[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fju56zqkN13fOuac882AcR7FMNn9-7EIIrzLE0ymGtiU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":80,"crawl_stats":36,"alternatives":88,"analysis":89,"fingerprints":587},"passwords-manager","Passwords Manager","1.5.2","JC","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoder426\u002F","\u003Cp>Passwords Manager wordpress plugin let you to store different passwords at one place. Passwords are stored in WordPress database in encrypted form so no one can see them. Passwords can also be categorized if you have multiple passwords. This plugin uses advanced encryption standard AES – 128 and you can define your encryption key at the time of installation of plugin.\u003C\u002Fp>\n\u003Cp>Watch this video to see how the plugin works:\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FB9NvLynWueU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>New Features of Passwords Manager 1.5.2 includes:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Category Color field for each category name.\u003C\u002Fli>\n\u003Cli>Clone the existing Password Record in the Passwords section.\u003C\u002Fli>\n\u003Cli>Improved Mobile Responsive User Interface.\u003C\u002Fli>\n\u003Cli>New Feature to add Sample Data in Import Section.\u003C\u002Fli>\n\u003Cli>Translations added for following languages:\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Hindi\u003C\u002Fli>\n\u003Cli>Japanese\u003C\u002Fli>\n\u003Cli>Portuguese\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key features of this plugin include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ability to store all passwords at once place.\u003C\u002Fli>\n\u003Cli>Bootstrap based UI for managing all passwords.\u003C\u002Fli>\n\u003Cli>All passwords are encrypted.\u003C\u002Fli>\n\u003Cli>Passwords can be differentiated based on different categories.\u003C\u002Fli>\n\u003Cli>Datatables to list all passwords and categories. \u003C\u002Fli>\n\u003Cli>Export \u002F Import all passwords. \u003C\u002Fli>\n\u003Cli>Use shortcode to share passwords table on any wordpress page. \u003C\u002Fli>\n\u003Cli>Added URL field in passwords form\u003C\u002Fli>\n\u003C\u002Ful>\n","Passwords Manager wordpress plugin let you to store different passwords at one place. Passwords are stored in Wordpress database in encrypted form so  &hellip;",100,6650,5,"2025-04-15T11:33:00.000Z","6.8.5","6.3","7.4",[19,20,21,4,22],"passwords-collection","passwords-inventory","passwords-management-system","passwords-storage-system","https:\u002F\u002Fplugins.hirewebxperts.com\u002Fpasswords-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpasswords-manager.1.5.2.zip",95,4,0,"2025-01-15 21:19:19","2026-03-15T15:16:48.613Z",[31,47,55,65],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-12613","passwords-manager-unauthenticated-sql-injection","Passwords Manager \u003C= 1.4.8 - Unauthenticated SQL Injection","The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.4.8","1.5.1","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-01-16 09:39:16",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdec38992-a69f-4ccd-a23b-4dd1639897c3?source=api-prod",1,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":52,"updated_date":43,"references":53,"days_to_patch":46},"CVE-2024-12614","passwords-manager-missing-authorization-to-authenticated-subscriber-add-password-update-encryption-key","Passwords Manager \u003C= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key","The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords.","2025-01-15 00:00:00",[54],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F898c5554-fd02-47a2-a1f9-1c488cfab57e?source=api-prod",{"id":56,"url_slug":57,"title":58,"description":59,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":60,"cvss_score":61,"cvss_vector":62,"vuln_type":42,"published_date":52,"updated_date":43,"references":63,"days_to_patch":46},"CVE-2024-12615","passwords-manager-authenticated-subscriber-sql-injection","Passwords Manager \u003C= 1.4.8 - Authenticated (Subscriber+) SQL Injection","The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N",[64],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fce8397d5-6637-4faa-be1f-9cf52c25be9b?source=api-prod",{"id":66,"url_slug":67,"title":68,"description":69,"plugin_slug":4,"theme_slug":36,"affected_versions":70,"patched_in_version":71,"severity":60,"cvss_score":72,"cvss_vector":73,"vuln_type":74,"published_date":75,"updated_date":76,"references":77,"days_to_patch":79},"WF-7c4ceb2e-c718-43e2-bb7b-ab0404271134-passwords-manager","passwords-manager-cross-site-scripting-via-pwdmscsvcategory-parameter","Passwords Manager \u003C= 1.4.4 - Cross-Site Scripting via pwdms_csv_category parameter","The Passwords Manager plugin is vulnerable to Cross-Site scripting via the pwdms_csv_category parameter in versions up to, and including, 1.4.4 due to insufficient sanitization and escaping. This makes it possible for administrators to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.4.4","1.4.5",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-05-21 00:00:00","2024-01-22 19:56:02",[78],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7c4ceb2e-c718-43e2-bb7b-ab0404271134?source=api-prod",612,{"slug":81,"display_name":7,"profile_url":8,"plugin_count":82,"total_installs":83,"avg_security_score":84,"avg_patch_time_days":85,"trust_score":86,"computed_at":87},"coder426",8,5020,99,183,78,"2026-04-04T06:47:32.781Z",[],{"attackSurface":90,"codeSignals":199,"taintFlows":414,"riskAssessment":574,"analyzedAt":586},{"hooks":91,"ajaxHandlers":140,"restRoutes":191,"shortcodes":192,"cronEvents":197,"entryPointCount":198,"unprotectedCount":27},[92,98,102,107,112,117,121,124,129,132,135],{"type":93,"name":94,"callback":95,"file":96,"line":97},"filter","mce_external_plugins","pwdms_add_tinymce_plugin","include\\pms-front-shortcode.php",13,{"type":93,"name":99,"callback":100,"file":96,"line":101},"mce_buttons","pwdms_register_mce_button",14,{"type":103,"name":104,"callback":105,"file":96,"line":106},"action","admin_head","pwdms_add_mce",17,{"type":103,"name":108,"callback":109,"file":110,"line":111},"admin_menu","pms_cat_menu","include\\pms-functions.php",6,{"type":103,"name":113,"callback":114,"file":115,"line":116},"admin_enqueue_scripts","pwdms_add_admin_scripts","include\\pms-srcipts-styles.php",82,{"type":103,"name":118,"callback":119,"file":115,"line":120},"wp_enqueue_scripts","pwdms_front_add_admin_scripts",107,{"type":103,"name":118,"callback":122,"file":115,"line":123},"pwdms_admin_shortcode_scripts",112,{"type":103,"name":125,"callback":126,"file":127,"line":128},"init","pms_language_translate","passwords-manager.php",37,{"type":103,"name":130,"callback":131,"file":127,"line":120},"activated_plugin","pms_after_activation_redirect",{"type":103,"name":125,"callback":133,"file":127,"line":134},"pms_insert_category",119,{"type":93,"name":136,"callback":137,"priority":138,"file":127,"line":139},"plugin_row_meta","pms_live_demo_meta_links",10,149,[141,147,150,154,157,160,163,167,169,172,175,179,182,184,188],{"action":142,"nopriv":143,"callback":142,"hasNonce":144,"hasCapCheck":144,"file":145,"line":146},"pwdms_export_detail_list",false,true,"include\\admin-page\\addon\\csv-export\\index.php",2,{"action":148,"nopriv":143,"callback":149,"hasNonce":144,"hasCapCheck":144,"file":145,"line":25},"pwdms_export_csv","pwdms_export",{"action":151,"nopriv":143,"callback":151,"hasNonce":144,"hasCapCheck":144,"file":152,"line":153},"get_new_cats","include\\pms-categories-ajax-action.php",338,{"action":155,"nopriv":143,"callback":155,"hasNonce":144,"hasCapCheck":144,"file":152,"line":156},"post_new_cats",339,{"action":158,"nopriv":143,"callback":158,"hasNonce":144,"hasCapCheck":144,"file":152,"line":159},"edit_cats",340,{"action":161,"nopriv":143,"callback":161,"hasNonce":144,"hasCapCheck":143,"file":110,"line":162},"import_dummy_data",102,{"action":164,"nopriv":143,"callback":164,"hasNonce":144,"hasCapCheck":144,"file":165,"line":166},"get_new_pass","include\\pms-passwords-ajax-action.php",446,{"action":164,"nopriv":144,"callback":164,"hasNonce":144,"hasCapCheck":144,"file":165,"line":168},447,{"action":170,"nopriv":143,"callback":170,"hasNonce":144,"hasCapCheck":144,"file":165,"line":171},"post_new_pass",448,{"action":173,"nopriv":143,"callback":173,"hasNonce":144,"hasCapCheck":144,"file":165,"line":174},"edit_pass",449,{"action":176,"nopriv":143,"callback":177,"hasNonce":144,"hasCapCheck":144,"file":165,"line":178},"clone_pass","clone_password",450,{"action":180,"nopriv":143,"callback":180,"hasNonce":144,"hasCapCheck":144,"file":165,"line":181},"decrypt_pass",451,{"action":180,"nopriv":144,"callback":180,"hasNonce":144,"hasCapCheck":144,"file":165,"line":183},452,{"action":185,"nopriv":143,"callback":185,"hasNonce":144,"hasCapCheck":144,"file":186,"line":187},"pms_save_setting","include\\pms-settings-ajax-action.php",42,{"action":189,"nopriv":143,"callback":189,"hasNonce":144,"hasCapCheck":144,"file":186,"line":190},"pms_send_email_help",88,[],[193],{"tag":194,"callback":195,"file":96,"line":196},"pms_pass","pms_front_pass_table",35,[],16,{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":216,"fileOperations":26,"externalRequests":27,"nonceChecks":101,"capabilityChecks":101,"bundledLibraries":410},[],{"prepared":187,"raw":26,"locations":202},[203,207,210,213],{"file":204,"line":205,"context":206},"include\\admin-page\\addon\\csv-export\\pms-csv-export-setting-page\\pms_export_html.php",22,"$wpdb->get_results() with variable interpolation",{"file":208,"line":209,"context":206},"include\\pms-passwords.php",96,{"file":127,"line":211,"context":212},97,"$wpdb->query() with variable interpolation",{"file":127,"line":214,"context":215},125,"$wpdb->get_var() with variable interpolation",{"escaped":217,"rawEcho":218,"locations":219},189,104,[220,222,223,225,227,228,230,232,233,235,236,238,239,241,243,245,246,247,249,251,253,255,257,259,261,263,265,267,270,272,274,275,277,279,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,311,313,315,317,319,321,322,323,325,327,329,331,333,335,336,338,340,342,344,346,347,349,351,353,355,357,359,361,363,365,367,368,370,372,375,376,377,379,380,382,384,386,388,390,392,395,396,397,398,400,402,404,406,408],{"file":204,"line":111,"context":221},"raw output",{"file":204,"line":97,"context":221},{"file":204,"line":224,"context":221},18,{"file":204,"line":226,"context":221},25,{"file":204,"line":128,"context":221},{"file":204,"line":229,"context":221},50,{"file":204,"line":231,"context":221},74,{"file":204,"line":116,"context":221},{"file":234,"line":111,"context":221},"include\\admin-page\\addon\\csv-import\\pms-csv-import-setting-page\\pms_import_html.php",{"file":234,"line":97,"context":221},{"file":234,"line":237,"context":221},15,{"file":234,"line":106,"context":221},{"file":234,"line":240,"context":221},41,{"file":234,"line":242,"context":221},45,{"file":244,"line":111,"context":221},"include\\pms-admin-shortcode.php",{"file":244,"line":82,"context":221},{"file":152,"line":211,"context":221},{"file":152,"line":248,"context":221},155,{"file":152,"line":250,"context":221},198,{"file":152,"line":252,"context":221},221,{"file":152,"line":254,"context":221},232,{"file":152,"line":256,"context":221},266,{"file":152,"line":258,"context":221},286,{"file":152,"line":260,"context":221},288,{"file":152,"line":262,"context":221},291,{"file":152,"line":264,"context":221},324,{"file":152,"line":266,"context":221},327,{"file":268,"line":269,"context":221},"include\\pms-categories.php",7,{"file":268,"line":271,"context":221},20,{"file":268,"line":273,"context":221},21,{"file":268,"line":205,"context":221},{"file":268,"line":276,"context":221},23,{"file":268,"line":278,"context":221},44,{"file":268,"line":229,"context":221},{"file":268,"line":281,"context":221},58,{"file":110,"line":283,"context":221},64,{"file":165,"line":285,"context":221},113,{"file":165,"line":287,"context":221},148,{"file":165,"line":289,"context":221},168,{"file":165,"line":291,"context":221},170,{"file":165,"line":293,"context":221},185,{"file":165,"line":295,"context":221},207,{"file":165,"line":297,"context":221},209,{"file":165,"line":299,"context":221},217,{"file":165,"line":301,"context":221},226,{"file":165,"line":303,"context":221},228,{"file":165,"line":305,"context":221},231,{"file":165,"line":307,"context":221},234,{"file":165,"line":309,"context":221},330,{"file":165,"line":153,"context":221},{"file":165,"line":312,"context":221},365,{"file":165,"line":314,"context":221},372,{"file":165,"line":316,"context":221},398,{"file":165,"line":318,"context":221},433,{"file":165,"line":320,"context":221},436,{"file":208,"line":269,"context":221},{"file":208,"line":97,"context":221},{"file":208,"line":324,"context":221},29,{"file":208,"line":326,"context":221},30,{"file":208,"line":328,"context":221},31,{"file":208,"line":330,"context":221},32,{"file":208,"line":332,"context":221},33,{"file":208,"line":334,"context":221},34,{"file":208,"line":196,"context":221},{"file":208,"line":337,"context":221},36,{"file":208,"line":339,"context":221},48,{"file":208,"line":341,"context":221},60,{"file":208,"line":343,"context":221},68,{"file":208,"line":345,"context":221},73,{"file":208,"line":86,"context":221},{"file":208,"line":348,"context":221},79,{"file":208,"line":350,"context":221},89,{"file":208,"line":352,"context":221},93,{"file":208,"line":354,"context":221},105,{"file":208,"line":356,"context":221},110,{"file":208,"line":358,"context":221},118,{"file":208,"line":360,"context":221},129,{"file":208,"line":362,"context":221},132,{"file":208,"line":364,"context":221},141,{"file":208,"line":366,"context":221},167,{"file":186,"line":332,"context":221},{"file":186,"line":369,"context":221},75,{"file":186,"line":371,"context":221},77,{"file":373,"line":374,"context":221},"include\\pms-settings.php",11,{"file":373,"line":106,"context":221},{"file":373,"line":187,"context":221},{"file":373,"line":378,"context":221},47,{"file":373,"line":229,"context":221},{"file":373,"line":381,"context":221},53,{"file":373,"line":383,"context":221},61,{"file":373,"line":385,"context":221},62,{"file":373,"line":387,"context":221},70,{"file":373,"line":389,"context":221},71,{"file":373,"line":391,"context":221},76,{"file":393,"line":394,"context":221},"include\\pms-support.php",87,{"file":393,"line":352,"context":221},{"file":393,"line":25,"context":221},{"file":393,"line":162,"context":221},{"file":393,"line":399,"context":221},109,{"file":393,"line":401,"context":221},116,{"file":393,"line":403,"context":221},123,{"file":393,"line":405,"context":221},130,{"file":393,"line":407,"context":221},137,{"file":393,"line":409,"context":221},147,[411],{"name":412,"version":36,"knownCves":413},"DataTables",[],[415,432,444,457,470,488,499,509,526,536,556,566],{"entryPoint":416,"graph":417,"unsanitizedCount":27,"severity":431},"\u003Cindex> (include\\admin-page\\addon\\csv-import\\index.php:0)",{"nodes":418,"edges":429},[419,424],{"id":420,"type":421,"label":422,"file":423,"line":198},"n0","source","$_FILES","include\\admin-page\\addon\\csv-import\\index.php",{"id":425,"type":426,"label":427,"file":423,"line":106,"wp_function":428},"n1","sink","fopen() [File Access]","fopen",[430],{"from":420,"to":425,"sanitized":144},"low",{"entryPoint":433,"graph":434,"unsanitizedCount":27,"severity":431},"get_new_cats (include\\pms-categories-ajax-action.php:6)",{"nodes":435,"edges":442},[436,439],{"id":420,"type":421,"label":437,"file":152,"line":438},"$_POST (x2)",19,{"id":425,"type":426,"label":440,"file":152,"line":343,"wp_function":441},"get_results() [SQLi]","get_results",[443],{"from":420,"to":425,"sanitized":144},{"entryPoint":445,"graph":446,"unsanitizedCount":27,"severity":431},"post_new_cats (include\\pms-categories-ajax-action.php:169)",{"nodes":447,"edges":455},[448,451],{"id":420,"type":421,"label":449,"file":152,"line":450},"$_POST (x3)",184,{"id":425,"type":426,"label":452,"file":152,"line":453,"wp_function":454},"get_var() [SQLi]",202,"get_var",[456],{"from":420,"to":425,"sanitized":144},{"entryPoint":458,"graph":459,"unsanitizedCount":27,"severity":431},"edit_cats (include\\pms-categories-ajax-action.php:304)",{"nodes":460,"edges":468},[461,464],{"id":420,"type":421,"label":462,"file":152,"line":463},"$_POST",314,{"id":425,"type":426,"label":465,"file":152,"line":466,"wp_function":467},"get_row() [SQLi]",319,"get_row",[469],{"from":420,"to":425,"sanitized":144},{"entryPoint":471,"graph":472,"unsanitizedCount":27,"severity":431},"\u003Cpms-categories-ajax-action> (include\\pms-categories-ajax-action.php:0)",{"nodes":473,"edges":484},[474,475,476,478,480,482],{"id":420,"type":421,"label":437,"file":152,"line":438},{"id":425,"type":426,"label":440,"file":152,"line":343,"wp_function":441},{"id":477,"type":421,"label":449,"file":152,"line":450},"n2",{"id":479,"type":426,"label":452,"file":152,"line":453,"wp_function":454},"n3",{"id":481,"type":421,"label":462,"file":152,"line":463},"n4",{"id":483,"type":426,"label":465,"file":152,"line":466,"wp_function":467},"n5",[485,486,487],{"from":420,"to":425,"sanitized":144},{"from":477,"to":479,"sanitized":144},{"from":481,"to":483,"sanitized":144},{"entryPoint":489,"graph":490,"unsanitizedCount":27,"severity":431},"get_new_pass (include\\pms-passwords-ajax-action.php:11)",{"nodes":491,"edges":496},[492,493,494,495],{"id":420,"type":421,"label":462,"file":165,"line":324},{"id":425,"type":426,"label":452,"file":165,"line":196,"wp_function":454},{"id":477,"type":421,"label":449,"file":165,"line":324},{"id":479,"type":426,"label":440,"file":165,"line":128,"wp_function":441},[497,498],{"from":420,"to":425,"sanitized":144},{"from":477,"to":479,"sanitized":144},{"entryPoint":500,"graph":501,"unsanitizedCount":27,"severity":431},"edit_pass (include\\pms-passwords-ajax-action.php:246)",{"nodes":502,"edges":507},[503,505],{"id":420,"type":421,"label":462,"file":165,"line":504},256,{"id":425,"type":426,"label":440,"file":165,"line":506,"wp_function":441},278,[508],{"from":420,"to":425,"sanitized":144},{"entryPoint":510,"graph":511,"unsanitizedCount":27,"severity":431},"decrypt_pass (include\\pms-passwords-ajax-action.php:312)",{"nodes":512,"edges":523},[513,515,519,521],{"id":420,"type":421,"label":437,"file":165,"line":514},325,{"id":425,"type":426,"label":516,"file":165,"line":517,"wp_function":518},"echo() [XSS]",349,"echo",{"id":477,"type":421,"label":462,"file":165,"line":520},326,{"id":479,"type":426,"label":440,"file":165,"line":522,"wp_function":441},356,[524,525],{"from":420,"to":425,"sanitized":144},{"from":477,"to":479,"sanitized":144},{"entryPoint":527,"graph":528,"unsanitizedCount":27,"severity":431},"clone_password (include\\pms-passwords-ajax-action.php:382)",{"nodes":529,"edges":534},[530,532],{"id":420,"type":421,"label":462,"file":165,"line":531},394,{"id":425,"type":426,"label":465,"file":165,"line":533,"wp_function":467},405,[535],{"from":420,"to":425,"sanitized":144},{"entryPoint":537,"graph":538,"unsanitizedCount":27,"severity":431},"\u003Cpms-passwords-ajax-action> (include\\pms-passwords-ajax-action.php:0)",{"nodes":539,"edges":551},[540,541,542,544,545,546,547,549],{"id":420,"type":421,"label":462,"file":165,"line":324},{"id":425,"type":426,"label":452,"file":165,"line":196,"wp_function":454},{"id":477,"type":421,"label":543,"file":165,"line":324},"$_POST (x5)",{"id":479,"type":426,"label":440,"file":165,"line":128,"wp_function":441},{"id":481,"type":421,"label":437,"file":165,"line":514},{"id":483,"type":426,"label":516,"file":165,"line":517,"wp_function":518},{"id":548,"type":421,"label":462,"file":165,"line":531},"n6",{"id":550,"type":426,"label":465,"file":165,"line":533,"wp_function":467},"n7",[552,553,554,555],{"from":420,"to":425,"sanitized":144},{"from":477,"to":479,"sanitized":144},{"from":481,"to":483,"sanitized":144},{"from":548,"to":550,"sanitized":144},{"entryPoint":557,"graph":558,"unsanitizedCount":27,"severity":431},"pms_save_setting (include\\pms-settings-ajax-action.php:5)",{"nodes":559,"edges":564},[560,561],{"id":420,"type":421,"label":462,"file":186,"line":224},{"id":425,"type":426,"label":562,"file":186,"line":273,"wp_function":563},"update_option() [Settings Manipulation]","update_option",[565],{"from":420,"to":425,"sanitized":144},{"entryPoint":567,"graph":568,"unsanitizedCount":27,"severity":431},"\u003Cpms-settings-ajax-action> (include\\pms-settings-ajax-action.php:0)",{"nodes":569,"edges":572},[570,571],{"id":420,"type":421,"label":462,"file":186,"line":224},{"id":425,"type":426,"label":562,"file":186,"line":273,"wp_function":563},[573],{"from":420,"to":425,"sanitized":144},{"summary":575,"deductions":576},"The \"passwords-manager\" v1.5.2 plugin demonstrates a mixed security posture. On the positive side, the static analysis reveals a robust defense against immediate attack vectors. All identified entry points, including AJAX handlers and shortcodes, appear to have authentication and permission checks in place, which is a significant strength. The plugin also utilizes prepared statements for the vast majority of its SQL queries and incorporates nonce and capability checks, indicating an awareness of common WordPress security practices. Furthermore, no critical or high-severity taint flows were detected, suggesting that data processing within the plugin is likely handled in a relatively safe manner regarding injection vulnerabilities.\n\nHowever, there are notable areas of concern. The most significant issue stems from the plugin's vulnerability history. With four known CVEs, including two high-severity and two medium-severity vulnerabilities, the plugin has a track record of security flaws. The common types of vulnerabilities found (SQL Injection and Cross-site Scripting) are serious and can lead to data compromise or site defacement. While there are currently no unpatched CVEs for this specific version, the historical pattern suggests a potential for recurring issues or a need for more rigorous security development lifecycle practices. The relatively low percentage of properly escaped output (65%) is also a concern, as it increases the risk of Cross-site Scripting vulnerabilities, even if not immediately evident in the taint analysis for this specific version.",[577,579,581,583],{"reason":578,"points":237},"Historical high-severity vulnerabilities (SQLi\u002FXSS)",{"reason":580,"points":138},"Historical medium-severity vulnerabilities (SQLi\u002FXSS)",{"reason":582,"points":13},"Moderate output escaping (65% proper)",{"reason":584,"points":585},"Bundled library (DataTables)",3,"2026-03-16T21:07:26.725Z",{"wat":588,"direct":624},{"assetPaths":589,"generatorPatterns":607,"scriptPaths":608,"versionParams":609},[590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606],"\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Ffontawesome\u002Fall.css","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fbootstrap\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fdatatable\u002Fdatatables.min.css","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fdatatable\u002FrowReorder.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fdatatable\u002Fresponsive.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fsweetalert\u002Fsweetalert2.min.css","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fowl-carousel\u002Fcss\u002Fowl.carousel.min.css","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fowl-carousel\u002Fcss\u002Fowl.theme.default.min.css","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Fcss\u002Fpms-admin.css","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fdatatable\u002Fdatatables.min.js","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fdatatable\u002FdataTables.rowReorder.min.js","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fdatatable\u002FdataTables.responsive.min.js","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fpopper\u002Fpopper.min.js","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fbootstrap\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fsweetalert\u002Fsweetalert2.min.js","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Flibs\u002Fowl-carousel\u002Fjs\u002Fowl.carousel.min.js","\u002Fwp-content\u002Fplugins\u002Fpasswords-manager\u002Fassets\u002Fjs\u002Fcrypto",[],[606],[610,611,612,613,614,615,616,617,618,619,612,613,620,621,611,615,622,623],"passwords-manager_fontawesome_min","passwords-manager_bootstrap_min","passwords-manager_datatable","passwords-manager_rowdatatable","passwords-manager_respdatatable","passwords-manager_sweetalert","passwords-manager-owl-carousel-css","passwords-manager-owl-carousel-theme","passwords-manager_admin","passwords-manager_clipboard","passwords-manager_responsivedatatable","passwords-manager_popper","passwords-manager-owl-carousel-js","passwords-manager_crypto",{"cssClasses":625,"htmlComments":627,"htmlAttributes":636,"restEndpoints":642,"jsGlobals":643,"shortcodeOutput":652},[626],"pms-admin-wrapper",[628,629,630,629,631,632,633,634,635],"include script & style file","include encryption file","include frontend shortcode file","include category action file","include pass action file","include Setting action file","Admin Dashboard Style","Admin Dashboard Script",[637,638,639,640,641],"data-bs-toggle","data-bs-target","aria-controls","aria-expanded","data-bs-parent",[],[644,645,646,647,648,649,650,651],"PWDMS_VAR","PWDMS_NAME","PWDMS_PLUGIN_URL","PWDMS_PLUGIN_DIR","PWDMS_ASSETS","PWDMS_IMG","PWDMS_INC","PWDMS_INC_URL",[]]