[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXiFPiX4R-IVBStJgXemOgGn8STG-Bg7ejbrSWph_uw0":3,"$fq0HuxPSItECfgwfD3PNkmtYOWXB9Qav_AJQrVP5FcGg":259,"$fceH4T9aqkoF42Gh98ojPE32arb8jZAjb3rA7R8HsVaA":263},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":37,"analysis":102,"fingerprints":235},"manual-completions-wpcourseware","Manual Completions for WP Courseware","1.2","Pankaj Agrawal","https:\u002F\u002Fprofiles.wordpress.org\u002Fliveaspankaj\u002F","\u003Cp>Manual Completions for WP Courseware provides a very simple interface to check completion as well as manually mark courses, units and quizzes as complete.\u003C\u002Fp>\n\u003Cp>You can use it for single completions as well as for \u003Cstrong>bulk completions\u003C\u002Fstrong> of hundreds of users. In one click, get all the enrolled users in the course.\u003C\u002Fp>\n\u003Cp>You can also upload a CSV files with user_id, course_id, module_id, unit_id, quiz_id. To quickly list all the completions, and then process them in bulk in any order you want.\u003C\u002Fp>\n\u003Cp>You can also bypass completions blocked by GrassBlade xAPI Companion for xAPI Contents.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tracking:\u003C\u002Fstrong>\u003Cbr \u002F>\n– If you have an LRS, you can see tracking data, including the user id and name of the admin who marked the unit complete.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements to use this plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nTo use this plugin you need these two plugins:\u003Cbr \u002F>\n1. WP Courseware LMS\u003Cbr \u002F>\n2. GrassBlade xAPI Companion\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Related Plugins:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvisibility-control-for-wpcourseware\u002F\" rel=\"ugc\">Visibility Control for WP Courseware\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgrassblade-xapi-wp-courseware\u002F\" rel=\"ugc\">Experience API for WP Courseware by Grassblade\u003C\u002Fa>\u003C\u002Fp>\n","Manual Completions for WP Courseware lets you check completion as well as manually mark courses, units and quizzes as complete.",0,1055,"2025-09-11T07:39:00.000Z","6.8.5","4.0","5.4",[18,19,20,21,22],"bulk","completion","grassblade","manual","wpcourseware","https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-wpcourseware\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanual-completions-wpcourseware.1.2.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"liveaspankaj",23,4680,30,94,"2026-05-20T00:17:32.576Z",[38,53,68,80,92],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":14,"requires_at_least":15,"requires_php":47,"tags":48,"homepage":51,"download_link":52,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"manual-completions-tutorlms","Manual Completions TutorLMS","1.3","\u003Cp>Manual Completions for Tutor LMS provides a very simple interface to check completion as well as manually mark courses, lessons and quizzes as complete.\u003C\u002Fp>\n\u003Cp>You can use it for single completions as well as for \u003Cstrong>bulk completions\u003C\u002Fstrong> of hundreds of users. In one click, get all the enrolled users in the course.\u003C\u002Fp>\n\u003Cp>You can also upload a CSV files with user_id, course_id, lesson_id, quiz_id. To quickly list all the completions, and then process them in bulk in any order you want.\u003C\u002Fp>\n\u003Cp>You can also bypass completions blocked by GrassBlade xAPI Companion for xAPI Contents.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tracking:\u003C\u002Fstrong>\u003Cbr \u002F>\n– If you have an LRS, you can see tracking data, including the user id and name of the admin who marked the lesson complete.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements to use this plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nTo use this plugin you need these two plugins:\u003Cbr \u002F>\n1. \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftutor\u002F\" rel=\"ugc\">Tutor LMS\u003C\u002Fa>\u003Cbr \u002F>\n2. \u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fgrassblade-lrs-experience-api\u002F\" rel=\"nofollow ugc\">GrassBlade xAPI Companion\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Other Manual Completion Plugins:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-learndash\u002F\" rel=\"nofollow ugc\">Manual Completions for LearnDashLMS\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-lifterlms\u002F\" rel=\"nofollow ugc\">Manual Completions for LifterLMS\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-learnpress\u002F\" rel=\"nofollow ugc\">Manual Completions for LearnPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Related Plugins for TutorLMS:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fexperience-api-for-tutorlms\u002F\" rel=\"nofollow ugc\">Experience API for TutorLMS\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fvisibility-control-for-tutorlms\u002F\" rel=\"nofollow ugc\">Visibility Control for TutorLMS\u003C\u002Fa>\u003C\u002Fp>\n","Manual Completions for Tutor LMS lets you check completion as well as manually mark courses, lessons and quizzes as complete.",300,3569,"2025-09-11T07:22:00.000Z","7.4",[19,20,21,49,50],"mark-complete","tutor","https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-tutor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanual-completions-tutorlms.1.3.zip",{"slug":54,"name":55,"version":56,"author":7,"author_profile":8,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":64,"homepage":66,"download_link":67,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"manual-completions-learndash","Manual Completions for LearnDash","1.9","\u003Cp>Manual Completions for LearnDash provides a very simple interface to check completion as well as manually mark courses, lessons, topics and quizzes as complete.\u003C\u002Fp>\n\u003Cp>You can use it for single completions as well as for \u003Cstrong>bulk completions\u003C\u002Fstrong> of hundreds of users. In one click, get all the enrolled users in the course.\u003C\u002Fp>\n\u003Cp>You can also upload a CSV files with user_id, course_id, lesson_id, topic_id, quiz_id. To quickly list all the completions, and then process them in bulk in any order you want.\u003C\u002Fp>\n\u003Cp>You can also bypass completions blocked by GrassBlade xAPI Companion for xAPI Contents.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tracking:\u003C\u002Fstrong>\u003Cbr \u002F>\n– If you have an LRS, you can see tracking data, including the user id and name of the admin who marked the lesson complete.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements to use this plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nTo use this plugin you need these two plugins:\u003Cbr \u002F>\n1. \u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fr\u002Flearndash\u002Fwp_mcl_plugin_page\" rel=\"nofollow ugc\">LearnDash LMS\u003C\u002Fa>\u003Cbr \u002F>\n2. \u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fgrassblade-lrs-experience-api\u002F\" rel=\"nofollow ugc\">GrassBlade xAPI Companion\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Other Manual Completion Plugins:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-lifterlms\u002F\" rel=\"nofollow ugc\">Manual Completions for LifterLMS\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-tutorlms\u002F\" rel=\"nofollow ugc\">Manual Completions for TutorLMS\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-learnpress\u002F\" rel=\"nofollow ugc\">Manual Completions for LearnPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Related Plugins for LearnDash LMS:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanage-enrollment-for-learndash\u002F\" rel=\"nofollow ugc\">Manage Enrollments for LearnDash LMS\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fautocomplete-learndash-lessons-and-topics\u002F\" rel=\"nofollow ugc\">Autocomplete LearnDash Lessons and Topics\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Flearndash-visibility-control\u002F\" rel=\"nofollow ugc\">Visibility Control for LearnDash LMS\u003C\u002Fa>\u003C\u002Fp>\n","Manual Completions for LearnDash lets you check completion as well as manually mark courses, lessons, topics and quizzes as complete.",200,8001,50,2,"2025-09-11T07:16:00.000Z",[19,20,65,21,49],"learndash","https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-learndash\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanual-completions-learndash.zip",{"slug":69,"name":70,"version":71,"author":7,"author_profile":8,"description":72,"short_description":73,"active_installs":61,"downloaded":74,"rating":11,"num_ratings":11,"last_updated":75,"tested_up_to":14,"requires_at_least":15,"requires_php":47,"tags":76,"homepage":78,"download_link":79,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"manual-completions-learnpress","Manual Completions for LearnPress","1.0","\u003Cp>Manual Completions for LearnPress provides a very simple interface to check completion as well as manually mark courses, sections, lessons and quizzes as complete.\u003C\u002Fp>\n\u003Cp>You can use it for single completions as well as for \u003Cstrong>bulk completions\u003C\u002Fstrong> of hundreds of users. In one click, get all the enrolled users in the course.\u003C\u002Fp>\n\u003Cp>You can also upload a CSV files with user_id, course_id, section_id, lesson_id, quiz_id. To quickly list all the completions, and then process them in bulk in any order you want.\u003C\u002Fp>\n\u003Cp>You can also bypass completions blocked by GrassBlade xAPI Companion for xAPI Contents.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tracking:\u003C\u002Fstrong>\u003Cbr \u002F>\n– If you have an LRS, you can see tracking data, including the user id and name of the admin who marked the lesson complete.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements to use this plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nTo use this plugin you need these two plugins:\u003Cbr \u002F>\n1. LearnPress LMS\u003Cbr \u002F>\n2. GrassBlade xAPI Companion\u003C\u002Fp>\n","Manual Completions for LearnPress lets you manually mark courses, sections, lessons, and quizzes as complete, individually or in bulk.",782,"2025-09-11T07:17:00.000Z",[19,20,77,21,49],"learnpress","https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-learnpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanual-completions-learnpress.1.0.zip",{"slug":81,"name":82,"version":83,"author":7,"author_profile":8,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":88,"homepage":90,"download_link":91,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"manual-completions-lifterlms","Manual Completions for LifterLMS","1.1","\u003Cp>Manual Completions for LifterLMS provides a very simple interface to check completion as well as manually mark courses, sections, lessons and quizzes as complete.\u003C\u002Fp>\n\u003Cp>You can use it for single completions as well as for \u003Cstrong>bulk completions\u003C\u002Fstrong> of hundreds of users. In one click, get all the enrolled users in the course.\u003C\u002Fp>\n\u003Cp>You can also upload a CSV files with user_id, course_id, section_id, lesson_id, quiz_id. To quickly list all the completions, and then process them in bulk in any order you want.\u003C\u002Fp>\n\u003Cp>You can also bypass completions blocked by GrassBlade xAPI Companion for xAPI Contents.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tracking:\u003C\u002Fstrong>\u003Cbr \u002F>\n– If you have an LRS, you can see tracking data, including the user id and name of the admin who marked the lesson complete.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements to use this plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nTo use this plugin you need these two plugins:\u003Cbr \u002F>\n1. LifterLMS\u003Cbr \u002F>\n2. GrassBlade xAPI Companion\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Related Plugins:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgrassblade-xapi-lifterlms\u002F\" rel=\"ugc\">Experience API for LifterLMS\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvisibility-control-for-lifterlms\u002F\" rel=\"ugc\">Visibility Control for LifterLMS\u003C\u002Fa>\u003C\u002Fp>\n","Manual Completions for LifterLMS lets you check completion as well as manually mark courses, sections, lessons and quizzes as complete.",10,697,[19,20,89,21,49],"lifter","https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-lifterlms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanual-completions-lifterlms.1.1.zip",{"slug":93,"name":94,"version":71,"author":7,"author_profile":8,"description":95,"short_description":96,"active_installs":11,"downloaded":97,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":14,"requires_at_least":15,"requires_php":47,"tags":98,"homepage":100,"download_link":101,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"manual-completions-masterstudy","Manual Completions for MasterStudy LMS","\u003Cp>Manual Completions for MasterStudy LMS provides a very simple interface to check completion as well as manually mark courses, lessons and quizzes as complete.\u003C\u002Fp>\n\u003Cp>You can use it for single completions as well as for \u003Cstrong>bulk completions\u003C\u002Fstrong> of hundreds of users. In one click, get all the enrolled users in the course.\u003C\u002Fp>\n\u003Cp>You can also upload a CSV files with user_id, course_id, lesson_id, quiz_id. To quickly list all the completions, and then process them in bulk in any order you want.\u003C\u002Fp>\n\u003Cp>You can also bypass completions blocked by GrassBlade xAPI Companion for xAPI Contents.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tracking:\u003C\u002Fstrong>\u003Cbr \u002F>\n– If you have an LRS, you can see tracking data, including the user id and name of the admin who marked the lesson complete.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements to use this plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nTo use this plugin you need these two plugins:\u003Cbr \u002F>\n1. MasterStudy LMS\u003Cbr \u002F>\n2. GrassBlade xAPI Companion\u003C\u002Fp>\n","Manual Completions for MasterStudy LMS lets you check completion as well as manually mark courses, lessons and quizzes as complete.",878,[19,21,49,99],"masterstudy","https:\u002F\u002Fwww.nextsoftwaresolutions.com\u002Fmanual-completions-for-masterstudy\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanual-completions-masterstudy.1.0.zip",{"attackSurface":103,"codeSignals":158,"taintFlows":176,"riskAssessment":223,"analyzedAt":234},{"hooks":104,"ajaxHandlers":135,"restRoutes":154,"shortcodes":155,"cronEvents":156,"entryPointCount":157,"unprotectedCount":11},[105,112,116,120,124,126,131],{"type":106,"name":107,"callback":108,"priority":109,"file":110,"line":111},"action","admin_menu","menu",11,"manual_completions_wpcourseware.php",35,{"type":106,"name":113,"callback":114,"file":110,"line":115},"admin_init","process_upload",40,{"type":106,"name":117,"callback":118,"file":110,"line":119},"admin_print_styles","manual_completions_wpcourseware_scripts",87,{"type":121,"name":122,"callback":122,"file":110,"line":123},"filter","upload_mimes",91,{"type":106,"name":117,"callback":118,"file":110,"line":125},205,{"type":121,"name":127,"callback":128,"priority":129,"file":110,"line":130},"wpcourseware_process_mark_complete","grassblade_wpcourseware_process_mark_complete",1,537,{"type":121,"name":132,"callback":133,"file":110,"line":134},"wpcw_unit_quiz_allow_quiz_progress_without_questions","__return_true",650,[136,142,146,150],{"action":137,"nopriv":138,"callback":139,"hasNonce":138,"hasCapCheck":140,"file":110,"line":141},"manual_completions_wpcourseware_course_selected",false,"course_selected",true,36,{"action":143,"nopriv":138,"callback":144,"hasNonce":138,"hasCapCheck":140,"file":110,"line":145},"manual_completions_wpcourseware_mark_complete","mark_complete",37,{"action":147,"nopriv":138,"callback":148,"hasNonce":138,"hasCapCheck":140,"file":110,"line":149},"manual_completions_wpcourseware_check_completion","check_completion",38,{"action":151,"nopriv":138,"callback":152,"hasNonce":138,"hasCapCheck":140,"file":110,"line":153},"manual_completions_wpcourseware_get_enrolled_users","get_enrolled_users",39,[],[],[],4,{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":163,"fileOperations":11,"externalRequests":11,"nonceChecks":129,"capabilityChecks":171,"bundledLibraries":172},[],{"prepared":161,"raw":11,"locations":162},12,[],{"escaped":164,"rawEcho":62,"locations":165},89,[166,170],{"file":167,"line":168,"context":169},"form.php",104,"raw output",{"file":110,"line":74,"context":169},6,[173],{"name":174,"version":26,"knownCves":175},"Select2",[],[177,200],{"entryPoint":178,"graph":179,"unsanitizedCount":129,"severity":199},"get_enrolled_users (manual_completions_wpcourseware.php:43)",{"nodes":180,"edges":196},[181,186,190],{"id":182,"type":183,"label":184,"file":110,"line":185},"n0","source","$_REQUEST",51,{"id":187,"type":188,"label":189,"file":110,"line":185},"n1","transform","→ get_course_id()",{"id":191,"type":192,"label":193,"file":110,"line":194,"wp_function":195},"n2","sink","get_col() [SQLi]",774,"get_col",[197,198],{"from":182,"to":187,"sanitized":138},{"from":187,"to":191,"sanitized":138},"high",{"entryPoint":201,"graph":202,"unsanitizedCount":129,"severity":199},"\u003Cmanual_completions_wpcourseware> (manual_completions_wpcourseware.php:0)",{"nodes":203,"edges":218},[204,205,206,207,212,214,216],{"id":182,"type":183,"label":184,"file":110,"line":61},{"id":187,"type":192,"label":193,"file":110,"line":194,"wp_function":195},{"id":191,"type":183,"label":184,"file":110,"line":61},{"id":208,"type":192,"label":209,"file":110,"line":210,"wp_function":211},"n3","get_row() [SQLi]",883,"get_row",{"id":213,"type":183,"label":184,"file":110,"line":185},"n4",{"id":215,"type":188,"label":189,"file":110,"line":185},"n5",{"id":217,"type":192,"label":193,"file":110,"line":194,"wp_function":195},"n6",[219,220,221,222],{"from":182,"to":187,"sanitized":140},{"from":191,"to":208,"sanitized":140},{"from":213,"to":215,"sanitized":138},{"from":215,"to":217,"sanitized":138},{"summary":224,"deductions":225},"The \"manual-completions-wpcourseware\" plugin v1.2 demonstrates a generally strong security posture with several good practices in place.  The absence of direct SQL injection vulnerabilities due to 100% prepared statements and a high percentage of properly escaped output (98%) are positive indicators.  Furthermore, the plugin has no recorded vulnerability history (CVEs), suggesting a lack of publicly known security flaws and potentially a history of responsible development.\n\nHowever, the static analysis reveals specific areas of concern. The presence of two taint flows with unsanitized paths, both classified as high severity, is a significant risk. While the data doesn't specify the nature of these flows, they represent potential entry points for attackers to inject malicious data into the application.  Additionally, the plugin has only one recorded nonce check for its four AJAX handlers, indicating that three of them might be vulnerable to Cross-Site Request Forgery (CSRF) attacks if they don't have implicit permission checks. The use of the Select2 library, while not inherently a vulnerability, could become one if it's outdated and has known exploits.\n\nIn conclusion, the plugin benefits from solid fundamental security practices like prepared SQL statements and output escaping. The lack of past vulnerabilities is a good sign. Nevertheless, the identified high-severity taint flows and the limited nonce checks on AJAX actions present clear and actionable risks that require immediate attention. Addressing these specific vulnerabilities is crucial to maintaining a secure application.",[226,228,231],{"reason":227,"points":161},"High severity taint flows with unsanitized paths",{"reason":229,"points":230},"Insufficient nonce checks on AJAX handlers",8,{"reason":232,"points":233},"Bundled library (Select2) may be outdated",3,"2026-04-16T14:29:33.415Z",{"wat":236,"direct":250},{"assetPaths":237,"generatorPatterns":243,"scriptPaths":244,"versionParams":245},[238,239,240,241,242],"\u002Fwp-content\u002Fplugins\u002Fmanual-completions-wpcourseware\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fmanual-completions-wpcourseware\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmanual-completions-wpcourseware\u002Fvendor\u002Fselect2\u002Fjs\u002Fselect2.min.js","\u002Fwp-content\u002Fplugins\u002Fmanual-completions-wpcourseware\u002Fvendor\u002Fselect2\u002Fcss\u002Fselect2.min.css","\u002Fwp-content\u002Fplugins\u002Fmanual-completions-wpcourseware\u002Fimg\u002Ficon-gb.png",[],[238,240],[246,247,248,249],"manual-completions-wpcourseware\u002Fscript.js?ver=","manual-completions-wpcourseware\u002Fstyle.css?ver=","manual-completions-wpcourseware\u002Fvendor\u002Fselect2\u002Fjs\u002Fselect2.min.js?ver=","manual-completions-wpcourseware\u002Fvendor\u002Fselect2\u002Fcss\u002Fselect2.min.css?ver=",{"cssClasses":251,"htmlComments":253,"htmlAttributes":254,"restEndpoints":255,"jsGlobals":256,"shortcodeOutput":258},[252],"manual_completions_wpcourseware_table",[],[],[],[257],"manual_completions_wpcourseware",[],{"error":140,"url":260,"statusCode":261,"statusMessage":262,"message":262},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmanual-completions-wpcourseware\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":62,"versions":264},[265,270],{"version":6,"download_url":24,"svn_tag_url":266,"released_at":26,"has_diff":138,"diff_files_changed":267,"diff_lines":26,"trac_diff_url":268,"vulnerabilities":269,"is_current":140},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmanual-completions-wpcourseware\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmanual-completions-wpcourseware%2Ftags%2F1.0&new_path=%2Fmanual-completions-wpcourseware%2Ftags%2F1.2",[],{"version":71,"download_url":271,"svn_tag_url":272,"released_at":26,"has_diff":138,"diff_files_changed":273,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":274,"is_current":138},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanual-completions-wpcourseware.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmanual-completions-wpcourseware\u002Ftags\u002F1.0\u002F",[],[]]