[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftUOWnE4KJBw7lXVTTWpOvtvq1UIi48nBt1xZ9QW8EFQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":119,"fingerprints":267},"onyxflo-watchdog","OnyxFlo Watchdog for WooCommerce","1.0.0","Seth Broder","https:\u002F\u002Fprofiles.wordpress.org\u002Fbroderconsulting\u002F","\u003Cp>OnyxFlo Watchdog quietly monitors your WooCommerce orders in the background and takes snapshots at key points in the order lifecycle (checkout, thank you page, and status changes). It then compares those snapshots to detect suspicious changes or data inconsistencies.\u003C\u002Fp>\n\u003Cp>OnyxFlo Watchdog uses a lightweight custom database table (\u003Ccode>{prefix}onyxflo_watchdog_snapshots\u003C\u002Fcode>) to store order snapshots. Uninstalling the plugin does not automatically delete existing snapshot data, so you can retain a historical audit log if needed.\u003C\u002Fp>\n\u003Cp>Examples of what OnyxFlo Watchdog can help catch:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Orders where the cart or subtotal has changed between checkout and payment.\u003C\u002Fli>\n\u003Cli>Orders that have been modified after payment but before fulfillment.\u003C\u002Fli>\n\u003Cli>Data mismatches caused by buggy plugins, imports, or external integrations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a potential issue is found:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The order is changed to a custom status: \u003Cstrong>Watchdog Flagged\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>A clear warning notice appears on the order screen in wp-admin.\u003C\u002Fli>\n\u003Cli>(Optional) An email alert can be sent to a configured address.\u003C\u002Fli>\n\u003Cli>A snapshot history is stored so you can see what changed and when.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is aimed at stores that care about data integrity and want an extra layer of safety before orders are shipped or refunded.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Order snapshots\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically logs snapshots of WooCommerce orders at:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout (classic and block checkout)\u003C\u002Fli>\n\u003Cli>Thank you page\u003C\u002Fli>\n\u003Cli>Order status changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Mismatch detection\u003C\u002Fstrong>\u003Cbr \u002F>\nCompares snapshots to detect:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cart changes (items added\u002Fremoved\u002Fquantities changed)\u003C\u002Fli>\n\u003Cli>Subtotal changes over a tolerance threshold\u003C\u002Fli>\n\u003Cli>(Extensible for more rules later)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom order status: “Watchdog Flagged”\u003C\u002Fstrong>\u003Cbr \u002F>\nSuspicious orders are moved into a dedicated status:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Highlighted in the admin order list\u003C\u002Fli>\n\u003Cli>Clearly labeled so your team knows to review before fulfilling\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Snapshot viewer\u003C\u002Fstrong>\u003Cbr \u002F>\nView the snapshot history for a given order directly in wp-admin to see what changed over time.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Logging\u003C\u002Fstrong>\u003Cbr \u002F>\nOptional file logging for debugging and audit trails, stored inside the WordPress uploads directory (\u003Ccode>\u002Fwp-content\u002Fuploads\u002Fonyxflo-watchdog\u002F\u003C\u002Fcode>).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Lightweight and focused\u003C\u002Fstrong>\u003Cbr \u002F>\nNo bloat, no marketing overlays, no tracking. Just tools to help you protect your orders.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce (latest major version recommended)\u003C\u002Fli>\n\u003Cli>WordPress 5.8+\u003C\u002Fli>\n\u003Cli>PHP 7.4+ (PHP 8.x supported)\u003C\u002Fli>\n\u003C\u002Ful>\n","Monitors WooCommerce orders for changes or mismatches and automatically flags suspicious orders to help ensure accuracy and prevent errors.",0,104,"2025-12-11T20:35:00.000Z","6.9.4","5.8","7.4",[18,19,20,21,22],"logging","monitoring","orders","security","woocommerce","https:\u002F\u002Fonyxflo.com\u002Fplugins\u002Fonyxflo-watchdog","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonyxflo-watchdog.1.0.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"broderconsulting",1,30,94,"2026-04-04T16:11:21.146Z",[36,56,73,87,105],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"simple-ip-logger","Simple IP Logger","1.0.1","ネトデジ編集部","https:\u002F\u002Fprofiles.wordpress.org\u002Fminikuru\u002F","\u003Cp>Simple IP Logger is a lightweight WordPress plugin that lets you:\u003Cbr \u002F>\n– Log visitor IP addresses when accessing specific pages or all pages\u003Cbr \u002F>\n– View logs with access date\u002Ftime, IP address, post ID, and referer\u003Cbr \u002F>\n– Set target post IDs to monitor\u003Cbr \u002F>\n– Exclude IPs such as admin\u002Fstaff from being logged\u003Cbr \u002F>\n– Check logs from the admin screen with pagination and filters\u003Cbr \u002F>\n– View access statistics by unique IPs and access counts\u003Cbr \u002F>\n– Use asynchronous logging via Ajax for performance\u003C\u002Fp>\n\u003Cp>This plugin is useful for confirming actual visits from ads (e.g. Google Ads), detecting suspicious access patterns, or simply tracking visitor behavior without user accounts.\u003C\u002Fp>\n\u003Cp>No external tracking, no bloat – just simple, self-hosted logging.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>日本語による説明：\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Simple IP Logger（シンプルIPロガー）は、特定のページまたは全ページへのアクセスIPを記録・可視化できる軽量なWordPressプラグインです。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>投稿・固定ページのアクセスIPを記録\u003C\u002Fli>\n\u003Cli>記録された日時・IP・投稿ID・リファラーを管理画面で一覧表示\u003C\u002Fli>\n\u003Cli>特定の投稿IDのみ記録する、除外IPを設定する、など柔軟なログ管理が可能\u003C\u002Fli>\n\u003Cli>Google広告などの広告流入が「実際にあったかどうか」も確認できます\u003C\u002Fli>\n\u003Cli>Ajaxによる軽量な記録方式で、ユーザーの表示速度に影響を与えません\u003C\u002Fli>\n\u003Cli>IP別アクセス統計も管理画面から確認可能\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>使いやすく、かつ自己完結型でプライバシーを重視した設計です。\u003C\u002Fp>\n","ページ単位でアクセスIPアドレスを記録する軽量プラグイン。アクセス傾向の監視、不要なIPのフィルタリング、広告トラフィックの検証に役立ちます。",40,468,"2025-04-20T10:47:00.000Z","6.8.5","5.6","7.2",[51,52,19,21,53],"analytics","ip-logging","statistics","https:\u002F\u002Fminikuru.co.jp\u002Fproducts-tools\u002Fwordpress-plugins\u002Fsimple-ip-logger\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-ip-logger.1.0.1.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":11,"num_ratings":11,"last_updated":66,"tested_up_to":47,"requires_at_least":67,"requires_php":16,"tags":68,"homepage":71,"download_link":72,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"nis2-compliance","NIS2 Compliance","1.5.2","Babini Mazzari","https:\u002F\u002Fprofiles.wordpress.org\u002Fbabinimazzari\u002F","\u003Cp>NIS2 provides activity logging, file integrity monitoring, access protection and vulnerability scanning to help sites comply with the EU NIS2 directive.\u003C\u002Fp>\n\u003Ch3>NIS2 Compliance: The 1st WordPress NIS2 Plugin\u003C\u002Fh3>\n\u003Cp>NIS2 is the second iteration of the EU’s Network and Information Security (NIS) directive, a primary cybersecurity law that expands the scope of the original NIS directive to cover more sectors and entities, such as energy, transport, banking, healthcare, and digital infrastructure.\u003C\u002Fp>\n\u003Cp>The directive mandates stricter security requirements, includes supply chain security, and assigns personal accountability to management for non-compliance.\u003C\u002Fp>\n\u003Ch3>Quick and easy setup\u003C\u002Fh3>\n\u003Cp>Choose which modules you want to enable, configure their settings and start monitoring your site in minutes.\u003C\u002Fp>\n\u003Cp>Available modules are:\u003Cbr \u002F>\n– \u003Cstrong>Activity Logger:\u003C\u002Fstrong> logs important events such as user logins, content changes, plugin\u002Ftheme installations and more.\u003Cbr \u002F>\n– \u003Cstrong>File Integrity Monitoring:\u003C\u002Fstrong> monitors core WordPress files, themes and plugins for unauthorized changes.\u003Cbr \u002F>\n– \u003Cstrong>Access Protection:\u003C\u002Fstrong> protects login and admin pages with Google reCAPTCHA v2 and limits access\u003Cbr \u002F>\n– \u003Cstrong>Vulnerability Scanner:\u003C\u002Fstrong> scans installed plugins and themes for known vulnerabilities using the WPScan database.\u003Cbr \u002F>\n– \u003Cstrong>Compliance Checklist:\u003C\u002Fstrong> provides a checklist of security best practices to help you improve your site’s security posture\u003C\u002Fp>\n\u003Ch3>Third party services\u003C\u002Fh3>\n\u003Cp>This plugin relies on the following third-party\u002Fexternal services:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong>\u003Cbr \u002F>\nUsed to protect the WordPress login forms against automated abuse and spam.\u003Cbr \u002F>\n– Data sent: when a user interacts with the login form, the plugin loads the reCAPTCHA JavaScript API and sends the user’s IP address and form interaction data to Google’s reCAPTCHA service in order to validate the request.\u003Cbr \u002F>\n– Service provider: Google LLC\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fwww.google.com\u002Fintl\u002Fen\u002Fpolicies\u002Fterms\u002F\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>IP-API.com\u003C\u002Fstrong>\u003Cbr \u002F>\nUsed to perform basic geolocation based on the visitor’s IP address (e.g., country, city, ISP).\u003Cbr \u002F>\n– Data sent: the visitor’s public IP address is queried against the ip-api.com service. No additional personal or sensitive data is transmitted.\u003Cbr \u002F>\n– Service provider: IP-API.com\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\u003C\u002Fp>\n\u003Ch3>F.A.Q.\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Does the plugin conflict with security plugins?\u003C\u002Fstrong>\u003Cbr \u002F>\nNo. NIS2 detects other popular security plugins and integrates with them when possible.\u003C\u002Fp>\n","A comprehensive security compliance plugin implementing logging, monitoring and vulnerability management features.",10,575,"2025-12-18T00:49:00.000Z","6.0",[69,18,19,21,70],"compliance","vulnerability","https:\u002F\u002Fnis2.babinimazzari.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnis2-compliance.1.5.2.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":11,"downloaded":81,"rating":25,"num_ratings":31,"last_updated":82,"tested_up_to":47,"requires_at_least":15,"requires_php":83,"tags":84,"homepage":83,"download_link":86,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"fake-order-blocker-for-woocommerce","Fake Order Blocker for WooCommerce","1.0.6","gabrielh21","https:\u002F\u002Fprofiles.wordpress.org\u002Fgabrielh21\u002F","\u003Cp>Helps prevent fake\u002Fspam WooCommerce orders using a decoy product approach plus basic product\u002Fcart protections. Simple admin screen under WooCommerce.\u003C\u002Fp>\n","Helps prevent fake\u002Fspam WooCommerce orders using a decoy product approach plus basic product\u002Fcart protections. Simple admin screen under WooCommerce.",166,"2025-11-13T20:20:00.000Z","",[20,21,85,22],"spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffake-order-blocker-for-woocommerce.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":11,"downloaded":95,"rating":11,"num_ratings":11,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":83,"download_link":103,"security_score":104,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"sales-health-monitor-for-woocommerce","Sales Health Monitor for WooCommerce","0.9.1","itgoldman","https:\u002F\u002Fprofiles.wordpress.org\u002Fitgoldman\u002F","\u003Cp>Sales Health Monitor for WooCommerce is an essential tool for store owners seeking to keep a close eye on their sales performance. This plugin allows you to set expectations for your order volume and receive alerts if your sales don’t meet those expectations. An external server monitors your website and sends email notifications if the order count falls below your specified limits.\u003C\u002Fp>\n\u003Cp>Key features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set a custom threshold for expected number of orders in a specified time frame\u003C\u002Fli>\n\u003Cli>Receive email notifications when sales fall below your threshold\u003C\u002Fli>\n\u003Cli>Easy-to-use settings page in the WordPress admin area\u003C\u002Fli>\n\u003Cli>Seamless integration with WooCommerce\u003C\u002Fli>\n\u003Cli>Hourly monitoring by an external server\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>Sales Health Monitor for WooCommerce is designed with your privacy in mind. The plugin only shares the site URL and aggregated order data (number of orders within a time frame) with the external monitoring service at https:\u002F\u002Fsales-health-monitor.itgoldman.com. No personal customer information or order details are transmitted.\u003C\u002Fp>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cp>Sales Health Monitor for WooCommerce is provided as-is, without any guarantees or warranties of any kind. While we strive to ensure the plugin operates efficiently and reliably, we do not take responsibility for any issues that may arise in mission-critical environments, such as e-commerce stores. Users are advised to thoroughly test the plugin in their environments before relying on it for business-critical operations. Use of this plugin is at your own risk.\u003C\u002Fp>\n","Effortlessly monitor your WooCommerce store's performance and receive timely email alerts when your sales fall below defined thresholds.",775,"2024-09-28T09:38:00.000Z","6.6.5","5.0","5.4",[101,19,102,20,22],"e-commerce","notifications","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsales-health-monitor-for-woocommerce.0.9.1.zip",92,{"slug":106,"name":107,"version":6,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":11,"downloaded":112,"rating":11,"num_ratings":11,"last_updated":113,"tested_up_to":47,"requires_at_least":15,"requires_php":16,"tags":114,"homepage":117,"download_link":118,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"sochq-log-agent","SOCHQ AI Log Agent","cyberneticsplus","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberneticsplus\u002F","\u003Cp>\u003Cstrong>SOCHQ Log Agent\u003C\u002Fstrong> collects lightweight PHP request telemetry from your WordPress site and periodically ships it as JSON to your HTTPS Webhook. Designed for minimal footprint and simple setup: paste a Webhook URL and you’re set.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Ownership\u002FTrademark:\u003C\u002Fstrong> SOCHQ is a product of \u003Cstrong>Cyberneticsplus Services Pvt. Ltd.\u003C\u002Fstrong> (https:\u002F\u002Fcyberneticsplus.com). Service homepage: https:\u002F\u002Fsochq.com\u002F\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Batched delivery\u003C\u002Fstrong> via WP-Cron (default: every 15 minutes).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimal fields by default\u003C\u002Fstrong> to reduce sensitivity and payload size.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Webhook URL\u003C\u002Fstrong> (HTTPS required).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Graceful failures\u003C\u002Fstrong>: queues and retries when delivery fails.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Opt-out fields\u003C\u002Fstrong>: ability to disable optional fields if present in settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What data is sent?\u003C\u002Fh3>\n\u003Cp>By default, the plugin aims to send low-sensitivity request telemetry such as:\u003Cbr \u002F>\n– Timestamp, HTTP method, request URI\u002Fpath, response status code\u003Cbr \u002F>\n– Execution time (ms) and memory usage (if available)\u003Cbr \u002F>\n– Site identifier (non-PII, e.g., hashed home URL)\u003Cbr \u002F>\n– Optional: user agent, referrer, client IP (can be disabled)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Exact fields depend on your configuration and the plugin settings available in your version. Review your settings before enabling optional fields.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Security & performance\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Uses \u003Cstrong>HTTPS\u003C\u002Fstrong> for outbound webhook calls.\u003C\u002Fli>\n\u003Cli>Sends \u003Cstrong>batched\u003C\u002Fstrong> JSON to reduce overhead.\u003C\u002Fli>\n\u003Cli>Non-blocking operation—collection is lightweight and scheduled via WP-Cron.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin can send site telemetry to an external endpoint you control. Configure it to avoid personal data unless you have a lawful basis and have disclosed it to users. For your privacy policy, disclose:\u003Cbr \u002F>\n– What you collect (telemetry fields),\u003Cbr \u002F>\n– Why you collect it,\u003Cbr \u002F>\n– Where you send it (your Webhook),\u003Cbr \u002F>\n– How long you retain it.\u003C\u002Fp>\n\u003Cp>Cyberneticsplus Services Pvt. Ltd. product site: https:\u002F\u002Fsochq.com\u003Cbr \u002F>\nCompany site: https:\u002F\u002Fcyberneticsplus.com\u003C\u002Fp>\n\u003Ch3>Ownership and Trademark\u003C\u002Fh3>\n\u003Cp>SOCHQ is a product of \u003Cstrong>Cyberneticsplus Services Pvt. Ltd.\u003C\u002Fstrong> (https:\u002F\u002Fcyberneticsplus.com). This is an official plugin authored and maintained by Cyberneticsplus.\u003C\u002Fp>\n","Capture PHP request telemetry and ship JSON batches to your HTTPS webhook every 15 minutes. Minimal setup: set a Webhook URL.",201,"2025-09-02T09:12:00.000Z",[115,116,18,19,21],"ai-security","log-analysis","https:\u002F\u002Fsochq.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsochq-log-agent.1.0.0.zip",{"attackSurface":120,"codeSignals":185,"taintFlows":215,"riskAssessment":254,"analyzedAt":266},{"hooks":121,"ajaxHandlers":181,"restRoutes":182,"shortcodes":183,"cronEvents":184,"entryPointCount":11,"unprotectedCount":11},[122,128,131,135,140,144,148,152,156,161,165,169,173,177],{"type":123,"name":124,"callback":125,"file":126,"line":127},"action","admin_menu","add_menu","admin\\class-onyxflo-watchdog-admin-menu.php",9,{"type":123,"name":129,"callback":130,"file":126,"line":64},"admin_init","register_settings",{"type":123,"name":132,"callback":133,"file":126,"line":134},"admin_enqueue_scripts","enqueue_admin_assets",11,{"type":136,"name":137,"callback":138,"file":139,"line":134},"filter","wc_order_statuses","add_status_to_list","includes\\class-onyxflo-watchdog-order-status.php",{"type":136,"name":141,"callback":142,"file":139,"line":143},"request","include_status_in_all_orders",12,{"type":123,"name":145,"callback":146,"file":139,"line":147},"pre_get_posts","force_status_in_query",13,{"type":123,"name":149,"callback":150,"file":139,"line":151},"admin_head","admin_css",14,{"type":123,"name":153,"callback":154,"file":139,"line":155},"admin_notices","admin_notice_for_flagged",15,{"type":123,"name":157,"callback":158,"priority":64,"file":159,"line":160},"woocommerce_checkout_create_order","on_order_created","includes\\class-onyxflo-watchdog.php",32,{"type":123,"name":162,"callback":163,"priority":64,"file":159,"line":164},"woocommerce_store_api_checkout_order_processed","on_order_created_block",35,{"type":123,"name":166,"callback":167,"priority":64,"file":159,"line":168},"woocommerce_thankyou","on_order_processed",37,{"type":123,"name":170,"callback":171,"priority":64,"file":159,"line":172},"woocommerce_order_status_changed","on_order_status_changed",38,{"type":123,"name":174,"callback":174,"file":175,"line":176},"init","onyxflo-watchdog.php",22,{"type":123,"name":178,"callback":179,"file":175,"line":180},"plugins_loaded","bootstrap",25,[],[],[],[],{"dangerousFunctions":186,"sqlUsage":187,"outputEscaping":190,"fileOperations":212,"externalRequests":11,"nonceChecks":31,"capabilityChecks":213,"bundledLibraries":214},[],{"prepared":188,"raw":11,"locations":189},6,[],{"escaped":191,"rawEcho":127,"locations":192},44,[193,196,198,200,202,204,206,208,210],{"file":126,"line":194,"context":195},222,"raw output",{"file":126,"line":197,"context":195},239,{"file":126,"line":199,"context":195},243,{"file":126,"line":201,"context":195},257,{"file":126,"line":203,"context":195},309,{"file":126,"line":205,"context":195},312,{"file":126,"line":207,"context":195},323,{"file":139,"line":209,"context":195},95,{"file":139,"line":211,"context":195},96,2,3,[],[216,243],{"entryPoint":217,"graph":218,"unsanitizedCount":11,"severity":242},"render_snapshots_page (admin\\class-onyxflo-watchdog-admin-menu.php:266)",{"nodes":219,"edges":238},[220,225,231,233],{"id":221,"type":222,"label":223,"file":126,"line":224},"n0","source","$_GET",289,{"id":226,"type":227,"label":228,"file":126,"line":229,"wp_function":230},"n1","sink","get_results() [SQLi]",298,"get_results",{"id":232,"type":222,"label":223,"file":126,"line":224},"n2",{"id":234,"type":227,"label":235,"file":126,"line":236,"wp_function":237},"n3","echo() [XSS]",324,"echo",[239,241],{"from":221,"to":226,"sanitized":240},true,{"from":232,"to":234,"sanitized":240},"low",{"entryPoint":244,"graph":245,"unsanitizedCount":11,"severity":242},"\u003Cclass-onyxflo-watchdog-admin-menu> (admin\\class-onyxflo-watchdog-admin-menu.php:0)",{"nodes":246,"edges":251},[247,248,249,250],{"id":221,"type":222,"label":223,"file":126,"line":224},{"id":226,"type":227,"label":228,"file":126,"line":229,"wp_function":230},{"id":232,"type":222,"label":223,"file":126,"line":224},{"id":234,"type":227,"label":235,"file":126,"line":236,"wp_function":237},[252,253],{"from":221,"to":226,"sanitized":240},{"from":232,"to":234,"sanitized":240},{"summary":255,"deductions":256},"The onyxflo-watchdog v1.0.0 plugin demonstrates a strong security posture based on the provided static analysis. The absence of any recorded vulnerabilities in its history is a significant positive indicator, suggesting mature development practices or a lack of past issues.  The code analysis reveals a complete lack of external entry points such as AJAX handlers, REST API routes, and shortcodes that are not protected by authentication. Furthermore, all SQL queries utilize prepared statements, and a good majority of output is properly escaped, mitigating common injection and cross-site scripting risks. The presence of nonce and capability checks, while limited, also contributes to a more secure foundation.\n\nDespite the overall positive findings, there are minor areas for attention. The plugin performs file operations and makes external HTTP requests, which, while not inherently insecure, could become vectors if not handled with extreme care in future development.  The taint analysis shows zero flows with unsanitized paths, which is excellent, but the low total number of flows analyzed (2) might mean that certain code paths were not thoroughly tested. The relatively low percentage of properly escaped output (83%) indicates a small but present risk of XSS vulnerabilities that would need further investigation. Overall, the plugin appears to be developed with security in mind, but like any software, continuous vigilance and thorough testing remain paramount.",[257,260,262,264],{"reason":258,"points":259},"83% output escaping, potential for XSS",5,{"reason":261,"points":212},"File operations present, needs careful handling",{"reason":263,"points":212},"External HTTP requests present, needs careful handling",{"reason":265,"points":31},"Low number of taint flows analyzed","2026-03-17T06:51:23.117Z",{"wat":268,"direct":275},{"assetPaths":269,"generatorPatterns":271,"scriptPaths":272,"versionParams":273},[270],"\u002Fwp-content\u002Fplugins\u002Fonyxflo-watchdog\u002Fassets\u002Fcss\u002Fadmin.css",[],[],[274],"onyxflo-watchdog\u002Fassets\u002Fcss\u002Fadmin.css?ver=",{"cssClasses":276,"htmlComments":279,"htmlAttributes":280,"restEndpoints":285,"jsGlobals":286,"shortcodeOutput":287},[277,278],"onyxflo-toggle-switch","slider",[],[281,282,283,284],"name=\"onyxflo_enable_cart_check\"","name=\"onyxflo_auto_hold\"","name=\"onyxflo_email\"","class=\"onyxflo-toggle-switch\"",[],[],[]]