[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPAdR8wYdgS2F-xyBR3Jfr00BLrboR-VsyCh5HTq_2ZI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":20,"download_link":21,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":34,"fingerprints":130},"import-items-from-csv-to-existing-orders","Import items from csv to Existing Orders for WooCommerce","1.0","jcodex","https:\u002F\u002Fprofiles.wordpress.org\u002Fjcodex\u002F","\u003Cp>WooCommerce is most powerfull ecommerce tool for WordPress sites. ‘Import items from csv to Existing WooCommerce Orders’ is extension for add bulk products\u002Fitems from csv with Product SKU into existing orders or manually created WooCommerce orders by store manager. You have to make sure Sku’s you will use in csv are must exist on your store, plugin will skip missing sku’s and will not import those items to the order, it will only import that products item are existing on your store. This plugin is very easy to use Import items from csv to Existing Orders for WooCommerce will create an option button CSV Import next to builtin add item(s) button of WooCommerce on orders pages in WooCommerce admin.\u003C\u002Fp>\n\u003Ch4>Sample CSV Format\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fjcodex.com\u002Ftestimportdata.csv\" rel=\"nofollow ugc\">Download CSV Sample\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>|      \u003Cstrong>Sku\u003C\u002Fstrong>      |  \u003Cstrong>Price\u003C\u002Fstrong>  | \u003Cstrong>Quantity\u003C\u002Fstrong>  |\u003Cbr \u002F>\n|        3101BK37      |    20    |      1      |\u003Cbr \u002F>\n|        58DBK05      |    300    |      4      |\u003Cbr \u002F>\n|        90DBK74      |    250    |      4      |\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Import Bluk products from csv\u003C\u002Fli>\n\u003Cli>Confirmation popup before importing the items.\u003C\u002Fli>\n\u003Cli>Add custom prices for existing items\u003C\u002Fli>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If You have any Issue \u003Ca href=\"http:\u002F\u002Fjcodex.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fp>\n","A tool for easily import bulk products \u002F items from csv into existing WooCommerce orders.",0,987,"2019-09-11T07:26:00.000Z","5.2.24","4.0","",[4,18,19],"import-items-to-order-from-csv-woocommerce","import-products-from-csv-to-woocommerce-orders","https:\u002F\u002Fjcodex.com\u002Fimport-items-from-csv-to-existing-orders-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimport-items-from-csv-to-existing-orders.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},2,2000,92,7,94,"2026-04-03T19:37:29.085Z",[],{"attackSurface":35,"codeSignals":68,"taintFlows":88,"riskAssessment":115,"analyzedAt":129},{"hooks":36,"ajaxHandlers":58,"restRoutes":64,"shortcodes":65,"cronEvents":66,"entryPointCount":67,"unprotectedCount":67},[37,44,47,51,55],{"type":38,"name":39,"callback":40,"priority":41,"file":42,"line":43},"action","woocommerce_order_item_add_action_buttons","action_woocommerce_order_item_add_action_buttons",10,"inc\\class-importcsv-frontend.php",14,{"type":38,"name":45,"callback":45,"file":46,"line":43},"post_edit_form_tag","inc\\class-importcsv-helper-functions.php",{"type":38,"name":48,"callback":49,"priority":41,"file":46,"line":50},"save_post","renew_save_again",16,{"type":38,"name":52,"callback":53,"file":46,"line":54},"admin_enqueue_scripts","enqueue_scripts",17,{"type":38,"name":52,"callback":56,"file":46,"line":57},"enqueue_styles",18,[59],{"action":60,"nopriv":61,"callback":62,"hasNonce":61,"hasCapCheck":61,"file":46,"line":63},"csvimport",false,"my_ajax_csvimport_handler",15,[],[],[],1,{"dangerousFunctions":69,"sqlUsage":70,"outputEscaping":72,"fileOperations":27,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":87},[],{"prepared":11,"raw":11,"locations":71},[],{"escaped":73,"rawEcho":74,"locations":75},3,5,[76,79,81,83,85],{"file":42,"line":77,"context":78},22,"raw output",{"file":42,"line":80,"context":78},226,{"file":46,"line":82,"context":78},127,{"file":46,"line":84,"context":78},174,{"file":46,"line":86,"context":78},176,[],[89,107],{"entryPoint":90,"graph":91,"unsanitizedCount":67,"severity":106},"renew_save_again (inc\\class-importcsv-helper-functions.php:134)",{"nodes":92,"edges":104},[93,98],{"id":94,"type":95,"label":96,"file":46,"line":97},"n0","source","$_FILES",172,{"id":99,"type":100,"label":101,"file":46,"line":102,"wp_function":103},"n1","sink","fopen() [File Access]",180,"fopen",[105],{"from":94,"to":99,"sanitized":61},"medium",{"entryPoint":108,"graph":109,"unsanitizedCount":67,"severity":106},"\u003Cclass-importcsv-helper-functions> (inc\\class-importcsv-helper-functions.php:0)",{"nodes":110,"edges":113},[111,112],{"id":94,"type":95,"label":96,"file":46,"line":97},{"id":99,"type":100,"label":101,"file":46,"line":102,"wp_function":103},[114],{"from":94,"to":99,"sanitized":61},{"summary":116,"deductions":117},"The plugin 'import-items-from-csv-to-existing-orders' v1.0 exhibits a concerning security posture primarily due to its single unprotected AJAX handler. While the plugin demonstrates good practices in using prepared statements for SQL queries and has no recorded vulnerabilities, the absence of authentication checks on a critical entry point creates a significant risk. The static analysis reveals that 100% of SQL queries are prepared, which is excellent, and there are no dangerous functions or external HTTP requests. However, the taint analysis indicates two flows with unsanitized paths, which, though not flagged as critical or high severity in this analysis, warrant attention. The lack of proper output escaping on 62% of outputs is another area of concern that could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved. The absence of nonce checks and capability checks on the AJAX handler further amplifies the risk, as it allows any user, including unauthenticated ones, to trigger potentially sensitive operations.\n\nDespite the clean vulnerability history and well-handled SQL queries, the unprotected AJAX endpoint is the most significant weakness. This single point of entry, coupled with unsanitized path flows and inadequate output escaping, presents a tangible attack surface. The plugin would benefit greatly from implementing robust authentication and authorization mechanisms for all its entry points, especially AJAX handlers, and ensuring all output is properly escaped to prevent potential XSS attacks. The current state suggests a plugin that has some solid security foundations but has overlooked crucial aspects of input validation and access control.",[118,120,123,125,127],{"reason":119,"points":41},"Unprotected AJAX handler",{"reason":121,"points":122},"Flows with unsanitized paths",6,{"reason":124,"points":74},"Insufficient output escaping",{"reason":126,"points":74},"Missing nonce checks",{"reason":128,"points":74},"Missing capability checks","2026-03-17T06:27:01.209Z",{"wat":131,"direct":137},{"assetPaths":132,"generatorPatterns":134,"scriptPaths":135,"versionParams":136},[133],"\u002Fwp-content\u002Fplugins\u002Fimport-order-items-from-csv-to-existing-orders\u002Fassets\u002Fjquery-ui.css",[],[],[],{"cssClasses":138,"htmlComments":141,"htmlAttributes":142,"restEndpoints":144,"jsGlobals":145,"shortcodeOutput":146},[139,140],"csvresouter","generate-items",[],[143],"enctype=\"multipart\u002Fform-data\"",[],[],[]]