[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fk_mZfr5osm628kQ2BLhZGuNqURDSIArFVIUdrANGgMc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":37,"fingerprints":90},"paypalpro-woocommerce-addon","PayPal Website Payments Pro for WooCommerce","1.0.2","syednazrulhassan","https:\u002F\u002Fprofiles.wordpress.org\u002Fnazrulhassanmca\u002F","\u003Cp>This plugin acts as an addon for woocommerce to add a payment method for WooCommerce for accepting credit card payments by merchants directly on your checkout page via PayPal Paments Pro.\u003Cstrong>PayPal Pro\u003C\u002Fstrong> is only available to holders of a \u003Cstrong>PayPal Pro merchant account\u003C\u002Fstrong>.This Plugins uses \u003Cstrong>REST API\u003C\u002Fstrong> to communicate to paypal to handle payments But It does not ship REST API PHP SDK bundled with plugin this plugin directly makes a CURL call to create Access tokens & Charge the cards.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Very Simple Clean Code plugin to add a PayPal Website Payments Pro(WPP) method to woocommerce\u003C\u002Fli>\n\u003Cli>No technical skills needed.\u003C\u002Fli>\n\u003Cli>Prerequisite visualized on screenshots.\u003C\u002Fli>\n\u003Cli>Adds Charde Id and Charge time to Order Note.\u003C\u002Fli>\n\u003Cli>Can be customized easily.\u003C\u002Fli>\n\u003Cli>Can work with test\u002Fsandbox mode.\u003C\u002Fli>\n\u003Cli>It does not needs SSL.\u003C\u002Fli>\n\u003Cli>Single checkbox to put it in live\u002Ftest mode.\u003C\u002Fli>\n\u003Cli>This plugin does not store \u003Cstrong>Credit Card Details\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>This plugin is designed to work \u003Cstrong>Only On REST API\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Single checkbox to put it in Authorize or Authorize & Capture.\u003C\u002Fli>\n\u003Cli>This plugin Support to accept card types with dynamic card logo at checkout.\u003C\u002Fli>\n\u003Cli>This plugin does support Refunds in woocommmerce interface\u003C\u002Fli>\n\u003Cli>This plugin does support Capture in woocommmerce interface \u003Cstrong>BUT\u003C\u002Fstrong> it will only cature the initially authorized amount if your order total increases somehow its going to fail.\u003C\u002Fli>\n\u003Cli>The Transaction details array returned from gateway are added to post meta of wordpress. \u003C\u002Fli>\n\u003Cli>Accept both debit and credit cards directly from your site.\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin acts as an addon for woocommerce to add a payment method for WooCommerce for accepting credit card payments by merchants directly on your  …",10,3728,100,1,"2016-07-25T06:57:00.000Z","",[18,19,20,21,22],"paypalpro-rest-api","website-payment-pro-for-woocommerce","woocommerce-addon-paypalpro","woocommerce-paypalpro-plugin","woocommerce-paypalpro-wordpress-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpaypalpro-woocommerce-addon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaypalpro-woocommerce-addon.1.0.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":25,"computed_at":35},"nazrulhassanmca",540,87,30,"2026-04-04T16:11:27.787Z",[],{"attackSurface":38,"codeSignals":63,"taintFlows":75,"riskAssessment":76,"analyzedAt":89},{"hooks":39,"ajaxHandlers":59,"restRoutes":60,"shortcodes":61,"cronEvents":62,"entryPointCount":26,"unprotectedCount":26},[40,46,51,55],{"type":41,"name":42,"callback":43,"file":44,"line":45},"filter","woocommerce_payment_gateways","add_pppcc_gateway_class","paypalpro-woocommerce-addon.php",21,{"type":47,"name":48,"callback":49,"file":44,"line":50},"action","plugins_loaded","pppcc_init",596,{"type":47,"name":52,"callback":53,"file":44,"line":54},"add_meta_boxes","paypalprocc_capture_meta_box",639,{"type":47,"name":56,"callback":57,"priority":11,"file":44,"line":58},"woocommerce_saved_order_items","paypalprocc_capture_meta_box_action",724,[],[],[],[],{"dangerousFunctions":64,"sqlUsage":65,"outputEscaping":67,"fileOperations":26,"externalRequests":73,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":74},[],{"prepared":26,"raw":26,"locations":66},[],{"escaped":68,"rawEcho":14,"locations":69},18,[70],{"file":44,"line":71,"context":72},197,"raw output",5,[],[],{"summary":77,"deductions":78},"Based on the provided static analysis and vulnerability history, the 'paypalpro-woocommerce-addon' v1.0.2 plugin exhibits a strong security posture in many critical areas. The absence of dangerous functions, SQL injection vulnerabilities due to prepared statements, and a high percentage of output escaping are excellent indicators of good development practices. Furthermore, the lack of any recorded CVEs, past or present, suggests a history of secure code.  The plugin also has a minimal attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly reduces the potential entry points for attackers.\n\nHowever, there are a few areas of concern that warrant attention. The complete lack of nonce checks and capability checks across all entry points is a significant weakness. While the attack surface itself is small, any potential vulnerability discovered would be unprotected by these fundamental WordPress security mechanisms. The plugin also makes a notable number of external HTTP requests, which, without further analysis of their destinations and handling, could represent a risk if any of these endpoints are compromised or if data is transmitted insecurely.\n\nIn conclusion, 'paypalpro-woocommerce-addon' v1.0.2 appears to be a well-written plugin with a commendable effort to avoid common coding pitfalls. Its strengths lie in its sanitized data handling and minimal attack surface. The primary weakness is the absence of essential security checks like nonces and capability checks, which, while not currently exploitable due to the lack of identified entry points, could become a critical issue if new vulnerabilities are introduced or discovered in the future.",[79,81,83,86],{"reason":80,"points":11},"Missing nonce checks",{"reason":82,"points":11},"Missing capability checks",{"reason":84,"points":85},"External HTTP requests",3,{"reason":87,"points":88},"Low percentage of output escaping (5%)",2,"2026-03-16T23:41:56.606Z",{"wat":91,"direct":99},{"assetPaths":92,"generatorPatterns":94,"scriptPaths":95,"versionParams":96},[93],"\u002Fwp-content\u002Fplugins\u002Fpaypalpro-woocommerce-addon\u002Fimages\u002Fpaypalprocc.png",[],[],[97,98],"paypalpro-woocommerce-addon\u002Fstyle.css?ver=","paypalpro-woocommerce-addon\u002Fpaypalprocc.js?ver=",{"cssClasses":100,"htmlComments":102,"htmlAttributes":103,"restEndpoints":108,"jsGlobals":109,"shortcodeOutput":111},[101],"wc-paypalprocc-cc-form",[],[104,105,106,107],"id=\"wc-paypalprocc-cc-form\"","class=\"input-text wc-credit-card-form-card-number\"","class=\"input-text wc-credit-card-form-card-expiry\"","class=\"input-text wc-credit-card-form-card-cvc\"",[],[110],"var paypalprocc_frontend = {",[]]