[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwEW4AVtNX2thLN9CAFjaO2huTmR0Zhw7I7dwzZ_WY7s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":9,"requires_php":9,"tags":15,"homepage":16,"download_link":17,"security_score":18,"vuln_count":11,"unpatched_count":11,"last_vuln_date":19,"fetched_at":20,"vulnerabilities":21,"developer":22,"crawl_stats":19,"alternatives":30,"analysis":31,"fingerprints":188},"hadepay","HadePay","1.0.0","Skysystemz","https:\u002F\u002Fprofiles.wordpress.org\u002Fodpsolutions\u002F","","hadepay Plugin is very usefull to Payment Gateway so you can use it in your website.",0,899,"2019-04-30T15:09:00.000Z","5.1.22",[],"https:\u002F\u002Fhadepay.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhadepay.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":23,"display_name":7,"profile_url":8,"plugin_count":24,"total_installs":25,"avg_security_score":26,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},"odpsolutions",2,10,89,30,86,"2026-04-05T14:55:23.806Z",[],{"attackSurface":32,"codeSignals":92,"taintFlows":149,"riskAssessment":177,"analyzedAt":187},{"hooks":33,"ajaxHandlers":88,"restRoutes":89,"shortcodes":90,"cronEvents":91,"entryPointCount":11,"unprotectedCount":11},[34,40,44,49,54,58,62,66,71,75,79,83],{"type":35,"name":36,"callback":37,"file":38,"line":39},"action","admin_menu","hadepay_theme_option_add_menu_admin_pages","include\\custom-functions.php",8,{"type":35,"name":41,"callback":42,"file":38,"line":43},"admin_enqueue_scripts","hadepay_theme_option_enqueue_admin_scripts",43,{"type":35,"name":45,"callback":46,"priority":47,"file":38,"line":48},"admin_init","save_hadepay_theme_option",1,131,{"type":50,"name":51,"callback":52,"file":38,"line":53},"filter","hadepay_theme_option_key_filter","hadepay_theme_option_key_wpml_support",166,{"type":35,"name":55,"callback":56,"file":38,"line":57},"wp_head","hadepay_theme_option_wp_head",184,{"type":35,"name":59,"callback":60,"file":38,"line":61},"wp_footer","hadepay_theme_option_wp_footer",197,{"type":50,"name":63,"callback":64,"file":38,"line":65},"woocommerce_payment_gateways","wc_offline_add_to_gateways",232,{"type":35,"name":67,"callback":68,"priority":69,"file":38,"line":70},"plugins_loaded","wc_offline_gateway_init",11,259,{"type":35,"name":72,"callback":73,"priority":25,"file":38,"line":74},"woocommerce_email_before_order_table","email_instructions",288,{"type":35,"name":76,"callback":77,"priority":25,"file":38,"line":78},"woocommerce_after_checkout_form","ts_after_checkout_form",387,{"type":35,"name":80,"callback":81,"priority":25,"file":38,"line":82},"woocommerce_thankyou","enroll_student",406,{"type":35,"name":84,"callback":85,"file":86,"line":87},"admin_notices","do_ssl_check","include\\custom_gateway.php",39,[],[],[],[],{"dangerousFunctions":93,"sqlUsage":94,"outputEscaping":96,"fileOperations":11,"externalRequests":47,"nonceChecks":11,"capabilityChecks":47,"bundledLibraries":148},[],{"prepared":11,"raw":11,"locations":95},[],{"escaped":97,"rawEcho":98,"locations":99},4,24,[100,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,138,140,142,144,146],{"file":38,"line":101,"context":102},56,"raw output",{"file":38,"line":104,"context":102},70,{"file":38,"line":106,"context":102},84,{"file":38,"line":108,"context":102},189,{"file":38,"line":110,"context":102},203,{"file":38,"line":112,"context":102},207,{"file":38,"line":114,"context":102},338,{"file":38,"line":116,"context":102},354,{"file":38,"line":118,"context":102},449,{"file":38,"line":120,"context":102},450,{"file":38,"line":122,"context":102},452,{"file":38,"line":124,"context":102},453,{"file":38,"line":126,"context":102},454,{"file":38,"line":128,"context":102},457,{"file":38,"line":130,"context":102},458,{"file":38,"line":132,"context":102},459,{"file":38,"line":134,"context":102},462,{"file":38,"line":136,"context":102},465,{"file":38,"line":136,"context":102},{"file":38,"line":139,"context":102},466,{"file":38,"line":141,"context":102},467,{"file":38,"line":143,"context":102},468,{"file":38,"line":145,"context":102},469,{"file":86,"line":147,"context":102},213,[],[150,169],{"entryPoint":151,"graph":152,"unsanitizedCount":11,"severity":168},"save_hadepay_theme_option (include\\custom-functions.php:95)",{"nodes":153,"edges":165},[154,159],{"id":155,"type":156,"label":157,"file":38,"line":158},"n0","source","$_POST",106,{"id":160,"type":161,"label":162,"file":38,"line":163,"wp_function":164},"n1","sink","update_option() [Settings Manipulation]",127,"update_option",[166],{"from":155,"to":160,"sanitized":167},true,"low",{"entryPoint":170,"graph":171,"unsanitizedCount":11,"severity":168},"\u003Ccustom-functions> (include\\custom-functions.php:0)",{"nodes":172,"edges":175},[173,174],{"id":155,"type":156,"label":157,"file":38,"line":158},{"id":160,"type":161,"label":162,"file":38,"line":163,"wp_function":164},[176],{"from":155,"to":160,"sanitized":167},{"summary":178,"deductions":179},"The 'hadepay' v1.0.0 plugin exhibits a generally good security posture based on the static analysis. The absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code appears to adhere to secure coding practices by exclusively using prepared statements for SQL queries and having no recorded vulnerability history. This suggests a proactive approach to security by the developers.\n\nHowever, a few areas raise concerns that warrant attention. The low percentage of properly escaped output (14%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-provided data that is not properly escaped before being displayed could be exploited by attackers. Additionally, the presence of an external HTTP request without explicit details on its purpose or security checks could be a vector for various attacks, including server-side request forgery (SSRF) or data exfiltration if not handled securely.\n\nWhile the plugin has no known CVEs, the static analysis highlights potential weaknesses. The lack of nonce checks on any potential entry points (though none are explicitly listed, the general lack of checks is concerning) and the low output escaping rate are the primary areas where vulnerabilities could arise. The single capability check suggests a basic level of access control, but its effectiveness is unknown without more context. Overall, the plugin has strong foundational security but requires immediate attention to its output escaping and careful scrutiny of its external HTTP requests.",[180,182,185],{"reason":181,"points":39},"Low output escaping percentage",{"reason":183,"points":184},"External HTTP request without details",5,{"reason":186,"points":184},"No nonce checks detected","2026-03-17T06:44:24.420Z",{"wat":189,"direct":199},{"assetPaths":190,"generatorPatterns":193,"scriptPaths":194,"versionParams":196},[191,192],"\u002Fwp-content\u002Fplugins\u002Fhadepay\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fhadepay\u002Fjs\u002Fcustom.js",[],[195],"https:\u002F\u002Fhadepay.com\u002Fassets\u002Fjs\u002Fpublic.js",[197,198],"hadepay\u002Fcss\u002Fadmin-style.css?ver=","hadepay\u002Fjs\u002Fcustom.js?ver=",{"cssClasses":200,"htmlComments":206,"htmlAttributes":208,"restEndpoints":214,"jsGlobals":216,"shortcodeOutput":220},[201,202,203,204,205],"left-option-panel","right-option-panel","header-option-panel","footer-option-panel","option_save_changes",[207],"\u003C!-- \nContributors:      HadePay\nPlugin Name:       HadePay\nPlugin URI:        https:\u002F\u002Fhadepay.com\u002Fwordpress\nTags:              comments, spam\nAuthor URI:        https:\u002F\u002Fhadepay.com\u002Fwordpress\nAuthor:            HadePay\nDonate link:       https:\u002F\u002Fhadepay.com\u002Fwordpress\nRequires at least: 4.1 \nStable tag:        4.3\nVersion:           1.0.0\nLicense:      GPL2 or later\nLicense URI:  https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\nTested up to:      5.1.1\n-->",[209,210,211,212,213],"name=\"option_action_changes\"","name=\"option_save_changes\"","name=\"hadepay_theme_option\"","name=\"optin_location\"","name=\"home_slider\"",[215],"\u002Fwp-json\u002Fwc\u002Fv3\u002Fproducts",[217,218,219],"HADEPAYOPTIONPATH","HADEPAYOPTIONURL","WC_Gateway_Offline",[]]