[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHWOmXpAaBQME5bJn-_Fsz6uvbDNBNSh251uwpvx5i5A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":42,"crawl_stats":33,"alternatives":45,"analysis":129,"fingerprints":420},"payday","Payday","3.3.18","gunnarpayday","https:\u002F\u002Fprofiles.wordpress.org\u002Fgunnarpayday\u002F","\u003Cp>The Payday plugin integrates WooCommerce with your Payday bookkeeping solution.\u003Cbr \u002F>\nIt also supports OpenPos, allowing handling products to be returned.\u003C\u002Fp>\n\u003Cp>After installing the plugin, your admin will have the option to sync Orders with Invoices in Payday automatically.\u003C\u002Fp>\n\u003Cp>This plugin is only for companies or individuals who have registered an account with Payday.\u003C\u002Fp>\n\u003Cp>Visit our website for more information: http:\u002F\u002Fpayday.is\u003C\u002Fp>\n","This plugin integrates WooCommerce with your Payday bookkeeping solution.",100,7229,1,"2025-06-26T11:35:00.000Z","6.8.5","3.0.1","8.0",[19,20,21,4],"accounting-software","bookkeeping-solution","icelandic","https:\u002F\u002Fpayday.is\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpayday.3.3.18.zip",79,"2025-04-03 00:00:00","2026-03-15T15:16:48.613Z",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":33,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":25,"updated_date":39,"references":40,"days_to_patch":33},"CVE-2025-31876","payday-missing-authorization","Payday \u003C= 3.3.13 - Missing Authorization","The Payday plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.3.13. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=3.3.13","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-04-30 14:32:04",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F559ade81-73cd-4820-a6db-9323d1d82f8f?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":43,"trust_score":24,"computed_at":44},30,"2026-04-04T09:03:39.394Z",[46,68,86,107],{"slug":47,"name":48,"version":49,"author":47,"author_profile":50,"description":51,"short_description":52,"active_installs":53,"downloaded":54,"rating":55,"num_ratings":55,"last_updated":56,"tested_up_to":15,"requires_at_least":57,"requires_php":58,"tags":59,"homepage":64,"download_link":65,"security_score":66,"vuln_count":13,"unpatched_count":55,"last_vuln_date":67,"fetched_at":26},"posturinn","Pósturinn\\'s Shipping with WooCommerce","1.4.7","https:\u002F\u002Fprofiles.wordpress.org\u002Fposturinn\u002F","\u003Cp>Pósturinn Shipping with WooCommerce is a plugin that adds support to WooCommerce for Pósturinn postal service.\u003C\u002Fp>\n\u003Cp>After installing the plugin your customers will have the option to choose shipping methods provided by Pósturinn as a shipping method during the checkout. The plugin automatically calculates parcel shipping rates for your customers by using the product attributes you provide on each of your products.\u003C\u002Fp>\n\u003Cp>This plugin is only for companies that have a registered user in Mappan.\u003C\u002Fp>\n","Pósturinn Shipping with WooCommerce is a plugin that adds support to WooCommerce for Pósturinn postal service.",500,16281,0,"2025-11-05T09:27:00.000Z","4.3","7.4",[60,47,61,62,63],"icelandic-post-shipping","shipping","shipping-rates","woocommerce","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fposturinn.zip",99,"2025-01-06 00:00:00",{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":43,"downloaded":76,"rating":55,"num_ratings":55,"last_updated":77,"tested_up_to":78,"requires_at_least":57,"requires_php":64,"tags":79,"homepage":83,"download_link":84,"security_score":85,"vuln_count":55,"unpatched_count":55,"last_vuln_date":33,"fetched_at":26},"tvg-xpress","EIMSKIP","2.2.2","Smartmedia","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmartmediais\u002F","\u003Cp>EIMSKIP er hraðflutningaþjónusta til og frá Íslandi sem sérhæfir sig í þjónustu við vefverslanir.\u003Cbr \u002F>\nÖll afgreiðsla og meðferð vörunnar er í forgangi og afhendingartími frá því að varan kemur til landsins er mun skemmri en í almennum flugsendingum.\u003Cbr \u002F>\nEIMSKIP byggist á „Door-To-Door“ afhendingu: Varan er sótt, send, tollafgreidd og loks afhent viðtakanda.\u003C\u002Fp>\n\u003Cp>EIMSKIP is a shipping service to and from Iceland that specializes in serving webshops.\u003Cbr \u002F>\nAll processing and handling of the goods are prioritized, and the delivery time from the arrival of the goods to the country is much shorter than in regular air freight shipments.\u003Cbr \u002F>\nEIMSKIP is based on a “Door-To-Door” delivery: The goods are collected, shipped, customs cleared, and finally delivered to the recipient.\u003C\u002Fp>\n\u003Ch3>Third-Party Service Integration\u003C\u002Fh3>\n\u003Cp>Please note that the EIMSKIP Plugin relies on a third-party service, namely EIMSKIP, to provide its shipping functionality. By using this plugin, you acknowledge and agree to the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The EIMSKIP Plugin requires the use of the EIMSKIP shipping service to calculate shipping rates, handle pickups, process customs clearance, and deliver packages.\u003C\u002Fli>\n\u003Cli>Your data, including shipping addresses and order details, may be transmitted to EIMSKIP for the purpose of facilitating the shipping process.\u003C\u002Fli>\n\u003Cli>EIMSKIP’s terms of use and privacy policies apply to the use of their services. You can access their terms of use and privacy policies through the following links:\u003Cbr \u002F>\nEIMSKIP Terms of Use https:\u002F\u002Fwww.eimskip.com\u002Fterms-and-conditions\u002F\u003Cbr \u002F>\nEIMSKIP Privacy Policy https:\u002F\u002Fwww.eimskip.com\u002Fprivacy-policy\u002F\u003Cbr \u002F>\nIt is important to review and understand EIMSKIP’s terms of use and privacy policies to ensure compliance with their guidelines and regulations. By using the EIMSKIP Plugin, you are responsible for ensuring that any legal requirements regarding data transmissions and privacy are met.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Our plugin leverages a connection to retrieve dynamic data from our optimized server, ensuring lightning-fast performance and reliable information delivery.\u003Cbr \u002F>\nRest assured, we’ve carefully hosted a static JSON file on the highly scalable and dependable AWS S3 infrastructure, located at s3.amazonaws.com. See Privacy policy at https:\u002F\u002Faws.amazon.com\u002Fprivacy\u002F\u003C\u002Fp>\n\u003Cp>Our feature-rich WordPress plugin offers seamless integration with EIMSKIP, a trusted logistics partner, enabling you to effortlessly create shipments directly from your WordPress website.\u003Cbr \u002F>\nBy securely transmitting information to EIMSKIP’s advanced platform, our plugin streamlines your shipping process and enhances efficiency.\u003Cbr \u002F>\nExperience the convenience of instant shipment creation and enjoy the benefits of a robust logistics solution.\u003C\u002Fp>\n\u003Cp>This plugin integrates with PrintNode to provide printing functionality. It allows you to connect to your PrintNode account and send print jobs to your configured printers. For more information about PrintNode and its services, please visit \u003Ca href=\"https:\u002F\u002Fwww.printnode.com\u002F\" rel=\"nofollow ugc\">PrintNode’s website\u003C\u002Fa>. \u003Ca href=\"https:\u002F\u002Fwww.printnode.com\u002Fen\u002Fprivacy\" rel=\"nofollow ugc\">PrintNode’s Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","Tenging við EIMSKIP",7432,"2024-06-20T10:38:00.000Z","6.5.8",[80,81,61,82],"eimskip","icelandic-shipping","tvg-express","https:\u002F\u002Feimskip.is\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftvg-xpress.zip",92,{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":11,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":64,"tags":100,"homepage":105,"download_link":106,"security_score":11,"vuln_count":55,"unpatched_count":55,"last_vuln_date":33,"fetched_at":26},"easify-server-woocommerce","Easify Server WooCommerce","4.39","Easify","https:\u002F\u002Fprofiles.wordpress.org\u002Feasify\u002F","\u003Cp>This plugin connects your Easify Business software with your\u003Cbr \u002F>\nWooCommerce online shop.\u003C\u002Fp>\n\u003Cp>Orders that are placed via your WooCommerce enabled website will be\u003Cbr \u002F>\nautomatically sent to your Easify Server.\u003C\u002Fp>\n\u003Cp>Products that you add to your Easify Server will be automatically uploaded to\u003Cbr \u002F>\nyour WooCommerce enabled website.\u003C\u002Fp>\n\u003Cp>As you sell products in your traditional shop, your stock levels will be\u003Cbr \u002F>\nautomatically synchronised with your WooCommerce online shop.\u003C\u002Fp>\n","Connects Easify Business Software to your WooCommerce online shop, allowing you to synchronise stock levels between your physical shop and your online &hellip;",10,4721,4,"2025-04-17T09:54:00.000Z","6.7.5","5.0",[19,101,102,103,104],"easify","epos","epos-software","stock-control-software","https:\u002F\u002Fwww.easify.co.uk\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasify-server-woocommerce.4.39.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":94,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":64,"tags":121,"homepage":126,"download_link":127,"security_score":128,"vuln_count":55,"unpatched_count":55,"last_vuln_date":33,"fetched_at":26},"pay-day-loans-application-form","Pay Day Loan Application form plugin for WordPress","1.0","gary.solomon@gmail.com","https:\u002F\u002Fprofiles.wordpress.org\u002Fgarysolomongmailcom\u002F","\u003Cp>After installing and activiating the plugin you will be able to easily add full pay day loan application functionality to your site using a simple shortcode in your pages and posts\u003C\u002Fp>\n\u003Ch3>Future Plans\u003C\u002Fh3>\n\u003Cp>Currently working on a number of other exciting plugins.\u003C\u002Fp>\n","Pay Day Loan Application gives you an affiliate loan application form from which you will earn 70% commission",3201,60,2,"2012-12-26T14:49:00.000Z","3.5.2","3.0",[122,123,124,4,125],"affiliate","loan-application","pay-day","uk-payday-affiliate","http:\u002F\u002Fwww.sms-affiliate.co.uk\u002Fplugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpay-day-loans-application-form.1.6.2.zip",85,{"attackSurface":130,"codeSignals":297,"taintFlows":407,"riskAssessment":408,"analyzedAt":419},{"hooks":131,"ajaxHandlers":279,"restRoutes":280,"shortcodes":295,"cronEvents":296,"entryPointCount":117,"unprotectedCount":55},[132,138,143,147,151,156,160,164,167,170,173,177,181,184,187,190,194,198,202,206,209,213,217,221,223,227,231,235,239,243,247,251,255,259,262,265,269,271,275],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","woocommerce_order_status_changed","anonymous","classes\\class-payday-claim-service-payment-gateway.php",299,{"type":139,"name":140,"callback":141,"file":136,"line":142},"filter","woocommerce_payment_gateways","add_gateway_class",417,{"type":133,"name":144,"callback":145,"priority":55,"file":136,"line":146},"init","payday_claim_service_payment_gateway_init",421,{"type":139,"name":140,"callback":148,"file":149,"line":150},"unregister_payday_claim_service_payment_gateway","classes\\class-payday-deactivator.php",31,{"type":133,"name":144,"callback":152,"priority":153,"file":154,"line":155},"plugins_loaded",12,"classes\\class-payday.php",55,{"type":133,"name":144,"callback":157,"priority":158,"file":154,"line":159},"load_plugin_textdomain",11,56,{"type":133,"name":161,"callback":161,"priority":162,"file":154,"line":163},"admin_menu",20,59,{"type":139,"name":165,"callback":165,"priority":94,"file":154,"line":166},"plugin_row_meta",64,{"type":133,"name":168,"callback":168,"priority":158,"file":154,"line":169},"admin_footer_text",65,{"type":133,"name":134,"callback":171,"priority":94,"file":154,"line":172},"action_woocommerce_order_status_changed",69,{"type":133,"name":174,"callback":175,"priority":94,"file":154,"line":176},"woocommerce_new_order","action_woocommerce_new_order",70,{"type":133,"name":178,"callback":179,"file":154,"line":180},"admin_init","register_settings",75,{"type":133,"name":182,"callback":182,"file":154,"line":183},"admin_post_payday_settings_refresh",76,{"type":133,"name":185,"callback":185,"file":154,"line":186},"admin_post_payday_settings_disconnect",77,{"type":133,"name":188,"callback":188,"file":154,"line":189},"admin_post_payday_sync_all_products",78,{"type":139,"name":191,"callback":192,"file":154,"line":193},"bulk_actions-edit-product","register_bulk_actions",81,{"type":139,"name":195,"callback":196,"priority":94,"file":154,"line":197},"handle_bulk_actions-edit-product","bulk_action_handler",82,{"type":133,"name":199,"callback":200,"file":154,"line":201},"admin_post_sync_inventory_with_payday","handle_sync_inventory_with_payday",83,{"type":133,"name":203,"callback":204,"file":154,"line":205},"admin_notices","bulk_action_admin_notice",84,{"type":139,"name":207,"callback":208,"priority":94,"file":154,"line":128},"post_row_actions","add_custom_button_to_product_list",{"type":139,"name":210,"callback":211,"priority":94,"file":154,"line":212},"manage_edit-product_columns","add_custom_product_column",86,{"type":133,"name":214,"callback":215,"priority":94,"file":154,"line":216},"manage_product_posts_custom_column","add_custom_product_column_content",87,{"type":133,"name":218,"callback":219,"file":154,"line":220},"admin_enqueue_scripts","my_plugin_enqueue_admin_styles",88,{"type":139,"name":140,"callback":141,"file":154,"line":222},112,{"type":133,"name":224,"callback":225,"file":154,"line":226},"woocommerce_checkout_fields","checkout_fields",118,{"type":133,"name":228,"callback":229,"file":154,"line":230},"woocommerce_checkout_process","checkout_process",121,{"type":133,"name":232,"callback":233,"file":154,"line":234},"woocommerce_checkout_update_user_meta","checkout_update_user_meta",124,{"type":133,"name":236,"callback":237,"priority":94,"file":154,"line":238},"woocommerce_checkout_update_order_meta","checkout_update_order_meta",127,{"type":133,"name":240,"callback":241,"priority":94,"file":154,"line":242},"save_post_shop_order","action_save_post_shop_order",130,{"type":139,"name":244,"callback":245,"file":154,"line":246},"woocommerce_admin_billing_fields","add_ssn_field_to_admin_billing_fields",133,{"type":139,"name":248,"callback":249,"file":154,"line":250},"woocommerce_email_order_meta_keys","email_order_meta_keys",136,{"type":133,"name":144,"callback":252,"file":253,"line":254},"handle_download","pages\\class-payday-log-viewer-page.php",89,{"type":133,"name":178,"callback":256,"file":257,"line":258},"add_settings_sections","pages\\class-payday-login-page.php",384,{"type":133,"name":203,"callback":260,"file":257,"line":261},"display_invalid_credentials_notice",385,{"type":133,"name":144,"callback":263,"file":257,"line":264},"handle_login",386,{"type":133,"name":203,"callback":266,"file":267,"line":268},"payday_php_version_error_notice","payday.php",139,{"type":133,"name":203,"callback":266,"file":267,"line":270},241,{"type":139,"name":272,"callback":273,"priority":94,"file":267,"line":274},"upgrader_pre_install","payday_pre_update_check",257,{"type":133,"name":276,"callback":277,"file":267,"line":278},"before_woocommerce_init","closure",273,[],[281,290],{"namespace":282,"route":283,"methods":284,"callback":286,"permissionCallback":287,"file":288,"line":289},"payday\u002Fv1","\u002Forders",[285],"GET","get_orders","validate_request","payday-plugin-api\\controllers\\class-payday-orders-controller.php",21,{"namespace":282,"route":291,"methods":292,"callback":293,"permissionCallback":287,"file":294,"line":162},"\u002Fproducts",[285],"get_products","payday-plugin-api\\controllers\\class-payday-products-controller.php",[],[],{"dangerousFunctions":298,"sqlUsage":299,"outputEscaping":306,"fileOperations":158,"externalRequests":96,"nonceChecks":405,"capabilityChecks":96,"bundledLibraries":406},[],{"prepared":300,"raw":13,"locations":301},14,[302],{"file":303,"line":304,"context":305},"payday-database\\utils\\class-payday-database-utils.php",18,"$wpdb->get_var() with variable interpolation",{"escaped":307,"rawEcho":308,"locations":309},108,49,[310,314,317,319,321,323,325,327,329,330,332,334,336,338,340,342,344,347,348,350,352,354,356,357,359,361,363,365,367,368,370,371,373,375,377,379,381,383,385,388,389,390,392,394,395,397,399,401,403],{"file":311,"line":312,"context":313},"admin\\class-payday-admin.php",36,"raw output",{"file":315,"line":316,"context":313},"classes\\class-payday-product-sync.php",102,{"file":315,"line":318,"context":313},106,{"file":315,"line":320,"context":313},107,{"file":315,"line":322,"context":313},114,{"file":315,"line":324,"context":313},115,{"file":315,"line":326,"context":313},122,{"file":315,"line":328,"context":313},123,{"file":315,"line":242,"context":313},{"file":315,"line":331,"context":313},131,{"file":315,"line":333,"context":313},159,{"file":315,"line":335,"context":313},163,{"file":315,"line":337,"context":313},164,{"file":315,"line":339,"context":313},201,{"file":315,"line":341,"context":313},213,{"file":315,"line":343,"context":313},285,{"file":345,"line":346,"context":313},"classes\\class-payday-settings.php",54,{"file":345,"line":155,"context":313},{"file":345,"line":349,"context":313},154,{"file":345,"line":351,"context":313},155,{"file":345,"line":353,"context":313},318,{"file":345,"line":355,"context":313},322,{"file":345,"line":355,"context":313},{"file":253,"line":358,"context":313},23,{"file":253,"line":360,"context":313},35,{"file":253,"line":362,"context":313},45,{"file":253,"line":364,"context":313},48,{"file":253,"line":366,"context":313},51,{"file":253,"line":172,"context":313},{"file":253,"line":369,"context":313},73,{"file":253,"line":186,"context":313},{"file":257,"line":372,"context":313},46,{"file":257,"line":374,"context":313},166,{"file":257,"line":376,"context":313},168,{"file":257,"line":378,"context":313},360,{"file":257,"line":380,"context":313},375,{"file":257,"line":382,"context":313},376,{"file":257,"line":384,"context":313},377,{"file":386,"line":387,"context":313},"pages\\class-payday-settings-page.php",117,{"file":386,"line":326,"context":313},{"file":386,"line":234,"context":313},{"file":386,"line":391,"context":313},132,{"file":386,"line":393,"context":313},134,{"file":386,"line":268,"context":313},{"file":386,"line":396,"context":313},146,{"file":386,"line":398,"context":313},186,{"file":386,"line":400,"context":313},222,{"file":386,"line":402,"context":313},225,{"file":386,"line":404,"context":313},227,3,[],[],{"summary":409,"deductions":410},"The \"payday\" plugin version 3.3.18 exhibits a mixed security posture.  While the static analysis indicates a relatively small attack surface with no immediately apparent unprotected entry points like unauthenticated AJAX handlers or REST API routes, and the majority of SQL queries utilize prepared statements, there are areas for concern.  A significant portion of the plugin's output is not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is echoed directly without sanitization.  Furthermore, the plugin has a history of known vulnerabilities, including a currently unpatched medium severity issue. This historical pattern, particularly the mention of \"Missing Authorization\" as a common vulnerability type, suggests a recurring weakness in how the plugin handles user permissions, which could be exploited even with seemingly protected entry points.",[411,414,417],{"reason":412,"points":413},"Unpatched CVE exists (medium severity)",15,{"reason":415,"points":416},"Significant percentage of outputs unescaped",5,{"reason":418,"points":416},"History of medium severity vulnerabilities","2026-03-16T20:41:34.113Z",{"wat":421,"direct":430},{"assetPaths":422,"generatorPatterns":425,"scriptPaths":426,"versionParams":427},[423,424],"\u002Fwp-content\u002Fplugins\u002Fpayday\u002Fassets\u002Fcss\u002Fpayday.css","\u002Fwp-content\u002Fplugins\u002Fpayday\u002Fassets\u002Fjs\u002Fpayday.js",[],[424],[428,429],"payday\u002Fassets\u002Fcss\u002Fpayday.css?ver=","payday\u002Fassets\u002Fjs\u002Fpayday.js?ver=",{"cssClasses":431,"htmlComments":435,"htmlAttributes":440,"restEndpoints":443,"jsGlobals":446,"shortcodeOutput":448},[432,433,434],"payday-settings-wrapper","payday-logo","payday-form-field",[436,437,438,439],"\u003C!-- Begin Payday Integration -->","\u003C!-- End Payday Integration -->","\u003C!-- Payday Settings -->","\u003C!-- Payday Logo -->",[441,442],"data-payday-invoice-id","data-payday-order-id",[444,445],"\u002Fwp-json\u002Fpayday\u002Fv1\u002Fprocess_order","\u002Fwp-json\u002Fpayday\u002Fv1\u002Fget_invoice_status",[447],"window.payday_ajax_object",[449,450],"[payday_payment_form]","[payday_invoice_details]"]