[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwfV5DcSpO9qgNp8e3QFw_2G8rDNmuI8_PN5m2nvb5SI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":32,"analysis":33,"fingerprints":95},"metodo-de-pago-qr-de-ligo","Método de pago QR de Ligo","1.5","Renzo Tejada","https:\u002F\u002Fprofiles.wordpress.org\u002Frenzotejada\u002F","\u003Cp>Método de pago offline para WooCommerce que muestra un QR del Ligo y el nombre del titular.\u003C\u002Fp>\n\u003Ch3>Descripción\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Permite seleccionar “QR Ligo” en el checkout.\u003C\u002Fli>\n\u003Cli>Muestra nombre del comercio y QR (subido desde ajustes) al seleccionar el método.\u003C\u002Fli>\n\u003Cli>En el pago, el pedido queda en espera hasta confirmar manualmente.\u003C\u002Fli>\n\u003Cli>Muestra bloque con QR en la página de Gracias y en emails.\u003C\u002Fli>\n\u003Cli>Compatible con HPOS: usa la API de pedidos.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuración\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Ve a WooCommerce \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Ajustes \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Pagos \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> QR Ligo.\u003C\u002Fli>\n\u003Cli>Activa el método y completa:\n\u003Cul>\n\u003Cli>Nombre del titular.\u003C\u002Fli>\n\u003Cli>Imagen QR (usa el botón para subir\u002Fseleccionar).\u003C\u002Fli>\n\u003Cli>Instrucciones para el cliente.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Guarda los cambios.\u003C\u002Fli>\n\u003C\u002Fol>\n","Método de pago offline para WooCommerce que muestra un QR del Ligo y el nombre del titular.",0,152,"2025-11-23T01:31:00.000Z","6.6.5","6.8","7.4",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetodo-de-pago-qr-de-ligo.1.5.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"renzotejada",11,8640,94,327,75,"2026-04-05T15:03:20.825Z",[],{"attackSurface":34,"codeSignals":59,"taintFlows":87,"riskAssessment":88,"analyzedAt":94},{"hooks":35,"ajaxHandlers":55,"restRoutes":56,"shortcodes":57,"cronEvents":58,"entryPointCount":11,"unprotectedCount":11},[36,43,48,52],{"type":37,"name":38,"callback":39,"priority":40,"file":41,"line":42},"action","woocommerce_email_before_order_table","email_instructions",10,"includes\\class-woo-qr-ligo-gateway.php",32,{"type":37,"name":44,"callback":45,"file":46,"line":47},"before_woocommerce_init","closure","metodo-de-pago-qr-de-ligo.php",28,{"type":49,"name":50,"callback":45,"file":46,"line":51},"filter","woocommerce_payment_gateways",38,{"type":37,"name":53,"callback":45,"file":46,"line":54},"admin_enqueue_scripts",44,[],[],[],[],{"dangerousFunctions":60,"sqlUsage":61,"outputEscaping":63,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":86},[],{"prepared":11,"raw":11,"locations":62},[],{"escaped":64,"rawEcho":65,"locations":66},17,9,[67,70,72,74,76,78,80,82,84],{"file":41,"line":68,"context":69},140,"raw output",{"file":41,"line":71,"context":69},143,{"file":41,"line":73,"context":69},147,{"file":41,"line":75,"context":69},173,{"file":41,"line":77,"context":69},176,{"file":41,"line":79,"context":69},179,{"file":41,"line":81,"context":69},188,{"file":41,"line":83,"context":69},191,{"file":41,"line":85,"context":69},194,[],[],{"summary":89,"deductions":90},"The plugin 'metodo-de-pago-qr-de-ligo' v1.5 exhibits a generally strong security posture based on the provided static analysis. The absence of any identified CVEs in its vulnerability history, coupled with a clean taint analysis showing no critical or high severity flows, suggests a well-maintained and secure codebase.  The plugin also demonstrates good practices by not performing file operations or external HTTP requests, further limiting its attack surface.  All SQL queries are using prepared statements, which is a crucial security measure against SQL injection.  The primary area of concern lies in the output escaping, where 35% of outputs are not properly escaped. While the attack surface is reported as zero, this lack of comprehensive output escaping could still leave the plugin vulnerable to cross-site scripting (XSS) attacks if user-supplied data is directly reflected in the output without proper sanitization.  Given the lack of historical vulnerabilities and a seemingly limited attack surface, the risk is currently low, but the unescaped output is a notable weakness that warrants attention to prevent potential XSS.",[91],{"reason":92,"points":93},"Unescaped output identified",5,"2026-03-17T07:05:46.141Z",{"wat":96,"direct":103},{"assetPaths":97,"generatorPatterns":99,"scriptPaths":100,"versionParams":101},[98],"\u002Fwp-content\u002Fplugins\u002Fmetodo-de-pago-qr-de-ligo\u002Fassets\u002Fjs\u002Fadmin.js",[],[98],[102],"metodo-de-pago-qr-de-ligo\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":104,"htmlComments":106,"htmlAttributes":107,"restEndpoints":109,"jsGlobals":110,"shortcodeOutput":111},[105],"qrligo-thankyou",[],[108],"button class=\"button ligo-qr-upload\"",[],[],[]]