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🖌 \u003Cstrong>CUSTOMIZATION\u003C\u002Fstrong> – No mention of our brand or advertisement, the mobile app is white-labeled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📲 \u003Cstrong>GREAT COMPATIBILITY\u003C\u002Fstrong> – The mobile apps is compatible with smartphones and tablets, always up-to-date.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>👌 \u003Cstrong>VERY EASY PUBLISH\u003C\u002Fstrong> – I take care of all the technical work, no software to download or complicated manipulation to do.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>💬 \u003Cstrong>SUPPORT TEAM\u003C\u002Fstrong> – I’m here to help and answer all your requests as quickly as possible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>👍 \u003Cstrong>AUTOMATIC APP UPDATE\u003C\u002Fstrong> – When new content is released, the application is automatically updated.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📢 \u003Cstrong>NOTIFICATIONS\u003C\u002Fstrong> – Unlimited push notification: manually or with automated push.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📈 \u003Cstrong>REAL-TIME STATISTICS\u003C\u002Fstrong> – Stats about the app usage, all statistics are real-time and hosted on your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Android and iOS mobile application. Easy setup, free test.",4000,551250,96,161,"2025-12-02T15:54:00.000Z","3.7.0","5.6",[19,101,20,102,103],"android-app","ios-app","mobile-app","https:\u002F\u002Fwpmobile.app\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpappninja.zip",89,9,"2025-10-26 00:00:00",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":124,"tags":125,"homepage":129,"download_link":130,"security_score":131,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"pushover-for-woocommerce","Pushover Integration for WooCommerce","1.1.0","Shop Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fshopplugins\u002F","\u003Cp>Pushover for WooCommerce integrates WooCommerce with the Pushover notifications app for Android and iOS.\u003Cbr \u002F>\nAfter installation and setup automatic notifications can be sent to your device for new orders, low stock, backorder and out of stock notifications.\u003C\u002Fp>\n\u003Cp>Follow this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshopplugins\u002Fpushover-for-woocommerce\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Translations and pull requests are welcome!\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n","Pushover for WooCommerce integrates WooCommerce with the Pushover notifications app for Android and iOS.",800,36588,88,14,"2024-09-12T07:54:00.000Z","6.6.5","3.5","7.2",[19,126,20,127,128],"desktop","pushover","woocommerce","https:\u002F\u002Fshopplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpushover-for-woocommerce.1.1.0.zip",92,{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":140,"downloaded":141,"rating":27,"num_ratings":27,"last_updated":142,"tested_up_to":122,"requires_at_least":143,"requires_php":144,"tags":145,"homepage":151,"download_link":152,"security_score":153,"vuln_count":63,"unpatched_count":27,"last_vuln_date":154,"fetched_at":29},"push-notification-mobile-and-web-app","Push notification for Mobile and Web app","2.0.4","App Cheap","https:\u002F\u002Fprofiles.wordpress.org\u002Fappcheap\u002F","\u003Cp>Support push notification for mobile and the web app.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Fcirilla-multipurpose-flutter-wordpress-app\u002F31940668\" rel=\"nofollow ugc\">Demo app\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Push services support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Firebase HTTP V1\u003C\u002Fli>\n\u003Cli>Firebase HTTP legacy\u003C\u002Fli>\n\u003Cli>OneSignal\u003C\u002Fli>\n\u003Cli>Debug\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How does it work\u003C\u002Fh3>\n\u003Cp>The Push Notification plugin is built with five part:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Trigger: When WordPress action execution (Post saved, Order status changed …)\u003C\u002Fli>\n\u003Cli>Recipients: One\u002F More recipients get the notification ( topic, registration ID, role, user, merge tag …)\u003C\u002Fli>\n\u003Cli>Conditionals: Determine whether notification send\u003C\u002Fli>\n\u003Cli>Action: The action when the user click to notification on device\u003C\u002Fli>\n\u003Cli>Merge Tag: That is dynamic information in that context\u003C\u002Fli>\n\u003Cli>String translation: Replace part of string on title and message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Comment Post: Fires immediately after a comment is inserted into the database.\u003C\u002Fli>\n\u003Cli>Post Type: Fires when a post is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>Save Post: Fires once a post has been saved.\u003C\u002Fli>\n\u003Cli>Order Status Changed: Fires when an order is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>Product Status Changed: Fires when a product is transitioned from one status to another.\u003C\u002Fli>\n\u003Cli>WCFM – Direct Messaging: Fires when vendor receive a message.\u003C\u002Fli>\n\u003Cli>BuddyPress: Fires Messages message sent, Activity Posted Update, Friends Friendship Accepted, Friends Friendship Requested, Groups Posted Update, Groups Send Invites\u003C\u002Fli>\n\u003C\u002Ful>\n","Push notification for Android, iOS and the Web",500,15918,"2025-12-06T07:06:00.000Z","5.8","7.4",[146,147,148,149,150],"android-notifications","app-builder","firebase-messages","ios-notifications","push-notification","https:\u002F\u002Fappcheap.io\u002Fpush-notification-mobile-and-web-app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpush-notification-mobile-and-web-app.2.0.4.zip",99,"2025-05-16 00:00:00",{"slug":156,"name":157,"version":158,"author":159,"author_profile":160,"description":161,"short_description":162,"active_installs":163,"downloaded":164,"rating":12,"num_ratings":13,"last_updated":165,"tested_up_to":166,"requires_at_least":167,"requires_php":124,"tags":168,"homepage":172,"download_link":173,"security_score":12,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"device-based-redirect","Device-Based Redirect","1.2.1","Nithin","https:\u002F\u002Fprofiles.wordpress.org\u002Fncherian\u002F","\u003Cp>Device Based Redirect allows you to easily set up redirects to your mobile apps or mobile-friendly URLs based on the user’s device type. Perfect for promoting your mobile apps to website visitors and implementing platform-specific deep linking through a single URL.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Page-specific redirects – Configure different redirects for different pages on your site\u003C\u002Fli>\n\u003Cli>Custom URL redirects – Create custom URLs that redirect users based on their device\u003C\u002Fli>\n\u003Cli>Set different destinations for iOS and Android users. Can be used to send users to iOS and Android app store pages.\u003C\u002Fli>\n\u003Cli>Deep linking support – Direct users to specific sections of your app through platform-specific deep links\u003C\u002Fli>\n\u003Cli>Fallback URLs for other devices – Specify where non-mobile users should be redirected\u003C\u002Fli>\n\u003Cli>Easy-to-use admin interface – Simple configuration through WordPress admin panel\u003C\u002Fli>\n\u003Cli>Bulk enable\u002Fdisable option – Quickly turn all redirects on\u002Foff\u003C\u002Fli>\n\u003Cli>Transient Cache for end-user redirects – Reduces database load for high traffic sites\u003C\u002Fli>\n\u003Cli>Titles for Custom URL Redirects for better organizing of redirects\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use Cases:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>App Store Promotion: Direct mobile users to your app’s store listing while showing desktop users your website\u003C\u002Fli>\n\u003Cli>Deep Linking: Create a single URL that opens different app screens on iOS and Android\u003C\u002Fli>\n\u003Cli>Redirect users to mobile-friendly URLs based on their device type\u003C\u002Fli>\n\u003Cli>Marketing Campaigns: Share one link that works across all platforms\u003C\u002Fli>\n\u003Cli>Cross-Platform Navigation: Seamlessly guide users to the right platform-specific destination\u003C\u002Fli>\n\u003Cli>302 redirects – Redirects are of 302 type as they are not permanent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin handles user agent detection and routing automatically, making it easy to implement complex platform-specific navigation through simple WordPress configuration.\u003C\u002Fp>\n","Redirect users to your app pages in app store or play store based on their device type with custom URLs and page-specific redirects.",300,2323,"2025-05-27T06:04:00.000Z","6.8.5","5.0",[19,20,169,170,171],"mobile-redirect","redirect","redirection","https:\u002F\u002Fgithub.com\u002Fncherian\u002Fdevice-based-redirect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevice-based-redirect.1.2.1.zip",{"attackSurface":175,"codeSignals":231,"taintFlows":254,"riskAssessment":255,"analyzedAt":263},{"hooks":176,"ajaxHandlers":227,"restRoutes":228,"shortcodes":229,"cronEvents":230,"entryPointCount":27,"unprotectedCount":27},[177,183,186,191,193,197,200,203,206,209,213,215,219,223],{"type":178,"name":179,"callback":180,"file":181,"line":182},"action","admin_notices","gb_json_api_php_version_warning","gb-json-api.php",40,{"type":178,"name":179,"callback":184,"file":181,"line":185},"gb_json_api_class_warning",44,{"type":187,"name":188,"callback":189,"file":181,"line":190},"filter","rewrite_rules_array","gb_json_api_rewrites",47,{"type":187,"name":188,"callback":189,"file":181,"line":192},63,{"type":178,"name":194,"callback":195,"file":181,"line":196},"init","gb_json_api_init",95,{"type":178,"name":198,"callback":198,"file":199,"line":190},"comment_id_not_found","models\\comment.php",{"type":178,"name":201,"callback":201,"file":199,"line":202},"comment_closed",48,{"type":178,"name":204,"callback":204,"file":199,"line":205},"comment_on_draft",49,{"type":187,"name":207,"callback":207,"file":199,"line":208},"comment_post_redirect",50,{"type":178,"name":210,"callback":210,"file":211,"line":212},"template_redirect","singletons\\api.php",13,{"type":178,"name":214,"callback":214,"file":211,"line":120},"admin_menu",{"type":178,"name":216,"callback":217,"file":211,"line":218},"update_option_gb_json_api_base","gb_flush_rewrite_rules",15,{"type":178,"name":220,"callback":221,"file":211,"line":222},"pre_update_option_gb_json_api_controllers","gb_update_controllers",16,{"type":187,"name":224,"callback":224,"file":225,"line":226},"query_vars","singletons\\query.php",32,[],[],[],[],{"dangerousFunctions":232,"sqlUsage":233,"outputEscaping":240,"fileOperations":13,"externalRequests":27,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":253},[],{"prepared":234,"raw":63,"locations":235},7,[236],{"file":237,"line":238,"context":239},"singletons\\introspector.php",53,"$wpdb->get_results() with variable interpolation",{"escaped":27,"rawEcho":241,"locations":242},4,[243,246,249,251],{"file":211,"line":244,"context":245},132,"raw output",{"file":247,"line":248,"context":245},"singletons\\response.php",72,{"file":247,"line":250,"context":245},94,{"file":247,"line":252,"context":245},103,[],[],{"summary":256,"deductions":257},"The \"goodbarber\" plugin v1.0.28 exhibits a mixed security posture. While the static analysis reveals a very small attack surface with no apparent direct entry points like AJAX handlers, REST API routes, or shortcodes, and a good percentage of SQL queries using prepared statements, there are significant concerns regarding output sanitization.  The fact that 0% of the 4 total outputs are properly escaped indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. This lack of proper escaping for all identified output points is a critical oversight.\n\nThe plugin's vulnerability history, showing 2 medium-severity CVEs for \"Open Redirect\" and \"CSRF\", despite being unpatched at the time of this analysis (last vulnerability in 2025), suggests a pattern of security weaknesses. While the current version may not have unpatched vulnerabilities, the historical context is important.  The absence of taint analysis results could be due to the limited number of flows analyzed or the specific nature of the code, but the lack of output escaping is a more concrete and actionable concern.\n\nIn conclusion, \"goodbarber\" v1.0.28 has strengths in its limited attack surface and SQL query sanitization. However, the complete lack of output escaping for all identified outputs is a severe weakness that significantly increases the risk of XSS attacks. Coupled with a history of medium-severity vulnerabilities, this plugin requires careful consideration and immediate remediation of its output sanitization issues.",[258,260],{"reason":259,"points":46},"No output escaping on any outputs",{"reason":261,"points":262},"2 medium severity vulnerabilities in history",10,"2026-03-16T18:44:04.745Z",{"wat":265,"direct":271},{"assetPaths":266,"generatorPatterns":268,"scriptPaths":269,"versionParams":270},[267],"\u002Fwp-content\u002Fplugins\u002Fgoodbarber\u002Fgb-json-api.php",[],[],[],{"cssClasses":272,"htmlComments":273,"htmlAttributes":274,"restEndpoints":275,"jsGlobals":278,"shortcodeOutput":279},[],[],[],[276,277],"\u002Fwp-json\u002Fgbapi\u002F","\u002Fwp-json\u002Fgbapi\u002F(.+)",[],[]]