[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsqAOanC1GkO0RUnCD3yIQipocx_KeFjQFtOUejt-Ak0":3,"$fEKvoFDW1U97abDDaBF0u9YE3ReN-mJ56e5SK46Y4WiY":168,"$fC6y8axr85DSjWUdDKqG6tEzEzGXA-aRtnc9jmKAs1nY":173},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":39,"analysis":40,"fingerprints":137},"live-sales-notification","Live Sales Notification","1.0","Syamaladevi","https:\u002F\u002Fprofiles.wordpress.org\u002Fshyamaladevi123\u002F","\u003Cp>Live sales notification works based on wooCommerce live orders and it works incredibly for new stores which haven’t got many orders and customers yet, by allowing store owners to create “demo” notifications to promote any items as hot sellers.\u003C\u002Fp>\n\u003Cp>You need it because:\u003Cbr \u002F>\nIt increases conversions! – This plugin will make your store look busy and will give your customers the social proof they desperately needed!\u003Cbr \u002F>\nIt gives your customers a confidence boost! – By displaying what others bought in your store, you will gain your customers’ trust!\u003Cbr \u002F>\nIt keeps your store looking busy – Precisely timed notifications will give your store popular and busy look.\u003Cbr \u002F>\nIt improves user experience – With amazing design, seamless and lightweight integration it instantly improves yours user’s experience.\u003C\u002Fp>\n","Live sales notification from woocommerce live-data\u002Fdemo data with javascript library. This plugin illustrate a  beautiful pop-up view to the users, wh …",10,1319,100,1,"2018-08-10T10:24:00.000Z","4.9.29","4.0","",[20,21,22,23,24],"woocommerce-live-orders","woocommerce-notification-popup","woocommerce-popup-notification","woocommerce-recent-sales-notification","woocommerce-sales-notification-popup","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flive-sales-notification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flive-sales-notification.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":34,"display_name":7,"profile_url":8,"plugin_count":35,"total_installs":13,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"shyamaladevi123",2,30,84,"2026-05-19T18:32:43.297Z",[],{"attackSurface":41,"codeSignals":73,"taintFlows":99,"riskAssessment":119,"analyzedAt":136},{"hooks":42,"ajaxHandlers":69,"restRoutes":70,"shortcodes":71,"cronEvents":72,"entryPointCount":28,"unprotectedCount":28},[43,49,52,56,60,65],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","init","lsnotification_get_order_details","functions.php",22,{"type":44,"name":45,"callback":50,"file":47,"line":51},"closure",25,{"type":44,"name":53,"callback":54,"file":47,"line":55},"admin_menu","lsnotification_notification_settings_menu_page",118,{"type":44,"name":57,"callback":58,"file":47,"line":59},"admin_init","lsnotification_notification_settings_create",121,{"type":44,"name":61,"callback":62,"priority":13,"file":63,"line":64},"plugins_loaded","lsnotification_sales_notification_free","live-sales-notification.php",15,{"type":44,"name":66,"callback":67,"file":63,"line":68},"admin_notices","lsnotification_error_notice",26,[],[],[],[],{"dangerousFunctions":74,"sqlUsage":75,"outputEscaping":81,"fileOperations":97,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":98},[],{"prepared":28,"raw":14,"locations":76},[77],{"file":78,"line":79,"context":80},"uninstall.php",8,"$wpdb->query() with variable interpolation",{"escaped":28,"rawEcho":82,"locations":83},6,[84,87,89,91,93,95],{"file":47,"line":85,"context":86},155,"raw output",{"file":47,"line":88,"context":86},183,{"file":47,"line":90,"context":86},188,{"file":47,"line":92,"context":86},193,{"file":47,"line":94,"context":86},198,{"file":47,"line":96,"context":86},208,4,[],[100],{"entryPoint":101,"graph":102,"unsanitizedCount":14,"severity":118},"\u003Cfunctions> (functions.php:0)",{"nodes":103,"edges":115},[104,109],{"id":105,"type":106,"label":107,"file":47,"line":108},"n0","source","$_FILES",225,{"id":110,"type":111,"label":112,"file":47,"line":113,"wp_function":114},"n1","sink","fopen() [File Access]",227,"fopen",[116],{"from":105,"to":110,"sanitized":117},false,"medium",{"summary":120,"deductions":121},"The \"live-sales-notification\" v1.0 plugin exhibits significant security concerns despite a lack of recorded historical vulnerabilities. The static analysis reveals a concerning absence of security best practices within its codebase. Specifically, the plugin performs file operations and executes SQL queries without utilizing prepared statements. Furthermore, there is a complete lack of output escaping and no implemented nonce or capability checks, indicating a high potential for various injection attacks, including SQL injection and Cross-Site Scripting (XSS), especially if any input reaches these unhandled areas. The taint analysis further supports this by identifying a flow with an unsanitized path, although it did not reach a critical or high severity level in this specific scan.\n\nWhile the plugin's attack surface appears limited with zero identified entry points like AJAX handlers, REST API routes, or shortcodes, this can be misleading. The absence of these common entry points doesn't negate the risks posed by the insecure code practices found within. The fact that there are no known CVEs is positive, but it should not overshadow the inherent risks identified in the code itself. The plugin's current state suggests a developer who may not be fully aware of or implementing fundamental WordPress security measures. The overall security posture is poor due to the presence of critical coding flaws, even if they haven't been exploited in the past.",[122,124,126,129,131,133],{"reason":123,"points":79},"SQL query not using prepared statements",{"reason":125,"points":82},"Output not properly escaped",{"reason":127,"points":128},"No nonce checks",7,{"reason":130,"points":128},"No capability checks",{"reason":132,"points":128},"Taint flow with unsanitized path",{"reason":134,"points":135},"File operations without apparent sanitization context",5,"2026-03-17T01:24:21.933Z",{"wat":138,"direct":146},{"assetPaths":139,"generatorPatterns":141,"scriptPaths":142,"versionParams":144},[140],"\u002Fwp-content\u002Fplugins\u002Flive-sales-notification\u002Fimages\u002Fnotification.png",[],[143],"\u002Fwp-content\u002Fplugins\u002Flive-sales-notification\u002Fjs\u002Fnotify_script.js",[145],"live-sales-notification\u002Fjs\u002Fnotify_script.js?ver=",{"cssClasses":147,"htmlComments":148,"htmlAttributes":149,"restEndpoints":164,"jsGlobals":165,"shortcodeOutput":167},[],[],[150,151,152,153,154,155,156,157,158,159,160,161,162,163],"salespopup_mobile_support","salespopup_start_time","salespopup_showing_time","salespopup_gap_time","salespopup_admin_support","salespopup_frequent_count","salespopup_change_user_name","salespopup_plugin_url","salespopup_freeze_notification","salespopup_front_end_support","salespopup_csv_data","salespopup_notification_bg_color","salespopup_live_json_data","salespopup_upload_status",[],[166],"lsnConfigurations",[],{"error":169,"url":170,"statusCode":171,"statusMessage":172,"message":172},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Flive-sales-notification\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":28,"versions":174},[]]