[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYoxRbS2XsSxDaymifF2RenUwgzGv2wnHP7ke98KHb-8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":119,"fingerprints":439},"marvinerp-api","Marvinerp","1.1.0","Ponto25","https:\u002F\u002Fprofiles.wordpress.org\u002Fponto25\u002F","\u003Cp>Com quase 20 anos de experiência, a PONTO 25 é uma empresa especializada no desenvolvimento de soluções informáticas.\u003C\u002Fp>\n\u003Cp>Através da utilização de tecnologias de informação interativas, a PONTO 25 disponibiliza um vasto leque de soluções de gestão desktop e na cloud para diversas áreas do mercado.\u003Cbr \u002F>\nSedeada em Braga, a PONTO 25 está presente em todo o país, Espanha, Moçambique, Angola, Brasil, Polónia e França.\u003C\u002Fp>\n\u003Cp>Certificado pela Autoridade Tributária sob o número 1539, o Marvinerp está sempre de acordo com a lei em vigor.\u003C\u002Fp>\n\u003Ch3>Através do plugin é possível:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sincronizar artigos e stocks entre as duas plataformas\u003C\u002Fli>\n\u003Cli>Emissão automática ou manual de documentos\u003C\u002Fli>\n\u003Cli>Seleccionar a secção da empresa.\u003C\u002Fli>\n\u003Cli>Criação automática de clientes e artigos\u003C\u002Fli>\n\u003Cli>Aceder aos documentos emitidos sem sair do WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Todo o suporte técnico e comercial dado aos utilizadores do plugin é prestado pela equipa de Apoio a Clientes do Marvinerp.\u003C\u002Fp>\n\u003Ch3>Legal Notice\u003C\u002Fh3>\n\u003Cp>Toda a informação legal está disponivel no nosso website ( https:\u002F\u002Fwww.ponto25.com\u002Fcookies ).\u003Cbr \u002F>\nEsta informação engloba todos os produtos da Ponto25.\u003C\u002Fp>\n","O Marvin ERP é um produto com a qualidade da PONTO 25 – informática lda.",10,4895,0,"2021-03-30T15:00:00.000Z","5.6.17","5.2","7.3",[19,20,21,22],"encomendas","faturacao","invoicing","orders","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmarvinerp-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmarvinerp-api.1.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"ponto25",3,90,30,87,"2026-04-04T13:27:17.521Z",[37,51,72,89,105],{"slug":38,"name":39,"version":40,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":13,"downloaded":43,"rating":13,"num_ratings":13,"last_updated":44,"tested_up_to":45,"requires_at_least":16,"requires_php":17,"tags":46,"homepage":47,"download_link":48,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":50},"ourivesweb-api","OurivesWeb Api","1.1.1","\u003Cp>Com quase 20 anos de experiência, a PONTO 25 é uma empresa especializada no desenvolvimento de soluções informáticas.\u003C\u002Fp>\n\u003Cp>Através da utilização de tecnologias de informação interativas, a PONTO 25 disponibiliza um vasto leque de soluções de gestão desktop e na cloud para diversas áreas do mercado.\u003Cbr \u002F>\nSedeada em Braga, a PONTO 25 está presente em todo o país, Espanha, Moçambique, Angola, Brasil, Polónia e França.\u003C\u002Fp>\n\u003Cp>Certificado pela Autoridade Tributária sob o número 1541, o OurivesWeb está sempre de acordo com a lei em vigor.\u003C\u002Fp>\n\u003Ch3>Através do plugin é possível:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sincronizar artigos e stocks entre as duas plataformas\u003C\u002Fli>\n\u003Cli>Emissão automática ou manual de documentos\u003C\u002Fli>\n\u003Cli>Seleccionar a secção da empresa.\u003C\u002Fli>\n\u003Cli>Criação automática de clientes e artigos\u003C\u002Fli>\n\u003Cli>Aceder aos documentos emitidos sem sair do WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Todo o suporte técnico e comercial dado aos utilizadores do plugin é prestado pela equipa de Apoio a Clientes do OurivesWeb.\u003C\u002Fp>\n\u003Ch3>Legal Notice\u003C\u002Fh3>\n\u003Cp>Toda a informação legal está disponivel no nosso website ( https:\u002F\u002Fwww.ponto25.com\u002Fcookies ).\u003Cbr \u002F>\nEsta informação engloba todos os produtos da Ponto25.\u003C\u002Fp>\n","O Ourives Web é um produto com a qualidade da PONTO 25 – informática lda.",1577,"","6.0.11",[19,20,21,22],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002FOurivesWeb-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fourivesweb-api.1.1.1.zip",100,"2026-03-15T10:48:56.248Z",{"slug":52,"name":53,"version":54,"author":53,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":67,"download_link":68,"security_score":69,"vuln_count":70,"unpatched_count":13,"last_vuln_date":71,"fetched_at":27},"moloni","Moloni","5.0.04","https:\u002F\u002Fprofiles.wordpress.org\u002Fmolonidevteam\u002F","\u003Cp>O Moloni é um inovador software de faturação e POS online que inclui acesso a inúmeras ferramentas úteis e funcionais que permitem a cada empresa gerir a sua faturação, controlar stocks, automatizar processos e emitir documentos de forma rápida, simples e intuitiva.\u003C\u002Fp>\n\u003Cp>Certificado com o n.º 2860 da Autoridade Tributária, o Moloni está sempre atualizado e de acordo com a lei em vigor!\u003C\u002Fp>\n\u003Ch3>Através do plugin é possível:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sincronizar artigos e stocks entre as duas plataformas\u003C\u002Fli>\n\u003Cli>Emissão automática ou manual de documentos\u003C\u002Fli>\n\u003Cli>Selecionar o estado dos documentos emitidos\u003C\u002Fli>\n\u003Cli>Selecionar de uma grande variedade de tipos de documentos\u003C\u002Fli>\n\u003Cli>Selecionar o armazém de saída dos artigos\u003C\u002Fli>\n\u003Cli>Envio automático do documento para o cliente\u003C\u002Fli>\n\u003Cli>Criação automática de clientes e artigos\u003C\u002Fli>\n\u003Cli>Personalizar os seus detalhes de faturação\u003C\u002Fli>\n\u003Cli>Aceder aos documentos emitidos sem sair do WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Todo o suporte técnico e comercial dado aos utilizadores do plugin é prestado pela equipa de Apoio a Clientes do Moloni.\u003C\u002Fp>\n","Software de faturação inovador que se adapta ao seu negócio! Destinado a profissionais liberais, micro, pequenas e médias empresas.",2000,93890,96,6,"2025-12-22T12:46:00.000Z","6.7.5","4.6","7.2",[21,22],"https:\u002F\u002Fplugins.moloni.com\u002Fwoocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoloni.5.0.04.zip",99,1,"2024-07-11 00:00:00",{"slug":73,"name":74,"version":75,"author":53,"author_profile":55,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":49,"num_ratings":70,"last_updated":80,"tested_up_to":63,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":44,"download_link":87,"security_score":69,"vuln_count":70,"unpatched_count":13,"last_vuln_date":88,"fetched_at":27},"contribuinte-checkout","Contribuinte Checkout","2.0.04","\u003Cp>With this plugin you can add VAT and VIES support to your WooCommerce store. The VAT field will be saved as ‘_billing_vat’.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> this plugin requires WooCommerce 3.0.0 or higher.\u003Cbr \u002F>\n\u003Cstrong>Warning:\u003C\u002Fstrong> to enable and use VIES information you need to have SOAP extension enabled (SoapClient PHP class).\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Adds VAT field to billing form.\u003C\u002Fli>\n\u003Cli>Adds VAT field to outgoing email.\u003C\u002Fli>\n\u003Cli>Adds VAT field to checkout billing information.\u003C\u002Fli>\n\u003Cli>Adds VAT field to admin orders page.\u003C\u002Fli>\n\u003Cli>Change VAT field label and description.\u003C\u002Fli>\n\u003Cli>Validate Portuguese VAT numbers.\u003C\u002Fli>\n\u003Cli>Choose how to handle vat field validation errors.\u003C\u002Fli>\n\u003Cli>You can make VAT field required.\u003C\u002Fli>\n\u003Cli>You can add VIES information to admin order page, checkout and user billing page.\u003C\u002Fli>\n\u003Cli>Adds settings page under WooCommerce menu so you manage all the features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English.\u003C\u002Fli>\n\u003Cli>Portuguese.\u003C\u002Fli>\n\u003C\u002Ful>\n","With this plugin you can add VAT and VIES support to your WooCommerce store. The VAT field will be saved as '_billing_vat'.",1000,16804,"2025-05-19T10:50:00.000Z","5.0","5.6",[84,21,22,85,86],"customers","vat","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontribuinte-checkout.2.0.04.zip","2025-05-07 00:00:00",{"slug":90,"name":91,"version":92,"author":91,"author_profile":93,"description":94,"short_description":95,"active_installs":49,"downloaded":96,"rating":13,"num_ratings":13,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":82,"tags":100,"homepage":103,"download_link":104,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"vendus","Vendus","2.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fvendus\u002F","\u003Cp>O Vendus é um Software de Faturação Online e POS, que permite faturar e controlar as suas vendas em segundos, através de funcionalidades simples, rápidas e intuitivas. Ideal para Profissionais Independentes e Negócios de sucesso, que procuram soluções tecnológicas robustas, acessíveis e com suporte gratuito e ilimitado. Software Certificado Nº 2230\u002FAT, 100% na Cloud e sempre atualizado, de acordo com a lei em vigor.\u003C\u002Fp>\n\u003Ch4>Funcionalidades\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Emissão de Faturas diretamente no Menu Encomendas do Woocommerce\u003C\u002Fli>\n\u003Cli>Criação de notas de crédito\u003C\u002Fli>\n\u003Cli>Consulta e download de faturas emitidas\u003C\u002Fli>\n\u003Cli>Envio do documento para o cliente via email\u003C\u002Fli>\n\u003Cli>Criação de Produtos com IVA diferenciado\u003C\u002Fli>\n\u003Cli>Criação e sincronização automática de produtos entre plataformas\u003C\u002Fli>\n\u003Cli>Validação automática de NIFs \u003C\u002Fli>\n\u003Cli>Sincronização do histórico de compras do Cliente entre plataformas\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A equipa de Suporte do Vendus presta apoio técnico a todos os utilizadores do plugin gratuitamente.\u003C\u002Fp>\n","Faturação 100% online, sem dores de cabeça e sem sair da sua loja online! Programa nº 2230 certificado pela AT a partir de 4€ \u002F mês.",5300,"2023-04-18T15:39:00.000Z","6.2.9","4.5",[101,102,21,22],"billing","invoice","https:\u002F\u002Fwww.vendus.pt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvendus.2.2.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":13,"num_ratings":13,"last_updated":115,"tested_up_to":116,"requires_at_least":81,"requires_php":65,"tags":117,"homepage":44,"download_link":118,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"moloni-es","Moloni España","2.1.4","Moloni, lda","https:\u002F\u002Fprofiles.wordpress.org\u002Fmolonies\u002F","\u003Cp>Moloni is an innovative online billing and POS software that includes access to numerous useful and functional tools that allow each company to manage their billing, control stocks, automate processes and issue documents quickly, simply and intuitively.\u003C\u002Fp>\n\u003Cp>Moloni is always updated with the latest features and tax changes according to the law in Spain!\u003C\u002Fp>\n\u003Ch3>Through the plugin it is possible to:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Synchronize products and stocks between the two platforms\u003C\u002Fli>\n\u003Cli>Automatic or manual document issuance\u003C\u002Fli>\n\u003Cli>Select the status of issued documents\u003C\u002Fli>\n\u003Cli>Select from a wide variety of document types\u003C\u002Fli>\n\u003Cli>Select the outbound item warehouse\u003C\u002Fli>\n\u003Cli>Automatic sending of the document to the customer\u003C\u002Fli>\n\u003Cli>Automatic creation of customers and articles\u003C\u002Fli>\n\u003Cli>Customize your billing details\u003C\u002Fli>\n\u003Cli>Access issued documents without leaving WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All technical and commercial support given to users of the plugin is provided by the Moloni Customer Support team.\u003C\u002Fp>\n","Innovative billing software that fits your business.! Intended for professionals, micro, small and medium enterprises.",20,4879,"2025-07-24T10:05:00.000Z","6.8.5",[21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoloni-es.2.1.4.zip",{"attackSurface":120,"codeSignals":177,"taintFlows":400,"riskAssessment":425,"analyzedAt":438},{"hooks":121,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":13,"unprotectedCount":13},[122,128,131,135,139,142,144,147,153,157,161,163,167],{"type":123,"name":124,"callback":125,"file":126,"line":127},"action","plugins_loaded","anonymous","marvinerp.php",66,{"type":123,"name":129,"callback":125,"file":126,"line":130},"Category_loaded",67,{"type":123,"name":132,"callback":133,"file":126,"line":134},"admin_enqueue_scripts","\\Marvinerp\\Plugin::defines",69,{"type":123,"name":136,"callback":125,"priority":11,"file":137,"line":138},"product_cat_edit_form_fields","src\\Helper\\cat_meta_data.php",18,{"type":123,"name":140,"callback":125,"priority":11,"file":137,"line":141},"product_cat_add_form_fields",19,{"type":123,"name":143,"callback":125,"priority":11,"file":137,"line":113},"edited_product_cat",{"type":123,"name":145,"callback":125,"priority":11,"file":137,"line":146},"create_product_cat",21,{"type":123,"name":148,"callback":149,"priority":150,"file":151,"line":152},"admin_menu","Marvinerp_admin_menu",56.5,"src\\Menus\\Admin.php",14,{"type":123,"name":154,"callback":155,"priority":49,"file":151,"line":156},"admin_bar_menu","add_toolbar_items",15,{"type":123,"name":158,"callback":125,"file":159,"line":160},"woocommerce_update_product","src\\Plugin.php",45,{"type":123,"name":158,"callback":125,"file":159,"line":162},52,{"type":123,"name":164,"callback":165,"file":159,"line":166},"woocommerce_Sync_product","Marvinerp\\Plugin::syncAutoProductCron",54,{"type":123,"name":168,"callback":169,"priority":11,"file":159,"line":170},"woocommerce_order_status_changed","Marvinerp\\Plugin::auto_doc",80,[],[],[],[175],{"hook":164,"callback":164,"file":159,"line":176},77,{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":200,"fileOperations":156,"externalRequests":13,"nonceChecks":13,"capabilityChecks":398,"bundledLibraries":399},[],{"prepared":180,"raw":181,"locations":182},46,5,[183,187,190,192,196],{"file":184,"line":185,"context":186},"src\\Controllers\\Orders\\OrderCustomer.php",150,"$wpdb->get_row() with variable interpolation",{"file":137,"line":188,"context":189},84,"$wpdb->get_col() with variable interpolation",{"file":137,"line":191,"context":189},121,{"file":193,"line":194,"context":195},"src\\Helper\\Tokens.php",50,"$wpdb->query() with variable interpolation",{"file":197,"line":198,"context":199},"src\\Model.php",83,"$wpdb->get_results() with variable interpolation",{"escaped":201,"rawEcho":202,"locations":203},49,106,[204,208,211,214,216,218,219,221,223,225,227,229,231,233,235,236,238,240,242,244,246,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,292,295,297,298,300,302,303,305,306,307,308,310,311,312,314,315,317,318,319,320,321,323,324,326,327,329,331,333,335,337,339,341,343,344,346,348,350,352,354,356,358,360,361,363,365,367,369,370,371,372,373,375,377,378,380,382,384,386,388,390,392,394,396],{"file":205,"line":206,"context":207},"src\\Controllers\\Connection.php",34,"raw output",{"file":209,"line":210,"context":207},"src\\Views\\LoginForm.php",12,{"file":212,"line":213,"context":207},"src\\Views\\MainContainer.php",37,{"file":212,"line":215,"context":207},42,{"file":212,"line":217,"context":207},64,{"file":212,"line":130,"context":207},{"file":212,"line":220,"context":207},70,{"file":212,"line":222,"context":207},89,{"file":212,"line":224,"context":207},93,{"file":212,"line":226,"context":207},101,{"file":212,"line":228,"context":207},102,{"file":212,"line":230,"context":207},103,{"file":212,"line":232,"context":207},104,{"file":212,"line":234,"context":207},105,{"file":212,"line":202,"context":207},{"file":212,"line":237,"context":207},107,{"file":212,"line":239,"context":207},108,{"file":212,"line":241,"context":207},109,{"file":212,"line":243,"context":207},115,{"file":212,"line":245,"context":207},117,{"file":212,"line":245,"context":207},{"file":212,"line":248,"context":207},122,{"file":212,"line":250,"context":207},124,{"file":212,"line":252,"context":207},129,{"file":212,"line":254,"context":207},130,{"file":212,"line":256,"context":207},131,{"file":212,"line":258,"context":207},132,{"file":212,"line":260,"context":207},140,{"file":212,"line":262,"context":207},145,{"file":212,"line":264,"context":207},152,{"file":212,"line":266,"context":207},155,{"file":212,"line":268,"context":207},170,{"file":212,"line":270,"context":207},178,{"file":212,"line":272,"context":207},194,{"file":212,"line":274,"context":207},205,{"file":212,"line":276,"context":207},206,{"file":212,"line":278,"context":207},207,{"file":212,"line":280,"context":207},208,{"file":212,"line":282,"context":207},209,{"file":212,"line":284,"context":207},210,{"file":212,"line":286,"context":207},211,{"file":212,"line":288,"context":207},218,{"file":290,"line":291,"context":207},"src\\Views\\Messages\\DocumentError.php",9,{"file":293,"line":294,"context":207},"src\\Views\\report.php",13,{"file":293,"line":296,"context":207},23,{"file":293,"line":180,"context":207},{"file":293,"line":299,"context":207},48,{"file":301,"line":113,"context":207},"src\\Views\\settings.php",{"file":301,"line":296,"context":207},{"file":301,"line":304,"context":207},27,{"file":301,"line":213,"context":207},{"file":301,"line":215,"context":207},{"file":301,"line":162,"context":207},{"file":301,"line":309,"context":207},57,{"file":301,"line":134,"context":207},{"file":301,"line":32,"context":207},{"file":301,"line":313,"context":207},91,{"file":301,"line":60,"context":207},{"file":301,"line":316,"context":207},97,{"file":301,"line":228,"context":207},{"file":301,"line":230,"context":207},{"file":301,"line":239,"context":207},{"file":301,"line":241,"context":207},{"file":301,"line":322,"context":207},114,{"file":301,"line":243,"context":207},{"file":301,"line":325,"context":207},120,{"file":301,"line":191,"context":207},{"file":301,"line":328,"context":207},126,{"file":301,"line":330,"context":207},127,{"file":301,"line":332,"context":207},139,{"file":301,"line":334,"context":207},141,{"file":301,"line":336,"context":207},142,{"file":301,"line":338,"context":207},144,{"file":301,"line":340,"context":207},147,{"file":301,"line":342,"context":207},149,{"file":301,"line":185,"context":207},{"file":301,"line":345,"context":207},151,{"file":301,"line":347,"context":207},153,{"file":301,"line":349,"context":207},158,{"file":301,"line":351,"context":207},160,{"file":301,"line":353,"context":207},161,{"file":301,"line":355,"context":207},162,{"file":301,"line":357,"context":207},165,{"file":301,"line":359,"context":207},168,{"file":301,"line":268,"context":207},{"file":301,"line":362,"context":207},181,{"file":301,"line":364,"context":207},193,{"file":301,"line":366,"context":207},199,{"file":301,"line":368,"context":207},203,{"file":301,"line":274,"context":207},{"file":301,"line":280,"context":207},{"file":301,"line":284,"context":207},{"file":301,"line":286,"context":207},{"file":301,"line":374,"context":207},213,{"file":301,"line":376,"context":207},216,{"file":301,"line":288,"context":207},{"file":301,"line":379,"context":207},219,{"file":301,"line":381,"context":207},222,{"file":301,"line":383,"context":207},228,{"file":301,"line":385,"context":207},236,{"file":301,"line":387,"context":207},245,{"file":301,"line":389,"context":207},257,{"file":301,"line":391,"context":207},259,{"file":301,"line":393,"context":207},285,{"file":301,"line":395,"context":207},342,{"file":301,"line":397,"context":207},370,2,[],[401],{"entryPoint":402,"graph":403,"unsanitizedCount":398,"severity":424},"\u003Creport> (src\\Views\\report.php:0)",{"nodes":404,"edges":420},[405,409,414,416],{"id":406,"type":407,"label":408,"file":293,"line":160},"n0","source","$_REQUEST",{"id":410,"type":411,"label":412,"file":293,"line":180,"wp_function":413},"n1","sink","echo() [XSS]","echo",{"id":415,"type":407,"label":408,"file":293,"line":160},"n2",{"id":417,"type":411,"label":418,"file":293,"line":180,"wp_function":419},"n3","file_get_contents() [SSRF\u002FLFI]","file_get_contents",[421,423],{"from":406,"to":410,"sanitized":422},false,{"from":415,"to":417,"sanitized":422},"medium",{"summary":426,"deductions":427},"The marvinerp-api plugin version 1.1.0 exhibits a generally positive security posture based on static analysis.  The absence of any AJAX handlers, REST API routes, or shortcodes without authentication checks, combined with a high percentage of prepared SQL statements, indicates a good foundation for secure development.  Furthermore, the plugin has no known past vulnerabilities, suggesting a track record of security awareness.  However, there are areas for concern, notably the low percentage of properly escaped output and the presence of a taint flow with unsanitized paths, even if not classified as critical or high severity.  The lack of nonce checks is also a notable weakness, especially given the presence of cron events which could be triggered maliciously if not properly secured.",[428,431,434,436],{"reason":429,"points":430},"Unsanitized path taint flow found",8,{"reason":432,"points":433},"Low percentage of properly escaped output",7,{"reason":435,"points":181},"No nonce checks implemented",{"reason":437,"points":31},"Limited capability checks relative to file operations","2026-03-17T01:04:05.384Z",{"wat":440,"direct":450},{"assetPaths":441,"generatorPatterns":447,"scriptPaths":448,"versionParams":449},[442,443,444,445,446],"\u002Fwp-content\u002Fplugins\u002Fmarvinerp-api\u002Fassets\u002Fcss\u002FError.css","\u002Fwp-content\u002Fplugins\u002Fmarvinerp-api\u002Fassets\u002FIncludes\u002Fsweetalert2.all.min.js","\u002Fwp-content\u002Fplugins\u002Fmarvinerp-api\u002Fassets\u002FIncludes\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fmarvinerp-api\u002Fassets\u002FIncludes\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fmarvinerp-api\u002Fassets\u002FIncludes\u002Fbootstrap.bundle.min.js",[],[443],[],{"cssClasses":451,"htmlComments":452,"htmlAttributes":453,"restEndpoints":454,"jsGlobals":455,"shortcodeOutput":457},[],[],[],[],[456],"Swal",[]]