[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2Flcb376D_3V7oxr-qSP24jH-I_GTZePbzfeNXPOQ5k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":9,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":90,"fingerprints":161},"lfecfdi-para-woocommerce","LFECFDI para Woocommerce","8.1.8","realvirtualmx","https:\u002F\u002Fprofiles.wordpress.org\u002Frealvirtualmx\u002F","","El plugin LFECFDI para WooCommerce es una herramienta que se integra con LasFacturasElectronicas.com y te permite llevar a cabo el proceso facturacion …",10,11473,0,"2025-12-18T21:15:00.000Z","6.8.5","4.7.3",[18,19,20],"autofacturacion","cfdi","factura-electronica-mexico","https:\u002F\u002Frealvirtual.com.mx\u002Ffactura-electronica-cfdi-wordpress-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flfecfdi-para-woocommerce.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},2,80,89,30,86,"2026-04-04T06:08:48.818Z",[35,49,69],{"slug":36,"name":37,"version":6,"author":7,"author_profile":8,"description":9,"short_description":38,"active_installs":39,"downloaded":40,"rating":41,"num_ratings":42,"last_updated":43,"tested_up_to":15,"requires_at_least":16,"requires_php":9,"tags":44,"homepage":21,"download_link":45,"security_score":46,"vuln_count":47,"unpatched_count":47,"last_vuln_date":48,"fetched_at":25},"rvcfdi-para-woocommerce","RVCFDI para Woocommerce","El plugin RVCFDI para WooCommerce es una herramienta que se integra con RV Factura Electronica Web y te permite llevar a cabo el proceso facturacion e …",70,12139,76,5,"2025-12-18T21:17:00.000Z",[18,19,20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frvcfdi-para-woocommerce.zip",78,1,"2026-02-09 00:00:00",{"slug":50,"name":51,"version":52,"author":53,"author_profile":54,"description":55,"short_description":56,"active_installs":13,"downloaded":57,"rating":13,"num_ratings":13,"last_updated":58,"tested_up_to":59,"requires_at_least":60,"requires_php":61,"tags":62,"homepage":67,"download_link":68,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"efitec-facturacion-for-comiti","COMITI Invoicing Cloud for Ecommerce","1.1.33","Arturo Ramirez","https:\u002F\u002Fprofiles.wordpress.org\u002Faramirezm\u002F","\u003Cp>comitifact connects WooCommerce to COMITI’s CFDI 4.0 (Mexico) stamping services.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key features\u003C\u002Fstrong>\u003Cbr \u002F>\n– Generate CFDI 4.0 (XML) and its printable representation (PDF).\u003Cbr \u002F>\n– CFDI cancellation.\u003Cbr \u002F>\n– File uploads attached to orders with size limits and a whitelist of extensions (CSD, XML, ZIP, PEM, etc.).\u003Cbr \u002F>\n– Configurable \u003Cstrong>HTTPS\u003C\u002Fstrong> endpoints for \u003Cstrong>production\u003C\u002Fstrong> and \u003Cstrong>sandbox\u003C\u002Fstrong> environments.\u003Cbr \u002F>\n– Multisite-aware (cleans up on uninstall per site).\u003Cbr \u002F>\n– Internationalization ready (\u003Ccode>Text Domain: comitifact\u003C\u002Fcode>) and loads translations from \u003Ccode>\u002Flanguages\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security\u003C\u002Fstrong>\u003Cbr \u002F>\n– Nonces on AJAX actions.\u003Cbr \u002F>\n– Capability checks (by default requires \u003Ccode>manage_woocommerce\u003C\u002Fcode> for admin actions).\u003Cbr \u002F>\n– Input sanitization and output escaping.\u003Cbr \u002F>\n– Uploads stored in a dedicated folder \u003Ccode>\u002Fwp-content\u002Fuploads\u002Fcomitifact\u002F\u003C\u002Fcode> with MIME checks and size limits.\u003Cbr \u002F>\n– No credentials or endpoints exposed on the front end.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin integrates with an external e-invoicing (timbrado) provider. Depending on your configuration, fiscal data from orders (RFC, legal name, CFDI use, tax address, etc.) may be sent to your provider over \u003Cstrong>HTTPS\u003C\u002Fstrong>. Review and accept the provider’s terms before use. If you process personal data, ensure you have a lawful basis and appropriate privacy notices.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements\u003C\u002Fstrong>\u003Cbr \u002F>\n– WordPress ≥ 5.8\u003Cbr \u002F>\n– PHP ≥ 7.4\u003Cbr \u002F>\n– WooCommerce (a version compatible with your site)\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>This plugin is translation-ready. Text domain: \u003Ccode>comitifact\u003C\u002Fcode>, path: \u003Ccode>\u002Flanguages\u003C\u002Fcode>. You can contribute translations via WordPress.org GlotPress once published.\u003C\u002Fp>\n\u003Ch3>Notes for Reviewers (WordPress.org)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All AJAX actions that write files or data are protected by nonces and capability checks.\u003C\u002Fli>\n\u003Cli>External services are configurable and default to HTTPS endpoints.\u003C\u002Fli>\n\u003Cli>No external tracking; no personal data is transmitted unless configured by the site owner for invoicing purposes.\u003C\u002Fli>\n\u003Cli>Uninstall routine removes options, transients, prefixed tables, cron hooks, and \u003Ccode>\u002Fuploads\u002Fcomitifact\u002F\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n","CFDI 4.0 invoicing extension for WooCommerce integrated with COMITI’s services.",201,"2026-02-22T20:31:00.000Z","6.9.4","5.8","8.2",[19,63,64,65,66],"invoice","mexico","timbrado","woocommerce","https:\u002F\u002Fwww.comiti.mx\u002Fcomitifact-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fefitec-facturacion-for-comiti.zip",{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":13,"downloaded":77,"rating":13,"num_ratings":13,"last_updated":78,"tested_up_to":79,"requires_at_least":16,"requires_php":80,"tags":81,"homepage":87,"download_link":88,"security_score":89,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"facturo-por-ti-extension-ecommerce","Facturación Electrónica Woocommerce","1.0.0","fptgustavoortiz","https:\u002F\u002Fprofiles.wordpress.org\u002Ffptgustavoortiz\u002F","\u003Cp>Este servicio se puede instalar en wordpress y es compatible con diversos servicios\u003Cbr \u002F>\nde ventas por internet, contáctanos para mas información.\u003C\u002Fp>\n\u003Cp>La integración del plugin que ofrece FacturoPorTi, te permitira sincronizar\u003Cbr \u002F>\nautomáticamente todas tus ventas de manera simple, además tienes un portal\u003Cbr \u002F>\nadministrador para ver detalles o generar la factura global.\u003Cbr \u002F>\nAl usuario se le solicita tres valores:\u003C\u002Fp>\n\u003Ch4>☞ Numero de orden de compra\u003C\u002Fh4>\n\u003Ch4>☞ Monto de la compra\u003C\u002Fh4>\n\u003Ch4>☞ Fecha de la compra\u003C\u002Fh4>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F880974611\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch4>Requisitos minimos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WooCommerce 6.0 o superior\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin Facturación Electrónica para Woocommerce permitiendo al cliente realizar la  factura de las ventas que se hacen desde tu Ecommerce.",1137,"2024-06-12T19:34:00.000Z","6.4.8","7.0",[82,83,84,85,86],"ecommerce-api","factura-electronica","facturacion-ecommerce","facturacion-electronica-woocommerce","portal-de-autofacturacion","https:\u002F\u002Fwww.facturoporti.com.mx\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacturo-por-ti-extension-ecommerce.1.0.zip",92,{"attackSurface":91,"codeSignals":97,"taintFlows":149,"riskAssessment":150,"analyzedAt":160},{"hooks":92,"ajaxHandlers":93,"restRoutes":94,"shortcodes":95,"cronEvents":96,"entryPointCount":13,"unprotectedCount":13},[],[],[],[],[],{"dangerousFunctions":98,"sqlUsage":99,"outputEscaping":101,"fileOperations":146,"externalRequests":147,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":148},[],{"prepared":28,"raw":13,"locations":100},[],{"escaped":13,"rawEcho":102,"locations":103},18,[104,108,110,112,114,116,118,120,122,124,127,130,133,135,137,139,141,144],{"file":105,"line":106,"context":107},"recursos\\realvirtual_woocommerce_cfdi.php",83,"raw output",{"file":105,"line":109,"context":107},149,{"file":105,"line":111,"context":107},215,{"file":105,"line":113,"context":107},297,{"file":105,"line":115,"context":107},380,{"file":105,"line":117,"context":107},426,{"file":105,"line":119,"context":107},469,{"file":105,"line":121,"context":107},515,{"file":105,"line":123,"context":107},596,{"file":125,"line":126,"context":107},"recursos\\realvirtual_woocommerce_cliente.php",44,{"file":128,"line":129,"context":107},"recursos\\realvirtual_woocommerce_configuracion.php",299,{"file":131,"line":132,"context":107},"recursos\\realvirtual_woocommerce_cuenta.php",59,{"file":131,"line":134,"context":107},101,{"file":136,"line":126,"context":107},"recursos\\realvirtual_woocommerce_emisor.php",{"file":138,"line":126,"context":107},"recursos\\realvirtual_woocommerce_metodopago.php",{"file":140,"line":126,"context":107},"recursos\\realvirtual_woocommerce_metodopago33.php",{"file":142,"line":143,"context":107},"recursos\\realvirtual_woocommerce_pedido.php",1588,{"file":142,"line":145,"context":107},1631,4,22,[],[],{"summary":151,"deductions":152},"The static analysis of the \"lfecfdi-para-woocommerce\" v8.1.8 plugin reveals a mixed security posture. While there are no recorded vulnerabilities in its history, and the plugin shows good practices in SQL query handling with 100% prepared statements, several significant concerns emerge from the code signals.  The complete lack of output escaping for all 18 identified outputs is a critical weakness, potentially exposing the site to cross-site scripting (XSS) attacks. Furthermore, the absence of nonce and capability checks on any of the identified entry points (even though the attack surface is currently zero) suggests a potential for privilege escalation or unauthorized actions if new entry points are introduced or existing ones are overlooked in future development. The high number of external HTTP requests (22) also warrants scrutiny, as it increases the plugin's reliance on external services, which could be a vector for supply chain attacks or denial-of-service if those services are compromised or unavailable.  The plugin demonstrates strengths in avoiding dangerous functions and secure SQL practices, but the unescaped output and lack of authorization checks present substantial risks that need immediate attention. The absence of known CVEs is positive, but it doesn't negate the inherent risks identified in the code analysis.",[153,156,158],{"reason":154,"points":155},"Unescaped output",8,{"reason":157,"points":42},"Missing nonce checks",{"reason":159,"points":42},"Missing capability checks","2026-03-17T01:26:32.198Z",{"wat":162,"direct":171},{"assetPaths":163,"generatorPatterns":166,"scriptPaths":167,"versionParams":168},[164,165],"\u002Fwp-content\u002Fplugins\u002Flfecfdi-para-woocommerce\u002Fassets\u002Fcss\u002Frealvirtual_admin.css","\u002Fwp-content\u002Fplugins\u002Flfecfdi-para-woocommerce\u002Fassets\u002Fjs\u002Frealvirtual_admin.js",[],[165],[169,170],"lfecfdi-para-woocommerce\u002Fassets\u002Fcss\u002Frealvirtual_admin.css?ver=","lfecfdi-para-woocommerce\u002Fassets\u002Fjs\u002Frealvirtual_admin.js?ver=",{"cssClasses":172,"htmlComments":173,"htmlAttributes":174,"restEndpoints":175,"jsGlobals":176,"shortcodeOutput":177},[],[],[],[],[],[]]