[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fN02UlPOx5gXpmXvMGpKxOolmK2kVQozHZEh2t-KrPu4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":80,"fingerprints":411},"paymendo-bank-transfer","paymendo – Bank Transfer (Lite)","1.1","Gri","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrilabs\u002F","\u003Cp>Define your bank accounts and share them with your customers. Moreover, increase the experience with e-mail and SMS notifications.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can add a bank account for all banks in Turkey.\u003C\u002Fli>\n\u003Cli>When your customers choose the transfer option, they will see your account numbers.\u003C\u002Fli>\n\u003Cli>They report I made the payment to the “that” account.\u003C\u002Fli>\n\u003Cli>You check your account and confirm the payment.\u003C\u002Fli>\n\u003Cli>With your approval, order payment is completed and other processes are active.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>In the plugin, you can define your bank accounts that you will use.\u003C\u002Fli>\n\u003Cli>By going to the plugin settings, you can set the notifications and the content of the notifications.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SMS Configuration\u003C\u002Fh4>\n\u003Cp>SMS sending is done with the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-sms-functions\u002F\" rel=\"ugc\">“WP SMS Functions”\u003C\u002Fa> plugin. To enable SMS sending, first install the plugin. All SMS sending settings will be made from there. (Visit the Settings \u002F SMS Provider menu)\u003C\u002Fp>\n","Accept payment by bank transfer on your WooCommerce store. Also easily manage payments made by bank transfer.",40,1193,0,"2021-12-28T12:36:00.000Z","5.8.13","5.6","7.0",[19,20,21,22,23],"havale-bildirim-formu","havale-bildirimi","havale-entegrasyonu","havale-ile-odeme","offline-payment","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaymendo-bank-transfer.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"grilabs",5,290,88,30,86,"2026-04-04T10:41:30.249Z",[39,63],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":62,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"advance-bank-payment-transfer-gateway","Advance Bank Payment Transfer Gateway","1.0.0","Ramesh Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeveloperramesh\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Requires: WooCommerce 2.1+\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin clones the Direct Bank Transfer gateway to create another offline payment method. This can be used to create a testing payment method if you use the Advance Bank Transfer gateway.\u003Cbr \u002F>\nFor example, this could be used for manual invoices or other offline payment methods.\u003C\u002Fp>\n\u003Cp>Upload the Bank Payment Receipt is require on the checkout page before submit the page, When an order is submitted the order will be placed “on-hold” after reviewing order by admin then order status will be changed.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcapsquery.com\u002F\" rel=\"nofollow ugc\"> Visit Our Website \u003C\u002Fa>\u003C\u002Fp>\n","Short Description: This plugin clones the Direct Bank Transfer gateway to create another offline payment method. License: GPLv2 or later",1000,24215,90,10,"2026-01-08T13:10:00.000Z","6.8.5","5.8","7.4",[56,57,23,58,59],"bank-transfer","manual-payment","payment-gateway","woocommerce","https:\u002F\u002Fgithub.com\u002Fdeveloper-ramesh","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvance-bank-payment-transfer-gateway.1.0.0.zip",100,{"slug":64,"name":65,"version":6,"author":66,"author_profile":67,"description":24,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":24,"tested_up_to":73,"requires_at_least":74,"requires_php":24,"tags":75,"homepage":24,"download_link":78,"security_score":62,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":79},"woocommerce-phone-order-gateway","Phone Order Gateway for WooCommerce","Yonatan Ganot","https:\u002F\u002Fprofiles.wordpress.org\u002Fxxxyonixxx\u002F","This plugin adds Phone Order gateway to the WooCommerce plugin.",80,3073,60,2,"5.0.25","3.3.1",[76,23,77,59],"gateway","phone-order","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-phone-order-gateway.1.1.zip","2026-03-15T10:48:56.248Z",{"attackSurface":81,"codeSignals":177,"taintFlows":296,"riskAssessment":393,"analyzedAt":410},{"hooks":82,"ajaxHandlers":142,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":176,"unprotectedCount":176},[83,89,93,98,102,106,111,115,118,122,126,130,133,138],{"type":84,"name":85,"callback":86,"file":87,"line":88},"action","admin_notices","pbt_woocommerce_need_error","paymendo-bank-transfer.php",62,{"type":84,"name":90,"callback":91,"file":87,"line":92},"plugins_loaded","load_paymendo_bank_transfer_plugin",71,{"type":84,"name":94,"callback":95,"file":96,"line":97},"admin_enqueue_scripts","paymendo_bank_transfer_load_assets","PaymendoBankTransfer.php",13,{"type":84,"name":99,"callback":100,"file":96,"line":101},"wp_enqueue_scripts","paymendo_bank_transfer_load_site_assets",14,{"type":84,"name":103,"callback":104,"file":96,"line":105},"admin_menu","paymendo_bank_transfer",15,{"type":107,"name":108,"callback":109,"file":96,"line":110},"filter","woocommerce_payment_gateways","paymendo_bank_transfer_add_gateway_class",16,{"type":84,"name":112,"callback":113,"file":96,"line":114},"admin_init","paymendo_bank_transfer_save_bank",17,{"type":84,"name":112,"callback":116,"file":96,"line":117},"paymendo_bank_transfer_save_settings",42,{"type":107,"name":119,"callback":120,"file":96,"line":121},"woocommerce_email_classes","email_class",55,{"type":84,"name":123,"callback":124,"file":96,"line":125},"pbt_payment_completed","payment_completed_action",58,{"type":84,"name":127,"callback":128,"file":96,"line":129},"pbt_payment_canceled","payment_canceled_action",59,{"type":84,"name":131,"callback":132,"file":96,"line":71},"pbt_delete_notifications_after_deleted_bank","delete_notifications",{"type":84,"name":134,"callback":135,"file":136,"line":137},"woocommerce_order_details_before_order_table","paymendo_bank_transfer_edit_order_details_page","views\\site\\order-details-page.php",12,{"type":107,"name":139,"callback":140,"priority":50,"file":141,"line":97},"woocommerce_thankyou_order_received_text","paymendo_bank_transfer_edit_order_received_page","views\\site\\order-received-page.php",[143,148,152,156,159,163,167,170],{"action":144,"nopriv":145,"callback":146,"hasNonce":145,"hasCapCheck":145,"file":96,"line":147},"paymendo_bank_transfer_bank_delete",false,"wp_ajax_delete_bank",18,{"action":149,"nopriv":145,"callback":150,"hasNonce":145,"hasCapCheck":145,"file":96,"line":151},"paymendo_bank_transfer_payments","wp_ajax_payments_complete",22,{"action":153,"nopriv":145,"callback":154,"hasNonce":145,"hasCapCheck":145,"file":96,"line":155},"paymendo_bank_transfer_payments_data","wp_ajax_payments_data",26,{"action":157,"nopriv":145,"callback":158,"hasNonce":145,"hasCapCheck":145,"file":96,"line":35},"paymendo_bank_transfer_cancel_payment","wp_ajax_payments_cancel",{"action":160,"nopriv":145,"callback":161,"hasNonce":145,"hasCapCheck":145,"file":96,"line":162},"paymendo_bank_transfer_delete_payment","wp_ajax_payments_delete",34,{"action":164,"nopriv":145,"callback":165,"hasNonce":145,"hasCapCheck":145,"file":96,"line":166},"paymendo_bank_transfer_sms_for_deleted_payment","wp_ajax_payments_deleted_sms",38,{"action":104,"nopriv":145,"callback":168,"hasNonce":145,"hasCapCheck":145,"file":96,"line":169},"wp_ajax_notify_the_payment",45,{"action":104,"nopriv":171,"callback":168,"hasNonce":145,"hasCapCheck":145,"file":96,"line":172},true,49,[],[],[],8,{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":195,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":292},[],{"prepared":32,"raw":180,"locations":181},6,[182,185,187,189,191,193],{"file":183,"line":176,"context":184},"inc\\database\\crud.php","$wpdb->get_results() with variable interpolation",{"file":183,"line":105,"context":186},"$wpdb->get_row() with variable interpolation",{"file":183,"line":188,"context":186},89,{"file":183,"line":190,"context":186},96,{"file":183,"line":192,"context":186},103,{"file":96,"line":194,"context":186},322,{"escaped":196,"rawEcho":197,"locations":198},162,51,[199,202,203,205,207,209,210,213,215,216,217,219,220,222,223,225,226,228,230,232,234,236,238,240,242,244,246,248,250,251,252,254,256,258,260,261,262,264,266,268,270,272,274,276,279,280,282,284,286,288,290],{"file":200,"line":137,"context":201},"inc\\emails\\templates\\template-payment-completed.php","raw output",{"file":200,"line":114,"context":201},{"file":200,"line":204,"context":201},23,{"file":200,"line":206,"context":201},29,{"file":200,"line":208,"context":201},35,{"file":200,"line":117,"context":201},{"file":211,"line":212,"context":201},"inc\\show-promotions.php",20,{"file":214,"line":110,"context":201},"views\\payments.php",{"file":214,"line":208,"context":201},{"file":214,"line":166,"context":201},{"file":214,"line":218,"context":201},39,{"file":214,"line":11,"context":201},{"file":214,"line":221,"context":201},47,{"file":214,"line":129,"context":201},{"file":214,"line":224,"context":201},70,{"file":214,"line":26,"context":201},{"file":214,"line":227,"context":201},107,{"file":214,"line":229,"context":201},122,{"file":214,"line":231,"context":201},123,{"file":214,"line":233,"context":201},124,{"file":214,"line":235,"context":201},125,{"file":214,"line":237,"context":201},126,{"file":214,"line":239,"context":201},127,{"file":214,"line":241,"context":201},129,{"file":214,"line":243,"context":201},141,{"file":214,"line":245,"context":201},144,{"file":214,"line":247,"context":201},149,{"file":249,"line":114,"context":201},"views\\settings.php",{"file":249,"line":11,"context":201},{"file":249,"line":117,"context":201},{"file":249,"line":253,"context":201},61,{"file":249,"line":255,"context":201},67,{"file":249,"line":257,"context":201},74,{"file":249,"line":259,"context":201},76,{"file":249,"line":36,"context":201},{"file":249,"line":188,"context":201},{"file":249,"line":263,"context":201},92,{"file":249,"line":265,"context":201},106,{"file":249,"line":267,"context":201},138,{"file":249,"line":269,"context":201},157,{"file":249,"line":271,"context":201},164,{"file":249,"line":273,"context":201},168,{"file":249,"line":275,"context":201},172,{"file":277,"line":278,"context":201},"views\\site\\static\\bank-accounts.php",11,{"file":277,"line":114,"context":201},{"file":277,"line":281,"context":201},19,{"file":277,"line":283,"context":201},21,{"file":277,"line":285,"context":201},83,{"file":277,"line":287,"context":201},104,{"file":277,"line":289,"context":201},118,{"file":277,"line":291,"context":201},119,[293],{"name":294,"version":27,"knownCves":295},"DataTables",[],[297,315,334,348,361],{"entryPoint":298,"graph":299,"unsanitizedCount":180,"severity":314},"paymendo_bank_transfer_save_settings (PaymendoBankTransfer.php:534)",{"nodes":300,"edges":312},[301,306],{"id":302,"type":303,"label":304,"file":96,"line":305},"n0","source","$_POST (x6)",538,{"id":307,"type":308,"label":309,"file":96,"line":310,"wp_function":311},"n1","sink","update_option() [Settings Manipulation]",542,"update_option",[313],{"from":302,"to":307,"sanitized":145},"low",{"entryPoint":316,"graph":317,"unsanitizedCount":332,"severity":333},"wp_ajax_notify_the_payment (PaymendoBankTransfer.php:258)",{"nodes":318,"edges":329},[319,322,325],{"id":302,"type":303,"label":320,"file":96,"line":321},"$_POST['paymendo_bank_transfer_completed_payment']",277,{"id":307,"type":323,"label":324,"file":96,"line":321},"transform","→ pbt_get_bank_account_with_id()",{"id":326,"type":308,"label":327,"file":183,"line":105,"wp_function":328},"n2","get_row() [SQLi]","get_row",[330,331],{"from":302,"to":307,"sanitized":145},{"from":307,"to":326,"sanitized":145},1,"high",{"entryPoint":335,"graph":336,"unsanitizedCount":332,"severity":333},"wp_ajax_payments_data (PaymendoBankTransfer.php:327)",{"nodes":337,"edges":345},[338,341,343],{"id":302,"type":303,"label":339,"file":96,"line":340},"$_GET",422,{"id":307,"type":323,"label":342,"file":96,"line":340},"→ pbt_get_transfer_notification_with_join()",{"id":326,"type":308,"label":327,"file":183,"line":344,"wp_function":328},81,[346,347],{"from":302,"to":307,"sanitized":145},{"from":307,"to":326,"sanitized":145},{"entryPoint":349,"graph":350,"unsanitizedCount":332,"severity":333},"wp_ajax_payments_delete (PaymendoBankTransfer.php:487)",{"nodes":351,"edges":358},[352,355,357],{"id":302,"type":303,"label":353,"file":96,"line":354},"$_POST['order_id']",497,{"id":307,"type":323,"label":356,"file":96,"line":354},"→ pbt_get_transfer_notification_with_order_id()",{"id":326,"type":308,"label":327,"file":183,"line":192,"wp_function":328},[359,360],{"from":302,"to":307,"sanitized":145},{"from":307,"to":326,"sanitized":145},{"entryPoint":362,"graph":363,"unsanitizedCount":392,"severity":333},"\u003CPaymendoBankTransfer> (PaymendoBankTransfer.php:0)",{"nodes":364,"edges":384},[365,366,367,368,370,372,374,376,378,380,382],{"id":302,"type":303,"label":304,"file":96,"line":305},{"id":307,"type":308,"label":309,"file":96,"line":310,"wp_function":311},{"id":326,"type":303,"label":320,"file":96,"line":321},{"id":369,"type":323,"label":324,"file":96,"line":321},"n3",{"id":371,"type":308,"label":327,"file":183,"line":105,"wp_function":328},"n4",{"id":373,"type":303,"label":339,"file":96,"line":340},"n5",{"id":375,"type":323,"label":342,"file":96,"line":340},"n6",{"id":377,"type":308,"label":327,"file":183,"line":344,"wp_function":328},"n7",{"id":379,"type":303,"label":353,"file":96,"line":354},"n8",{"id":381,"type":323,"label":356,"file":96,"line":354},"n9",{"id":383,"type":308,"label":327,"file":183,"line":192,"wp_function":328},"n10",[385,386,387,388,389,390,391],{"from":302,"to":307,"sanitized":145},{"from":326,"to":369,"sanitized":145},{"from":369,"to":371,"sanitized":145},{"from":373,"to":375,"sanitized":145},{"from":375,"to":377,"sanitized":145},{"from":379,"to":381,"sanitized":145},{"from":381,"to":383,"sanitized":145},9,{"summary":394,"deductions":395},"The paymendo-bank-transfer plugin version 1.1 presents a concerning security posture primarily due to its large, unprotected attack surface. All eight identified AJAX handlers lack authentication checks, making them prime targets for unauthorized access and potential exploitation. While the code signals show no directly dangerous functions, file operations, or external HTTP requests, the high percentage of unsanitized paths in the taint analysis (5 out of 5 flows) is a significant red flag. This indicates a strong likelihood of vulnerabilities such as Cross-Site Scripting (XSS) or other injection attacks, particularly given the critical severity associated with these unsanitized flows.\n\nThe plugin's vulnerability history is currently clean, with no known CVEs recorded. This might suggest that the plugin has not been a target of significant historical exploitation or that past vulnerabilities have been adequately addressed. However, the lack of historical data should not be mistaken for inherent security. The current static analysis reveals weaknesses that could easily lead to new vulnerabilities, especially the absence of any nonce or capability checks on its numerous AJAX endpoints.\n\nIn conclusion, while the absence of dangerous functions and external requests is positive, the critical flaws identified in the taint analysis and the unprotected AJAX endpoints create a substantial risk. The plugin needs immediate attention to implement proper authentication, authorization, and input sanitization for its AJAX handlers to mitigate the high risk of exploitation.",[396,398,400,402,404,406,408],{"reason":397,"points":50},"All AJAX handlers lack authentication checks",{"reason":399,"points":105},"High percentage of unsanitized paths in taint flows",{"reason":401,"points":105},"Taint flows with critical severity (4)",{"reason":403,"points":50},"No nonce checks",{"reason":405,"points":50},"No capability checks",{"reason":407,"points":32},"SQL queries not always using prepared statements",{"reason":409,"points":32},"Output escaping not always proper","2026-03-16T22:09:57.176Z",{"wat":412,"direct":426},{"assetPaths":413,"generatorPatterns":423,"scriptPaths":424,"versionParams":425},[414,415,416,417,418,419,420,421,422],"\u002Fwp-content\u002Fplugins\u002Fpaymendo-bank-transfer\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fpaymendo-bank-transfer\u002Fcss\u002Ffont_awesome.css","\u002Fwp-content\u002Fplugins\u002Fpaymendo-bank-transfer\u002Fjs\u002Fmoment-with-locales.min.js","\u002Fwp-content\u002Fplugins\u002Fpaymendo-bank-transfer\u002Fjs\u002Fdaterangepicker.js","\u002Fwp-content\u002Fplugins\u002Fpaymendo-bank-transfer\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fpaymendo-bank-transfer\u002Fjs\u002Fion.rangeSlider.min.js","\u002Fwp-content\u002Fplugins\u002Fpaymendo-bank-transfer\u002Fsite\u002Fjs\u002Fmodal.js","\u002Fwp-content\u002Fplugins\u002Fpaymendo-bank-transfer\u002Fcss\u002Fjquery.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Fpaymendo-bank-transfer\u002Fjs\u002Fjquery.dataTables.min.js",[],[416,417,418,419,420,422],[],{"cssClasses":427,"htmlComments":428,"htmlAttributes":429,"restEndpoints":431,"jsGlobals":433,"shortcodeOutput":436},[4],[],[430],"data-paymendo-url",[432],"\u002Fwp-json\u002Fpaymendo-bank-transfer\u002Fv1",[434,435],"paymendo_bank_transfer_extra","paymendo_bank_transfer_data",[]]