[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSGaQZ7PUHSgXYP3j-iuCK6CIkFZPDP1FQ0x1afI38Ws":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":48,"fingerprints":213},"mobile-cost-control-automated","Mcc Automated","1.2.8","validas","https:\u002F\u002Fprofiles.wordpress.org\u002Fvalidas\u002F","\u003Cp>Brought to you by Validas: The bill-reading talent behind Sprints Cut Your Bill in Half campaign.\u003Cbr \u002F>\nReading wireless bills is hard, especially for B2B. They’re often 100 to 100,000 of pages with confusing itemized plan structures.\u003Cbr \u002F>\nMCCa allows your prospects & customers to upload their bill to your site, to compare with your service.\u003Cbr \u002F>\nValidas uses MCCa for their consulting service: Mobile Cost Control (MCC).\u003Cbr \u002F>\nNow anyone can use MCCa for any product or service that would benefit from instantly reading a B2B or government wireless bill.\u003Cbr \u002F>\nYou will receive their bills and a database of your users with their bill totals to make fast work of building large B2B offers!\u003C\u002Fp>\n","Get accurate information from your prospect's bills and show them a better offer instantly. Show your prospects their line count, total bill, dat …",0,1524,"2022-09-19T20:09:00.000Z","6.0.11","5.0.13","7.0",[18,19,20,21],"b2b-sales-leads","mobile-bill-analyzer","read-prospects-bills","upload-offer","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmobile-cost-control-automated.1.2.8.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},2,30,84,"2026-04-05T14:47:36.640Z",[34],{"slug":35,"name":36,"version":37,"author":7,"author_profile":8,"description":38,"short_description":39,"active_installs":11,"downloaded":40,"rating":11,"num_ratings":11,"last_updated":41,"tested_up_to":14,"requires_at_least":42,"requires_php":16,"tags":43,"homepage":22,"download_link":47,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"wireless-butler","Wireless Butler","1.0.11","\u003Cp>Wireless Butler helps businesses competitively sell mobile service by instantly reading bills and recommending your service.\u003Cbr \u002F>\nSprint used our technology to read millions of competitor bills during their “Cut Your Bill in Half” campaign,\u003Cbr \u002F>\nand now you can harness that same power to make competitive Recommendations to your website users!\u003C\u002Fp>\n","Wireless Butler helps businesses competitively sell mobile service by instantly reading bills and recommending your service.",1530,"2022-08-14T14:53:00.000Z","4.6",[44,19,45,46,21],"bill-calculator","mobile-sales-leads","plan-calculator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwireless-butler.1.0.11.zip",{"attackSurface":49,"codeSignals":102,"taintFlows":152,"riskAssessment":199,"analyzedAt":212},{"hooks":50,"ajaxHandlers":93,"restRoutes":94,"shortcodes":95,"cronEvents":100,"entryPointCount":101,"unprotectedCount":11},[51,57,62,65,67,70,73,78,81,85,88],{"type":52,"name":53,"callback":54,"file":55,"line":56},"action","admin_init","register_mcc_automated_plugin_settings","admin\\class-mcc-automated-admin.php",214,{"type":52,"name":58,"callback":59,"file":60,"line":61},"plugins_loaded","anonymous","includes\\class-mcc-automated.php",131,{"type":52,"name":63,"callback":59,"file":60,"line":64},"admin_enqueue_scripts",147,{"type":52,"name":63,"callback":59,"file":60,"line":66},148,{"type":52,"name":68,"callback":59,"file":60,"line":69},"admin_menu",150,{"type":52,"name":71,"callback":59,"file":60,"line":72},"init",166,{"type":52,"name":74,"callback":75,"file":76,"line":77},"admin_post_nopriv_mcc_automated_form_1_step_1","handle_form_1_step_1_submit","public\\class-mcc-automated-public.php",113,{"type":52,"name":79,"callback":75,"file":76,"line":80},"admin_post_mcc_automated_form_1_step_1",115,{"type":52,"name":82,"callback":83,"file":76,"line":84},"admin_post_nopriv_mcc_automated_form_1_step_2","handle_form_1_step_2_submit",117,{"type":52,"name":86,"callback":83,"file":76,"line":87},"admin_post_mcc_automated_form_1_step_2",119,{"type":52,"name":89,"callback":90,"priority":91,"file":76,"line":92},"upgrader_process_complete","plugin_upgrader_process_complete",10,121,[],[],[96],{"tag":97,"callback":98,"file":76,"line":99},"mcc_automated_form_1","mcc_automated_form_1_func",111,[],1,{"dangerousFunctions":103,"sqlUsage":104,"outputEscaping":143,"fileOperations":146,"externalRequests":147,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":148},[],{"prepared":105,"raw":106,"locations":107},318,15,[108,112,114,116,118,120,122,126,128,130,132,134,136,139,141],{"file":109,"line":110,"context":111},"includes\\class-mcc-automated-activator.php",108,"$wpdb->get_var() with variable interpolation",{"file":109,"line":113,"context":111},204,{"file":109,"line":115,"context":111},312,{"file":109,"line":117,"context":111},364,{"file":109,"line":119,"context":111},1006,{"file":109,"line":121,"context":111},1031,{"file":123,"line":124,"context":125},"includes\\class-mcc-automated-uninstall.php",63,"$wpdb->query() with variable interpolation",{"file":123,"line":127,"context":125},67,{"file":123,"line":129,"context":125},71,{"file":123,"line":131,"context":125},75,{"file":123,"line":133,"context":125},79,{"file":123,"line":135,"context":125},83,{"file":76,"line":137,"context":138},822,"$wpdb->get_row() with variable interpolation",{"file":76,"line":140,"context":138},2360,{"file":76,"line":142,"context":138},2362,{"escaped":144,"rawEcho":11,"locations":145},127,[],4,6,[149],{"name":150,"version":25,"knownCves":151},"Select2",[],[153,171],{"entryPoint":154,"graph":155,"unsanitizedCount":29,"severity":170},"handle_form_1_step_2_submit (public\\class-mcc-automated-public.php:2330)",{"nodes":156,"edges":167},[157,162],{"id":158,"type":159,"label":160,"file":76,"line":161},"n0","source","$_POST (x2)",2341,{"id":163,"type":164,"label":165,"file":76,"line":140,"wp_function":166},"n1","sink","get_row() [SQLi]","get_row",[168],{"from":158,"to":163,"sanitized":169},false,"high",{"entryPoint":172,"graph":173,"unsanitizedCount":198,"severity":170},"\u003Cclass-mcc-automated-public> (public\\class-mcc-automated-public.php:0)",{"nodes":174,"edges":194},[175,178,182,185,190,192],{"id":158,"type":159,"label":176,"file":76,"line":177},"$_POST (x111)",180,{"id":163,"type":164,"label":179,"file":76,"line":180,"wp_function":181},"query() [SQLi]",855,"query",{"id":183,"type":159,"label":184,"file":76,"line":177},"n2","$_POST (x17)",{"id":186,"type":164,"label":187,"file":76,"line":188,"wp_function":189},"n3","get_results() [SQLi]",2145,"get_results",{"id":191,"type":159,"label":160,"file":76,"line":161},"n4",{"id":193,"type":164,"label":165,"file":76,"line":140,"wp_function":166},"n5",[195,196,197],{"from":158,"to":163,"sanitized":169},{"from":183,"to":186,"sanitized":169},{"from":191,"to":193,"sanitized":169},130,{"summary":200,"deductions":201},"The mobile-cost-control-automated plugin v1.2.8 exhibits a generally strong security posture, with several good practices in place. The majority of SQL queries utilize prepared statements, and all output is properly escaped, significantly reducing the risk of common web vulnerabilities like SQL injection and cross-site scripting. The absence of known CVEs and past vulnerabilities further suggests a well-maintained codebase.  However, the static analysis reveals critical concerns.  Specifically, there are two taint flows with unsanitized paths, indicating a potential for data to be mishandled or exploited if input is not properly validated before being used in sensitive operations.  The lack of nonce checks and capability checks on entry points, even though the attack surface is small and no AJAX\u002FREST API routes are unprotected, is a significant omission. While there are no direct authentication bypass vulnerabilities identified in the provided data, these missing checks can be exploited in conjunction with other weaknesses to escalate privileges or perform unauthorized actions. The bundled Select2 library also warrants attention, as outdated versions can introduce vulnerabilities, though no specific version information is provided to assess this risk directly.",[202,204,207,209],{"reason":203,"points":106},"Critical taint flows with unsanitized paths found",{"reason":205,"points":206},"No nonce checks implemented",8,{"reason":208,"points":206},"No capability checks implemented",{"reason":210,"points":211},"Bundled library (Select2) may be outdated",3,"2026-03-17T07:21:53.421Z",{"wat":214,"direct":227},{"assetPaths":215,"generatorPatterns":220,"scriptPaths":221,"versionParams":222},[216,217,218,219],"\u002Fwp-content\u002Fplugins\u002Fmobile-cost-control-automated\u002Fcss\u002Fmcc-automated-public.css","\u002Fwp-content\u002Fplugins\u002Fmobile-cost-control-automated\u002Fcss\u002Fdropzone.min.css","\u002Fwp-content\u002Fplugins\u002Fmobile-cost-control-automated\u002Fjs\u002Fmcc-automated-public.js","\u002Fwp-content\u002Fplugins\u002Fmobile-cost-control-automated\u002Fjs\u002Fdropzone.min.js",[],[218,219],[223,224,225,226],"mobile-cost-control-automated\u002Fcss\u002Fmcc-automated-public.css?ver=","mobile-cost-control-automated\u002Fcss\u002Fdropzone.min.css?ver=","mobile-cost-control-automated\u002Fjs\u002Fmcc-automated-public.js?ver=","mobile-cost-control-automated\u002Fjs\u002Fdropzone.min.js?ver=",{"cssClasses":228,"htmlComments":229,"htmlAttributes":230,"restEndpoints":231,"jsGlobals":232,"shortcodeOutput":234},[],[],[],[],[233],"mccAutomatedObj",[235],"[mcc_automated_form_1]"]