[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB5vCApo_U6dRcjPFPBY1IIMhFwznsnn9Uchxvf-4y4M":3},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":45,"crawl_stats":34,"alternatives":52,"analysis":137,"fingerprints":420},"moloni","Moloni","5.0.04","https:\u002F\u002Fprofiles.wordpress.org\u002Fmolonidevteam\u002F","\u003Cp>O Moloni é um inovador software de faturação e POS online que inclui acesso a inúmeras ferramentas úteis e funcionais que permitem a cada empresa gerir a sua faturação, controlar stocks, automatizar processos e emitir documentos de forma rápida, simples e intuitiva.\u003C\u002Fp>\n\u003Cp>Certificado com o n.º 2860 da Autoridade Tributária, o Moloni está sempre atualizado e de acordo com a lei em vigor!\u003C\u002Fp>\n\u003Ch3>Através do plugin é possível:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sincronizar artigos e stocks entre as duas plataformas\u003C\u002Fli>\n\u003Cli>Emissão automática ou manual de documentos\u003C\u002Fli>\n\u003Cli>Selecionar o estado dos documentos emitidos\u003C\u002Fli>\n\u003Cli>Selecionar de uma grande variedade de tipos de documentos\u003C\u002Fli>\n\u003Cli>Selecionar o armazém de saída dos artigos\u003C\u002Fli>\n\u003Cli>Envio automático do documento para o cliente\u003C\u002Fli>\n\u003Cli>Criação automática de clientes e artigos\u003C\u002Fli>\n\u003Cli>Personalizar os seus detalhes de faturação\u003C\u002Fli>\n\u003Cli>Aceder aos documentos emitidos sem sair do WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Todo o suporte técnico e comercial dado aos utilizadores do plugin é prestado pela equipa de Apoio a Clientes do Moloni.\u003C\u002Fp>\n","Software de faturação inovador que se adapta ao seu negócio! Destinado a profissionais liberais, micro, pequenas e médias empresas.",2000,93890,96,6,"2025-12-22T12:46:00.000Z","6.7.5","4.6","7.2",[19,20],"invoicing","orders","https:\u002F\u002Fplugins.moloni.com\u002Fwoocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoloni.5.0.04.zip",99,1,0,"2024-07-11 00:00:00","2026-03-15T15:16:48.613Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":36,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":26,"updated_date":41,"references":42,"days_to_patch":44},"CVE-2024-38694","moloni-reflected-cross-site-scripting","Moloni \u003C= 4.7.4 - Reflected Cross-Site Scripting","The Moloni plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=4.7.4","4.8.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-07-17 13:39:31",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff80fef43-ffc4-4b9b-ae17-000d14281c43?source=api-prod",7,{"slug":46,"display_name":5,"profile_url":7,"plugin_count":47,"total_installs":48,"avg_security_score":23,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"molonidevteam",2,3000,11,93,"2026-04-04T05:23:21.030Z",[53,72,89,103,122],{"slug":54,"name":55,"version":56,"author":5,"author_profile":7,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":24,"last_updated":62,"tested_up_to":15,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":69,"download_link":70,"security_score":23,"vuln_count":24,"unpatched_count":25,"last_vuln_date":71,"fetched_at":27},"contribuinte-checkout","Contribuinte Checkout","2.0.04","\u003Cp>With this plugin you can add VAT and VIES support to your WooCommerce store. The VAT field will be saved as ‘_billing_vat’.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> this plugin requires WooCommerce 3.0.0 or higher.\u003Cbr \u002F>\n\u003Cstrong>Warning:\u003C\u002Fstrong> to enable and use VIES information you need to have SOAP extension enabled (SoapClient PHP class).\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Adds VAT field to billing form.\u003C\u002Fli>\n\u003Cli>Adds VAT field to outgoing email.\u003C\u002Fli>\n\u003Cli>Adds VAT field to checkout billing information.\u003C\u002Fli>\n\u003Cli>Adds VAT field to admin orders page.\u003C\u002Fli>\n\u003Cli>Change VAT field label and description.\u003C\u002Fli>\n\u003Cli>Validate Portuguese VAT numbers.\u003C\u002Fli>\n\u003Cli>Choose how to handle vat field validation errors.\u003C\u002Fli>\n\u003Cli>You can make VAT field required.\u003C\u002Fli>\n\u003Cli>You can add VIES information to admin order page, checkout and user billing page.\u003C\u002Fli>\n\u003Cli>Adds settings page under WooCommerce menu so you manage all the features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English.\u003C\u002Fli>\n\u003Cli>Portuguese.\u003C\u002Fli>\n\u003C\u002Ful>\n","With this plugin you can add VAT and VIES support to your WooCommerce store. The VAT field will be saved as '_billing_vat'.",1000,16804,100,"2025-05-19T10:50:00.000Z","5.0","5.6",[66,19,20,67,68],"customers","vat","woocommerce","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontribuinte-checkout.2.0.04.zip","2025-05-07 00:00:00",{"slug":73,"name":74,"version":75,"author":74,"author_profile":76,"description":77,"short_description":78,"active_installs":61,"downloaded":79,"rating":25,"num_ratings":25,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":64,"tags":83,"homepage":86,"download_link":87,"security_score":88,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"vendus","Vendus","2.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fvendus\u002F","\u003Cp>O Vendus é um Software de Faturação Online e POS, que permite faturar e controlar as suas vendas em segundos, através de funcionalidades simples, rápidas e intuitivas. Ideal para Profissionais Independentes e Negócios de sucesso, que procuram soluções tecnológicas robustas, acessíveis e com suporte gratuito e ilimitado. Software Certificado Nº 2230\u002FAT, 100% na Cloud e sempre atualizado, de acordo com a lei em vigor.\u003C\u002Fp>\n\u003Ch4>Funcionalidades\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Emissão de Faturas diretamente no Menu Encomendas do Woocommerce\u003C\u002Fli>\n\u003Cli>Criação de notas de crédito\u003C\u002Fli>\n\u003Cli>Consulta e download de faturas emitidas\u003C\u002Fli>\n\u003Cli>Envio do documento para o cliente via email\u003C\u002Fli>\n\u003Cli>Criação de Produtos com IVA diferenciado\u003C\u002Fli>\n\u003Cli>Criação e sincronização automática de produtos entre plataformas\u003C\u002Fli>\n\u003Cli>Validação automática de NIFs \u003C\u002Fli>\n\u003Cli>Sincronização do histórico de compras do Cliente entre plataformas\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A equipa de Suporte do Vendus presta apoio técnico a todos os utilizadores do plugin gratuitamente.\u003C\u002Fp>\n","Faturação 100% online, sem dores de cabeça e sem sair da sua loja online! Programa nº 2230 certificado pela AT a partir de 4€ \u002F mês.",5300,"2023-04-18T15:39:00.000Z","6.2.9","4.5",[84,85,19,20],"billing","invoice","https:\u002F\u002Fwww.vendus.pt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvendus.2.2.zip",85,{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":25,"num_ratings":25,"last_updated":99,"tested_up_to":100,"requires_at_least":63,"requires_php":17,"tags":101,"homepage":69,"download_link":102,"security_score":61,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"moloni-es","Moloni España","2.1.4","Moloni, lda","https:\u002F\u002Fprofiles.wordpress.org\u002Fmolonies\u002F","\u003Cp>Moloni is an innovative online billing and POS software that includes access to numerous useful and functional tools that allow each company to manage their billing, control stocks, automate processes and issue documents quickly, simply and intuitively.\u003C\u002Fp>\n\u003Cp>Moloni is always updated with the latest features and tax changes according to the law in Spain!\u003C\u002Fp>\n\u003Ch3>Through the plugin it is possible to:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Synchronize products and stocks between the two platforms\u003C\u002Fli>\n\u003Cli>Automatic or manual document issuance\u003C\u002Fli>\n\u003Cli>Select the status of issued documents\u003C\u002Fli>\n\u003Cli>Select from a wide variety of document types\u003C\u002Fli>\n\u003Cli>Select the outbound item warehouse\u003C\u002Fli>\n\u003Cli>Automatic sending of the document to the customer\u003C\u002Fli>\n\u003Cli>Automatic creation of customers and articles\u003C\u002Fli>\n\u003Cli>Customize your billing details\u003C\u002Fli>\n\u003Cli>Access issued documents without leaving WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All technical and commercial support given to users of the plugin is provided by the Moloni Customer Support team.\u003C\u002Fp>\n","Innovative billing software that fits your business.! Intended for professionals, micro, small and medium enterprises.",20,4879,"2025-07-24T10:05:00.000Z","6.8.5",[19,20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoloni-es.2.1.4.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":25,"num_ratings":25,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":120,"download_link":121,"security_score":88,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"marvinerp-api","Marvinerp","1.1.0","Ponto25","https:\u002F\u002Fprofiles.wordpress.org\u002Fponto25\u002F","\u003Cp>Com quase 20 anos de experiência, a PONTO 25 é uma empresa especializada no desenvolvimento de soluções informáticas.\u003C\u002Fp>\n\u003Cp>Através da utilização de tecnologias de informação interativas, a PONTO 25 disponibiliza um vasto leque de soluções de gestão desktop e na cloud para diversas áreas do mercado.\u003Cbr \u002F>\nSedeada em Braga, a PONTO 25 está presente em todo o país, Espanha, Moçambique, Angola, Brasil, Polónia e França.\u003C\u002Fp>\n\u003Cp>Certificado pela Autoridade Tributária sob o número 1539, o Marvinerp está sempre de acordo com a lei em vigor.\u003C\u002Fp>\n\u003Ch3>Através do plugin é possível:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sincronizar artigos e stocks entre as duas plataformas\u003C\u002Fli>\n\u003Cli>Emissão automática ou manual de documentos\u003C\u002Fli>\n\u003Cli>Seleccionar a secção da empresa.\u003C\u002Fli>\n\u003Cli>Criação automática de clientes e artigos\u003C\u002Fli>\n\u003Cli>Aceder aos documentos emitidos sem sair do WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Todo o suporte técnico e comercial dado aos utilizadores do plugin é prestado pela equipa de Apoio a Clientes do Marvinerp.\u003C\u002Fp>\n\u003Ch3>Legal Notice\u003C\u002Fh3>\n\u003Cp>Toda a informação legal está disponivel no nosso website ( https:\u002F\u002Fwww.ponto25.com\u002Fcookies ).\u003Cbr \u002F>\nEsta informação engloba todos os produtos da Ponto25.\u003C\u002Fp>\n","O Marvin ERP é um produto com a qualidade da PONTO 25 – informática lda.",10,4895,"2021-03-30T15:00:00.000Z","5.6.17","5.2","7.3",[118,119,19,20],"encomendas","faturacao","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmarvinerp-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmarvinerp-api.1.1.0.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":25,"downloaded":130,"rating":25,"num_ratings":25,"last_updated":131,"tested_up_to":132,"requires_at_least":63,"requires_php":69,"tags":133,"homepage":135,"download_link":136,"security_score":88,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"lh-woocommerce-invoicing","LH Woocommerce Invoicing","1.03","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>Ever wanted to create manual invoices with Woocommerce and use it to track payaments etc. Now you can. Simply:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Install the plugin\u003C\u002Fli>\n\u003Cli>Follow Patrick’s great tutorial here: \u003Ca href=\"https:\u002F\u002Fwww.speakinginbytes.com\u002F2014\u002F04\u002Fcreate-invoice-woocommerce\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.speakinginbytes.com\u002F2014\u002F04\u002Fcreate-invoice-woocommerce\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>and optionally modify the email subject, email heading, and add a message using the metabox provided by this plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is that easy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-woocommerce-invoicing\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-woocommerce-invoicing\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Adds membership functionality to LH Teams.",1274,"2022-07-31T02:57:00.000Z","6.0.11",[85,19,134,20,68],"order","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-woocommerce-invoicing\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-woocommerce-invoicing.zip",{"attackSurface":138,"codeSignals":254,"taintFlows":357,"riskAssessment":407,"analyzedAt":419},{"hooks":139,"ajaxHandlers":230,"restRoutes":249,"shortcodes":250,"cronEvents":251,"entryPointCount":13,"unprotectedCount":13},[140,147,151,155,159,164,170,174,176,178,183,188,193,198,201,204,209,214,218,221,226],{"type":141,"name":142,"callback":143,"priority":144,"file":145,"line":146},"action","wp_initialize_site","\\Moloni\\Activators\\Install::initializeSite",200,"moloni.php",54,{"type":141,"name":148,"callback":149,"priority":111,"file":145,"line":150},"wp_uninitialize_site","\\Moloni\\Activators\\Remove::uninitializeSite",55,{"type":141,"name":152,"callback":153,"file":145,"line":154},"plugins_loaded","anonymous",56,{"type":141,"name":156,"callback":157,"file":145,"line":158},"admin_enqueue_scripts","\\Moloni\\Scripts\\Enqueue::defines",57,{"type":141,"name":160,"callback":161,"file":162,"line":163},"woocommerce_order_details_after_customer_details","orderDetailsAfterCustomerDetails","src\\Hooks\\OrderDetails.php",32,{"type":165,"name":166,"callback":167,"priority":111,"file":168,"line":169},"filter","manage_woocommerce_page_wc-orders_columns","ordersListAddColumn","src\\Hooks\\OrderList.php",50,{"type":141,"name":171,"callback":172,"priority":111,"file":168,"line":173},"manage_woocommerce_page_wc-orders_custom_column","ordersListManageColumn",51,{"type":165,"name":175,"callback":167,"priority":111,"file":168,"line":154},"manage_edit-shop_order_columns",{"type":141,"name":177,"callback":172,"priority":111,"file":168,"line":158},"manage_shop_order_posts_custom_column",{"type":141,"name":179,"callback":180,"priority":23,"file":181,"line":182},"woocommerce_refund_created","woocommerceRefundCreated","src\\Hooks\\OrderRefunded.php",31,{"type":141,"name":184,"callback":185,"priority":111,"file":186,"line":187},"woocommerce_order_status_changed","orderStatusChanged","src\\Hooks\\OrderStatusChanged.php",29,{"type":141,"name":189,"callback":190,"file":191,"line":192},"add_meta_boxes","moloni_add_meta_box","src\\Hooks\\OrderView.php",34,{"type":141,"name":194,"callback":195,"file":196,"line":197},"woocommerce_update_product","productCreateUpdate","src\\Hooks\\ProductUpdate.php",35,{"type":141,"name":199,"callback":195,"file":196,"line":200},"woocommerce_update_product_variation",36,{"type":141,"name":189,"callback":190,"file":202,"line":203},"src\\Hooks\\ProductView.php",37,{"type":141,"name":205,"callback":206,"priority":111,"file":207,"line":208},"upgrader_process_complete","upgradeProcessComplete","src\\Hooks\\UpgradeProcess.php",19,{"type":141,"name":210,"callback":211,"file":212,"line":213},"before_woocommerce_init","beforeWoocommerceInit","src\\Hooks\\WoocommerceInitialize.php",22,{"type":141,"name":215,"callback":215,"file":216,"line":217},"admin_menu","src\\Menus\\Admin.php",21,{"type":141,"name":219,"callback":220,"file":216,"line":213},"admin_notices","\\Moloni\\Notice::showMessages",{"type":165,"name":222,"callback":223,"file":224,"line":225},"cron_schedules","\\Moloni\\Crons::addCronInterval","src\\Plugin.php",86,{"type":141,"name":227,"callback":228,"file":224,"line":229},"moloniProductsSync","\\Moloni\\Crons::productsSync",87,[231,236,239,242,244,246],{"action":232,"nopriv":233,"callback":232,"hasNonce":233,"hasCapCheck":233,"file":234,"line":235},"genInvoice",false,"src\\Hooks\\Ajax.php",27,{"action":237,"nopriv":233,"callback":237,"hasNonce":233,"hasCapCheck":233,"file":234,"line":238},"discardOrder",28,{"action":240,"nopriv":233,"callback":240,"hasNonce":233,"hasCapCheck":233,"file":234,"line":241},"toolsCreateWcProduct",30,{"action":243,"nopriv":233,"callback":243,"hasNonce":233,"hasCapCheck":233,"file":234,"line":182},"toolsUpdateWcStock",{"action":245,"nopriv":233,"callback":245,"hasNonce":233,"hasCapCheck":233,"file":234,"line":163},"toolsCreateMoloniProduct",{"action":247,"nopriv":233,"callback":247,"hasNonce":233,"hasCapCheck":233,"file":234,"line":248},"toolsUpdateMoloniStock",33,[],[],[252],{"hook":227,"callback":227,"file":224,"line":253},90,{"dangerousFunctions":255,"sqlUsage":256,"outputEscaping":300,"fileOperations":351,"externalRequests":351,"nonceChecks":25,"capabilityChecks":24,"bundledLibraries":352},[],{"prepared":257,"raw":208,"locations":258},18,[259,263,265,267,268,271,273,275,277,279,280,282,284,286,288,292,293,295,298],{"file":260,"line":261,"context":262},"src\\Activators\\Install.php",61,"$wpdb->query() with variable interpolation",{"file":260,"line":264,"context":262},73,{"file":260,"line":266,"context":262},83,{"file":260,"line":50,"context":262},{"file":269,"line":270,"context":262},"src\\Activators\\Remove.php",38,{"file":269,"line":272,"context":262},39,{"file":269,"line":274,"context":262},40,{"file":269,"line":276,"context":262},41,{"file":278,"line":200,"context":262},"src\\Activators\\Updater.php",{"file":278,"line":203,"context":262},{"file":278,"line":281,"context":262},42,{"file":278,"line":283,"context":262},43,{"file":278,"line":285,"context":262},103,{"file":278,"line":287,"context":262},126,{"file":289,"line":290,"context":291},"src\\Model.php",17,"$wpdb->get_row() with variable interpolation",{"file":289,"line":192,"context":262},{"file":289,"line":294,"context":262},82,{"file":289,"line":296,"context":297},154,"$wpdb->get_results() with variable interpolation",{"file":289,"line":299,"context":262},214,{"escaped":301,"rawEcho":302,"locations":303},366,26,[304,307,309,311,313,314,316,318,320,321,323,325,327,330,332,334,335,336,338,340,343,345,346,347,348,349],{"file":162,"line":305,"context":306},58,"raw output",{"file":168,"line":308,"context":306},109,{"file":168,"line":310,"context":306},111,{"file":191,"line":312,"context":306},94,{"file":191,"line":23,"context":306},{"file":191,"line":315,"context":306},113,{"file":191,"line":317,"context":306},145,{"file":319,"line":257,"context":306},"src\\Notice.php",{"file":319,"line":97,"context":306},{"file":322,"line":208,"context":306},"src\\Templates\\Containers\\Logs.php",{"file":322,"line":324,"context":306},160,{"file":322,"line":326,"context":306},168,{"file":328,"line":329,"context":306},"src\\Templates\\Containers\\MoloniProducts.php",53,{"file":328,"line":331,"context":306},62,{"file":328,"line":333,"context":306},84,{"file":328,"line":296,"context":306},{"file":328,"line":144,"context":306},{"file":337,"line":197,"context":306},"src\\Templates\\Containers\\PendingOrders.php",{"file":337,"line":339,"context":306},181,{"file":341,"line":342,"context":306},"src\\Templates\\Containers\\Settings.php",664,{"file":344,"line":329,"context":306},"src\\Templates\\Containers\\WcProducts.php",{"file":344,"line":331,"context":306},{"file":344,"line":333,"context":306},{"file":344,"line":296,"context":306},{"file":344,"line":144,"context":306},{"file":350,"line":302,"context":306},"src\\Templates\\Exceptions\\ExceptionError.php",3,[353],{"name":354,"version":355,"knownCves":356},"jQuery","3.6.4",[],[358,389,399],{"entryPoint":359,"graph":360,"unsanitizedCount":25,"severity":388},"\u003CLogs> (src\\Templates\\Containers\\Logs.php:0)",{"nodes":361,"edges":383},[362,366,371,375,377,381],{"id":363,"type":364,"label":365,"file":322,"line":272},"n0","source","$_GET['filter_date']",{"id":367,"type":368,"label":369,"file":322,"line":272,"wp_function":370},"n1","sink","echo() [XSS]","echo",{"id":372,"type":364,"label":373,"file":322,"line":374},"n2","$_GET['filter_message']",67,{"id":376,"type":368,"label":369,"file":322,"line":374,"wp_function":370},"n3",{"id":378,"type":364,"label":379,"file":322,"line":380},"n4","$_GET['filter_context']",75,{"id":382,"type":368,"label":369,"file":322,"line":380,"wp_function":370},"n5",[384,386,387],{"from":363,"to":367,"sanitized":385},true,{"from":372,"to":376,"sanitized":385},{"from":378,"to":382,"sanitized":385},"low",{"entryPoint":390,"graph":391,"unsanitizedCount":25,"severity":388},"\u003CMoloniProducts> (src\\Templates\\Containers\\MoloniProducts.php:0)",{"nodes":392,"edges":397},[393,395],{"id":363,"type":364,"label":394,"file":328,"line":49},"$_REQUEST (x3)",{"id":367,"type":368,"label":369,"file":328,"line":396,"wp_function":370},71,[398],{"from":363,"to":367,"sanitized":385},{"entryPoint":400,"graph":401,"unsanitizedCount":25,"severity":388},"\u003CWcProducts> (src\\Templates\\Containers\\WcProducts.php:0)",{"nodes":402,"edges":405},[403,404],{"id":363,"type":364,"label":394,"file":344,"line":49},{"id":367,"type":368,"label":369,"file":344,"line":396,"wp_function":370},[406],{"from":363,"to":367,"sanitized":385},{"summary":408,"deductions":409},"The Moloni plugin v5.0.04 exhibits a mixed security posture.  On the positive side, the code demonstrates good practices in output escaping, with 93% of outputs being properly escaped. Furthermore, the majority of SQL queries are handled using prepared statements, which is a significant strength in preventing SQL injection vulnerabilities. The absence of critical or high-severity taint analysis findings and the fact that all previously known vulnerabilities are patched are also positive indicators.\n\nHowever, there are significant security concerns. The plugin has a substantial attack surface with 6 AJAX handlers, all of which are unprotected and lack authentication checks. This is a critical oversight that could allow unauthenticated users to trigger arbitrary actions within the plugin. The complete absence of nonce checks on AJAX handlers exacerbates this risk. While the vulnerability history shows only one medium-severity CVE, and it's patched, the presence of an XSS vulnerability in the past, combined with the current lack of AJAX authentication, suggests a potential for similar vulnerabilities to be introduced or exploited if input is not properly validated and escaped on these unprotected AJAX endpoints.\n\nIn conclusion, while the Moloni plugin has strengths in its SQL query handling and output escaping, the unprotected AJAX endpoints represent a critical security weakness. The lack of authentication and nonce checks on these entry points creates a high risk of unauthorized access and potential exploitation. Addressing these unprotected AJAX handlers should be the highest priority.",[410,412,414,417],{"reason":411,"points":111},"6 unprotected AJAX handlers",{"reason":413,"points":111},"0 nonce checks on AJAX",{"reason":415,"points":416},"1 medium severity CVE (historical)",5,{"reason":418,"points":416},"49% SQL queries not using prepared statements","2026-03-16T18:38:37.965Z",{"wat":421,"direct":430},{"assetPaths":422,"generatorPatterns":425,"scriptPaths":426,"versionParams":427},[423,424],"\u002Fwp-content\u002Fplugins\u002Fmoloni\u002Fassets\u002Fcss\u002Fmoloni.min.css","\u002Fwp-content\u002Fplugins\u002Fmoloni\u002Fassets\u002Fjs\u002Fmoloni.min.js",[],[424],[428,429],"moloni\u002Fassets\u002Fcss\u002Fmoloni.min.css?ver=","moloni\u002Fassets\u002Fjs\u002Fmoloni.min.js?ver=",{"cssClasses":431,"htmlComments":432,"htmlAttributes":433,"restEndpoints":434,"jsGlobals":435,"shortcodeOutput":436},[],[],[],[],[],[]]