[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fePlnWJ_Exsil6WB6-uVLWmGR46Z0_ZTHTKd8pyXWiO8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":9,"tags":18,"homepage":28,"download_link":29,"security_score":30,"vuln_count":31,"unpatched_count":31,"last_vuln_date":32,"fetched_at":33,"vulnerabilities":34,"developer":35,"crawl_stats":32,"alternatives":40,"analysis":133,"fingerprints":305},"merchiumru","Онлайн-магазин Мерчиум","1.0.1","merchium","https:\u002F\u002Fprofiles.wordpress.org\u002Fmerchium\u002F","","Полноценный интернет-магазин для вашего блога.",10,4224,60,2,"2015-12-29T12:33:00.000Z","4.1.42","3.6",[19,20,21,22,7,23,24,25,26,27],"cscart","%d0%bc%d0%b0%d0%b3%d0%b0%d0%b7%d0%b8%d0%bd","ecommerce","facebook","%d1%8d%d0%bb%d0%b5%d0%ba%d1%82%d1%80%d0%be%d0%bd%d0%bd%d0%b0%d1%8f-%d0%ba%d0%be%d0%bc%d0%bc%d0%b5%d1%80%d1%86%d0%b8%d1%8f","%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81-%d0%b4%d0%b5%d0%bd%d1%8c%d0%b3%d0%b8","shop","store","storefront","http:\u002F\u002Fmerchium.ru","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmerchiumru.1.0.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":36,"avg_security_score":30,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},20,30,84,"2026-04-05T14:44:21.769Z",[41,63,83,102,114],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":9,"tags":56,"homepage":61,"download_link":62,"security_score":30,"vuln_count":31,"unpatched_count":31,"last_vuln_date":32,"fetched_at":33},"facebook-shop-by-storeyacom","Social Shop for WooCommerce","2.6","storeya","https:\u002F\u002Fprofiles.wordpress.org\u002Fstoreya\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.StoreYa.com\" rel=\"nofollow ugc\">StoreYa\u003C\u002Fa> provides you a stable solution, packed with all the features you need to sell successfully on Facebook!\u003C\u002Fp>\n\u003Cp>Creating a Facebook store is very simple, no design or coding skills required, it’s available in all currencies, and you can customize your Facebook store to any language.\u003Cbr \u002F>\nIt also includes a one-click inventory import from WordPress.\u003C\u002Fp>\n\u003Cp>Facebook Store Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>One-click integration: StoreYa uses your store’s most updated catalog, and imports it to Facebook automatically. There’s no need to manually upload products.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Statistics: Use real-time data of your fans and visitors, analyze your campaigns and gain important insights from your Facebook Shop.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No design or coding skills are required: edit the Facebook store to your liking in a few clicks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>International: StoreYa supports any language and any available currency.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Secure checkout: Maintain your existing e-commerce platform for sales, returns and order processing. Once your fan chooses a product, he\u002Fshe will be re-directed to the relevant product page at your Shopify store.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On-demand software: You have no installations to take care of, no adjustments or configurations. StoreYa is hosted on dedicated servers and deals with all of the editions upgrades and improvements, including Facebook changes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Simple to use Back-office: You can manage the entire Facebook shop from your StoreYa’s back-office, create new collections, add new products, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Multiple stores and multiple fan pages:\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Create different Facebook shops under one account.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Display the same store on unlimited Facebook fan pages.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Social plugins integration: Your comments and likes plugins can be synced with your Facebook shop social plugins, increasing your exposure to more users.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Sharing buttons: Promote your Facebook shop using twitter, Like, and Pin it buttons!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin was developed by StoreYa and not by Facebook.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Something is not clear? Need a bit of help? \u003Ca href=\"https:\u002F\u002Fstoreya.zendesk.com\u002Fhome\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.storeya.com\u002Fpartners\u002Fwp_woocommerce\" rel=\"nofollow ugc\">Woocommerce to Facebook\u003C\u002Fa>\u003C\u002Fp>\n","This plugin will import your Woocommerce store to Facebook in a couple of minutes, with no development or design skills required.",900,99333,68,26,"2021-07-11T15:45:00.000Z","5.8.13","3.0",[21,57,58,59,60],"facebook-shop","import-to-facebook","woo-commerce","woocommerce","http:\u002F\u002Fwww.storeya.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacebook-shop-by-storeyacom.zip",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":9,"tags":78,"homepage":81,"download_link":82,"security_score":30,"vuln_count":31,"unpatched_count":31,"last_vuln_date":32,"fetched_at":33},"woo-to-facebook-shop","Social Commerce for WooCommerce","2.5.4","premiumthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fpremiumthemes\u002F","\u003Ch4>Social Commerce for WooCommerce\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.premium-themes.co\" rel=\"nofollow ugc\">Premium Themes\u003C\u002Fa> is a new startup for creating Bootstrap based HTML templates and wordpress themes. Additionally we have created this plugin for those who would like to pull all the woocommerce products to Facebook so quickly. \u003Ca href=\"https:\u002F\u002Fwww.premium-themes.co\u002Fwoocommerce-to-facebook-shop\u002F\" rel=\"nofollow ugc\">WooCommerce to Facebook shop\u003C\u002Fa> plugin allows you to easily sync your products from your woocommerce site to Facebook. It provides that you can sync or Unsync your products any time. There is no limitation how many sync you can do in a day, week or month.\u003C\u002Fp>\n\u003Cp>Please use this plugin if your fan page has more than 2000 Facebook Followers. This is the restrictions applied by Facebook. Here is article for your help: \u003Ca href=\"https:\u002F\u002Fdevelopers.facebook.com\u002Fdocs\u002Fpages\u002Ftabs\" rel=\"nofollow ugc\">Facebook Tabs\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>While you are synchronizing your data from your website to your Facebook fan page the following information will be stored on premium theme servers:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Product ID’s\u003C\u002Fli>\n\u003Cli>Product Title\u003C\u002Fli>\n\u003Cli>Product Short and Long Description\u003C\u002Fli>\n\u003Cli>Product Price Regular and sale price.\u003C\u002Fli>\n\u003Cli>Product Images URL : We will only store the images path from your web server so all the images will remain on your server we don’t copy it from your server to premium themes server.\u003C\u002Fli>\n\u003Cli>Categories ID’s\u003C\u002Fli>\n\u003Cli>Category Names\u003C\u002Fli>\n\u003Cli>Facebook Shop page banner image path.\u003C\u002Fli>\n\u003Cli>Product variations.\u003C\u002Fli>\n\u003Cli>Product detail page link.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All the above information will be synced from your server to Premium themes server with JSON format. You can also try our \u003Ca href=\"https:\u002F\u002Fwww.premium-themes.co\u002Fmy-account\u002Ffan-page\u002F\" rel=\"nofollow ugc\">Pro or Premium version here\u003C\u002Fa> that is fully loaded with some great features.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can add custom banner on your shop.\u003C\u002Fli>\n\u003Cli>Your can set Facebook shop in your language.\u003C\u002Fli>\n\u003Cli>Unlimited  products listing on Facebook shop.\u003C\u002Fli>\n\u003Cli>Schedule quto sync time for all your products to Facebook shop.\u003C\u002Fli>\n\u003Cli>You can customize color scheme of your Facebook shop with infinite colors. etc\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can explore the \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpremiumthemes.co\u002Fapp\u002F133814717163787\u002F\" rel=\"nofollow ugc\">sample shop here\u003C\u002Fa> If you have any question or query please post it here in wordpress plugin support panel or on our official sport portal. \u003Ca href=\"https:\u002F\u002Fpremiumthemes.freshdesk.com\u002Fsupport\u002Fhome\" rel=\"nofollow ugc\">Premium Themes support\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Import your Woocommerce store products to Facebook, you’ll be amazed with the results!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Resources\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpremiumthemes.freshdesk.com\u002Fsupport\u002Fhome\" rel=\"nofollow ugc\">Premium Themes support\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.premium-themes.co\u002Fwoocommerce-to-facebook-shop\u002F\" rel=\"nofollow ugc\">Social Commerce for WooCommerce\u003C\u002Fa>\u003C\u002Fp>\n","Now you can start your facebook shop free. With Social Commerce for WooCommerce plugin you can easily sync or unsync your products from your woocommer &hellip;",200,46941,64,9,"2020-04-06T08:02:00.000Z","5.4.19","3.3.1",[21,22,57,79,80],"facebook-store","import","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-to-facebook-shop\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-to-facebook-shop.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":31,"num_ratings":31,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":9,"tags":96,"homepage":100,"download_link":101,"security_score":30,"vuln_count":31,"unpatched_count":31,"last_vuln_date":32,"fetched_at":33},"easy-pixels-contact-form-extension-by-jevnet","Easy Pixels CF7 extension","2.14","JEVNET","https:\u002F\u002Fprofiles.wordpress.org\u002Fjevnet\u002F","\u003Cp>“Easy Pixels CF7” is the \u003Ca href=\"https:\u002F\u002Fes.wordpress.org\u002Fplugins\u002Feasy-pixels-by-jevnet\u002F\" rel=\"nofollow ugc\">“Easy Pixels” plugin\u003C\u002Fa> extension to set the tracking codes when a Contact Form 7 is sent. It sends tracking codes for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Analytics\u003C\u002Fli>\n\u003Cli>Google Ads\u003C\u002Fli>\n\u003Cli>Bing\u003C\u002Fli>\n\u003Cli>Facebook Ads\u003C\u002Fli>\n\u003Cli>Twitter Ads\u003C\u002Fli>\n\u003Cli>Google Tag Manager\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No configuration required for most platforms. It sends automatically the form id and name to all active platforms.\u003C\u002Fp>\n\u003Cp>Only Google Ads requires to set the conversion label. You can set a different conversion label for each form if you want to track all what you want as you want.\u003C\u002Fp>\n\u003Ch4>Requeriments\u003C\u002Fh4>\n\u003Cp>This plugin requires The \u003Ca href=\"https:\u002F\u002Fes.wordpress.org\u002Fplugins\u002Feasy-pixels-by-jevnet\u002F\" rel=\"nofollow ugc\">“Easy Pixels” plugin\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fes.wordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"nofollow ugc\">“Contact Form 7” plugin\u003C\u002Fa>.\u003C\u002Fp>\n","\"Easy Pixels CF7\" is the \"Easy Pixels\" plugin extension to set the tracking codes when a Contact Form 7 is sent.",100,3964,"2022-04-07T10:31:00.000Z","5.9.13","4.0",[21,22,97,98,99],"marketing","pixel","tracking","https:\u002F\u002Fwww.jevnet.es\u002Fcontact-form-7-adwords-facebook-tracking-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-pixels-contact-form-extension-by-jevnet.2.14.zip",{"slug":103,"name":104,"version":105,"author":87,"author_profile":88,"description":106,"short_description":107,"active_installs":91,"downloaded":108,"rating":91,"num_ratings":109,"last_updated":110,"tested_up_to":94,"requires_at_least":95,"requires_php":9,"tags":111,"homepage":112,"download_link":113,"security_score":30,"vuln_count":31,"unpatched_count":31,"last_vuln_date":32,"fetched_at":33},"easy-pixels-ecommerce-extension-by-jevnet","Easy Pixels eCommerce extension","2.12","\u003Cp>“Easy Pixels for WooCommerce” is the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-pixels-by-jevnet\u002F\" rel=\"ugc\">“Easy Pixels” plugin\u003C\u002Fa> extension to set the tracking codes on WooCommerce.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Analytics tracking\u003C\u002Fli>\n\u003Cli>Google Ads tracking\u003C\u002Fli>\n\u003Cli>Microsoft Advertising (Bing) tracking\u003C\u002Fli>\n\u003Cli>Facebook Ads Pixel tracking\u003C\u002Fli>\n\u003Cli>Twitter Ads Pixel tracking\u003C\u002Fli>\n\u003Cli>Google Tag Manager Events\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Enhanced Analytics tracking for WooCommerce\u003C\u002Fh4>\n\u003Cp>It tracks standard Enhanced Analytics events in WooCommerce:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Analytics purchase event\u003C\u002Fli>\n\u003Cli>Single product views \u003C\u002Fli>\n\u003Cli>Product views in listings\u003C\u002Fli>\n\u003Cli>Add to cart events (ajax and no ajax methods)\u003C\u002Fli>\n\u003Cli>Initiate checkout\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requeriments\u003C\u002Fh4>\n\u003Cp>This plugin requires The \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-pixels-by-jevnet\u002F\" rel=\"ugc\">“Easy Pixels” plugin\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">“Woocommerce” plugin\u003C\u002Fa> .\u003C\u002Fp>\n","\"Easy Pixels for Woocommerce\" is the \"Easy Pixels\" plugin extension to set the tracking codes on WooCommerce.",5910,1,"2022-04-07T10:35:00.000Z",[21,22,97,98,99],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-pixels-ecommerce-extension-by-jevnet\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-pixels-ecommerce-extension-by-jevnet.2.12.zip",{"slug":115,"name":116,"version":6,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":31,"num_ratings":31,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":9,"download_link":132,"security_score":91,"vuln_count":31,"unpatched_count":31,"last_vuln_date":32,"fetched_at":33},"meta-pixel-event-tracker","Meta Pixel Event Tracker for WooCommerce","Harpalsinh Parmar","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeveloper1998\u002F","\u003Cp>Meta Pixel Event Tracker for WooCommerce enables you to track key eCommerce events directly in your Meta (Facebook) Ads account, giving you better insights into your customers’ shopping behavior.\u003Cbr \u002F>\nIt allows you to selectively enable or disable event tracking for various WooCommerce pages and actions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track \u003Cstrong>ViewContent\u003C\u002Fstrong>, \u003Cstrong>AddToCart\u003C\u002Fstrong>, \u003Cstrong>InitiateCheckout\u003C\u002Fstrong>, and \u003Cstrong>Purchase\u003C\u002Fstrong> events.\u003Cbr \u002F>\n* Separate enable\u002Fdisable controls for each page type (Shop, Product, Cart, Checkout, Categories).\u003Cbr \u002F>\n* Supports WooCommerce default pages and custom shop\u002Fcategory pages.\u003Cbr \u002F>\n* Inline JavaScript injection for faster execution.\u003Cbr \u002F>\n* Lightweight and optimized for performance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Common Use Cases:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Optimize Meta Ads campaigns by tracking accurate WooCommerce events.\u003Cbr \u002F>\n* Create retargeting audiences based on shopper behavior.\u003Cbr \u002F>\n* Measure conversion performance for each product category.\u003C\u002Fp>\n\u003Ch3>Sources\u003C\u002Fh3>\n\u003Cp>This plugin uses the following third-party libraries:\u003Cbr \u002F>\n– FB Events (https:\u002F\u002Fconnect.facebook.net\u002Fen_US\u002Ffbevents.js)\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Facebook Pixel service in order to provide website analytics and conversion tracking.\u003Cbr \u002F>\nIt loads the Facebook Pixel script from the following domain:\u003Cbr \u002F>\nhttps:\u002F\u002Fconnect.facebook.net\u002Fen_US\u002Ffbevents.js\u003C\u002Fp>\n\u003Cp>When enabled, this service may collect user data as described in Facebook’s terms and privacy policy.\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fwww.facebook.com\u002Flegal\u002Fterms\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fwww.facebook.com\u002Fabout\u002Fprivacy\u003C\u002Fp>\n","Adds customizable Meta Pixel event tracking support to WooCommerce.",40,369,"2025-12-15T10:47:00.000Z","6.9.4","5.2","7.4",[128,129,130,131,60],"ecommerce-tracking","event-tracking","facebook-pixel","meta-pixel","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeta-pixel-event-tracker.1.0.1.zip",{"attackSurface":134,"codeSignals":221,"taintFlows":262,"riskAssessment":289,"analyzedAt":304},{"hooks":135,"ajaxHandlers":201,"restRoutes":213,"shortcodes":214,"cronEvents":218,"entryPointCount":219,"unprotectedCount":220},[136,142,146,150,153,158,162,166,170,174,178,182,186,189,193,195,199],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","admin_menu","merchium_admin_menu","merchium.php",37,{"type":137,"name":143,"callback":144,"file":140,"line":145},"admin_init","merchium_admin_init",38,{"type":137,"name":147,"callback":148,"file":140,"line":149},"admin_enqueue_scripts","merchium_register_admin_scripts",39,{"type":137,"name":151,"callback":152,"file":140,"line":121},"admin_notices","merchium_show_admin_messages",{"type":154,"name":155,"callback":156,"file":140,"line":157},"filter","plugin_action_links_merchium_wp\u002Fmerchium.php","merchium_plugin_actions",42,{"type":137,"name":159,"callback":160,"priority":11,"file":140,"line":161},"pre_update_option_merchium_widget_code","merchium_update_option_merchium_widget_code",43,{"type":137,"name":163,"callback":164,"file":140,"line":165},"sm_buildmap","merchium_build_sitemap",44,{"type":137,"name":167,"callback":168,"file":140,"line":169},"wp_title","merchium_wp_title",51,{"type":137,"name":171,"callback":172,"file":140,"line":173},"wp_head","merchium_wp_head",52,{"type":137,"name":175,"callback":176,"priority":36,"file":140,"line":177},"wp_enqueue_scripts","merchium_register_frontend_scripts",53,{"type":137,"name":179,"callback":180,"priority":31,"file":140,"line":181},"wp","merchium_seo_ultimate_compatibility",56,{"type":137,"name":183,"callback":184,"priority":31,"file":140,"line":185},"plugins_loaded","merchium_minify_compatibility",57,{"type":137,"name":167,"callback":187,"priority":31,"file":140,"line":188},"merchium_seo_compatibility",58,{"type":137,"name":171,"callback":190,"priority":191,"file":140,"line":192},"merchium_seo_compatibility_restore",1000,59,{"type":137,"name":183,"callback":194,"file":140,"line":73},"merchium_load_textdomain",{"type":154,"name":196,"callback":197,"file":198,"line":173},"aioseop_title","__return_null","php\\fn.compatibility.php",{"type":154,"name":200,"callback":197,"file":198,"line":177},"aioseop_description",[202,206,210],{"action":203,"nopriv":204,"callback":203,"hasNonce":204,"hasCapCheck":204,"file":140,"line":205},"merchium_hide_vote_message",false,41,{"action":207,"nopriv":204,"callback":208,"hasNonce":204,"hasCapCheck":204,"file":140,"line":209},"merchium_form","merchium_ajax_request",45,{"action":207,"nopriv":211,"callback":208,"hasNonce":204,"hasCapCheck":204,"file":140,"line":212},true,46,[],[215],{"tag":216,"callback":216,"file":140,"line":217},"merchium_store",50,[],4,3,{"dangerousFunctions":222,"sqlUsage":223,"outputEscaping":225,"fileOperations":31,"externalRequests":31,"nonceChecks":31,"capabilityChecks":31,"bundledLibraries":261},[],{"prepared":31,"raw":31,"locations":224},[],{"escaped":14,"rawEcho":226,"locations":227},18,[228,232,234,236,238,240,241,242,243,244,245,247,249,251,253,255,257,259],{"file":229,"line":230,"context":231},"php\\content.admin_merchium.php",31,"raw output",{"file":229,"line":233,"context":231},33,{"file":229,"line":235,"context":231},105,{"file":229,"line":237,"context":231},114,{"file":239,"line":109,"context":231},"php\\content.admin_merchium_popup.php",{"file":239,"line":109,"context":231},{"file":239,"line":220,"context":231},{"file":239,"line":36,"context":231},{"file":239,"line":37,"context":231},{"file":239,"line":212,"context":231},{"file":246,"line":217,"context":231},"php\\fn.common.php",{"file":248,"line":237,"context":231},"php\\fn.core.php",{"file":248,"line":250,"context":231},168,{"file":248,"line":252,"context":231},176,{"file":248,"line":254,"context":231},219,{"file":248,"line":256,"context":231},227,{"file":248,"line":258,"context":231},283,{"file":248,"line":260,"context":231},298,[],[263,280],{"entryPoint":264,"graph":265,"unsanitizedCount":109,"severity":279},"merchium_ajax_request (php\\fn.core.php:293)",{"nodes":266,"edges":277},[267,272],{"id":268,"type":269,"label":270,"file":248,"line":271},"n0","source","$_POST",295,{"id":273,"type":274,"label":275,"file":248,"line":260,"wp_function":276},"n1","sink","echo() [XSS]","echo",[278],{"from":268,"to":273,"sanitized":204},"medium",{"entryPoint":281,"graph":282,"unsanitizedCount":109,"severity":288},"\u003Cfn.core> (php\\fn.core.php:0)",{"nodes":283,"edges":286},[284,285],{"id":268,"type":269,"label":270,"file":248,"line":271},{"id":273,"type":274,"label":275,"file":248,"line":260,"wp_function":276},[287],{"from":268,"to":273,"sanitized":204},"low",{"summary":290,"deductions":291},"The \"merchiumru\" v1.0.1 plugin exhibits a mixed security posture. While it shows strengths in its handling of SQL queries and lack of external HTTP requests, significant concerns arise from its attack surface and output escaping.  The presence of three unprotected AJAX handlers presents a direct entry point for potential unauthenticated actions, a common vector for exploiting plugins. Furthermore, only 10% of output is properly escaped, suggesting a high risk of cross-site scripting (XSS) vulnerabilities where user-supplied data could be injected into the frontend without proper sanitization.\n\nThe taint analysis, while not revealing critical or high severity issues, did identify two flows with unsanitized paths, which, combined with the unprotected AJAX endpoints, could potentially lead to exploitable conditions if these paths involve user-controlled input. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign indicating a lack of publicly known exploits. However, this does not mitigate the risks identified in the static analysis.\n\nIn conclusion, the plugin's lack of known vulnerabilities is a strength, but it is overshadowed by critical weaknesses in its attack surface management and output sanitization. The three unprotected AJAX handlers and the severely limited output escaping are the most pressing security concerns and require immediate attention to improve the plugin's overall security posture.  The taint analysis results further underscore the need for better input sanitization.",[292,295,297,300,302],{"reason":293,"points":294},"Unprotected AJAX handlers",15,{"reason":296,"points":294},"Low percentage of properly escaped output",{"reason":298,"points":299},"Flows with unsanitized paths",5,{"reason":301,"points":299},"No nonce checks on AJAX",{"reason":303,"points":299},"No capability checks","2026-03-17T01:10:11.338Z",{"wat":306,"direct":316},{"assetPaths":307,"generatorPatterns":312,"scriptPaths":313,"versionParams":315},[308,309,310,311],"\u002Fwp-content\u002Fplugins\u002Fmerchiumru\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fmerchiumru\u002Fcss\u002Fadmin-3.8.css","\u002Fwp-content\u002Fplugins\u002Fmerchiumru\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fmerchiumru\u002Fcss\u002Ffrontend.css",[],[310,314],"\u002Fwp-content\u002Fplugins\u002Fmerchiumru\u002Fjs\u002Ffrontend-fragment.js",[],{"cssClasses":317,"htmlComments":318,"htmlAttributes":321,"restEndpoints":322,"jsGlobals":323,"shortcodeOutput":325},[],[319,320],"\u003C!-- Merchium code. Please do not remove this line or your Merchium shopping cart will not work properly. -->","\u003C!-- Merchium code end -->",[],[],[324],"merchium_opts",[326],"[merchium_store]"]