[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwlkG7lgFbGDp9iCkjJWzSU45Y2dh6SY9g-5QftgDINU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":14,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":57,"crawl_stats":36,"alternatives":64,"analysis":65,"fingerprints":462},"neon-product-designer-for-woocommerce","Neon Product Designer","2.2.0","vertim","https:\u002F\u002Fprofiles.wordpress.org\u002Fvertim\u002F","\u003Ch4>About the neon configurator\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Plugin site: \u003Ca href=\"https:\u002F\u002Fsignsdesigner.us\u002Fneon-channel-product-customizer-product?utm_source=wordpress.org&utm_medium=cpc&utm_campaign=Neon%20Product%20Designer\" rel=\"nofollow ugc\">neon-configurator.vertimcoders.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Overview\u003C\u002Fh4>\n\u003Cp>The best WooCommerce product customizer for neon signs.\u003C\u002Fp>\n\u003Cp>NPD allows you to extend your business of personalization of neon signs by offering you a configurator to allow your customers to customize online prior to order their custom neon sign. Easy and quick to set up.\u003C\u002Fp>\n\u003Cp>Our Woocommerce Neon Products Designer is built using WordPress best practices both on the front and the back end. This results in an efficient, robust and intuitive plugin. It’s works with any theme, including the default WordPress themes and the last Woocommerce version.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Custom TTF fonts support\u003C\u002Fli>\n\u003Cli>Custom colors palette for limited colors usage\u003C\u002Fli>\n\u003Cli>Translation ready\u003C\u002Fli>\n\u003Cli>Custom editor background\u003C\u002Fli>\n\u003Cli>Shortcode available\u003C\u002Fli>\n\u003Cli>Design data in cart\u003C\u002Fli>\n\u003Cli>Description tooltip \u003C\u002Fli>\n\u003Cli>Responsive and user-friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Configurable design dimensions with additional price\u003C\u002Fli>\n\u003Cli>Configurable Additional Options with additional price\u003C\u002Fli>\n\u003Cli>Edit design from cart\u003C\u002Fli>\n\u003Cli>Configurable more units for text size\u003C\u002Fli>\n\u003Cli>Configurable Font display\u003C\u002Fli>\n\u003Cli>And more available from custom job\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Live Demo\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemos.signsdesigner.us\u002Fncpc-live-demo?utm_source=wordpress.org&utm_medium=cpc&utm_campaign=Neon%20Product%20Designer\" rel=\"nofollow ugc\">DEMO CUSTOM NEON SIGN PRODUCT\u003C\u002Fa>.\u003C\u002Fp>\n","NPD is a WordPress\u002FWooCommerce plugin that helps you set up your online custom neon sign store, and receives orders from your customers.",50,5735,60,2,"2025-07-31T11:56:00.000Z","6.8.5","5.0","7.0",[20,21,22,23,24],"custom-neon","neon-product-configurator","neon-product-designer","neon-product-maker","neon-sign-designer","https:\u002F\u002Fneon-configurator.vertimcoders.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fneon-product-designer-for-woocommerce.2.2.0.zip",54,"2025-04-09 00:00:00","2026-03-15T15:16:48.613Z",[31,45],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-32565","neon-product-designer-unauthenticated-sql-injection","Neon Product Designer \u003C= 2.1.1 - Unauthenticated SQL Injection","The Neon Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=2.1.1","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-04-16 21:00:14",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3852cdf8-70f7-4eba-9083-def6e5299043?source=api-prod",{"id":46,"url_slug":47,"title":48,"description":49,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":50,"cvss_score":51,"cvss_vector":52,"vuln_type":41,"published_date":53,"updated_date":54,"references":55,"days_to_patch":36},"CVE-2025-22799","neon-product-designer-authenticated-contributor-sql-injection","Neon Product Designer \u003C= 2.1.1 - Authenticated (Contributor+) SQL Injection","The Neon Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","2025-01-13 00:00:00","2025-01-22 20:59:35",[56],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1531ed5e-cb47-447d-87dc-5a06a88073d5?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":58,"total_installs":59,"avg_security_score":60,"avg_patch_time_days":61,"trust_score":62,"computed_at":63},3,100,84,5,89,"2026-04-05T12:02:56.976Z",[],{"attackSurface":66,"codeSignals":279,"taintFlows":368,"riskAssessment":443,"analyzedAt":461},{"hooks":67,"ajaxHandlers":247,"restRoutes":266,"shortcodes":267,"cronEvents":276,"entryPointCount":277,"unprotectedCount":278},[68,74,77,79,82,85,87,91,94,96,98,100,103,105,108,111,113,115,118,120,123,126,128,131,134,137,140,143,146,149,152,155,158,160,162,165,168,171,173,175,177,180,183,185,188,190,192,195,197,200,203,206,209,212,215,218,220,225,231,233,236,238,243],{"type":69,"name":70,"callback":71,"file":72,"line":73},"action","plugins_loaded","anonymous","includes\\class-neon-product-designer.php",143,{"type":69,"name":75,"callback":71,"file":72,"line":76},"admin_enqueue_scripts",159,{"type":69,"name":75,"callback":71,"file":72,"line":78},160,{"type":69,"name":80,"callback":71,"file":72,"line":81},"admin_menu",161,{"type":69,"name":83,"callback":71,"file":72,"line":84},"init",162,{"type":69,"name":83,"callback":71,"file":72,"line":86},163,{"type":88,"name":89,"callback":71,"file":72,"line":90},"filter","upload_mimes",164,{"type":69,"name":92,"callback":71,"file":72,"line":93},"admin_notices",165,{"type":69,"name":92,"callback":71,"file":72,"line":95},166,{"type":69,"name":92,"callback":71,"file":72,"line":97},167,{"type":69,"name":92,"callback":71,"file":72,"line":99},168,{"type":88,"name":101,"callback":71,"file":72,"line":102},"wp_check_filetype_and_ext",169,{"type":69,"name":83,"callback":71,"file":72,"line":104},176,{"type":69,"name":106,"callback":71,"file":72,"line":107},"add_meta_boxes",177,{"type":69,"name":109,"callback":71,"file":72,"line":110},"save_post_npd-scenes",178,{"type":69,"name":83,"callback":71,"file":72,"line":112},183,{"type":69,"name":106,"callback":71,"file":72,"line":114},184,{"type":69,"name":116,"callback":71,"file":72,"line":117},"save_post_npd-colors-palette",185,{"type":69,"name":83,"callback":71,"file":72,"line":119},190,{"type":69,"name":121,"callback":71,"file":72,"line":122},"save_post_npd-config",191,{"type":69,"name":124,"callback":71,"file":72,"line":125},"save_post_product",192,{"type":69,"name":106,"callback":71,"file":72,"line":127},193,{"type":69,"name":129,"callback":71,"file":72,"line":130},"woocommerce_product_options_general_product_data",194,{"type":69,"name":132,"callback":71,"file":72,"line":133},"woocommerce_product_after_variable_attributes",195,{"type":88,"name":135,"callback":71,"file":72,"line":136},"get_user_option_meta-box-order_npd-config",196,{"type":69,"name":138,"callback":71,"file":72,"line":139},"admin_action_npd_duplicate_config",197,{"type":88,"name":141,"callback":71,"file":72,"line":142},"post_row_actions",198,{"type":69,"name":144,"callback":71,"file":72,"line":145},"woocommerce_save_product_variation",199,{"type":88,"name":147,"callback":71,"file":72,"line":148},"screen_layout_columns",200,{"type":88,"name":150,"callback":71,"file":72,"line":151},"get_user_option_screen_layout_npd-config",201,{"type":88,"name":153,"callback":71,"file":72,"line":154},"manage_edit-product_columns",205,{"type":69,"name":156,"callback":71,"file":72,"line":157},"manage_product_posts_custom_column",206,{"type":69,"name":124,"callback":71,"file":72,"line":159},207,{"type":69,"name":144,"callback":71,"file":72,"line":161},208,{"type":69,"name":163,"callback":71,"file":72,"line":164},"woocommerce_product_options_inventory_product_data",209,{"type":69,"name":166,"callback":71,"file":72,"line":167},"woocommerce_after_add_to_cart_button",212,{"type":69,"name":169,"callback":71,"file":72,"line":170},"wp_enqueue_scripts",229,{"type":69,"name":169,"callback":71,"file":72,"line":172},230,{"type":69,"name":83,"callback":71,"file":72,"line":174},232,{"type":69,"name":166,"callback":71,"file":72,"line":176},233,{"type":88,"name":178,"callback":71,"file":72,"line":179},"woocommerce_loop_add_to_cart_link",235,{"type":88,"name":181,"callback":71,"file":72,"line":182},"query_vars",238,{"type":88,"name":83,"callback":71,"file":72,"line":184},239,{"type":88,"name":186,"callback":71,"file":72,"line":187},"body_class",244,{"type":69,"name":83,"callback":71,"file":72,"line":189},247,{"type":88,"name":186,"callback":71,"file":72,"line":191},251,{"type":88,"name":193,"callback":71,"file":72,"line":194},"post_class",254,{"type":69,"name":83,"callback":71,"file":72,"line":196},257,{"type":69,"name":198,"callback":71,"file":72,"line":199},"woocommerce_order_item_meta_start",260,{"type":88,"name":201,"callback":71,"file":72,"line":202},"woocommerce_cart_item_thumbnail",271,{"type":88,"name":204,"callback":71,"file":72,"line":205},"woocommerce_cart_item_name",272,{"type":88,"name":207,"callback":71,"file":72,"line":208},"woocommerce_after_cart_item_name",273,{"type":69,"name":210,"callback":71,"file":72,"line":211},"woocommerce_after_order_itemmeta",275,{"type":69,"name":213,"callback":71,"file":72,"line":214},"woocommerce_checkout_create_order_line_item",277,{"type":69,"name":216,"callback":71,"file":72,"line":217},"woocommerce_before_calculate_totals",281,{"type":69,"name":198,"callback":71,"file":72,"line":219},284,{"type":88,"name":221,"callback":222,"file":223,"line":224},"kali_safe_style_css","closure","includes\\kali-admin-tools\\kali-admin-tools.php",958,{"type":88,"name":226,"callback":227,"priority":228,"file":229,"line":230},"woocommerce_in_cart_product_title","get_npd_data",10,"public\\class-neon-product-designer-public.php",297,{"type":88,"name":204,"callback":227,"priority":228,"file":229,"line":232},300,{"type":88,"name":234,"callback":227,"priority":228,"file":229,"line":235},"woocommerce_in_cart_product_thumbnail",305,{"type":88,"name":204,"callback":227,"priority":228,"file":229,"line":237},308,{"type":88,"name":239,"callback":240,"priority":241,"file":229,"line":242},"the_content","filter_content",99,319,{"type":69,"name":244,"callback":245,"priority":228,"file":229,"line":246},"wp_footer","display_code",381,[248,252,255,258,261,264],{"action":249,"nopriv":250,"callback":71,"hasNonce":250,"hasCapCheck":250,"file":72,"line":251},"npd_clean_dismiss_promo",false,171,{"action":253,"nopriv":250,"callback":71,"hasNonce":250,"hasCapCheck":250,"file":72,"line":254},"npd_clean_track_plugin_click",172,{"action":256,"nopriv":250,"callback":71,"hasNonce":250,"hasCapCheck":250,"file":72,"line":257},"npd_store_variation_attributes",263,{"action":256,"nopriv":259,"callback":71,"hasNonce":250,"hasCapCheck":250,"file":72,"line":260},true,264,{"action":262,"nopriv":250,"callback":71,"hasNonce":250,"hasCapCheck":250,"file":72,"line":263},"add_custom_design_to_cart",269,{"action":262,"nopriv":259,"callback":71,"hasNonce":250,"hasCapCheck":250,"file":72,"line":265},270,[],[268,272],{"tag":269,"callback":270,"file":229,"line":271},"npd-products","get_products_display",117,{"tag":273,"callback":274,"file":229,"line":275},"npd-editor","get_editor_shortcode_handler",118,[],8,6,{"dangerousFunctions":280,"sqlUsage":286,"outputEscaping":295,"fileOperations":61,"externalRequests":14,"nonceChecks":228,"capabilityChecks":363,"bundledLibraries":364},[281],{"fn":282,"file":283,"line":284,"context":285},"unserialize","includes\\functions.php",101,"$data     = unserialize( $npc_data );",{"prepared":58,"raw":58,"locations":287},[288,292,294],{"file":289,"line":290,"context":291},"admin\\class-npd-config.php",531,"$wpdb->get_results() with variable interpolation",{"file":283,"line":293,"context":291},24,{"file":229,"line":102,"context":291},{"escaped":296,"rawEcho":297,"locations":298},700,30,[299,303,305,307,309,311,314,316,317,319,322,324,326,329,330,333,336,338,339,340,342,344,346,348,350,352,355,358,360,361],{"file":300,"line":301,"context":302},"admin\\class-neon-product-designer-admin.php",435,"raw output",{"file":300,"line":304,"context":302},472,{"file":300,"line":306,"context":302},838,{"file":300,"line":308,"context":302},879,{"file":289,"line":310,"context":302},420,{"file":312,"line":313,"context":302},"admin\\class-npd-product.php",335,{"file":312,"line":315,"context":302},341,{"file":312,"line":315,"context":302},{"file":312,"line":318,"context":302},354,{"file":320,"line":321,"context":302},"includes\\class-npd-color.php",141,{"file":323,"line":275,"context":302},"includes\\class-npd-colors.php",{"file":323,"line":325,"context":302},123,{"file":327,"line":328,"context":302},"includes\\class-npd-design.php",56,{"file":327,"line":97,"context":302},{"file":331,"line":332,"context":302},"includes\\class-npd-editor.php",32,{"file":334,"line":335,"context":302},"includes\\class-npd-scenes.php",142,{"file":283,"line":337,"context":302},155,{"file":283,"line":139,"context":302},{"file":283,"line":151,"context":302},{"file":341,"line":97,"context":302},"includes\\npd-add-fonts.php",{"file":341,"line":343,"context":302},180,{"file":341,"line":345,"context":302},258,{"file":341,"line":347,"context":302},296,{"file":341,"line":349,"context":302},454,{"file":341,"line":351,"context":302},461,{"file":353,"line":354,"context":302},"includes\\skins\\default\\class-npd-skin-default.php",318,{"file":356,"line":357,"context":302},"includes\\vc-admin-utils.php",549,{"file":356,"line":359,"context":302},591,{"file":229,"line":142,"context":302},{"file":229,"line":362,"context":302},241,1,[365],{"name":366,"version":36,"knownCves":367},"Select2",[],[369,391,403,413,432],{"entryPoint":370,"graph":371,"unsanitizedCount":363,"severity":50},"display (includes\\skins\\default\\class-npd-skin-default.php:26)",{"nodes":372,"edges":388},[373,378,384,386],{"id":374,"type":375,"label":376,"file":353,"line":377},"n0","source","$_GET",282,{"id":379,"type":380,"label":381,"file":353,"line":382,"wp_function":383},"n1","sink","echo() [XSS]",289,"echo",{"id":385,"type":375,"label":376,"file":353,"line":377},"n2",{"id":387,"type":380,"label":381,"file":353,"line":354,"wp_function":383},"n3",[389,390],{"from":374,"to":379,"sanitized":259},{"from":385,"to":387,"sanitized":250},{"entryPoint":392,"graph":393,"unsanitizedCount":401,"severity":402},"npd_add_fonts (includes\\npd-add-fonts.php:6)",{"nodes":394,"edges":399},[395,398],{"id":374,"type":375,"label":396,"file":341,"line":397},"$_GET['error']",21,{"id":379,"type":380,"label":381,"file":341,"line":397,"wp_function":383},[400],{"from":374,"to":379,"sanitized":259},0,"low",{"entryPoint":404,"graph":405,"unsanitizedCount":401,"severity":402},"npd_edit_font (includes\\npd-add-fonts.php:120)",{"nodes":406,"edges":411},[407,409],{"id":374,"type":375,"label":376,"file":341,"line":408},122,{"id":379,"type":380,"label":381,"file":341,"line":410,"wp_function":383},136,[412],{"from":374,"to":379,"sanitized":259},{"entryPoint":414,"graph":415,"unsanitizedCount":401,"severity":402},"\u003Cnpd-add-fonts> (includes\\npd-add-fonts.php:0)",{"nodes":416,"edges":428},[417,418,419,420,421,425],{"id":374,"type":375,"label":396,"file":341,"line":397},{"id":379,"type":380,"label":381,"file":341,"line":397,"wp_function":383},{"id":385,"type":375,"label":376,"file":341,"line":408},{"id":387,"type":380,"label":381,"file":341,"line":410,"wp_function":383},{"id":422,"type":375,"label":423,"file":341,"line":424},"n4","$_POST (x5)",44,{"id":426,"type":380,"label":381,"file":341,"line":427,"wp_function":383},"n5",145,[429,430,431],{"from":374,"to":379,"sanitized":259},{"from":385,"to":387,"sanitized":259},{"from":422,"to":426,"sanitized":259},{"entryPoint":433,"graph":434,"unsanitizedCount":363,"severity":402},"\u003Cclass-npd-skin-default> (includes\\skins\\default\\class-npd-skin-default.php:0)",{"nodes":435,"edges":440},[436,437,438,439],{"id":374,"type":375,"label":376,"file":353,"line":377},{"id":379,"type":380,"label":381,"file":353,"line":382,"wp_function":383},{"id":385,"type":375,"label":376,"file":353,"line":377},{"id":387,"type":380,"label":381,"file":353,"line":354,"wp_function":383},[441,442],{"from":374,"to":379,"sanitized":259},{"from":385,"to":387,"sanitized":250},{"summary":444,"deductions":445},"The \"neon-product-designer-for-woocommerce\" plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping, with 96% of outputs properly handled, and employs nonce checks frequently, several significant concerns raise the risk profile.  The presence of 6 AJAX handlers without authentication checks represents a substantial attack surface, making it vulnerable to unauthorized actions. Furthermore, the use of the `unserialize` function, especially without proper input validation, is a known risky practice that could lead to remote code execution if exploited with malicious serialized data. The plugin's vulnerability history, with two currently unpatched CVEs including a high-severity SQL injection, is a strong indicator of recurring security weaknesses. The prevalence of SQL injection vulnerabilities in its history suggests a systemic issue with database query sanitization.",[446,449,452,454,456,459],{"reason":447,"points":448},"Unpatched High Severity CVEs",20,{"reason":450,"points":451},"Unpatched Medium Severity CVEs",15,{"reason":453,"points":228},"AJAX handlers without auth checks",{"reason":455,"points":277},"Use of dangerous function: unserialize",{"reason":457,"points":458},"SQL queries not using prepared statements",7,{"reason":460,"points":58},"Bundled libraries (Select2)","2026-03-16T21:55:00.323Z",{"wat":463,"direct":478},{"assetPaths":464,"generatorPatterns":472,"scriptPaths":473,"versionParams":474},[465,466,467,468,469,470,471],"\u002Fwp-content\u002Fplugins\u002Fneon-product-designer-for-woocommerce\u002Fincludes\u002Fkali-admin-tools\u002Fcss\u002Fkali-admin-ui.css","\u002Fwp-content\u002Fplugins\u002Fneon-product-designer-for-woocommerce\u002Fincludes\u002Fkali-admin-tools\u002Fcss\u002Fselect2.min.css","\u002Fwp-content\u002Fplugins\u002Fneon-product-designer-for-woocommerce\u002Fincludes\u002Fkali-admin-tools\u002Fjs\u002Fmodal\u002Fmodal.min.css","\u002Fwp-content\u002Fplugins\u002Fneon-product-designer-for-woocommerce\u002Fincludes\u002Fkali-admin-tools\u002Fjs\u002Fselect2.min.js","\u002Fwp-content\u002Fplugins\u002Fneon-product-designer-for-woocommerce\u002Fadmin\u002Fcss\u002Fneon-product-designer-admin.css","\u002Fwp-content\u002Fplugins\u002Fneon-product-designer-for-woocommerce\u002Fadmin\u002Fjs\u002Fneon-product-designer-admin.js","\u002Fwp-content\u002Fplugins\u002Fneon-product-designer-for-woocommerce\u002Fadmin\u002Fjs\u002Fnpd-free-promo.js",[],[],[475,476,477],"neon-product-designer-for-woocommerce\u002Fadmin\u002Fcss\u002Fneon-product-designer-admin.css?ver=","neon-product-designer-for-woocommerce\u002Fadmin\u002Fjs\u002Fneon-product-designer-admin.js?ver=","neon-product-designer-for-woocommerce\u002Fadmin\u002Fjs\u002Fnpd-free-promo.js?ver=",{"cssClasses":479,"htmlComments":481,"htmlAttributes":482,"restEndpoints":484,"jsGlobals":485,"shortcodeOutput":487},[480],"npd-add-to-cart",[],[483],"data-npd-product-id",[],[486],"NPD_URL",[488],"[npd_add_to_cart]"]