[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_Nl1aNZaA6BQbJHBUQzNLO6EzSXGedhSomYyn-RPke4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":80,"crawl_stats":34,"alternatives":86,"analysis":87,"fingerprints":1299},"hesabfa-accounting","Hesabfa Accounting","2.2.5","Saeed Sattar Beglou","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaeedsb\u002F","\u003Cp>This plugin helps connect your (online) store to Hesabfa online accounting software. By using this plugin, saving products, contacts, and orders in your store will also save them automatically in your Hesabfa account. Besides that, just after a client pays a bill, the receipt document will be stored in Hesabfa as well. Of course, you have to register your account in Hesabfa first. To do so, visit Hesabfa at the link here www.hesabfa.com and sign up for free. After you signed up and entered your account, choose your business, then in the settings menu\u002FAPI, you can find the API keys for the business and import them to the plugin settings. Now your module is ready to use.\u003C\u002Fp>\n\u003Cp>For more information and a full guide to how to use Hesabfa and WooCommerce Plugin, visit Hesabfa’s website and go to the “Accounting School” menu.\u003C\u002Fp>\n","Connect Hesabfa Online Accounting to WooCommerce.",500,18959,100,3,"2025-09-29T10:17:00.000Z","6.8.5","6.2","5.6",[20],"accounting-cloud-hesabfa","https:\u002F\u002Fwww.hesabfa.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhesabfa-accounting.2.2.5.zip",54,4,2,"2025-08-20 00:00:00","2026-03-15T15:16:48.613Z",[29,43,54,66],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":34,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":34},"CVE-2025-48361","hesabfa-accounting-unauthenticated-sensitive-information-exposure-via-log-file","Hesabfa Accounting \u003C= 2.2.4 - Unauthenticated Sensitive Information Exposure via Log File","The Hesabfa Accounting plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.4 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.",null,"\u003C=2.2.4","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Insertion of Sensitive Information into Log File","2025-08-26 14:34:41",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbb35a0cf-e606-4ef9-8973-8a9b233696d4?source=api-prod",{"id":44,"url_slug":45,"title":46,"description":47,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":34,"severity":36,"cvss_score":48,"cvss_vector":49,"vuln_type":50,"published_date":26,"updated_date":51,"references":52,"days_to_patch":34},"CVE-2025-48362","hesabfa-accounting-cross-site-request-forgery-2","Hesabfa Accounting \u003C= 2.2.4 - Cross-Site Request Forgery","The Hesabfa Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-08-26 14:35:07",[53],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdae01acf-3b32-46bb-9c79-bfe9abb714dd?source=api-prod",{"id":55,"url_slug":56,"title":57,"description":58,"plugin_slug":4,"theme_slug":34,"affected_versions":59,"patched_in_version":60,"severity":36,"cvss_score":48,"cvss_vector":49,"vuln_type":50,"published_date":61,"updated_date":62,"references":63,"days_to_patch":65},"CVE-2025-30815","hesabfa-accounting-cross-site-request-forgery","Hesabfa Accounting \u003C= 2.1.8 - Cross-Site Request Forgery","The Hesabfa Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=2.1.8","2.2.0","2025-03-27 00:00:00","2025-04-02 14:54:05",[64],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4f954362-9da5-4b40-a7fa-c0c4c5e10efa?source=api-prod",7,{"id":67,"url_slug":68,"title":69,"description":70,"plugin_slug":4,"theme_slug":34,"affected_versions":71,"patched_in_version":72,"severity":36,"cvss_score":73,"cvss_vector":74,"vuln_type":75,"published_date":76,"updated_date":77,"references":78,"days_to_patch":24},"CVE-2025-22682","hesabfa-accounting-reflected-cross-site-scripting","Hesabfa Accounting \u003C= 2.1.2 - Reflected Cross-Site Scripting","The Hesabfa Accounting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=2.1.2","2.1.3",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-31 00:00:00","2025-02-03 14:46:09",[79],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F41f8b229-dada-4460-b394-04502f62a75f?source=api-prod",{"slug":81,"display_name":7,"profile_url":8,"plugin_count":82,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":83,"trust_score":84,"computed_at":85},"saeedsb",1,6,68,"2026-04-04T15:25:36.178Z",[],{"attackSurface":88,"codeSignals":359,"taintFlows":757,"riskAssessment":1274,"analyzedAt":1298},{"hooks":89,"ajaxHandlers":284,"restRoutes":355,"shortcodes":356,"cronEvents":357,"entryPointCount":358,"unprotectedCount":358},[90,96,100,103,106,109,112,115,118,121,124,127,130,133,136,139,142,145,150,155,158,160,163,167,170,173,175,178,181,184,187,190,193,196,199,202,205,208,211,214,217,220,223,226,229,232,234,237,239,242,245,248,251,254,257,260,263,266,269,272,275,278,280,282],{"type":91,"name":92,"callback":93,"file":94,"line":95},"action","admin_menu","hesabfa_add_menu","admin\\partials\\ssbhesabfa-admin-display.php",21,{"type":91,"name":97,"callback":97,"file":98,"line":99},"ssbhesabfa_home_setting","admin\\partials\\ssbhesabfa-admin-setting.php",24,{"type":91,"name":101,"callback":101,"file":98,"line":102},"ssbhesabfa_catalog_setting",26,{"type":91,"name":104,"callback":104,"file":98,"line":105},"ssbhesabfa_catalog_setting_save_field",27,{"type":91,"name":107,"callback":107,"file":98,"line":108},"ssbhesabfa_customers_setting",32,{"type":91,"name":110,"callback":110,"file":98,"line":111},"ssbhesabfa_customers_setting_save_field",33,{"type":91,"name":113,"callback":113,"file":98,"line":114},"ssbhesabfa_invoice_setting",38,{"type":91,"name":116,"callback":116,"file":98,"line":117},"ssbhesabfa_invoice_setting_save_field",39,{"type":91,"name":119,"callback":119,"file":98,"line":120},"ssbhesabfa_payment_setting",44,{"type":91,"name":122,"callback":122,"file":98,"line":123},"ssbhesabfa_payment_setting_save_field",45,{"type":91,"name":125,"callback":125,"file":98,"line":126},"ssbhesabfa_api_setting",50,{"type":91,"name":128,"callback":128,"file":98,"line":129},"ssbhesabfa_api_setting_save_field",51,{"type":91,"name":131,"callback":131,"file":98,"line":132},"ssbhesabfa_export_setting",53,{"type":91,"name":134,"callback":134,"file":98,"line":135},"ssbhesabfa_sync_setting",55,{"type":91,"name":137,"callback":137,"file":98,"line":138},"ssbhesabfa_log_setting",57,{"type":91,"name":140,"callback":140,"file":98,"line":141},"ssbhesabfa_extra_setting",59,{"type":91,"name":143,"callback":143,"file":98,"line":144},"ssbhesabfa_extra_setting_save_field",60,{"type":91,"name":146,"callback":147,"file":148,"line":149},"admin_notices","ssbhesabfa_business_expired_notice","includes\\class-ssbhesabfa-webhook.php",123,{"type":91,"name":151,"callback":152,"file":153,"line":154},"plugins_loaded","anonymous","includes\\class-ssbhesabfa.php",141,{"type":91,"name":156,"callback":152,"file":153,"line":157},"admin_enqueue_scripts",158,{"type":91,"name":156,"callback":152,"file":153,"line":159},159,{"type":91,"name":161,"callback":152,"file":153,"line":162},"upgrader_process_complete",162,{"type":164,"name":165,"callback":152,"file":153,"line":166},"filter","query_vars",165,{"type":91,"name":168,"callback":152,"file":153,"line":169},"parse_request",166,{"type":91,"name":171,"callback":152,"file":153,"line":172},"init",172,{"type":91,"name":146,"callback":152,"file":153,"line":174},177,{"type":164,"name":176,"callback":152,"file":153,"line":177},"woocommerce_product_export_column_names",182,{"type":164,"name":179,"callback":152,"file":153,"line":180},"woocommerce_product_export_product_default_columns",183,{"type":164,"name":182,"callback":152,"file":153,"line":183},"woocommerce_product_export_rows",184,{"type":164,"name":185,"callback":152,"file":153,"line":186},"manage_edit-product_columns",190,{"type":91,"name":188,"callback":152,"file":153,"line":189},"manage_product_posts_custom_column",191,{"type":164,"name":191,"callback":152,"file":153,"line":192},"manage_edit-product_sortable_columns",192,{"type":91,"name":194,"callback":152,"file":153,"line":195},"pre_get_posts",193,{"type":91,"name":197,"callback":152,"file":153,"line":198},"custom_product_tabs",196,{"type":164,"name":200,"callback":152,"file":153,"line":201},"woocommerce_shop_order_list_table_columns",200,{"type":91,"name":203,"callback":152,"file":153,"line":204},"woocommerce_shop_order_list_table_custom_column",201,{"type":164,"name":206,"callback":152,"file":153,"line":207},"bulk_actions-woocommerce_page_wc-orders",202,{"type":164,"name":209,"callback":152,"file":153,"line":210},"handle_bulk_actions-woocommerce_page_wc-orders",203,{"type":164,"name":212,"callback":152,"file":153,"line":213},"manage_edit-shop_order_columns",205,{"type":91,"name":215,"callback":152,"file":153,"line":216},"manage_shop_order_posts_custom_column",206,{"type":164,"name":218,"callback":152,"file":153,"line":219},"bulk_actions-edit-shop_order",207,{"type":164,"name":221,"callback":152,"file":153,"line":222},"handle_bulk_actions-edit-shop_order",208,{"type":164,"name":224,"callback":152,"file":153,"line":225},"woocommerce_checkout_fields",214,{"type":91,"name":227,"callback":152,"file":153,"line":228},"woocommerce_admin_order_data_after_billing_address",219,{"type":91,"name":230,"callback":152,"file":153,"line":231},"woocommerce_order_status_changed",224,{"type":91,"name":230,"callback":152,"file":153,"line":233},226,{"type":91,"name":235,"callback":152,"file":153,"line":236},"woocommerce_new_order",227,{"type":164,"name":230,"callback":152,"file":153,"line":238},234,{"type":91,"name":240,"callback":152,"file":153,"line":241},"edit_user_profile",238,{"type":91,"name":243,"callback":152,"file":153,"line":244},"user_register",240,{"type":91,"name":246,"callback":152,"file":153,"line":247},"personal_options_update",244,{"type":91,"name":249,"callback":152,"file":153,"line":250},"profile_update",246,{"type":91,"name":252,"callback":152,"file":153,"line":253},"delete_user",248,{"type":91,"name":255,"callback":152,"file":153,"line":256},"woocommerce_update_product",254,{"type":91,"name":258,"callback":152,"file":153,"line":259},"before_delete_post",257,{"type":91,"name":261,"callback":152,"file":153,"line":262},"woocommerce_product_options_general_product_data",261,{"type":91,"name":264,"callback":152,"file":153,"line":265},"woocommerce_process_product_meta",262,{"type":91,"name":267,"callback":152,"file":153,"line":268},"woocommerce_product_after_variable_attributes",264,{"type":91,"name":270,"callback":152,"file":153,"line":271},"woocommerce_save_product_variation",265,{"type":164,"name":273,"callback":152,"file":153,"line":274},"woocommerce_product_data_tabs",267,{"type":91,"name":276,"callback":152,"file":153,"line":277},"woocommerce_product_data_panels",268,{"type":91,"name":146,"callback":152,"file":153,"line":279},272,{"type":91,"name":146,"callback":152,"file":153,"line":281},274,{"type":91,"name":146,"callback":152,"file":153,"line":283},315,[285,290,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,346,349,352],{"action":286,"nopriv":287,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":289},"handle_webhook_request",true,false,168,{"action":286,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":291},169,{"action":293,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":294},"adminExportProducts",281,{"action":296,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":297},"adminImportProducts",282,{"action":299,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":300},"adminExportProductsOpeningQuantity",283,{"action":302,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":303},"adminExportCustomers",284,{"action":305,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":306},"adminSyncChanges",290,{"action":308,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":309},"adminSyncProducts",291,{"action":311,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":312},"adminSyncOrders",292,{"action":314,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":315},"adminUpdateProducts",293,{"action":317,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":318},"adminUpdateProductsWithFilter",294,{"action":320,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":321},"adminSubmitInvoice",295,{"action":323,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":324},"adminRemoveInvoice",296,{"action":326,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":327},"adminCleanLogFile",302,{"action":329,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":330},"adminSyncProductsManually",304,{"action":332,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":333},"adminClearPluginData",305,{"action":335,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":336},"adminInstallPluginData",306,{"action":338,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":339},"adminChangeProductCode",307,{"action":341,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":342},"adminDeleteProductLink",308,{"action":344,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":345},"adminUpdateProduct",309,{"action":347,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":348},"adminChangeProductsCode",310,{"action":350,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":351},"adminDeleteProductsLink",311,{"action":353,"nopriv":288,"callback":152,"hasNonce":288,"hasCapCheck":288,"file":153,"line":354},"adminUpdateProductAndVariations",312,[],[],[],23,{"dangerousFunctions":360,"sqlUsage":361,"outputEscaping":420,"fileOperations":754,"externalRequests":25,"nonceChecks":25,"capabilityChecks":755,"bundledLibraries":756},[],{"prepared":362,"raw":102,"locations":363},75,[364,368,371,374,376,378,379,382,383,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,419],{"file":365,"line":366,"context":367},"admin\\class-ssbhesabfa-admin.php",537,"$wpdb->get_results() with variable interpolation",{"file":365,"line":369,"context":370},542,"$wpdb->query() with variable interpolation",{"file":365,"line":372,"context":373},1035,"$wpdb->get_row() with variable interpolation",{"file":365,"line":375,"context":373},1277,{"file":365,"line":377,"context":373},1333,{"file":94,"line":177,"context":367},{"file":94,"line":380,"context":381},289,"$wpdb->get_var() with variable interpolation",{"file":94,"line":327,"context":367},{"file":384,"line":385,"context":373},"admin\\partials\\ssbhesabfa-admin-functions.php",918,{"file":384,"line":387,"context":373},944,{"file":384,"line":389,"context":381},1309,{"file":384,"line":391,"context":373},1342,{"file":384,"line":393,"context":373},1361,{"file":384,"line":395,"context":381},1411,{"file":384,"line":397,"context":367},1416,{"file":384,"line":399,"context":381},1489,{"file":384,"line":401,"context":381},1492,{"file":384,"line":403,"context":367},1501,{"file":384,"line":405,"context":367},1506,{"file":384,"line":407,"context":373},1663,{"file":384,"line":409,"context":373},1666,{"file":411,"line":141,"context":381},"includes\\class-ssbhesabfa-activator.php",{"file":148,"line":413,"context":373},210,{"file":148,"line":415,"context":373},245,{"file":417,"line":418,"context":367},"uninstall.php",28,{"file":417,"line":111,"context":370},{"escaped":421,"rawEcho":172,"locations":422},381,[423,426,428,429,431,432,433,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,524,526,527,529,531,533,534,536,537,538,540,542,544,546,548,550,551,553,555,557,559,561,563,565,567,569,571,573,575,577,579,581,583,585,587,589,591,592,594,596,598,600,601,603,605,607,609,611,613,615,617,619,621,623,625,627,629,631,633,635,637,638,640,642,644,646,648,650,652,654,656,658,660,662,664,666,668,670,671,673,675,677,679,681,683,685,687,689,691,693,695,697,699,701,703,705,707,709,711,713,715,717,719,721,723,725,727,729,731,733,734,736,738,740,742,744,746,748,750,752],{"file":365,"line":424,"context":425},175,"raw output",{"file":365,"line":427,"context":425},180,{"file":365,"line":189,"context":425},{"file":365,"line":430,"context":425},233,{"file":365,"line":262,"context":425},{"file":365,"line":318,"context":425},{"file":365,"line":434,"context":425},320,{"file":365,"line":436,"context":425},359,{"file":365,"line":438,"context":425},362,{"file":365,"line":440,"context":425},401,{"file":365,"line":442,"context":425},426,{"file":365,"line":444,"context":425},447,{"file":365,"line":446,"context":425},451,{"file":365,"line":448,"context":425},469,{"file":365,"line":450,"context":425},484,{"file":365,"line":452,"context":425},836,{"file":365,"line":454,"context":425},843,{"file":365,"line":456,"context":425},867,{"file":365,"line":458,"context":425},874,{"file":365,"line":460,"context":425},946,{"file":365,"line":462,"context":425},966,{"file":365,"line":464,"context":425},1177,{"file":365,"line":466,"context":425},1329,{"file":365,"line":468,"context":425},1579,{"file":365,"line":470,"context":425},1589,{"file":365,"line":472,"context":425},1599,{"file":365,"line":474,"context":425},1619,{"file":365,"line":476,"context":425},1641,{"file":365,"line":478,"context":425},1654,{"file":365,"line":480,"context":425},1691,{"file":365,"line":482,"context":425},1715,{"file":365,"line":484,"context":425},1725,{"file":365,"line":486,"context":425},1745,{"file":365,"line":488,"context":425},1753,{"file":365,"line":490,"context":425},1780,{"file":365,"line":492,"context":425},1798,{"file":365,"line":494,"context":425},1811,{"file":365,"line":496,"context":425},1825,{"file":365,"line":498,"context":425},1861,{"file":365,"line":500,"context":425},1866,{"file":365,"line":502,"context":425},1983,{"file":365,"line":504,"context":425},1986,{"file":365,"line":506,"context":425},1989,{"file":365,"line":508,"context":425},1992,{"file":365,"line":510,"context":425},1995,{"file":94,"line":512,"context":425},170,{"file":94,"line":514,"context":425},377,{"file":98,"line":516,"context":425},135,{"file":98,"line":518,"context":425},174,{"file":98,"line":520,"context":425},179,{"file":98,"line":522,"context":425},188,{"file":98,"line":195,"context":425},{"file":98,"line":525,"context":425},198,{"file":98,"line":219,"context":425},{"file":98,"line":528,"context":425},212,{"file":98,"line":530,"context":425},217,{"file":98,"line":532,"context":425},221,{"file":98,"line":233,"context":425},{"file":98,"line":535,"context":425},231,{"file":98,"line":244,"context":425},{"file":98,"line":415,"context":425},{"file":98,"line":539,"context":425},250,{"file":98,"line":541,"context":425},259,{"file":98,"line":543,"context":425},263,{"file":98,"line":545,"context":425},270,{"file":98,"line":547,"context":425},278,{"file":98,"line":549,"context":425},298,{"file":98,"line":436,"context":425},{"file":98,"line":552,"context":425},367,{"file":98,"line":554,"context":425},403,{"file":98,"line":556,"context":425},442,{"file":98,"line":558,"context":425},597,{"file":98,"line":560,"context":425},676,{"file":98,"line":562,"context":425},859,{"file":98,"line":564,"context":425},968,{"file":98,"line":566,"context":425},975,{"file":98,"line":568,"context":425},983,{"file":98,"line":570,"context":425},995,{"file":98,"line":572,"context":425},996,{"file":98,"line":574,"context":425},997,{"file":98,"line":576,"context":425},998,{"file":98,"line":578,"context":425},1007,{"file":98,"line":580,"context":425},1009,{"file":98,"line":582,"context":425},1016,{"file":98,"line":584,"context":425},1018,{"file":98,"line":586,"context":425},1025,{"file":98,"line":588,"context":425},1027,{"file":98,"line":590,"context":425},1034,{"file":98,"line":372,"context":425},{"file":98,"line":593,"context":425},1044,{"file":98,"line":595,"context":425},1045,{"file":98,"line":597,"context":425},1055,{"file":98,"line":599,"context":425},1295,{"file":98,"line":403,"context":425},{"file":98,"line":602,"context":425},1644,{"file":98,"line":604,"context":425},1671,{"file":98,"line":606,"context":425},1681,{"file":98,"line":608,"context":425},1685,{"file":98,"line":610,"context":425},1694,{"file":98,"line":612,"context":425},1703,{"file":98,"line":614,"context":425},1711,{"file":98,"line":616,"context":425},1718,{"file":98,"line":618,"context":425},1722,{"file":98,"line":620,"context":425},1726,{"file":98,"line":622,"context":425},1738,{"file":98,"line":624,"context":425},1748,{"file":98,"line":626,"context":425},1752,{"file":98,"line":628,"context":425},1759,{"file":98,"line":630,"context":425},1763,{"file":98,"line":632,"context":425},1770,{"file":98,"line":634,"context":425},1773,{"file":98,"line":636,"context":425},1808,{"file":98,"line":494,"context":425},{"file":98,"line":639,"context":425},1842,{"file":98,"line":641,"context":425},1845,{"file":98,"line":643,"context":425},1873,{"file":98,"line":645,"context":425},1877,{"file":98,"line":647,"context":425},1916,{"file":98,"line":649,"context":425},1924,{"file":98,"line":651,"context":425},1928,{"file":98,"line":653,"context":425},1945,{"file":98,"line":655,"context":425},1949,{"file":98,"line":657,"context":425},1958,{"file":98,"line":659,"context":425},1962,{"file":98,"line":661,"context":425},1970,{"file":98,"line":663,"context":425},1974,{"file":98,"line":665,"context":425},1980,{"file":98,"line":667,"context":425},1981,{"file":98,"line":669,"context":425},1982,{"file":98,"line":502,"context":425},{"file":98,"line":672,"context":425},1984,{"file":98,"line":674,"context":425},1988,{"file":98,"line":676,"context":425},2000,{"file":98,"line":678,"context":425},2003,{"file":98,"line":680,"context":425},2029,{"file":98,"line":682,"context":425},2033,{"file":98,"line":684,"context":425},2037,{"file":98,"line":686,"context":425},2070,{"file":98,"line":688,"context":425},2073,{"file":98,"line":690,"context":425},2105,{"file":98,"line":692,"context":425},2108,{"file":98,"line":694,"context":425},2135,{"file":98,"line":696,"context":425},2137,{"file":98,"line":698,"context":425},2140,{"file":98,"line":700,"context":425},2143,{"file":98,"line":702,"context":425},2354,{"file":98,"line":704,"context":425},2364,{"file":98,"line":706,"context":425},2382,{"file":98,"line":708,"context":425},2387,{"file":98,"line":710,"context":425},2395,{"file":98,"line":712,"context":425},2428,{"file":98,"line":714,"context":425},2433,{"file":98,"line":716,"context":425},2444,{"file":98,"line":718,"context":425},2475,{"file":98,"line":720,"context":425},2516,{"file":98,"line":722,"context":425},2541,{"file":98,"line":724,"context":425},2554,{"file":98,"line":726,"context":425},2558,{"file":98,"line":728,"context":425},2575,{"file":98,"line":730,"context":425},2582,{"file":98,"line":732,"context":425},2591,{"file":98,"line":732,"context":425},{"file":98,"line":735,"context":425},2592,{"file":98,"line":737,"context":425},2603,{"file":98,"line":739,"context":425},2619,{"file":98,"line":741,"context":425},2636,{"file":98,"line":743,"context":425},2662,{"file":98,"line":745,"context":425},2688,{"file":98,"line":747,"context":425},2778,{"file":98,"line":749,"context":425},2822,{"file":751,"line":514,"context":425},"admin\\partials\\ssbhesabfa-html-output.php",{"file":148,"line":753,"context":425},133,10,0,[],[758,774,782,790,800,809,818,835,845,856,882,895,905,922,971,983,1033,1049,1065,1082,1099,1111,1125,1144,1155,1165,1176,1259],{"entryPoint":759,"graph":760,"unsanitizedCount":82,"severity":36},"adminImportProductsCallback (admin\\class-ssbhesabfa-admin.php:238)",{"nodes":761,"edges":772},[762,767],{"id":763,"type":764,"label":765,"file":365,"line":766},"n0","source","$_POST",242,{"id":768,"type":769,"label":770,"file":365,"line":262,"wp_function":771},"n1","sink","echo() [XSS]","echo",[773],{"from":763,"to":768,"sanitized":288},{"entryPoint":775,"graph":776,"unsanitizedCount":82,"severity":36},"adminExportProductsOpeningQuantityCallback (admin\\class-ssbhesabfa-admin.php:270)",{"nodes":777,"edges":780},[778,779],{"id":763,"type":764,"label":765,"file":365,"line":281},{"id":768,"type":769,"label":770,"file":365,"line":318,"wp_function":771},[781],{"from":763,"to":768,"sanitized":288},{"entryPoint":783,"graph":784,"unsanitizedCount":82,"severity":36},"adminExportCustomersCallback (admin\\class-ssbhesabfa-admin.php:303)",{"nodes":785,"edges":788},[786,787],{"id":763,"type":764,"label":765,"file":365,"line":339},{"id":768,"type":769,"label":770,"file":365,"line":434,"wp_function":771},[789],{"from":763,"to":768,"sanitized":288},{"entryPoint":791,"graph":792,"unsanitizedCount":25,"severity":36},"adminSyncProductsCallback (admin\\class-ssbhesabfa-admin.php:347)",{"nodes":793,"edges":798},[794,797],{"id":763,"type":764,"label":795,"file":365,"line":796},"$_POST (x2)",351,{"id":768,"type":769,"label":770,"file":365,"line":436,"wp_function":771},[799],{"from":763,"to":768,"sanitized":288},{"entryPoint":801,"graph":802,"unsanitizedCount":82,"severity":36},"adminSubmitInvoiceCallback (admin\\class-ssbhesabfa-admin.php:457)",{"nodes":803,"edges":807},[804,806],{"id":763,"type":764,"label":765,"file":365,"line":805},462,{"id":768,"type":769,"label":770,"file":365,"line":448,"wp_function":771},[808],{"from":763,"to":768,"sanitized":288},{"entryPoint":810,"graph":811,"unsanitizedCount":82,"severity":36},"adminRemoveInvoiceCallback (admin\\class-ssbhesabfa-admin.php:474)",{"nodes":812,"edges":816},[813,815],{"id":763,"type":764,"label":765,"file":365,"line":814},479,{"id":768,"type":769,"label":770,"file":365,"line":450,"wp_function":771},[817],{"from":763,"to":768,"sanitized":288},{"entryPoint":819,"graph":820,"unsanitizedCount":14,"severity":36},"hesabfa_plugin_sync_products_manually (admin\\partials\\ssbhesabfa-admin-display.php:42)",{"nodes":821,"edges":832},[822,824,826,829],{"id":763,"type":764,"label":823,"file":94,"line":120},"$_GET (x8)",{"id":768,"type":769,"label":770,"file":94,"line":825,"wp_function":771},127,{"id":827,"type":764,"label":828,"file":94,"line":123},"n2","$_GET (x3)",{"id":830,"type":769,"label":770,"file":94,"line":831,"wp_function":771},"n3",153,[833,834],{"from":763,"to":768,"sanitized":287},{"from":827,"to":830,"sanitized":288},{"entryPoint":836,"graph":837,"unsanitizedCount":14,"severity":36},"ssbhesabfa_export_setting (admin\\partials\\ssbhesabfa-admin-setting.php:1661)",{"nodes":838,"edges":843},[839,841],{"id":763,"type":764,"label":828,"file":98,"line":840},1668,{"id":768,"type":769,"label":770,"file":98,"line":842,"wp_function":771},1675,[844],{"from":763,"to":768,"sanitized":288},{"entryPoint":846,"graph":847,"unsanitizedCount":82,"severity":36},"ssbhesabfa_sync_setting (admin\\partials\\ssbhesabfa-admin-setting.php:1904)",{"nodes":848,"edges":854},[849,852],{"id":763,"type":764,"label":850,"file":98,"line":851},"$_GET",1936,{"id":768,"type":769,"label":770,"file":98,"line":853,"wp_function":771},1938,[855],{"from":763,"to":768,"sanitized":288},{"entryPoint":857,"graph":858,"unsanitizedCount":14,"severity":36},"ssbhesabfa_tab_log_html (admin\\partials\\ssbhesabfa-admin-setting.php:2565)",{"nodes":859,"edges":877},[860,862,863,865,866,869,871,874],{"id":763,"type":764,"label":861,"file":98,"line":732},"$_POST['changeLogFile']",{"id":768,"type":769,"label":770,"file":98,"line":732,"wp_function":771},{"id":827,"type":764,"label":861,"file":98,"line":864},2601,{"id":830,"type":769,"label":770,"file":98,"line":864,"wp_function":771},{"id":867,"type":764,"label":868,"file":98,"line":864},"n4","$_POST['ssbhesabfa_find_log_date']",{"id":870,"type":769,"label":770,"file":98,"line":864,"wp_function":771},"n5",{"id":872,"type":764,"label":795,"file":98,"line":873},"n6",2685,{"id":875,"type":769,"label":770,"file":98,"line":876,"wp_function":771},"n7",2702,[878,879,880,881],{"from":763,"to":768,"sanitized":288},{"from":827,"to":830,"sanitized":287},{"from":867,"to":870,"sanitized":287},{"from":872,"to":875,"sanitized":288},{"entryPoint":883,"graph":884,"unsanitizedCount":755,"severity":894},"ssbhesabfa_hook_save_product_variation (admin\\class-ssbhesabfa-admin.php:1146)",{"nodes":885,"edges":892},[886,888],{"id":763,"type":764,"label":795,"file":365,"line":887},1154,{"id":768,"type":769,"label":889,"file":365,"line":890,"wp_function":891},"get_row() [SQLi]",1170,"get_row",[893],{"from":763,"to":768,"sanitized":287},"low",{"entryPoint":896,"graph":897,"unsanitizedCount":755,"severity":894},"ssbhesabfa_hook_process_product_meta (admin\\class-ssbhesabfa-admin.php:1309)",{"nodes":898,"edges":903},[899,901],{"id":763,"type":764,"label":765,"file":365,"line":900},1311,{"id":768,"type":769,"label":889,"file":365,"line":902,"wp_function":891},1325,[904],{"from":763,"to":768,"sanitized":287},{"entryPoint":906,"graph":907,"unsanitizedCount":755,"severity":894},"adminUpdateProductAndVariationsCallback (admin\\class-ssbhesabfa-admin.php:1803)",{"nodes":908,"edges":919},[909,911,914],{"id":763,"type":764,"label":765,"file":365,"line":910},1820,{"id":768,"type":912,"label":913,"file":365,"line":910},"transform","→ getProductAndCombinations()",{"id":827,"type":769,"label":915,"file":916,"line":917,"wp_function":918},"get_results() [SQLi]","admin\\services\\HesabfaWpFaService.php",223,"get_results",[920,921],{"from":763,"to":768,"sanitized":288},{"from":768,"to":827,"sanitized":287},{"entryPoint":923,"graph":924,"unsanitizedCount":755,"severity":894},"ssbhesabfa_extra_setting (admin\\partials\\ssbhesabfa-admin-setting.php:125)",{"nodes":925,"edges":963},[926,929,932,935,936,939,940,943,944,948,950,954,956,960],{"id":763,"type":764,"label":927,"file":98,"line":928},"$_POST['ssbhesabfa_set_rpp_for_sync_products_into_hesabfa']",342,{"id":768,"type":769,"label":930,"file":98,"line":928,"wp_function":931},"update_option() [Settings Manipulation]","update_option",{"id":827,"type":764,"label":933,"file":98,"line":934},"$_POST['ssbhesabfa_set_rpp_for_sync_products_into_woocommerce']",343,{"id":830,"type":769,"label":930,"file":98,"line":934,"wp_function":931},{"id":867,"type":764,"label":937,"file":98,"line":938},"$_POST['ssbhesabfa_set_rpp_for_import_products']",344,{"id":870,"type":769,"label":930,"file":98,"line":938,"wp_function":931},{"id":872,"type":764,"label":941,"file":98,"line":942},"$_POST['ssbhesabfa_set_rpp_for_export_products']",345,{"id":875,"type":769,"label":930,"file":98,"line":942,"wp_function":931},{"id":945,"type":764,"label":946,"file":98,"line":947},"n8","$_POST['ssbhesabfa_set_rpp_for_export_opening_products']",346,{"id":949,"type":769,"label":930,"file":98,"line":947,"wp_function":931},"n9",{"id":951,"type":764,"label":952,"file":98,"line":953},"n10","$_POST['ssbhesabfa_check_for_sync_select']",388,{"id":955,"type":769,"label":930,"file":98,"line":953,"wp_function":931},"n11",{"id":957,"type":764,"label":958,"file":98,"line":959},"n12","$_GET (x2)",448,{"id":961,"type":769,"label":770,"file":98,"line":962,"wp_function":771},"n13",671,[964,965,966,967,968,969,970],{"from":763,"to":768,"sanitized":287},{"from":827,"to":830,"sanitized":287},{"from":867,"to":870,"sanitized":287},{"from":872,"to":875,"sanitized":287},{"from":945,"to":949,"sanitized":287},{"from":951,"to":955,"sanitized":287},{"from":957,"to":961,"sanitized":287},{"entryPoint":972,"graph":973,"unsanitizedCount":982,"severity":894},"ssbhesabfa_customers_setting_save_field (admin\\partials\\ssbhesabfa-admin-setting.php:1063)",{"nodes":974,"edges":980},[975,978],{"id":763,"type":764,"label":976,"file":98,"line":977},"$_POST (x16)",1070,{"id":768,"type":769,"label":930,"file":98,"line":979,"wp_function":931},1092,[981],{"from":763,"to":768,"sanitized":288},16,{"entryPoint":984,"graph":985,"unsanitizedCount":755,"severity":894},"\u003Cssbhesabfa-admin-setting> (admin\\partials\\ssbhesabfa-admin-setting.php:0)",{"nodes":986,"edges":1021},[987,988,989,990,991,992,993,994,995,996,997,998,999,1001,1002,1004,1006,1010,1012,1015,1017,1019],{"id":763,"type":764,"label":927,"file":98,"line":928},{"id":768,"type":769,"label":930,"file":98,"line":928,"wp_function":931},{"id":827,"type":764,"label":933,"file":98,"line":934},{"id":830,"type":769,"label":930,"file":98,"line":934,"wp_function":931},{"id":867,"type":764,"label":937,"file":98,"line":938},{"id":870,"type":769,"label":930,"file":98,"line":938,"wp_function":931},{"id":872,"type":764,"label":941,"file":98,"line":942},{"id":875,"type":769,"label":930,"file":98,"line":942,"wp_function":931},{"id":945,"type":764,"label":946,"file":98,"line":947},{"id":949,"type":769,"label":930,"file":98,"line":947,"wp_function":931},{"id":951,"type":764,"label":952,"file":98,"line":953},{"id":955,"type":769,"label":930,"file":98,"line":953,"wp_function":931},{"id":957,"type":764,"label":1000,"file":98,"line":959},"$_GET (x6)",{"id":961,"type":769,"label":770,"file":98,"line":962,"wp_function":771},{"id":1003,"type":764,"label":976,"file":98,"line":977},"n14",{"id":1005,"type":769,"label":930,"file":98,"line":979,"wp_function":931},"n15",{"id":1007,"type":764,"label":1008,"file":98,"line":1009},"n16","$_POST (x7)",604,{"id":1011,"type":769,"label":770,"file":98,"line":665,"wp_function":771},"n17",{"id":1013,"type":764,"label":1014,"file":98,"line":732},"n18","$_POST['changeLogFile'] (x2)",{"id":1016,"type":769,"label":770,"file":98,"line":732,"wp_function":771},"n19",{"id":1018,"type":764,"label":868,"file":98,"line":864},"n20",{"id":1020,"type":769,"label":770,"file":98,"line":864,"wp_function":771},"n21",[1022,1023,1024,1025,1026,1027,1028,1029,1030,1031,1032],{"from":763,"to":768,"sanitized":287},{"from":827,"to":830,"sanitized":287},{"from":867,"to":870,"sanitized":287},{"from":872,"to":875,"sanitized":287},{"from":945,"to":949,"sanitized":287},{"from":951,"to":955,"sanitized":287},{"from":957,"to":961,"sanitized":287},{"from":1003,"to":1005,"sanitized":287},{"from":1007,"to":1011,"sanitized":287},{"from":1013,"to":1016,"sanitized":287},{"from":1018,"to":1020,"sanitized":287},{"entryPoint":1034,"graph":1035,"unsanitizedCount":25,"severity":1048},"adminExportProductsCallback (admin\\class-ssbhesabfa-admin.php:211)",{"nodes":1036,"edges":1044},[1037,1039,1040,1041,1043],{"id":763,"type":764,"label":765,"file":365,"line":1038},215,{"id":768,"type":769,"label":770,"file":365,"line":430,"wp_function":771},{"id":827,"type":764,"label":765,"file":365,"line":532},{"id":830,"type":912,"label":1042,"file":365,"line":532},"→ exportProducts()",{"id":867,"type":769,"label":915,"file":384,"line":568,"wp_function":918},[1045,1046,1047],{"from":763,"to":768,"sanitized":288},{"from":827,"to":830,"sanitized":288},{"from":830,"to":867,"sanitized":288},"high",{"entryPoint":1050,"graph":1051,"unsanitizedCount":25,"severity":1048},"adminSyncOrdersCallback (admin\\class-ssbhesabfa-admin.php:372)",{"nodes":1052,"edges":1061},[1053,1055,1056,1058,1060],{"id":763,"type":764,"label":765,"file":365,"line":1054},380,{"id":768,"type":769,"label":770,"file":365,"line":440,"wp_function":771},{"id":827,"type":764,"label":765,"file":365,"line":1057},384,{"id":830,"type":912,"label":1059,"file":365,"line":1057},"→ syncOrders()",{"id":867,"type":769,"label":915,"file":384,"line":405,"wp_function":918},[1062,1063,1064],{"from":763,"to":768,"sanitized":288},{"from":827,"to":830,"sanitized":288},{"from":830,"to":867,"sanitized":288},{"entryPoint":1066,"graph":1067,"unsanitizedCount":25,"severity":1048},"adminUpdateProductsCallback (admin\\class-ssbhesabfa-admin.php:410)",{"nodes":1068,"edges":1078},[1069,1071,1072,1074,1076],{"id":763,"type":764,"label":765,"file":365,"line":1070},414,{"id":768,"type":769,"label":770,"file":365,"line":442,"wp_function":771},{"id":827,"type":764,"label":765,"file":365,"line":1073},419,{"id":830,"type":912,"label":1075,"file":365,"line":1073},"→ updateProductsInHesabfaBasedOnStore()",{"id":867,"type":769,"label":915,"file":384,"line":1077,"wp_function":918},1724,[1079,1080,1081],{"from":763,"to":768,"sanitized":288},{"from":827,"to":830,"sanitized":288},{"from":830,"to":867,"sanitized":288},{"entryPoint":1083,"graph":1084,"unsanitizedCount":24,"severity":1048},"adminUpdateProductsWithFilterCallback (admin\\class-ssbhesabfa-admin.php:432)",{"nodes":1085,"edges":1095},[1086,1088,1089,1091,1093],{"id":763,"type":764,"label":795,"file":365,"line":1087},436,{"id":768,"type":769,"label":770,"file":365,"line":444,"wp_function":771},{"id":827,"type":764,"label":795,"file":365,"line":1090},440,{"id":830,"type":912,"label":1092,"file":365,"line":1090},"→ updateProductsInHesabfaBasedOnStoreWithFilter()",{"id":867,"type":769,"label":915,"file":384,"line":1094,"wp_function":918},1757,[1096,1097,1098],{"from":763,"to":768,"sanitized":288},{"from":827,"to":830,"sanitized":288},{"from":830,"to":867,"sanitized":288},{"entryPoint":1100,"graph":1101,"unsanitizedCount":82,"severity":1048},"admin_product_search_by_hesabfaId (admin\\class-ssbhesabfa-admin.php:762)",{"nodes":1102,"edges":1109},[1103,1105],{"id":763,"type":764,"label":850,"file":365,"line":1104},766,{"id":768,"type":769,"label":1106,"file":365,"line":1107,"wp_function":1108},"get_col() [SQLi]",770,"get_col",[1110],{"from":763,"to":768,"sanitized":288},{"entryPoint":1112,"graph":1113,"unsanitizedCount":82,"severity":1048},"ssbhesabfa_hook_user_register (admin\\class-ssbhesabfa-admin.php:988)",{"nodes":1114,"edges":1122},[1115,1118,1120],{"id":763,"type":764,"label":1116,"file":365,"line":1117},"$_REQUEST",1001,{"id":768,"type":912,"label":1119,"file":365,"line":1117},"→ getWpFaByHesabfaId()",{"id":827,"type":769,"label":889,"file":916,"line":1121,"wp_function":891},115,[1123,1124],{"from":763,"to":768,"sanitized":288},{"from":768,"to":827,"sanitized":288},{"entryPoint":1126,"graph":1127,"unsanitizedCount":25,"severity":1048},"adminChangeProductCodeCallback (admin\\class-ssbhesabfa-admin.php:1566)",{"nodes":1128,"edges":1139},[1129,1131,1132,1133,1135,1137],{"id":763,"type":764,"label":765,"file":365,"line":1130},1585,{"id":768,"type":912,"label":1119,"file":365,"line":1130},{"id":827,"type":769,"label":889,"file":916,"line":1121,"wp_function":891},{"id":830,"type":764,"label":765,"file":365,"line":1134},1604,{"id":867,"type":912,"label":1136,"file":365,"line":1134},"→ getWpFa()",{"id":870,"type":769,"label":889,"file":916,"line":1138,"wp_function":891},41,[1140,1141,1142,1143],{"from":763,"to":768,"sanitized":288},{"from":768,"to":827,"sanitized":288},{"from":830,"to":867,"sanitized":288},{"from":867,"to":870,"sanitized":288},{"entryPoint":1145,"graph":1146,"unsanitizedCount":82,"severity":1048},"adminDeleteProductLinkCallback (admin\\class-ssbhesabfa-admin.php:1624)",{"nodes":1147,"edges":1152},[1148,1150,1151],{"id":763,"type":764,"label":765,"file":365,"line":1149},1633,{"id":768,"type":912,"label":1136,"file":365,"line":1149},{"id":827,"type":769,"label":889,"file":916,"line":1138,"wp_function":891},[1153,1154],{"from":763,"to":768,"sanitized":288},{"from":768,"to":827,"sanitized":288},{"entryPoint":1156,"graph":1157,"unsanitizedCount":82,"severity":1048},"adminUpdateProductCallback (admin\\class-ssbhesabfa-admin.php:1646)",{"nodes":1158,"edges":1162},[1159,1160,1161],{"id":763,"type":764,"label":765,"file":365,"line":840},{"id":768,"type":912,"label":1136,"file":365,"line":840},{"id":827,"type":769,"label":889,"file":916,"line":1138,"wp_function":891},[1163,1164],{"from":763,"to":768,"sanitized":288},{"from":768,"to":827,"sanitized":288},{"entryPoint":1166,"graph":1167,"unsanitizedCount":25,"severity":1048},"adminChangeProductsCodeCallback (admin\\class-ssbhesabfa-admin.php:1696)",{"nodes":1168,"edges":1173},[1169,1171,1172],{"id":763,"type":764,"label":795,"file":365,"line":1170},1721,{"id":768,"type":912,"label":1136,"file":365,"line":1170},{"id":827,"type":769,"label":889,"file":916,"line":1138,"wp_function":891},[1174,1175],{"from":763,"to":768,"sanitized":288},{"from":768,"to":827,"sanitized":288},{"entryPoint":1177,"graph":1178,"unsanitizedCount":126,"severity":1048},"\u003Cclass-ssbhesabfa-admin> (admin\\class-ssbhesabfa-admin.php:0)",{"nodes":1179,"edges":1236},[1180,1182,1183,1184,1185,1187,1188,1190,1192,1193,1194,1195,1196,1197,1198,1199,1200,1201,1202,1203,1204,1205,1206,1208,1211,1214,1217,1219,1221,1223,1226,1228,1230,1232,1234],{"id":763,"type":764,"label":1181,"file":365,"line":1038},"$_POST (x34)",{"id":768,"type":769,"label":770,"file":365,"line":430,"wp_function":771},{"id":827,"type":764,"label":850,"file":365,"line":1104},{"id":830,"type":769,"label":1106,"file":365,"line":1107,"wp_function":1108},{"id":867,"type":764,"label":1186,"file":365,"line":887},"$_POST (x3)",{"id":870,"type":769,"label":889,"file":365,"line":890,"wp_function":891},{"id":872,"type":764,"label":795,"file":365,"line":1189},1155,{"id":875,"type":769,"label":770,"file":365,"line":1191,"wp_function":771},1412,{"id":945,"type":764,"label":765,"file":365,"line":532},{"id":949,"type":912,"label":1042,"file":365,"line":532},{"id":951,"type":769,"label":915,"file":384,"line":568,"wp_function":918},{"id":955,"type":764,"label":765,"file":365,"line":1057},{"id":957,"type":912,"label":1059,"file":365,"line":1057},{"id":961,"type":769,"label":915,"file":384,"line":405,"wp_function":918},{"id":1003,"type":764,"label":765,"file":365,"line":1073},{"id":1005,"type":912,"label":1075,"file":365,"line":1073},{"id":1007,"type":769,"label":915,"file":384,"line":1077,"wp_function":918},{"id":1011,"type":764,"label":795,"file":365,"line":1090},{"id":1013,"type":912,"label":1092,"file":365,"line":1090},{"id":1016,"type":769,"label":915,"file":384,"line":1094,"wp_function":918},{"id":1018,"type":764,"label":1116,"file":365,"line":1117},{"id":1020,"type":912,"label":1119,"file":365,"line":1117},{"id":1207,"type":769,"label":889,"file":916,"line":1121,"wp_function":891},"n22",{"id":1209,"type":764,"label":795,"file":365,"line":1210},"n23",1236,{"id":1212,"type":912,"label":1213,"file":365,"line":1210},"n24","→ getWpFaId()",{"id":1215,"type":769,"label":889,"file":916,"line":1216,"wp_function":891},"n25",140,{"id":1218,"type":764,"label":795,"file":365,"line":1130},"n26",{"id":1220,"type":912,"label":1119,"file":365,"line":1130},"n27",{"id":1222,"type":769,"label":889,"file":916,"line":1121,"wp_function":891},"n28",{"id":1224,"type":764,"label":1225,"file":365,"line":1134},"n29","$_POST (x5)",{"id":1227,"type":912,"label":1136,"file":365,"line":1134},"n30",{"id":1229,"type":769,"label":889,"file":916,"line":1138,"wp_function":891},"n31",{"id":1231,"type":764,"label":765,"file":365,"line":910},"n32",{"id":1233,"type":912,"label":913,"file":365,"line":910},"n33",{"id":1235,"type":769,"label":915,"file":916,"line":917,"wp_function":918},"n34",[1237,1238,1239,1240,1241,1242,1243,1244,1245,1246,1247,1248,1249,1250,1251,1252,1253,1254,1255,1256,1257,1258],{"from":763,"to":768,"sanitized":288},{"from":827,"to":830,"sanitized":288},{"from":867,"to":870,"sanitized":287},{"from":872,"to":875,"sanitized":287},{"from":945,"to":949,"sanitized":288},{"from":949,"to":951,"sanitized":288},{"from":955,"to":957,"sanitized":288},{"from":957,"to":961,"sanitized":288},{"from":1003,"to":1005,"sanitized":288},{"from":1005,"to":1007,"sanitized":288},{"from":1011,"to":1013,"sanitized":288},{"from":1013,"to":1016,"sanitized":288},{"from":1018,"to":1020,"sanitized":288},{"from":1020,"to":1207,"sanitized":288},{"from":1209,"to":1212,"sanitized":288},{"from":1212,"to":1215,"sanitized":288},{"from":1218,"to":1220,"sanitized":288},{"from":1220,"to":1222,"sanitized":288},{"from":1224,"to":1227,"sanitized":288},{"from":1227,"to":1229,"sanitized":288},{"from":1231,"to":1233,"sanitized":288},{"from":1233,"to":1235,"sanitized":287},{"entryPoint":1260,"graph":1261,"unsanitizedCount":24,"severity":1048},"\u003Cssbhesabfa-admin-display> (admin\\partials\\ssbhesabfa-admin-display.php:0)",{"nodes":1262,"edges":1270},[1263,1265,1266,1267,1268,1269],{"id":763,"type":764,"label":1264,"file":94,"line":120},"$_GET (x9)",{"id":768,"type":769,"label":770,"file":94,"line":825,"wp_function":771},{"id":827,"type":764,"label":828,"file":94,"line":123},{"id":830,"type":769,"label":770,"file":94,"line":831,"wp_function":771},{"id":867,"type":764,"label":850,"file":94,"line":120},{"id":870,"type":769,"label":915,"file":94,"line":274,"wp_function":918},[1271,1272,1273],{"from":763,"to":768,"sanitized":287},{"from":827,"to":830,"sanitized":288},{"from":867,"to":870,"sanitized":288},{"summary":1275,"deductions":1276},"The hesabfa-accounting v2.2.5 plugin presents a significant security risk primarily due to its extensive, unprotected attack surface. With 23 AJAX handlers identified, all of which lack authentication checks, any authenticated user could potentially trigger these functionalities, leading to unintended actions or data manipulation. While the plugin shows some positive signs like a moderate use of prepared statements for SQL queries and proper output escaping in over half of its outputs, the absence of capability checks on any entry points is a major concern. This, combined with 12 high-severity taint flows indicating potential for vulnerabilities like Cross-Site Scripting or data leakage, points to a plugin that requires immediate attention.\n\nThe plugin's vulnerability history, with 4 total CVEs including 4 medium-severity issues, further reinforces the security concerns. The fact that 2 CVEs remain unpatched is a critical red flag, suggesting a pattern of past vulnerabilities that may not have been fully addressed. The types of past vulnerabilities, such as Insertion of Sensitive Information into Log File, Cross-Site Request Forgery, and Cross-site Scripting, are common attack vectors that can have severe consequences.\n\nIn conclusion, while the plugin demonstrates some positive coding practices, such as the use of prepared statements and output escaping, these strengths are overshadowed by the critical weaknesses. The vast unprotected attack surface, lack of capability checks, high-severity taint flows, and unpatched historical vulnerabilities collectively create a high-risk environment. It is strongly recommended that users update to a patched version if available or consider disabling the plugin until these issues are resolved.",[1277,1280,1283,1285,1287,1289,1291,1294,1296],{"reason":1278,"points":1279},"23 unprotected AJAX handlers",20,{"reason":1281,"points":1282},"12 high severity taint flows",12,{"reason":1284,"points":754},"0 capability checks on entry points",{"reason":1286,"points":1279},"2 unpatched CVEs",{"reason":1288,"points":754},"4 medium severity CVEs (cumulative impact)",{"reason":1290,"points":754},"23 flows with unsanitized paths",{"reason":1292,"points":1293},"2 nonce checks (low coverage)",5,{"reason":1295,"points":1293},"31% of SQL queries not using prepared statements",{"reason":1297,"points":1293},"31% of output not properly escaped","2026-03-16T19:32:46.463Z",{"wat":1300,"direct":1313},{"assetPaths":1301,"generatorPatterns":1306,"scriptPaths":1307,"versionParams":1308},[1302,1303,1304,1305],"\u002Fwp-content\u002Fplugins\u002Fhesabfa-accounting\u002Fadmin\u002Fcss\u002Fssbhesabfa-admin.css","\u002Fwp-content\u002Fplugins\u002Fhesabfa-accounting\u002Fadmin\u002Fcss\u002Fbootstrap.css","\u002Fwp-content\u002Fplugins\u002Fhesabfa-accounting\u002Fadmin\u002Fjs\u002Fssbhesabfa-admin.js","\u002Fwp-content\u002Fplugins\u002Fhesabfa-accounting\u002Fadmin\u002Fjs\u002Fbootstrap.bundle.min.js",[],[1304,1305],[1309,1310,1311,1312],"hesabfa-accounting\u002Fadmin\u002Fcss\u002Fssbhesabfa-admin.css?v=1","hesabfa-accounting\u002Fadmin\u002Fcss\u002Fbootstrap.css","hesabfa-accounting\u002Fadmin\u002Fjs\u002Fssbhesabfa-admin.js","hesabfa-accounting\u002Fadmin\u002Fjs\u002Fbootstrap.bundle.min.js",{"cssClasses":1314,"htmlComments":1316,"htmlAttributes":1317,"restEndpoints":1323,"jsGlobals":1324,"shortcodeOutput":1326},[1315],"ssbhesabfa-admin-css",[],[1318,1319,1320,1321,1322],"data-bs-toggle","data-bs-target","aria-controls","aria-labelledby","data-bs-parent",[],[1325],"ssbhesabfa_obj",[]]