[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvU29Q0O-Jl4k_4gpOCbqOUAWBCs7g5SSB9sNn-Ft2MM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":50,"analysis":158,"fingerprints":739},"hr-press-lite","Hr Press Lite","1.0.2","CODECLOVE","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodeclove\u002F","\u003Cp>\u003Cstrong>Hr Press Lite\u003C\u002Fstrong> is \u003Cstrong>Employee management system\u003C\u002Fstrong> that help companies to manage employees and employees time, holidays, leave etc. it is user friendly and easy to user wordpress plugin. You can use Hr Press Lite completely free.\u003C\u002Fp>\n\u003Cp>It can also manage Departments, Designations, Employee Leaves, Holidays, Employee Attendance and more will be added as plugin progress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hr Press Lite\u003C\u002Fstrong> lets you manage Employees daily timings and breaks. Hr Press Lite uses a \u003Cstrong>very modern, clean and easy to use interface\u003C\u002Fstrong> to make managing a breeze!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you know?\u003C\u002Fstrong>\u003Cbr \u002F>\nMore than \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fblog\u002F2020\u002F09\u002Fmillions-of-sites-targeted-in-file-manager-vulnerability-attacks\u002F\" rel=\"nofollow ugc\">700,000 WordPress websites\u003C\u002Fa> were attacked during September 2020.\u003Cbr \u002F>\nMalicious bots are looking to exploit vulnerable versions of WP file manager plugins.\u003C\u002Fp>\n\u003Cp>Fortunately, Hr Press Lite is built with \u003Cstrong>security in mind\u003C\u002Fstrong> and comes with this vulnerability \u003Cstrong>fixed\u003C\u002Fstrong>! So rest assured! Hr Press Lite poses no risk to you!\u003C\u002Fp>\n\u003Ch3>⚡️Features include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Employees check-in and check-out time\u003C\u002Fli>\n\u003Cli>Employees Break logs\u003C\u002Fli>\n\u003Cli>Send emails to employees\u003C\u002Fli>\n\u003Cli>Announcements\u003C\u002Fli>\n\u003Cli>Departments\u003C\u002Fli>\n\u003Cli>Designations\u003C\u002Fli>\n\u003Cli>Attendance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fcodeclove.com\u002Fplugins\u002Fhr-press\" rel=\"nofollow ugc\">👉 \u003Cstrong>Hr Press PRO\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Ch3>⭐️ PRO FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Leave requests\u003C\u002Fli>\n\u003Cli>Send Holiday emails to employees\u003C\u002Fli>\n\u003Cli>IP Addresses restriction\u003C\u002Fli>\n\u003Cli>IP Address whitelisting\u003C\u002Fli>\n\u003Cli>Better support\u003C\u002Fli>\n\u003Cli>Features requests\u003C\u002Fli>\n\u003Cli>More coming…\u003C\u002Fli>\n\u003C\u002Ful>\n","Hr Press Lite is a modern Employee Management System to track attendance, breaks, and manage employees efficiently. HRM (Human Resource Management) is &hellip;",50,2485,0,"2026-01-18T09:47:00.000Z","6.7.5","6.0","7.4",[19,20,21,22,23],"attendance-management","employee-self-service","hr","hrm","human-resources-management","https:\u002F\u002FCodeClove.com\u002Fhr-press","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhr-press-lite.1.0.2.zip",78,1,"2026-03-20 15:15:10","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2026-2720","hr-press-lite-missing-authorization-to-authenticated-subscriber-sensitive-employee-information-exposure","Hr Press Lite \u003C= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure","The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the `hrp-fetch-employees` AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive employee information including names, email addresses, phone numbers, salary\u002Fpay rates, employment dates, and employment status.",null,"\u003C=1.0.2","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Missing Authorization","2026-03-21 03:27:06",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd2a63b8e-e16e-4702-be1b-acc5c3e74b22?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},"codeclove",30,79,"2026-04-04T16:03:06.859Z",[51,74,96,114,133],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":15,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":70,"download_link":71,"security_score":72,"vuln_count":27,"unpatched_count":13,"last_vuln_date":73,"fetched_at":29},"wp-hr-manager","WP-HR Manager: The Human Resources Plugin for WordPress","3.2.0","wphrmanager","https:\u002F\u002Fprofiles.wordpress.org\u002Fwphrmanager\u002F","\u003Cp>Now you can easily manage HR (Human Resource) records and processes from within your website with our highly rated plugin, WP-HR Manager. You can quickly install an ESS (employee self-service) portal and HRM system, update staff records, track attendance and absence, message team members, approve leave and more.\u003C\u002Fp>\n\u003Cp>Ideal for small and medium sized businesses (SME) who want to create their own HR information system (HRIS) on WordPress.\u003C\u002Fp>\n\u003Ch4>WP-HR Manager enables you to:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Install a powerful HRM system on your website to record and manage employee HR information via any browser \u003C\u002Fli>\n\u003Cli>Take advantage of employee self service (ESS) features to reduce admin and improve accuracy (ideal for remote workers)\u003C\u002Fli>\n\u003Cli>Retain control of your data (and host your site\u002Fdata in the location of your choice) helping with GDPR compliance\u003C\u002Fli>\n\u003Cli>Manage as many employees as you wish, with our free HR WordPress plugin: No incremental\u002Fper employee charges unlike cloud based HR systems\u003C\u002Fli>\n\u003Cli>Add features and plugins as you need them (even build your own!) with fully editable open source code\u003C\u002Fli>\n\u003Cli>Control access to data and capabilities with three inbuilt user levels (Admin, HR Manager and Employee)\u003C\u002Fli>\n\u003Cli>Keep it focussed – WP-HR Manager only adds HR features, keeping the plugin as lite as possible \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>New – WP-HR Mobile Check In Add On\u003C\u002Fh4>\n\u003Cp>We now offer a mobile app to enable employees to check in\u002Fout (clock in\u002Fout) with mobile phones.\u003Cbr \u002F>\nRequires Pro version and WP-HR Attendance upgrade within WP-HR Manager (Settings) or\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.wphrmanager.com\u002Fproduct\u002Fwp-hr-check-in-out\u002F\" rel=\"nofollow ugc\">Find out more\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FvygOR0o6Z-s?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>This plugin includes –\u003C\u002Fp>\n\u003Ch4>WP-HR Manager Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Company profile\u003C\u002Fli>\n\u003Cli>Branch listing – add local offices, outlets, factories etc.\u003C\u002Fli>\n\u003Cli>Employee profile – record and manage employee information\u003C\u002Fli>\n\u003Cli>Department listing – create departments and assign to employees\u003C\u002Fli>\n\u003Cli>Roles listing – create roles (eg ‘Driver’ or ‘Branch Manager’) and assign to employees\u003C\u002Fli>\n\u003Cli>Leave \u002F holiday management – create and approve holiday, sickness, unpaid and other leave requests\u003C\u002Fli>\n\u003Cli>Set multiple leave \u002F holiday policies to specify number of day’s leave allowed, national (Bank) holiday dates, etc\u003C\u002Fli>\n\u003Cli>Monitor number of leave days taken and remaining for each employee\u003C\u002Fli>\n\u003Cli>Enable Employee Self Service (ESS) options so staff and update their own records\u003C\u002Fli>\n\u003Cli>Front end view for employees (discourages logged in employees from viewing WordPress backend screens)\u003C\u002Fli>\n\u003Cli>Employee Assessments and Appraisals – track performance and set goals\u003C\u002Fli>\n\u003Cli>WordPress admin dashboard customizing features\u003C\u002Fli>\n\u003Cli>DashBoard Tab added in the setting page\u003C\u002Fli>\n\u003Cli>Admin can hid\u002Fshow the dashboard widgets as well as in the employee profile\u003C\u002Fli>\n\u003Cli>Emoloyee have option to show\u002Fhide Annual Work Anniversary,Birthday Anniversary and InOutopts from profile edit window\u003C\u002Fli>\n\u003Cli>Audit log – track changes to records\u003C\u002Fli>\n\u003Cli>44 currencies supported\u003C\u002Fli>\n\u003Cli>Announcements feature – send to specific employees or all employees \u003C\u002Fli>\n\u003Cli>Notification emails with custom templates and shortcode support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is forked from https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ferp\u002F by Tareq Hasan,Nizam Uddin,weDevs\u003Cbr \u002F>\nin order to keep up with changes to the core WordPress.\u003C\u002Fp>\n\u003Cp>This plugin includes additional features than the original plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enhancements to leave management, fixes, and licensing SDK.\u003C\u002Fli>\n\u003Cli>Plugin supports in multiple languages.\u003C\u002Fli>\n\u003Cli>Added feature to book leave from the front end view.\u003C\u002Fli>\n\u003Cli>Added feature to resend the welcome email.\u003C\u002Fli>\n\u003Cli>Added feature to allow more than one leave per day.\u003C\u002Fli>\n\u003Cli>Enable employees to apply for leave for a half-day or a few hours based on their needs.\u003C\u002Fli>\n\u003Cli>Calculate leave from the start date (by months left in the year).\u003C\u002Fli>\n\u003Cli>Enable leave for future and past years.\u003C\u002Fli>\n\u003Cli>Added feature to be able to sync “Who is out” widget with the calendar.\u003C\u002Fli>\n\u003Cli>Display all employees on the calendar of who is going to be off throughout the year.\u003C\u002Fli>\n\u003Cli>Added feature to only display assigned leave policies to the employee.\u003C\u002Fli>\n\u003Cli>Added feature to display employee leave to the line managers.\u003C\u002Fli>\n\u003Cli>Added feature to change the employee profile title based on the department.\u003C\u002Fli>\n\u003Cli>Added feature to archive old leave requests  (PRO VERSION ONLY).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to WP-HR Manager Pro for additional features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Reports\u003C\u002Fli>\n\u003Cli>Import \u002F export employee data\u003C\u002Fli>\n\u003Cli>Option to force employee to front end profile page on log in (restrict access to WP back end)\u003C\u002Fli>\n\u003Cli>Multiple Holiday Calendars (useful to create holiday sets for different countries)\u003C\u002Fli>\n\u003Cli>Allow \u002F Restrich leave notifications and approvals from HR Managers and Line Managers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WP-HR Manager Extensions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WP-HR Attendance\u003C\u002Fstrong> (monitor check-in \u002F check-out, add shifts)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-HR Mobile Check In\u003C\u002Fstrong> (NEW! enable employees to check-in \u002F check-out on their mobile phones)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-HR Recruitment\u003C\u002Fstrong> (create and advertise job vacancies on your site and manage recruitment process)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-HR GDPR Pro\u003C\u002Fstrong> (a set of useful tools to: Create your Privacy Policy; Record Consent to Manage Data from employees and job applicants; track employee GDPR training; log and manage Subject Access Requests; and more.) We also offer a stand alone lite version for free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-hr-gdpr\u002F\" rel=\"ugc\">here\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-HR SMS Messages\u003C\u002Fstrong>(Send SMS messages to employees)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-HR Documents\u003C\u002Fstrong> (Upload documents to a company library or to employee profiles)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-HR Add Fields\u003C\u002Fstrong>(Add extra fields to collect and display information in the employee profile and all other tabs)\u003C\u002Fli>\n\u003Cli>More planned – watch this space!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These extensions can be added from with the WPHR Settings menu on your WordPress dashboard.\u003C\u002Fp>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphrmanager.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphrmanager.com\u002F\" rel=\"nofollow ugc\">Project Site\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.wphrmanager.com\u002Fshop\u002F\" rel=\"nofollow ugc\">Extensions\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations (full or partial)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Bulgarian \u002F Български\u003C\u002Fli>\n\u003Cli>Chinese (China) \u002F 简体中文\u003C\u002Fli>\n\u003Cli>Danish \u002F Dansk\u003C\u002Fli>\n\u003Cli>Dutch \u002F Nederlands\u003C\u002Fli>\n\u003Cli>German \u002F Deutsch\u003C\u002Fli>\n\u003Cli>Japanese \u002F 日本語 \u003C\u002Fli>\n\u003Cli>Norwegian (Bokmål) \u002F Norsk bokmål\u003C\u002Fli>\n\u003Cli>Polish \u002F Polski\u003C\u002Fli>\n\u003Cli>Persian (Iranian)\u003C\u002Fli>\n\u003Cli>Spanish (Spain) \u002F Español\u003C\u002Fli>\n\u003Cli>Swedish \u002F Svenska\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you would like to help with translating this plugin, please go \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-hr-manager\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Press Coverage\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\"WP-HR Manager is a new approach to HRM software - neither a clunky old desktop application, nor a cloud system with expensive per employee pricing. An exciting new tool for HR managers.\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>Becki Clarke, Editor, www.HRreview.co.uk\u003C\u002Fem>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\"A great tool for organisations of all sizes.  The free version does all the basics things you need - and then you can customize with add-ons to get the exact mix of functionality you want.  This one will just get better and better.\" \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>Bill Banham, Publisher, www.hr-gazette.com\u003C\u002Fem>\u003C\u002Fp>\n","Easily add a powerful HR \u002F human resource management system and employee self service (ESS) portal to your website. = Credits = This plugin uses [WP E &hellip;",300,46156,40,5,"2025-03-27T14:40:00.000Z","5.0","",[19,21,67,68,69],"human-resources","leave","recruitment","http:\u002F\u002Fwww.wphrmanager.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hr-manager.zip",91,"2025-01-16 00:00:00",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":82,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":64,"requires_php":87,"tags":88,"homepage":93,"download_link":94,"security_score":48,"vuln_count":27,"unpatched_count":27,"last_vuln_date":95,"fetched_at":29},"clockify-lite","Clockinator Lite","1.0.8","BeastThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeastthemes\u002F","\u003Cp>Clockinator Lite is a powerful and easy-to-use \u003Cstrong>employee and attendance management plugin\u003C\u002Fstrong> for WordPress.\u003Cbr \u002F>\nIt helps you track working hours, manage staff, monitor shifts, and streamline HR processes.\u003C\u002Fp>\n\u003Cp>With Clockinator Lite, you can:\u003Cbr \u002F>\n– Track \u003Cstrong>attendance and working hours\u003C\u002Fstrong> in real time\u003Cbr \u002F>\n– Manage \u003Cstrong>departments, designations, and holidays\u003C\u002Fstrong>\u003Cbr \u002F>\n– Generate \u003Cstrong>monthly attendance reports\u003C\u002Fstrong>\u003Cbr \u002F>\n– View employees \u003Cstrong>past attendance history\u003C\u002Fstrong>\u003Cbr \u002F>\n– Enable \u003Cstrong>employee dashboards\u003C\u002Fstrong> on the frontend\u003Cbr \u002F>\n– Notify admins when employees \u003Cstrong>clock in\u002Fout\u003C\u002Fstrong>\u003Cbr \u002F>\n– Access an intuitive, translation-ready dashboard\u003Cbr \u002F>\n– And many other features\u003C\u002Fp>\n\u003Cp>Designed for businesses of all sizes, Clockinator Lite gives you the essential tools to manage your workforce directly inside WordPress.\u003C\u002Fp>\n\u003Ch3>🔑 Key Features (Lite Version)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>User Management (Admin \u002F Employee)\u003C\u002Fli>\n\u003Cli>Attendance & Holiday Management\u003C\u002Fli>\n\u003Cli>Real-time employee tracking\u003C\u002Fli>\n\u003Cli>Monthly & past attendance reports\u003C\u002Fli>\n\u003Cli>Admin notifications on clock in\u002Fout ( Email & SMS notifications )\u003C\u002Fli>\n\u003Cli>Employee self-service frontend dashboard\u003C\u002Fli>\n\u003Cli>Centralized admin dashboard\u003C\u002Fli>\n\u003Cli>Clean UI & translation ready\u003C\u002Fli>\n\u003Cli>And many other features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Upgrade to Pro\u003C\u002Fh3>\n\u003Cp>Unlock advanced HR features with \u003Cstrong>Clockinator Pro\u003C\u002Fstrong>, including:\u003Cbr \u002F>\n– Shift, leave, payroll & reimbursement management\u003Cbr \u002F>\n– Project & task management\u003Cbr \u002F>\n– Payslip & Pauroll generation( partial & monthly wise )\u003Cbr \u002F>\n– Exportable reports (CSV)\u003Cbr \u002F>\n– Customizable email\u002FSMS notifications\u003Cbr \u002F>\n– Department & role-based access control\u003Cbr \u002F>\n– More robust dashboards for HR Managers & Department Heads\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fbeastthemes.com\u002Fplugins\u002Fclockify-pro\u002F\" rel=\"nofollow ugc\">Learn More\u003C\u002Fa>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fdemo.beastthemes.com\u002Fclockify-pro-wordpress-plugin\u002F\" rel=\"nofollow ugc\">View Demo\u003C\u002Fa>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fbeastthemes.com\u002Faccount\u002Fsignup\u002Fclockify-pro-plugin\" rel=\"nofollow ugc\">Buy Now\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>A complete HR and attendance management plugin with clock-in\u002Fout, leave tracking, shift scheduling, and employee dashboards.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Clockinator Lite WordPress plugin, Copyright (C) 2021 Beastthemes\u003Cbr \u002F>\nLicensed under the GPL3 (https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.en.html).\u003C\u002Fp>\n","Clockinator Lite is a powerful and easy-to-use employee and attendance management plugin for WordPress.",100,6874,2,"2025-08-23T12:27:00.000Z","6.8.5","7.0",[19,89,90,91,92],"clock-in-out","hr-management","leave-management","shift-management","https:\u002F\u002Fbeastthemes.com\u002Fplugins\u002Fclockify-pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclockify-lite.1.0.8.zip","2025-04-01 00:00:00",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":82,"num_ratings":27,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":65,"tags":109,"homepage":111,"download_link":112,"security_score":113,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"hr-performance","HR Performance","1.0.0.2","TheInnovs","https:\u002F\u002Fprofiles.wordpress.org\u002Ftheinnovs\u002F","\u003Cp>Supercharge your HR by measuring their performance from your WordPress Dashboard by just a few clicks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Features\u003Cbr \u002F>\n-> Calculate the performance based on 8 Advanced criterias!\u003C\u002Fli>\n\u003Cli>Job Knowledge\u003C\u002Fli>\n\u003Cli>Work Quality\u003C\u002Fli>\n\u003Cli>Attendance\u002FPunctuality\u003C\u002Fli>\n\u003Cli>Communication\u002FListening\u003C\u002Fli>\n\u003Cli>Learning Capability\u003C\u002Fli>\n\u003Cli>Responsibility\u003C\u002Fli>\n\u003Cli>Confidence Level\u003C\u002Fli>\n\u003Cli>Dedication Level\u003C\u002Fli>\n\u003C\u002Ful>\n","Evaluate the performance of your Staffs\u002FEmployees easily.",10,2329,"2022-01-05T13:08:00.000Z","5.8.13","4.4.1",[110,21,97,22],"evaluate-hr","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhr-performance","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhr-performance.zip",85,{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":104,"downloaded":122,"rating":13,"num_ratings":13,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":65,"tags":126,"homepage":131,"download_link":132,"security_score":113,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"wp-hrms","WP HRMS","1.0.1","Jairo Pérez","https:\u002F\u002Fprofiles.wordpress.org\u002Fperezlabs\u002F","\u003Cp>WP HRMS is basically a WordPress based human resource management plugin, which can be used to maitain the\u003Cbr \u002F>\nrecords of human resource of your organization. It is a light weight plugin which is focused to maintain the records with ease.\u003C\u002Fp>\n\u003Cp>Management features of the plugin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Employees\u003C\u002Fli>\n\u003Cli>Departments\u003C\u002Fli>\n\u003C\u002Ful>\n","Human Resource Management System for WordPress",2717,"2016-05-08T06:09:00.000Z","4.5.33","4.0",[127,128,22,129,130],"departments","employee","human","management","http:\u002F\u002Fperezlabs.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hrms.1.0.1.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":143,"num_ratings":144,"last_updated":145,"tested_up_to":146,"requires_at_least":147,"requires_php":65,"tags":148,"homepage":154,"download_link":155,"security_score":156,"vuln_count":84,"unpatched_count":13,"last_vuln_date":157,"fetched_at":29},"onesignal-free-web-push-notifications","OneSignal – Web Push Notifications","3.8.0","OneSignal Push Notifications","https:\u002F\u002Fprofiles.wordpress.org\u002Fonesignal\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fonesignal.com\" rel=\"nofollow ugc\">OneSignal\u003C\u002Fa> is an easy way to increase user engagement. Use OneSignal to send visitors targeted push notifications so they keep coming back. It takes just a few minutes to install.\u003C\u002Fp>\n\u003Cp>As a WordPress VIP Gold Partner, OneSignal has been rigorously tested to handle even the highest volume use cases with reliability and ease of use.\u003C\u002Fp>\n\u003Cp>After setup, your visitors opt-in to receive push notifications when you publish a new post. Visitors receive these notifications even after they’ve left your website, thus driving re-engagement.\u003C\u002Fp>\n\u003Cp>You can configure notification delivery at preset intervals, create user segments, and customize the opt-in process for visitors.\u003C\u002Fp>\n\u003Cp>OneSignal’s free plan allows targeting up to 10,000 subscribers with push notifications. Contact support@onesignal.com if you have any questions. We’d love to hear from you!\u003C\u002Fp>\n\u003Ch4>Company\u003C\u002Fh4>\n\u003Cp>OneSignal is trusted by over 1.8M+ developers and marketing strategists. We power push notifications for everyone from early stage startups to Fortune 500 Companies, sending over 6 billion notifications per day. It is the most popular push notification plugin on WordPress with 100,000+ installations.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Supports Chrome\u003C\u002Fstrong> (Desktop & Android), \u003Cstrong>Safari\u003C\u002Fstrong> (Mac OS X), \u003Cstrong>Microsoft Edge\u003C\u002Fstrong> (Desktop & Android), \u003Cstrong>Opera\u003C\u002Fstrong> (Desktop & Android) and \u003Cstrong>Firefox\u003C\u002Fstrong> (Desktop & Android) on both HTTP and HTTPS sites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Automatic Notifications\u003C\u002Fstrong> – Send notifications to followers every time you publish a new post. Or set up a reminder that gets automatically sent to them if they haven’t visited for a few days.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Targeting Segments\u003C\u002Fstrong> – Send notifications to specific visitors based on language, number of times they’ve visited your blog, or even set up your own user attributes that you can target.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Opt-In Customization\u003C\u002Fstrong> – Choose when and how to ask your visitors to opt-in to browser notifications. Customize the prompt they first see.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Real Time Analytics\u003C\u002Fstrong> – See your notifications being delivered in real time, and watch them as they convert into visitors.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>A\u002FB Testing\u003C\u002Fstrong> – Try out different messages to a smaller set of your visitors to figure out which messages are more effective and then send the more effective message to the rest of your visitors!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Scheduled Notifications\u003C\u002Fstrong> – Schedule notifications to be delivered in the future, based on a user’s time zone, or even based on the same time of day they last visited your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.",70000,5069120,86,361,"2026-01-22T23:02:00.000Z","6.9.4","3.8",[149,150,151,152,153],"chrome-push","desktop-notifications","mobile-notifications","push-notification","push-notifications","https:\u002F\u002Fonesignal.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonesignal-free-web-push-notifications.3.8.0.zip",98,"2025-12-15 02:15:21",{"attackSurface":159,"codeSignals":312,"taintFlows":440,"riskAssessment":727,"analyzedAt":738},{"hooks":160,"ajaxHandlers":176,"restRoutes":307,"shortcodes":308,"cronEvents":309,"entryPointCount":311,"unprotectedCount":311},[161,167,172],{"type":162,"name":163,"callback":164,"file":165,"line":166},"action","admin_menu","menu","admin\\admin.php",6,{"type":162,"name":168,"callback":169,"file":170,"line":171},"plugins_loaded","load_translation","public\\public.php",8,{"type":162,"name":173,"callback":174,"priority":104,"file":170,"line":175},"hrp_holiday_notification","holiday_notification",13,[177,182,185,189,193,197,201,205,209,213,217,221,225,229,232,236,240,244,248,252,255,259,263,267,271,275,279,283,287,291,295,299,303],{"action":178,"nopriv":179,"callback":180,"hasNonce":179,"hasCapCheck":179,"file":165,"line":181},"hrp-save-department",false,"save_department",9,{"action":183,"nopriv":179,"callback":184,"hasNonce":179,"hasCapCheck":179,"file":165,"line":104},"hrp-fetch-departments","fetch_departments",{"action":186,"nopriv":179,"callback":187,"hasNonce":179,"hasCapCheck":179,"file":165,"line":188},"hrp-delete-department","delete_department",11,{"action":190,"nopriv":179,"callback":191,"hasNonce":179,"hasCapCheck":179,"file":165,"line":192},"hrp-save-designation","save_designation",14,{"action":194,"nopriv":179,"callback":195,"hasNonce":179,"hasCapCheck":179,"file":165,"line":196},"hrp-fetch-designations","fetch_designation",15,{"action":198,"nopriv":179,"callback":199,"hasNonce":179,"hasCapCheck":179,"file":165,"line":200},"hrp-delete-designation","delete_designation",16,{"action":202,"nopriv":179,"callback":203,"hasNonce":179,"hasCapCheck":179,"file":165,"line":204},"hrp-save-shift","save_shift",19,{"action":206,"nopriv":179,"callback":207,"hasNonce":179,"hasCapCheck":179,"file":165,"line":208},"hrp-fetch-shifts","fetch_shift",20,{"action":210,"nopriv":179,"callback":211,"hasNonce":179,"hasCapCheck":179,"file":165,"line":212},"hrp-delete-shift","delete_shift",21,{"action":214,"nopriv":179,"callback":215,"hasNonce":179,"hasCapCheck":179,"file":165,"line":216},"hrp-save-attendance","save_attendance",24,{"action":218,"nopriv":179,"callback":219,"hasNonce":179,"hasCapCheck":179,"file":165,"line":220},"hrp-fetch-attendances","fetch_attendances",25,{"action":222,"nopriv":179,"callback":223,"hasNonce":179,"hasCapCheck":179,"file":165,"line":224},"hrp-delete-attendance","delete_attendance",26,{"action":226,"nopriv":179,"callback":227,"hasNonce":179,"hasCapCheck":179,"file":165,"line":228},"hrp-fetch-attendances-employees","fetch_attendance_employees",27,{"action":230,"nopriv":179,"callback":231,"hasNonce":179,"hasCapCheck":179,"file":165,"line":47},"hrp-save-holiday","save_holiday",{"action":233,"nopriv":179,"callback":234,"hasNonce":179,"hasCapCheck":179,"file":165,"line":235},"hrp-fetch-holidays","fetch_holiday",31,{"action":237,"nopriv":179,"callback":238,"hasNonce":179,"hasCapCheck":179,"file":165,"line":239},"hrp-delete-holiday","delete_holiday",32,{"action":241,"nopriv":179,"callback":242,"hasNonce":179,"hasCapCheck":179,"file":165,"line":243},"hrp-save-employee","save_employee",35,{"action":245,"nopriv":179,"callback":246,"hasNonce":179,"hasCapCheck":179,"file":165,"line":247},"hrp-fetch-employees","fetch_employee",36,{"action":249,"nopriv":179,"callback":250,"hasNonce":179,"hasCapCheck":179,"file":165,"line":251},"hrp-delete-employee","delete_employee",37,{"action":253,"nopriv":179,"callback":254,"hasNonce":179,"hasCapCheck":179,"file":165,"line":61},"hrp-save-announcement","save_announcement",{"action":256,"nopriv":179,"callback":257,"hasNonce":179,"hasCapCheck":179,"file":165,"line":258},"hrp-fetch-announcements","fetch_announcement",41,{"action":260,"nopriv":179,"callback":261,"hasNonce":179,"hasCapCheck":179,"file":165,"line":262},"hrp-delete-announcement","delete_announcement",42,{"action":264,"nopriv":179,"callback":265,"hasNonce":179,"hasCapCheck":179,"file":165,"line":266},"hrp-save-company-details","save_company_details",45,{"action":268,"nopriv":179,"callback":269,"hasNonce":179,"hasCapCheck":179,"file":165,"line":270},"hrp-save-notification-settings","save_notification_settings",46,{"action":272,"nopriv":179,"callback":273,"hasNonce":179,"hasCapCheck":179,"file":165,"line":274},"hrp-save-attendance-settings","save_attendance_settings",47,{"action":276,"nopriv":179,"callback":277,"hasNonce":179,"hasCapCheck":179,"file":165,"line":278},"hrp-save-email-template-settings","save_email_template_settings",48,{"action":280,"nopriv":179,"callback":281,"hasNonce":179,"hasCapCheck":179,"file":165,"line":282},"hrp-save-checkin","employee_checkin",51,{"action":284,"nopriv":179,"callback":285,"hasNonce":179,"hasCapCheck":179,"file":165,"line":286},"hrp-save-checkout","employee_checkout",52,{"action":288,"nopriv":179,"callback":289,"hasNonce":179,"hasCapCheck":179,"file":165,"line":290},"hrp-save-breakin","employee_breakin",53,{"action":292,"nopriv":179,"callback":293,"hasNonce":179,"hasCapCheck":179,"file":165,"line":294},"hrp-save-breakout","employee_breakout",54,{"action":296,"nopriv":179,"callback":297,"hasNonce":179,"hasCapCheck":179,"file":165,"line":298},"hrp-fetch-emp-announcements","emp_fetch_announcements",56,{"action":300,"nopriv":179,"callback":301,"hasNonce":179,"hasCapCheck":179,"file":165,"line":302},"hrp-fetch-reports","fetch_reports",58,{"action":304,"nopriv":179,"callback":305,"hasNonce":179,"hasCapCheck":179,"file":165,"line":306},"send-test-email","send_test_email",61,[],[],[310],{"hook":173,"callback":173,"file":170,"line":188},33,{"dangerousFunctions":313,"sqlUsage":343,"outputEscaping":387,"fileOperations":13,"externalRequests":13,"nonceChecks":216,"capabilityChecks":13,"bundledLibraries":433},[314,318,321,325,328,330,334,337,340],{"fn":315,"file":316,"line":216,"context":317},"unserialize","admin\\inc\\announcements\\save.php","$announcement_announced_to = unserialize( $announcement->announced_to );",{"fn":315,"file":319,"line":208,"context":320},"admin\\inc\\shifts\\save.php","$shift_holidays = unserialize( $shift->holidays );",{"fn":315,"file":322,"line":323,"context":324},"includes\\HRP_Action.php",640,"$holidays      = array_map( 'ucwords', array_map( 'strtolower', unserialize( $row->holidays ) ) );",{"fn":315,"file":322,"line":326,"context":327},1792,"$send_to_list = unserialize( $row->announced_to );",{"fn":315,"file":322,"line":329,"context":327},2560,{"fn":315,"file":331,"line":332,"context":333},"includes\\HRP_Helper.php",274,"$settings           = unserialize( $settings->setting_value );",{"fn":315,"file":331,"line":335,"context":336},305,"$settings          = unserialize( $settings->setting_value );",{"fn":315,"file":331,"line":338,"context":339},339,"$settings              = unserialize( $settings->setting_value );",{"fn":315,"file":331,"line":341,"context":342},363,"$settings             = unserialize( $settings->setting_value );",{"prepared":344,"raw":204,"locations":345},152,[346,350,353,355,357,359,361,363,365,367,369,371,373,375,377,379,381,383,385],{"file":347,"line":348,"context":349},"admin\\inc\\dashboard\\dashboard.php",218,"$wpdb->get_results() with variable interpolation",{"file":322,"line":351,"context":352},140,"$wpdb->get_var() with variable interpolation",{"file":322,"line":354,"context":349},146,{"file":322,"line":356,"context":352},379,{"file":322,"line":358,"context":349},385,{"file":322,"line":360,"context":352},625,{"file":322,"line":362,"context":349},631,{"file":322,"line":364,"context":352},868,{"file":322,"line":366,"context":349},874,{"file":322,"line":368,"context":352},1158,{"file":322,"line":370,"context":349},1164,{"file":322,"line":372,"context":352},1491,{"file":322,"line":374,"context":349},1497,{"file":322,"line":376,"context":352},1774,{"file":322,"line":378,"context":349},1780,{"file":322,"line":380,"context":352},2548,{"file":322,"line":382,"context":349},2554,{"file":322,"line":384,"context":352},2675,{"file":322,"line":386,"context":349},2681,{"escaped":388,"rawEcho":208,"locations":389},800,[390,394,396,398,400,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431],{"file":391,"line":392,"context":393},"admin\\inc\\attendances\\attendances.php",17,"raw output",{"file":347,"line":395,"context":393},96,{"file":347,"line":397,"context":393},184,{"file":347,"line":399,"context":393},190,{"file":401,"line":402,"context":393},"admin\\inc\\dashboard\\employee\\emp-details.php",97,{"file":404,"line":204,"context":393},"admin\\inc\\departments\\departments.php",{"file":406,"line":204,"context":393},"admin\\inc\\designations\\designations.php",{"file":408,"line":204,"context":393},"admin\\inc\\employees\\employees.php",{"file":410,"line":204,"context":393},"admin\\inc\\holidays\\holidays.php",{"file":412,"line":392,"context":393},"admin\\inc\\shifts\\shifts.php",{"file":322,"line":414,"context":393},195,{"file":322,"line":416,"context":393},423,{"file":322,"line":418,"context":393},678,{"file":322,"line":420,"context":393},908,{"file":322,"line":422,"context":393},965,{"file":322,"line":424,"context":393},1207,{"file":322,"line":426,"context":393},1563,{"file":322,"line":428,"context":393},1854,{"file":322,"line":430,"context":393},2625,{"file":322,"line":432,"context":393},2727,[434,437],{"name":435,"version":36,"knownCves":436},"DataTables",[],{"name":438,"version":36,"knownCves":439},"Select2",[],[441,460,471,482,493,504,513,526,550,564,576,591,608,625,642,659,676,693,710],{"entryPoint":442,"graph":443,"unsanitizedCount":13,"severity":459},"\u003Csave> (admin\\inc\\attendances\\save.php:0)",{"nodes":444,"edges":456},[445,450],{"id":446,"type":447,"label":448,"file":449,"line":196},"n0","source","$_GET (x5)","admin\\inc\\attendances\\save.php",{"id":451,"type":452,"label":453,"file":449,"line":454,"wp_function":455},"n1","sink","echo() [XSS]",44,"echo",[457],{"from":446,"to":451,"sanitized":458},true,"low",{"entryPoint":461,"graph":462,"unsanitizedCount":13,"severity":459},"\u003Cview> (admin\\inc\\attendances\\view.php:0)",{"nodes":463,"edges":469},[464,467],{"id":446,"type":447,"label":465,"file":466,"line":171},"$_GET","admin\\inc\\attendances\\view.php",{"id":451,"type":452,"label":453,"file":466,"line":468,"wp_function":455},29,[470],{"from":446,"to":451,"sanitized":458},{"entryPoint":472,"graph":473,"unsanitizedCount":13,"severity":459},"\u003Csave> (admin\\inc\\departments\\save.php:0)",{"nodes":474,"edges":480},[475,478],{"id":446,"type":447,"label":476,"file":477,"line":196},"$_GET (x3)","admin\\inc\\departments\\save.php",{"id":451,"type":452,"label":453,"file":477,"line":479,"wp_function":455},43,[481],{"from":446,"to":451,"sanitized":458},{"entryPoint":483,"graph":484,"unsanitizedCount":13,"severity":459},"\u003Csave> (admin\\inc\\designations\\save.php:0)",{"nodes":485,"edges":491},[486,489],{"id":446,"type":447,"label":476,"file":487,"line":488},"admin\\inc\\designations\\save.php",12,{"id":451,"type":452,"label":453,"file":487,"line":490,"wp_function":455},39,[492],{"from":446,"to":451,"sanitized":458},{"entryPoint":494,"graph":495,"unsanitizedCount":13,"severity":459},"\u003Csave> (admin\\inc\\employees\\save.php:0)",{"nodes":496,"edges":502},[497,500],{"id":446,"type":447,"label":498,"file":499,"line":294},"$_GET (x28)","admin\\inc\\employees\\save.php",{"id":451,"type":452,"label":453,"file":499,"line":501,"wp_function":455},114,[503],{"from":446,"to":451,"sanitized":458},{"entryPoint":505,"graph":506,"unsanitizedCount":13,"severity":459},"\u003Csave> (admin\\inc\\holidays\\save.php:0)",{"nodes":507,"edges":511},[508,510],{"id":446,"type":447,"label":448,"file":509,"line":196},"admin\\inc\\holidays\\save.php",{"id":451,"type":452,"label":453,"file":509,"line":454,"wp_function":455},[512],{"from":446,"to":451,"sanitized":458},{"entryPoint":514,"graph":515,"unsanitizedCount":13,"severity":459},"fetch_attendances (includes\\HRP_Action.php:912)",{"nodes":516,"edges":524},[517,520],{"id":446,"type":447,"label":518,"file":322,"line":519},"$_POST",917,{"id":451,"type":452,"label":521,"file":322,"line":522,"wp_function":523},"get_results() [SQLi]",925,"get_results",[525],{"from":446,"to":451,"sanitized":458},{"entryPoint":527,"graph":528,"unsanitizedCount":13,"severity":459},"\u003CHRP_Action> (includes\\HRP_Action.php:0)",{"nodes":529,"edges":546},[530,533,536,540,542,544],{"id":446,"type":447,"label":531,"file":322,"line":532},"$_POST (x9)",106,{"id":451,"type":452,"label":534,"file":322,"line":351,"wp_function":535},"get_var() [SQLi]","get_var",{"id":537,"type":447,"label":538,"file":322,"line":539},"n2","$_POST (x10)",116,{"id":541,"type":452,"label":521,"file":322,"line":354,"wp_function":523},"n3",{"id":543,"type":447,"label":538,"file":322,"line":399},"n4",{"id":545,"type":452,"label":453,"file":322,"line":414,"wp_function":455},"n5",[547,548,549],{"from":446,"to":451,"sanitized":458},{"from":537,"to":541,"sanitized":458},{"from":543,"to":545,"sanitized":458},{"entryPoint":551,"graph":552,"unsanitizedCount":27,"severity":563},"\u003Csave> (admin\\inc\\announcements\\save.php:0)",{"nodes":553,"edges":560},[554,555,557,558],{"id":446,"type":447,"label":465,"file":316,"line":204},{"id":451,"type":452,"label":556,"file":316,"line":216,"wp_function":315},"unserialize() [Object Injection]",{"id":537,"type":447,"label":476,"file":316,"line":204},{"id":541,"type":452,"label":453,"file":316,"line":559,"wp_function":455},69,[561,562],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":458},"high",{"entryPoint":565,"graph":566,"unsanitizedCount":27,"severity":563},"\u003Csave> (admin\\inc\\shifts\\save.php:0)",{"nodes":567,"edges":573},[568,569,570,572],{"id":446,"type":447,"label":465,"file":319,"line":196},{"id":451,"type":452,"label":556,"file":319,"line":208,"wp_function":315},{"id":537,"type":447,"label":571,"file":319,"line":196},"$_GET (x4)",{"id":541,"type":452,"label":453,"file":319,"line":298,"wp_function":455},[574,575],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":458},{"entryPoint":577,"graph":578,"unsanitizedCount":590,"severity":563},"fetch_departments (includes\\HRP_Action.php:93)",{"nodes":579,"edges":586},[580,581,582,583,584,585],{"id":446,"type":447,"label":518,"file":322,"line":532},{"id":451,"type":452,"label":534,"file":322,"line":351,"wp_function":535},{"id":537,"type":447,"label":518,"file":322,"line":539},{"id":541,"type":452,"label":521,"file":322,"line":354,"wp_function":523},{"id":543,"type":447,"label":518,"file":322,"line":399},{"id":545,"type":452,"label":453,"file":322,"line":414,"wp_function":455},[587,588,589],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":179},{"from":543,"to":545,"sanitized":179},3,{"entryPoint":592,"graph":593,"unsanitizedCount":590,"severity":563},"fetch_designation (includes\\HRP_Action.php:332)",{"nodes":594,"edges":604},[595,597,598,600,601,603],{"id":446,"type":447,"label":518,"file":322,"line":596},345,{"id":451,"type":452,"label":534,"file":322,"line":356,"wp_function":535},{"id":537,"type":447,"label":518,"file":322,"line":599},355,{"id":541,"type":452,"label":521,"file":322,"line":358,"wp_function":523},{"id":543,"type":447,"label":518,"file":322,"line":602},418,{"id":545,"type":452,"label":453,"file":322,"line":416,"wp_function":455},[605,606,607],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":179},{"from":543,"to":545,"sanitized":179},{"entryPoint":609,"graph":610,"unsanitizedCount":590,"severity":563},"fetch_shift (includes\\HRP_Action.php:578)",{"nodes":611,"edges":621},[612,614,615,617,618,620],{"id":446,"type":447,"label":518,"file":322,"line":613},591,{"id":451,"type":452,"label":534,"file":322,"line":360,"wp_function":535},{"id":537,"type":447,"label":518,"file":322,"line":616},601,{"id":541,"type":452,"label":521,"file":322,"line":362,"wp_function":523},{"id":543,"type":447,"label":518,"file":322,"line":619},673,{"id":545,"type":452,"label":453,"file":322,"line":418,"wp_function":455},[622,623,624],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":179},{"from":543,"to":545,"sanitized":179},{"entryPoint":626,"graph":627,"unsanitizedCount":590,"severity":563},"fetch_attendance_employees (includes\\HRP_Action.php:821)",{"nodes":628,"edges":638},[629,631,632,634,635,637],{"id":446,"type":447,"label":518,"file":322,"line":630},834,{"id":451,"type":452,"label":534,"file":322,"line":364,"wp_function":535},{"id":537,"type":447,"label":518,"file":322,"line":633},844,{"id":541,"type":452,"label":521,"file":322,"line":366,"wp_function":523},{"id":543,"type":447,"label":518,"file":322,"line":636},903,{"id":545,"type":452,"label":453,"file":322,"line":420,"wp_function":455},[639,640,641],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":179},{"from":543,"to":545,"sanitized":179},{"entryPoint":643,"graph":644,"unsanitizedCount":590,"severity":563},"fetch_holiday (includes\\HRP_Action.php:1111)",{"nodes":645,"edges":655},[646,648,649,651,652,654],{"id":446,"type":447,"label":518,"file":322,"line":647},1124,{"id":451,"type":452,"label":534,"file":322,"line":368,"wp_function":535},{"id":537,"type":447,"label":518,"file":322,"line":650},1134,{"id":541,"type":452,"label":521,"file":322,"line":370,"wp_function":523},{"id":543,"type":447,"label":518,"file":322,"line":653},1202,{"id":545,"type":452,"label":453,"file":322,"line":424,"wp_function":455},[656,657,658],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":179},{"from":543,"to":545,"sanitized":179},{"entryPoint":660,"graph":661,"unsanitizedCount":590,"severity":563},"fetch_employee (includes\\HRP_Action.php:1444)",{"nodes":662,"edges":672},[663,665,666,668,669,671],{"id":446,"type":447,"label":518,"file":322,"line":664},1457,{"id":451,"type":452,"label":534,"file":322,"line":372,"wp_function":535},{"id":537,"type":447,"label":518,"file":322,"line":667},1467,{"id":541,"type":452,"label":521,"file":322,"line":374,"wp_function":523},{"id":543,"type":447,"label":518,"file":322,"line":670},1558,{"id":545,"type":452,"label":453,"file":322,"line":426,"wp_function":455},[673,674,675],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":179},{"from":543,"to":545,"sanitized":179},{"entryPoint":677,"graph":678,"unsanitizedCount":590,"severity":563},"fetch_announcement (includes\\HRP_Action.php:1727)",{"nodes":679,"edges":689},[680,682,683,685,686,688],{"id":446,"type":447,"label":518,"file":322,"line":681},1740,{"id":451,"type":452,"label":534,"file":322,"line":376,"wp_function":535},{"id":537,"type":447,"label":518,"file":322,"line":684},1750,{"id":541,"type":452,"label":521,"file":322,"line":378,"wp_function":523},{"id":543,"type":447,"label":518,"file":322,"line":687},1849,{"id":545,"type":452,"label":453,"file":322,"line":428,"wp_function":455},[690,691,692],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":179},{"from":543,"to":545,"sanitized":179},{"entryPoint":694,"graph":695,"unsanitizedCount":590,"severity":563},"emp_fetch_announcements (includes\\HRP_Action.php:2501)",{"nodes":696,"edges":706},[697,699,700,702,703,705],{"id":446,"type":447,"label":518,"file":322,"line":698},2514,{"id":451,"type":452,"label":534,"file":322,"line":380,"wp_function":535},{"id":537,"type":447,"label":518,"file":322,"line":701},2524,{"id":541,"type":452,"label":521,"file":322,"line":382,"wp_function":523},{"id":543,"type":447,"label":518,"file":322,"line":704},2620,{"id":545,"type":452,"label":453,"file":322,"line":430,"wp_function":455},[707,708,709],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":179},{"from":543,"to":545,"sanitized":179},{"entryPoint":711,"graph":712,"unsanitizedCount":590,"severity":563},"fetch_reports (includes\\HRP_Action.php:2629)",{"nodes":713,"edges":723},[714,716,717,719,720,722],{"id":446,"type":447,"label":518,"file":322,"line":715},2641,{"id":451,"type":452,"label":534,"file":322,"line":384,"wp_function":535},{"id":537,"type":447,"label":518,"file":322,"line":718},2651,{"id":541,"type":452,"label":521,"file":322,"line":386,"wp_function":523},{"id":543,"type":447,"label":518,"file":322,"line":721},2722,{"id":545,"type":452,"label":453,"file":322,"line":432,"wp_function":455},[724,725,726],{"from":446,"to":451,"sanitized":179},{"from":537,"to":541,"sanitized":179},{"from":543,"to":545,"sanitized":179},{"summary":728,"deductions":729},"The 'hr-press-lite' plugin version 1.0.2 presents a significant security risk due to its extensive attack surface being entirely unprotected. All 33 identified AJAX handlers lack authentication checks, meaning any unauthenticated user can potentially trigger these actions. This, coupled with 11 identified taint flows with unsanitized paths, creates a high likelihood of severe vulnerabilities like remote code execution or data breaches.\n\nWhile the plugin demonstrates good practices in SQL query preparedness (89%) and output escaping (98%), and has no recorded vulnerability history, these strengths are overshadowed by the fundamental insecurity of its entry points. The presence of 9 dangerous function calls, specifically 'unserialize', is particularly concerning when combined with unsanitized input handling, as it opens doors to unserialize vulnerabilities.\n\nIn conclusion, the lack of authorization on all AJAX endpoints and the presence of unsanitized input flows are critical weaknesses. Despite positive aspects in other areas, the plugin's current state makes it highly vulnerable to attacks. It is strongly recommended to address the unprotected AJAX handlers and taint flows immediately.",[730,732,734,736],{"reason":731,"points":104},"Unprotected AJAX handlers",{"reason":733,"points":104},"High severity unsanitized taint flows",{"reason":735,"points":171},"Dangerous unserialize function usage",{"reason":737,"points":62},"No capability checks on entry points","2026-03-16T21:53:10.571Z",{"wat":740,"direct":763},{"assetPaths":741,"generatorPatterns":751,"scriptPaths":752,"versionParams":753},[742,743,744,745,746,747,748,749,750],"\u002Fwp-content\u002Fplugins\u002Fhr-press-lite\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fhr-press-lite\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fhr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Fbootstrap.bundle.min.js","\u002Fwp-content\u002Fplugins\u002Fhr-press-lite\u002Fassets\u002Fjs\u002Fnioapp.min.js","\u002Fwp-content\u002Fplugins\u002Fhr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Fselect2.full.min.js","\u002Fwp-content\u002Fplugins\u002Fhr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Fsweetalert2.min.js","\u002Fwp-content\u002Fplugins\u002Fhr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Ftoastr.min.js","\u002Fwp-content\u002Fplugins\u002Fhr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Fjquery.validate.min.js","\u002Fwp-content\u002Fplugins\u002Fhr-press-lite\u002Fassets\u002Fjs\u002Fdatatable\u002Fjquery.dataTables.js",[],[744,745,746,747,748,749,750],[754,755,756,757,758,759,760,761,762],"hr-press-lite\u002Fassets\u002Fcss\u002Fstyle.css?ver=","hr-press-lite\u002Fassets\u002Fcss\u002Fmain.css?ver=","hr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Fbootstrap.bundle.min.js?ver=","hr-press-lite\u002Fassets\u002Fjs\u002Fnioapp.min.js?ver=","hr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Fselect2.full.min.js?ver=","hr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Fsweetalert2.min.js?ver=","hr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Ftoastr.min.js?ver=","hr-press-lite\u002Fassets\u002Fjs\u002Flibraries\u002Fjquery.validate.min.js?ver=","hr-press-lite\u002Fassets\u002Fjs\u002Fdatatable\u002Fjquery.dataTables.js?ver=",{"cssClasses":764,"htmlComments":765,"htmlAttributes":766,"restEndpoints":767,"jsGlobals":768,"shortcodeOutput":770},[],[],[],[],[769],"HRP_PLUGIN_VERSION",[]]