[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fm7iQNfFlYmC0EivfJR39tJZQ7VQuIU2bkW83rj8Go50":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":60,"crawl_stats":37,"alternatives":68,"analysis":92,"fingerprints":330},"libro-de-reclamaciones-y-quejas","Libro de Reclamaciones y Quejas","1.2","Renzo Tejada","https:\u002F\u002Fprofiles.wordpress.org\u002Frenzotejada\u002F","\u003Cul>\n\u003Cli>Email the customer with a copy of their complaint.\u003C\u002Fli>\n\u003Cli>You send an email to the site administrator with the complaint.\u003C\u002Fli>\n\u003Cli>The site administrator cannot delete or edit the information sent by the customer.\u003C\u002Fli>\n\u003Cli>The “Complaint Book” plugin generates a unique correlative ID in the database which makes it difficult to modify and edit.\u003C\u002Fli>\n\u003Cli>All complaints are viewed in the same WordPress dashboard in a clear way.\u003C\u002Fli>\n\u003Cli>WE ARE NOT RESPONSIBLE FOR COMPLAINTS THAT YOU MAY HAVE, ALWAYS CHECK YOUR CLAIMS BOOK WITH YOUR LEGAL AREA OR A LAWYER, AS NOT ALL COMPANIES THAT PROVIDE PRODUCTS OR SERVICES HAVE THE SAME FORMAT FIELDS.\u003C\u002Fli>\n\u003Cli>THIS PLUGIN IS A GENERIC PLUGIN THAT DOES THE BASICS (HAVE THE FORM ONLINE, NOTIFY THE ADMINISTRATOR AND THE USER OF A NEW CLAIM).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We also have a premium plugin which has the following features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin generates a unique correlative ID in the database which makes it difficult to modify and edit. \u003C\u002Fli>\n\u003Cli>All complaints are seen in the same WordPress dashboard in a clear way. \u003C\u002Fli>\n\u003Cli>You will be able to answer the claim or complaint from the same WordPress dashboard.\u003C\u002Fli>\n\u003Cli>You will be able to attach evidence of the complaint from within the WordPress dashboard. You will be able to activate Google reCaptcha v2.\u003C\u002Fli>\n\u003Cli>You will be able to change the email to notify when a complaint is created. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>More information about the plugin in \u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Flibro-de-reclamaciones-y-quejas-pro\u002F\" title=\"Libro de Reclamaciones y Quejas PRO\" rel=\"nofollow ugc\">Libro de Reclamaciones y Quejas PRO\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>View more plugins\u003C\u002Fh4>\n\u003Cp>For additional functionality, check out our companion plugin, such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fubigeo-peru\u002F\" rel=\"ugc\">Ubigeo Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flibro-de-reclamaciones-y-quejas\u002F\" rel=\"ugc\">Libro de Reclamaciones y Quejas\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomprobante-de-pago-peru\u002F\" rel=\"ugc\">Comprobante de Pago Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftipo-documento-peru\u002F\" rel=\"ugc\">Tipo Documento Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftransferencia-bancaria-peru\u002F\" rel=\"ugc\">Transferencia Bancaria Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-utils\u002F\" rel=\"ugc\">Utils para WooCommerce y WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmulti-link-in-bio\u002F\" rel=\"ugc\">Multi Link in Bio\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisplay-price-free\u002F\" rel=\"ugc\">Display Price Free\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>View more plugins PREMIUM\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fcosto-de-envio-de-ubigeo-de-peru-para-woocommerce\u002F\" rel=\"nofollow ugc\">Costo de envío de Ubigeo Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Flibro-de-reclamaciones-y-quejas-pro\u002F\" rel=\"nofollow ugc\">Libro de Reclamaciones y Quejas PRO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwooyape-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooYape para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwoolukita-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooLukita para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwooplin-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooPlin para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwootunki-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooTunki para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwoobilletera-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooBilletera para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugins\u002Fcomprobante-de-pago-peru-pro-para-woocommerce\u002F\" rel=\"nofollow ugc\">Comprobante de Pago Perú PRO para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit our \u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fcategoria-producto\u002Fplugins\u002F\" rel=\"nofollow ugc\">plugins overview page\u003C\u002Fa> for more information.\u003C\u002Fp>\n","Libro de reclamaciones válido para Perú con los campos obligatorios exigidos por Indecopi.",4000,23524,76,10,"2025-06-03T20:11:00.000Z","6.8.5","6.8","7.4",[20,21,22,23],"libro-de-reclamaciones","libro-de-reclamaciones-peru","libro-de-reclamaciones-plugin","libro-de-reclamaciones-wordpress","https:\u002F\u002Frenzotejada.com\u002Flibro-de-reclamaciones-y-quejas\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flibro-de-reclamaciones-y-quejas.1.2.zip",77,2,1,"2025-06-05 00:00:00","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-30989","libro-de-reclamaciones-y-quejas-authenticated-administrator-sql-injection","Libro de Reclamaciones y Quejas \u003C= 0.9 - Authenticated (Administrator+) SQL Injection","The Libro de Reclamaciones y Quejas plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=0.9","1.0","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-06-12 13:40:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F36742d6b-3cd5-4e12-86b5-0d3f361372ea?source=api-prod",8,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":40,"cvss_score":53,"cvss_vector":54,"vuln_type":55,"published_date":56,"updated_date":57,"references":58,"days_to_patch":37},"CVE-2025-32113","libro-de-reclamaciones-y-quejas-cross-site-request-forgery-to-stored-cross-site-scripting","Libro de Reclamaciones y Quejas \u003C= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The Libro de Reclamaciones y Quejas plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-04 00:00:00","2025-04-08 18:19:25",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F21d8a074-f38b-4799-a7c2-92a5e7142924?source=api-prod",{"slug":61,"display_name":7,"profile_url":8,"plugin_count":62,"total_installs":63,"avg_security_score":64,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},"renzotejada",11,8640,94,327,75,"2026-04-04T14:05:52.961Z",[69],{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":89,"download_link":90,"security_score":91,"vuln_count":79,"unpatched_count":79,"last_vuln_date":37,"fetched_at":30},"neurosystems-libro-reclamaciones-peru","Libro de Reclamaciones para Perú","1.5.3.1","NeuroSystems","https:\u002F\u002Fprofiles.wordpress.org\u002Fjuancn\u002F","\u003Cp>\u003Cstrong>NeuroSystems Libro de Reclamaciones Peru\u003C\u002Fstrong> te ayuda a implementar un Libro de Reclamaciones Virtual en tu sitio WordPress, siguiendo los lineamientos establecidos por INDECOPI de acuerdo con la Ley N° 29571 (Código de Protección y Defensa del Consumidor).\u003C\u002Fp>\n\u003Cp>Este plugin está diseñado específicamente para negocios que operan en Perú y necesitan cumplir con las regulaciones de protección al consumidor de manera fácil y profesional.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Legal Compliance: Form with fields required by INDECOPI regulations\u003C\u002Fli>\n\u003Cli>Automatic Code Generation: Creates unique codes for each complaint (e.g., REC-20250102-0001)\u003C\u002Fli>\n\u003Cli>Notifications: Sends a receipt to the customer and a notification to the administrator\u003C\u002Fli>\n\u003Cli>Management Panel: View, manage and respond to complaints directly from WordPress\u003C\u002Fli>\n\u003Cli>Responsive Design: Form adapts to mobile, tablet and desktop devices\u003C\u002Fli>\n\u003Cli>Easy Implementation: Use the shortcode \u003Ccode>[neurlrp_libro_reclamaciones]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>File Attachments: Allows customers to attach files\u003C\u002Fli>\n\u003Cli>Guardian Data: Support for representative information when the consumer is a minor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>PRO Version\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Upgrade to the PRO version for additional features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email Diagnostics and Logs\u003C\u002Fli>\n\u003Cli>Custom Email Configuration (Sender, CC, BCC)\u003C\u002Fli>\n\u003Cli>Data Export to CSV\u002FExcel\u003C\u002Fli>\n\u003Cli>File Attachments in Responses\u003C\u002Fli>\n\u003Cli>Priority Support\u003C\u002Fli>\n\u003Cli>License System\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fneurosystems.net.pe\u002Fproducto\u002Flibro-de-reclamaciones-pro\u002F\" rel=\"nofollow ugc\">Get PRO Version\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Legal Requirement\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>According to Peruvian Law N° 29571 and Supreme Decree N° 011-2011-PCM, providers selling products or services in Peru through the internet are required to have a Virtual Complaints Book accessible on their website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disclaimer of Liability\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please note that this plugin provides a standard template designed to facilitate compliance with general regulations. However, specific legal requirements may vary depending on your business type.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> The authors of this plugin are not responsible for the legal compliance of your specific business. We strongly recommend consulting with your legal department or a lawyer to ensure this format meets your company’s specific obligations. This tool is a technical solution to publish the form and manage notifications, but it does not replace professional legal advice.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external service for conversion tracking purposes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service:\u003C\u002Fstrong> NeuroSystems Conversion Tracking API\u003Cbr \u002F>\n\u003Cstrong>Purpose:\u003C\u002Fstrong> Tracks when users click the “Get PRO Version” link in the plugin settings page to help us understand upgrade interest.\u003Cbr \u002F>\n\u003Cstrong>Data Sent:\u003C\u002Fstrong> Domain name of the WordPress installation\u003Cbr \u002F>\n\u003Cstrong>When:\u003C\u002Fstrong> Only when an administrator clicks the PRO upgrade link in the plugin settings\u003Cbr \u002F>\n\u003Cstrong>Endpoint:\u003C\u002Fstrong> https:\u002F\u002Fneurosystems.net.pe\u002Fwp-json\u002Flrp-license\u002Fv1\u002Ftrack-conversion\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy & Terms:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fneurosystems.net.pe\u002Fprivacy-policy\u002F\u003Cbr \u002F>\n* Terms of Service: https:\u002F\u002Fneurosystems.net.pe\u002Fterms-of-service\u002F\u003C\u002Fp>\n\u003Cp>No personal data or user information is transmitted. Only the domain name is sent for statistical purposes.\u003C\u002Fp>\n\u003Ch3>Additional Info\u003C\u002Fh3>\n\u003Cp>Developed by NeuroSystems\u003Cbr \u002F>\nWebsite: https:\u002F\u002Fneurosystems.net.pe\u003Cbr \u002F>\nPRO Version: https:\u002F\u002Fneurosystems.net.pe\u002Fproducto\u002Flibro-de-reclamaciones-pro\u002F\u003C\u002Fp>\n","Libro de Reclamaciones Virtual para Perú. Cumple con INDECOPI, evita multas y gestiona tus reclamos fácilmente.",70,223,0,"2026-01-11T23:50:00.000Z","6.9.4","5.0","7.2",[85,86,87,20,88],"complaints-book","customer-service","indecopi","peru","https:\u002F\u002Fneurosystems.net.pe\u002Fproducto\u002Flibro-de-reclamaciones-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fneurosystems-libro-reclamaciones-peru.1.5.3.1.zip",100,{"attackSurface":93,"codeSignals":141,"taintFlows":238,"riskAssessment":313,"analyzedAt":329},{"hooks":94,"ajaxHandlers":118,"restRoutes":131,"shortcodes":132,"cronEvents":138,"entryPointCount":139,"unprotectedCount":140},[95,101,106,110,114],{"type":96,"name":97,"callback":98,"file":99,"line":100},"action","admin_menu","rt_libro_lrq_register_admin_page","libro_admin.php",7,{"type":96,"name":102,"callback":103,"file":104,"line":105},"before_woocommerce_init","closure","rt-libro-reclamaciones.php",26,{"type":96,"name":107,"callback":108,"file":104,"line":109},"init","rt_libro_load_textdomain",35,{"type":96,"name":111,"callback":112,"file":104,"line":113},"wp_head","rt_libro_reclamaciones_ajaxurl",47,{"type":96,"name":115,"callback":116,"file":104,"line":117},"admin_notices","rt_libro_lrq_errornoubigeoperu",58,[119,123,126,129],{"action":120,"nopriv":121,"callback":120,"hasNonce":121,"hasCapCheck":121,"file":104,"line":122},"rt_libro_load_provincias_front",false,38,{"action":120,"nopriv":124,"callback":120,"hasNonce":121,"hasCapCheck":121,"file":104,"line":125},true,39,{"action":127,"nopriv":121,"callback":127,"hasNonce":121,"hasCapCheck":121,"file":104,"line":128},"rt_libro_load_distrito_front",40,{"action":127,"nopriv":124,"callback":127,"hasNonce":121,"hasCapCheck":121,"file":104,"line":130},41,[],[133],{"tag":134,"callback":135,"file":136,"line":137},"libro_page","rt_libro_lrq_view_page","libro_shortcode.php",173,[],5,4,{"dangerousFunctions":142,"sqlUsage":143,"outputEscaping":145,"fileOperations":28,"externalRequests":79,"nonceChecks":79,"capabilityChecks":28,"bundledLibraries":234},[],{"prepared":140,"raw":79,"locations":144},[],{"escaped":146,"rawEcho":147,"locations":148},32,43,[149,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181,184,186,188,190,192,194,196,197,199,201,203,205,207,209,211,213,215,217,219,221,223,224,226,228,230,232],{"file":99,"line":117,"context":150},"raw output",{"file":99,"line":152,"context":150},59,{"file":99,"line":154,"context":150},60,{"file":99,"line":156,"context":150},61,{"file":99,"line":158,"context":150},62,{"file":99,"line":160,"context":150},63,{"file":99,"line":162,"context":150},64,{"file":99,"line":164,"context":150},65,{"file":99,"line":166,"context":150},66,{"file":99,"line":168,"context":150},67,{"file":99,"line":170,"context":150},68,{"file":99,"line":172,"context":150},142,{"file":99,"line":174,"context":150},149,{"file":99,"line":176,"context":150},167,{"file":99,"line":178,"context":150},233,{"file":104,"line":180,"context":150},49,{"file":182,"line":183,"context":150},"template\\rt-libro-pdf.php",109,{"file":182,"line":185,"context":150},122,{"file":182,"line":187,"context":150},123,{"file":182,"line":189,"context":150},124,{"file":182,"line":191,"context":150},137,{"file":182,"line":193,"context":150},141,{"file":182,"line":195,"context":150},145,{"file":182,"line":174,"context":150},{"file":182,"line":198,"context":150},151,{"file":182,"line":200,"context":150},160,{"file":182,"line":202,"context":150},164,{"file":182,"line":204,"context":150},168,{"file":182,"line":206,"context":150},172,{"file":182,"line":208,"context":150},177,{"file":182,"line":210,"context":150},181,{"file":182,"line":212,"context":150},185,{"file":182,"line":214,"context":150},189,{"file":182,"line":216,"context":150},193,{"file":182,"line":218,"context":150},211,{"file":182,"line":220,"context":150},215,{"file":182,"line":222,"context":150},219,{"file":182,"line":78,"context":150},{"file":182,"line":225,"context":150},228,{"file":182,"line":227,"context":150},232,{"file":182,"line":229,"context":150},236,{"file":182,"line":231,"context":150},240,{"file":182,"line":233,"context":150},245,[235],{"name":236,"version":37,"knownCves":237},"dompdf",[],[239,273,291],{"entryPoint":240,"graph":241,"unsanitizedCount":28,"severity":40},"rt_libro_lrq_submenu_settings_ver (libro_admin.php:95)",{"nodes":242,"edges":268},[243,248,253,255,257,260,264],{"id":244,"type":245,"label":246,"file":99,"line":247},"n0","source","$_REQUEST",96,{"id":249,"type":250,"label":251,"file":99,"line":183,"wp_function":252},"n1","sink","echo() [XSS]","echo",{"id":254,"type":245,"label":246,"file":99,"line":247},"n2",{"id":256,"type":250,"label":251,"file":99,"line":174,"wp_function":252},"n3",{"id":258,"type":245,"label":246,"file":99,"line":259},"n4",110,{"id":261,"type":262,"label":263,"file":99,"line":259},"n5","transform","→ rt_libro_lrq_get_reclamo_by_id()",{"id":265,"type":250,"label":266,"file":99,"line":122,"wp_function":267},"n6","get_row() [SQLi]","get_row",[269,270,271,272],{"from":244,"to":249,"sanitized":124},{"from":254,"to":256,"sanitized":121},{"from":258,"to":261,"sanitized":121},{"from":261,"to":265,"sanitized":124},{"entryPoint":274,"graph":275,"unsanitizedCount":27,"severity":290},"rt_libro_lrq_submenu_settings_general (libro_admin.php:181)",{"nodes":276,"edges":287},[277,280,283,286],{"id":244,"type":245,"label":278,"file":99,"line":279},"$_POST['page_libro']",183,{"id":249,"type":250,"label":281,"file":99,"line":279,"wp_function":282},"update_option() [Settings Manipulation]","update_option",{"id":254,"type":245,"label":284,"file":99,"line":285},"$_POST['url_libro']",184,{"id":256,"type":250,"label":281,"file":99,"line":285,"wp_function":282},[288,289],{"from":244,"to":249,"sanitized":121},{"from":254,"to":256,"sanitized":121},"low",{"entryPoint":292,"graph":293,"unsanitizedCount":79,"severity":290},"\u003Clibro_admin> (libro_admin.php:0)",{"nodes":294,"edges":307},[295,297,298,299,300,301,302,303,305],{"id":244,"type":245,"label":296,"file":99,"line":247},"$_REQUEST (x2)",{"id":249,"type":250,"label":251,"file":99,"line":183,"wp_function":252},{"id":254,"type":245,"label":278,"file":99,"line":279},{"id":256,"type":250,"label":281,"file":99,"line":279,"wp_function":282},{"id":258,"type":245,"label":284,"file":99,"line":285},{"id":261,"type":250,"label":281,"file":99,"line":285,"wp_function":282},{"id":265,"type":245,"label":246,"file":99,"line":259},{"id":304,"type":262,"label":263,"file":99,"line":259},"n7",{"id":306,"type":250,"label":266,"file":99,"line":122,"wp_function":267},"n8",[308,309,310,311,312],{"from":244,"to":249,"sanitized":124},{"from":254,"to":256,"sanitized":124},{"from":258,"to":261,"sanitized":124},{"from":265,"to":304,"sanitized":121},{"from":304,"to":306,"sanitized":124},{"summary":314,"deductions":315},"The \"libro-de-reclamaciones-y-quejas\" plugin version 1.2 exhibits a mixed security posture, with some encouraging signs offset by significant concerns.  The use of prepared statements for all SQL queries is a strong positive, as is the limited use of file operations and external HTTP requests. However, the presence of four AJAX handlers without any authentication checks creates a substantial attack surface and a direct pathway for potential unauthorized actions. The taint analysis, while not revealing critical or high severity issues, did identify two flows with unsanitized paths, which, combined with the unprotected AJAX endpoints, could be leveraged in tandem to exploit the plugin. The vulnerability history is particularly worrying, with two known CVEs, one of which remains unpatched. The nature of these past vulnerabilities (SQL Injection and CSRF) suggests recurring issues in handling user input and maintaining session integrity, which are amplified by the current lack of nonce checks.",[316,318,321,323,325,327],{"reason":317,"points":14},"Unprotected AJAX handlers",{"reason":319,"points":320},"Unpatched CVE",18,{"reason":322,"points":139},"Low output escaping coverage",{"reason":324,"points":100},"No nonce checks",{"reason":326,"points":47},"Flows with unsanitized paths",{"reason":328,"points":140},"Bundled library (dompdf)","2026-03-16T18:16:44.923Z",{"wat":331,"direct":344},{"assetPaths":332,"generatorPatterns":337,"scriptPaths":338,"versionParams":339},[333,334,335,336],"\u002Fwp-content\u002Fplugins\u002Flibro-de-reclamaciones-y-quejas\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Flibro-de-reclamaciones-y-quejas\u002Fcss\u002Fform_rt_libro.css","\u002Fwp-content\u002Fplugins\u002Flibro-de-reclamaciones-y-quejas\u002Fjs\u002Fform_rt_libro.js","\u002Fwp-content\u002Fplugins\u002Flibro-de-reclamaciones-y-quejas\u002Fjs\u002Frt_libro_reclamaciones.js",[],[],[340,341,342,343],"libro-de-reclamaciones-y-quejas\u002Fcss\u002Fstyle.css?ver=","libro-de-reclamaciones-y-quejas\u002Fcss\u002Fform_rt_libro.css?ver=","libro-de-reclamaciones-y-quejas\u002Fjs\u002Fform_rt_libro.js?ver=","libro-de-reclamaciones-y-quejas\u002Fjs\u002Frt_libro_reclamaciones.js?ver=",{"cssClasses":345,"htmlComments":347,"htmlAttributes":348,"restEndpoints":354,"jsGlobals":356,"shortcodeOutput":359},[346],"rt-libro-reclamaciones-form",[],[349,350,351,352,353],"data-departamento","data-provincia","data-distrito","data-type-doc","data-type-doc-tutor",[355],"\u002Fwp-json\u002Frt-libro\u002Fv1\u002Fclaims",[357,358],"ajaxurl","rt_libro_data",[360,361],"\u003Cdiv class=\"rt-libro-reclamaciones-form\">","\u003Ch4>Libro de Reclamaciones\u003C\u002Fh4>"]