[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMGj3IwVBR6SakVOovJpOJvg_XbhQ6wFSERJvCrn0lNM":3},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":89,"crawl_stats":35,"alternatives":95,"analysis":119,"fingerprints":483},"premmerce","Premmerce","1.3.22","https:\u002F\u002Fprofiles.wordpress.org\u002Fpremmerce\u002F","\u003Cp>Premmerce is a toolkit of plugins which unites the most essential tools to amplify the WooCommerce core functionality together with a step-by-step tutorial, called Premmerce Wizard.\u003C\u002Fp>\n\u003Cp>The plugin is based on the detailed \u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fcomplete-woocommerce-tutorial-step-step\u002F\" rel=\"nofollow ugc\">WooCommerce online store tutorial\u003C\u002Fa> together with the analysis of all existing features and plugins  for WooCommerce projects. Premmerce encapsulates the e-commerce expertise gained from the development of over 4000 online stores in various fields and with different level of complexity.\u003C\u002Fp>\n\u003Cp>All features provided by this plugin are mentioned in the list below.\u003Cbr \u002F>\nAfter following all the instructions and using the interactive Premmerce Wizard you will come up with a fully set up and ready to perform WooCommerce online store.\u003C\u002Fp>\n\u003Ch4>Major features in “Premmerce”\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Basic WordPress and WooCommerce intergation to ensure perfect performance.\u003C\u002Fli>\n\u003Cli>All the necessary WooCommerce settings\u003C\u002Fli>\n\u003Cli>Google Analytics setup with the help of additional plugins\u003C\u002Fli>\n\u003Cli>Online store theme display and the display of all its pages\u003C\u002Fli>\n\u003Cli>Permalink setup\u003C\u002Fli>\n\u003Cli>Extention of the WooCommerce core functionality with the help  of compatibility tested and approved plugins.\u003C\u002Fli>\n\u003Cli>Adding video to the product and displaying it in the photo field\u003C\u002Fli>\n\u003Cli>An option of adding a description of the shipping methods\u003C\u002Fli>\n\u003Cli>User scripts – Using this tool, you can easily insert the script you need into the code of the page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>The ADDITIONAL PREMIUM FEATURES OF THE PLUGIN\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The Premium version contains the in-built Rocket Cache plugin and some additional optimization settings for it in order to achieve the maximum load speed of an online store.\u003C\u002Fli>\n\u003Cli>The simplified mode for the dashboard is also available and it will hide the the inactive WooCommerce  point at the same time displaying the most essential ones.\u003C\u002Fli>\n\u003Cli>The premium support service is available for the Premium Premmerce plugin users. The support team will provide you with professional guidance on the page speed optimization and the optimal plugin settings that your online store requires.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premmerce Demo\u003C\u002Fh4>\n\u003Cp>You can create your personal demo store and test Premmerce plugin together with \u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Ffeatures\u002F\" rel=\"nofollow ugc\">Premmerce Premium\u003C\u002Fa> and all other Premmerce plugins and themes developed by our team here:  \u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fpremmerce-woocommerce-demo\u002F\" rel=\"nofollow ugc\">Premmerce WooCommerce Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Compatibility with other Plugins\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>At the moment Premmerce involves the following plugins and setup instructions:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>Yoast  SEO\u003C\u002Fli>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Google Analytics Dashboard for WP (GADWP)\u003C\u002Fli>\n\u003Cli>WooCommerce Google Analytics Integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Plus, it includes such valuable plugins as:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwoocommerce-product-search\u002F\" rel=\"nofollow ugc\">Premmerce Search\u003C\u002Fa>\u003C\u002Fstrong> – Premmerce Search makes the WooCommerce product search more flexible and efficient and gives the additional search results due to the spell correction.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwordpress-custom-user-roles\u002F\" rel=\"nofollow ugc\">Premmerce User Roles\u003C\u002Fa>\u003C\u002Fstrong> – This plugin has been developed for creating user roles from the WordPress admin area and assigning the arbitrary access rights to them.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fpremmerce-woocommerce-brands-free-plugin\u002F\" rel=\"nofollow ugc\">Premmerce WooCommerce Brands\u003C\u002Fa>\u003C\u002Fstrong> – This plugin makes it possible to create an unlimited number of brands that can be assigned to the products for better cataloging, product search and additional opportunities for marketing and brand promotion.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwoocommerce-product-filter\u002F\" rel=\"nofollow ugc\">Premmerce WooCommerce Product Filter\u003C\u002Fa>\u003C\u002Fstrong> – Premmerce WooCommerce Product Filter plugin is a convenient and flexible tool for managing filters for WooCommerce products.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwoocommerce-customers-manager\u002F\" rel=\"nofollow ugc\">WooCommerce Customers Manager\u003C\u002Fa>\u003C\u002Fstrong> – This plugin extends the standard user list and the edit user page in WordPress and adds the customer data from WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwoocommerce-permalink-manager-remove-shop-product-product-category-url\u002F\" rel=\"nofollow ugc\">WooCommerce Permalink Manager\u003C\u002Fa>\u003C\u002Fstrong> – This plugin allows you to configure URL generation strategy for your WooCommerce based store.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwoocommerce-seo-addon-yoast\u002F\" rel=\"nofollow ugc\">WooCommerce SEO Addon\u003C\u002Fa>\u003C\u002Fstrong> – Premmerce WooCommerce SEO Addon plugin extends the functionality of Yoast SEO for microdata management and provides all the instruments you need for your store’s SEO improvement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwoocommerce-product-bundles\u002F\" rel=\"nofollow ugc\">Premmerce Woocommerce Product Bundles\u003C\u002Fa>\u003C\u002Fstrong> – Premmerce Woocommerce Product Bundles plugin is used to add bundles of products with discounts and to display them as a list on a  product page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fpremmerce-woocommerce-wholesale-pricing\u002F\" rel=\"nofollow ugc\">Premmerce Woocommerce Wholesale Pricing\u003C\u002Fa>\u003C\u002Fstrong> – Premmerce WooCommerce Wholesale Pricing is a plugin that allows you to add individual wholesale prices or other price types for WooCommerce products to  any customers’ roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwoocommerce-wishlist\u002F\" rel=\"nofollow ugc\">Premmerce WooCommerce Wishlist\u003C\u002Fa>\u003C\u002Fstrong> – Premmerce WooCommerce Wishlist plugin provides the possibility for your customers to create wishlists with the further possibility to share them with friends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwoocommerce-redirect-manager\u002F\" rel=\"nofollow ugc\">Premmerce Redirect Manager\u003C\u002Fa>\u003C\u002Fstrong> – Premmerce Redirect Manager plugin enables you to create 301 and 302 redirects and to set up the automatic redirects for the deleted products in the WooCommerce store.\u003C\u002Fp>\n\u003Cp>Full documentation is available here: \u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fpremmerce-main-plugin-woocommerce-plugins-bundle\u002F\" rel=\"nofollow ugc\">Premmerce\u003C\u002Fa>\u003C\u002Fp>\n","Premmerce is a must-have toolkit for WooCommerce with a detailed Setup Wizard for your store.",500,42805,94,32,"2026-02-19T20:19:00.000Z","6.9.4","4.8","5.9",[19,20,21],"woocommerce-plugins-bundle","woocommerce-tutorial","woocommerce-wizard","https:\u002F\u002Fpremmerce.com\u002Fpremmerce-main-plugin-woocommerce-plugins-bundle\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpremmerce.1.3.22.zip",93,4,0,"2026-02-06 20:25:58","2026-03-15T15:16:48.613Z",[30,46,62,75],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":37,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2026-0555","premmerce-authenticated-subscriber-stored-cross-site-scripting-via-premmercewizardactions-ajax-endpoint","Premmerce \u003C= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint","The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the `state` parameter. This makes it possible for authenticated attackers, with subscriber level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page (the Premmerce Wizard admin page).",null,"\u003C=1.3.20","1.3.21","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-25 15:58:31",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F90b2a644-19a0-43a1-8ff6-7486d7ef29b3?source=api-prod",19,{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":35,"affected_versions":51,"patched_in_version":52,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2025-60241","premmerce-unauthenticated-local-file-inclusion","Premmerce \u003C= 1.3.19 - Unauthenticated Local File Inclusion","The Premmerce plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.19. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.","\u003C=1.3.19","1.3.20","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2025-07-02 00:00:00","2026-01-06 18:39:12",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2b63e7e0-e6c7-4c76-94f7-c1a8bc87c5fc?source=api-prod",189,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":35,"affected_versions":51,"patched_in_version":52,"severity":38,"cvss_score":67,"cvss_vector":68,"vuln_type":69,"published_date":70,"updated_date":71,"references":72,"days_to_patch":74},"CVE-2025-64288","premmerce-cross-site-request-forgery","Premmerce \u003C= 1.3.19 - Cross-Site Request Forgery","The Premmerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.19. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-05-10 00:00:00","2026-01-06 18:39:30",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd06e9c13-a365-4dd7-a923-62ee2e2e2ffb?source=api-prod",242,{"id":76,"url_slug":77,"title":78,"description":79,"plugin_slug":4,"theme_slug":35,"affected_versions":80,"patched_in_version":81,"severity":38,"cvss_score":82,"cvss_vector":83,"vuln_type":69,"published_date":84,"updated_date":85,"references":86,"days_to_patch":88},"CVE-2023-23719","premmerce-cross-site-request-forgery-via-runaction","Premmerce \u003C= 1.3.18 - Cross-Site Request Forgery via runAction","The Premmerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.18. This is due to missing or incorrect nonce validation on the runAction function. This makes it possible for unauthenticated attackers to install, activate, or deactivate arbitrary plugins from the WordPress plugins repository via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.3.18","1.3.19",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:H\u002FA:N","2023-04-02 00:00:00","2024-04-12 19:01:20",[87],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F54154f34-96be-4b67-bca8-8efc4ab8543e?source=api-prod",377,{"slug":4,"display_name":5,"profile_url":7,"plugin_count":90,"total_installs":91,"avg_security_score":12,"avg_patch_time_days":92,"trust_score":93,"computed_at":94},14,59700,401,75,"2026-04-04T11:02:17.804Z",[96],{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":26,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":116,"download_link":117,"security_score":118,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"open-closed-woo-commerce-checkout-by-ritesh-ghimire","Open Closed Woo commerce Checkout By Ritesh Ghimire","1.0.0","riteshghimire9090","https:\u002F\u002Fprofiles.wordpress.org\u002Friteshghimire9090\u002F","\u003Cp>This is simple plugin which helps to closed the woocommerce checkout in Store Closed day!\u003C\u002Fp>\n","This is simple plugin which helps to closed the woocommerce checkout in Store Closed day!",857,60,1,"2020-05-07T15:56:00.000Z","5.0.25","5.0","7.2",[112,113,114,115,20],"online-store","woocommerce","woocommerce-plugin","woocommerce-setup","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopen-closed-woo-commerce-checkout-by-ritesh-ghimire.zip",85,{"attackSurface":120,"codeSignals":268,"taintFlows":340,"riskAssessment":465,"analyzedAt":482},{"hooks":121,"ajaxHandlers":253,"restRoutes":260,"shortcodes":261,"cronEvents":265,"entryPointCount":266,"unprotectedCount":267},[122,129,133,137,141,146,149,153,156,160,165,169,174,178,182,188,193,196,198,200,201,206,209,212,217,220,223,227,229,230,232,234,238,241,244,248],{"type":123,"name":124,"callback":125,"priority":126,"file":127,"line":128},"action","woocommerce_single_product_summary","renderComparisonBtn",36,"addons\\premmerce-product-comparison\\src\\Frontend\\Frontend.php",53,{"type":123,"name":130,"callback":125,"priority":131,"file":127,"line":132},"woocommerce_after_shop_loop_item",5,54,{"type":123,"name":134,"callback":135,"file":127,"line":136},"wp_enqueue_scripts","enqueueScripts",58,{"type":123,"name":138,"callback":139,"file":127,"line":140},"init","checkIntegration",61,{"type":123,"name":142,"callback":125,"priority":143,"file":144,"line":145},"ocean_after_single_product_quantity-button",10,"addons\\premmerce-product-comparison\\src\\Integration\\OceanWpIntegration.php",17,{"type":123,"name":147,"callback":125,"priority":131,"file":144,"line":148},"ocean_after_archive_product_inner",22,{"type":123,"name":150,"callback":151,"file":152,"line":132},"widgets_init","registerWidgets","addons\\premmerce-product-comparison\\src\\ProductComparisonPlugin.php",{"type":123,"name":138,"callback":154,"file":152,"line":155},"loadTextDomain",56,{"type":123,"name":157,"callback":158,"file":152,"line":159},"admin_init","checkRequirePlugins",57,{"type":123,"name":161,"callback":162,"file":163,"line":164},"wc_ajax_premmerce_comparison_add","comparisonAddAjax","addons\\premmerce-product-comparison\\src\\RestApi\\ComparisonRestApi.php",41,{"type":123,"name":166,"callback":167,"file":163,"line":168},"rest_api_init","registerRestRoutes",42,{"type":123,"name":170,"callback":171,"file":172,"line":173},"add_meta_boxes","addVideoBox","addons\\premmerce-woocommerce-toolkit\\src\\Admin\\Admin.php",34,{"type":123,"name":175,"callback":176,"file":172,"line":177},"save_post","savePost",35,{"type":123,"name":157,"callback":179,"priority":180,"file":172,"line":181},"closure",11,38,{"type":123,"name":183,"callback":184,"priority":185,"file":186,"line":187},"woocommerce_product_thumbnails","addProductVideo",30,"addons\\premmerce-woocommerce-toolkit\\src\\Frontend\\Frontend.php",33,{"type":123,"name":189,"callback":190,"priority":191,"file":186,"line":192},"wp_head","addHeaderUserScripts",99,37,{"type":123,"name":194,"callback":195,"priority":191,"file":186,"line":164},"wp_footer","addFooterUserScripts",{"type":123,"name":138,"callback":179,"file":186,"line":197},45,{"type":123,"name":157,"callback":158,"file":199,"line":126},"addons\\premmerce-woocommerce-toolkit\\src\\PremmerceToolkitPlugin.php",{"type":123,"name":138,"callback":154,"file":199,"line":192},{"type":202,"name":203,"callback":204,"priority":143,"file":199,"line":205},"filter","woocommerce_shipping_instance_form_fields_flat_rate","addShippingDescription",46,{"type":202,"name":207,"callback":204,"priority":143,"file":199,"line":208},"woocommerce_shipping_instance_form_fields_free_shipping",47,{"type":202,"name":210,"callback":204,"priority":143,"file":199,"line":211},"woocommerce_shipping_instance_form_fields_local_pickup",51,{"type":123,"name":213,"callback":214,"file":215,"line":216},"plugins_loaded","runActive","src\\Addons\\AddonsManager.php",62,{"type":202,"name":218,"callback":179,"priority":143,"file":215,"line":219},"plugin_action_links",64,{"type":123,"name":221,"callback":179,"file":215,"line":222},"admin_post_premmerce_addon_action",74,{"type":123,"name":224,"callback":225,"priority":106,"file":226,"line":173},"admin_menu","addMenuPage","src\\Admin\\Admin.php",{"type":123,"name":228,"callback":135,"file":226,"line":177},"admin_enqueue_scripts",{"type":123,"name":134,"callback":135,"file":226,"line":126},{"type":123,"name":231,"callback":179,"file":226,"line":192},"admin_post_premmerce_actions",{"type":123,"name":233,"callback":179,"file":226,"line":205},"wp_before_admin_bar_render",{"type":123,"name":157,"callback":235,"file":236,"line":237},"initSettings","src\\Admin\\Settings.php",18,{"type":202,"name":239,"callback":179,"priority":240,"file":236,"line":45},"sanitize_title",9,{"type":123,"name":138,"callback":154,"file":242,"line":243},"src\\PremmercePlugin.php",43,{"type":123,"name":245,"callback":246,"file":242,"line":247},"before_woocommerce_init","declareHposCompatibility",44,{"type":202,"name":249,"callback":250,"file":251,"line":252},"hide_account_tabs","__return_true","views\\admin\\tabs\\account.php",8,[254,258],{"action":255,"nopriv":256,"callback":179,"hasNonce":256,"hasCapCheck":256,"file":226,"line":257},"premmerce_actions",false,40,{"action":259,"nopriv":256,"callback":179,"hasNonce":256,"hasCapCheck":256,"file":226,"line":243},"premmerce_wizard_actions",[],[262],{"tag":263,"callback":264,"file":127,"line":155},"comparisons_page","comparisonPage",[],3,2,{"dangerousFunctions":269,"sqlUsage":277,"outputEscaping":280,"fileOperations":267,"externalRequests":26,"nonceChecks":25,"capabilityChecks":278,"bundledLibraries":335},[270,275],{"fn":271,"file":272,"line":273,"context":274},"unserialize","addons\\premmerce-woocommerce-toolkit\\views\\admin\\product-video-box.php",31,"$hash = unserialize(file_get_contents('http:\u002F\u002Fvimeo.com\u002Fapi\u002Fv2\u002Fvideo\u002F' . $pathParts[count($pathParts",{"fn":271,"file":276,"line":145,"context":274},"addons\\premmerce-woocommerce-toolkit\\views\\frontend\\product-video.php",{"prepared":278,"raw":26,"locations":279},6,[],{"escaped":281,"rawEcho":187,"locations":282},66,[283,287,288,291,292,293,294,295,296,298,300,301,302,304,306,308,310,311,312,313,315,316,317,320,321,322,323,324,325,327,329,330,332],{"file":284,"line":285,"context":286},"addons\\premmerce-product-comparison\\views\\frontend\\comparison-page-categories.php",25,"raw output",{"file":284,"line":185,"context":286},{"file":289,"line":290,"context":286},"addons\\premmerce-product-comparison\\views\\frontend\\comparison-page-products.php",24,{"file":289,"line":285,"context":286},{"file":289,"line":185,"context":286},{"file":289,"line":273,"context":286},{"file":289,"line":177,"context":286},{"file":289,"line":181,"context":286},{"file":289,"line":297,"context":286},50,{"file":299,"line":266,"context":286},"addons\\premmerce-product-comparison\\views\\widget\\comparison-widget.php",{"file":299,"line":278,"context":286},{"file":299,"line":143,"context":286},{"file":299,"line":303,"context":286},12,{"file":299,"line":305,"context":286},16,{"file":186,"line":307,"context":286},72,{"file":186,"line":309,"context":286},79,{"file":272,"line":143,"context":286},{"file":272,"line":145,"context":286},{"file":272,"line":181,"context":286},{"file":276,"line":314,"context":286},23,{"file":276,"line":290,"context":286},{"file":276,"line":285,"context":286},{"file":318,"line":319,"context":286},"views\\admin\\tabs\\addons.php",27,{"file":318,"line":185,"context":286},{"file":318,"line":173,"context":286},{"file":318,"line":126,"context":286},{"file":318,"line":168,"context":286},{"file":318,"line":247,"context":286},{"file":326,"line":192,"context":286},"views\\admin\\tabs\\plugins.php",{"file":326,"line":328,"context":286},39,{"file":326,"line":208,"context":286},{"file":326,"line":331,"context":286},52,{"file":333,"line":334,"context":286},"views\\admin\\tabs\\wizard.php",144,[336],{"name":337,"version":338,"knownCves":339},"Freemius","1.0",[],[341,357,368,381,391,399,412,420,437,448],{"entryPoint":342,"graph":343,"unsanitizedCount":106,"severity":38},"comparisonAddHandler (addons\\premmerce-product-comparison\\src\\RestApi\\ComparisonRestApi.php:84)",{"nodes":344,"edges":355},[345,350],{"id":346,"type":347,"label":348,"file":163,"line":349},"n0","source","$_SERVER['HTTP_REFERER']",90,{"id":351,"type":352,"label":353,"file":163,"line":349,"wp_function":354},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[356],{"from":346,"to":351,"sanitized":256},{"entryPoint":358,"graph":359,"unsanitizedCount":106,"severity":38},"comparisonDelete (addons\\premmerce-product-comparison\\src\\RestApi\\ComparisonRestApi.php:102)",{"nodes":360,"edges":366},[361,364],{"id":346,"type":347,"label":362,"file":163,"line":363},"$_SERVER",107,{"id":351,"type":352,"label":353,"file":163,"line":365,"wp_function":354},128,[367],{"from":346,"to":351,"sanitized":256},{"entryPoint":369,"graph":370,"unsanitizedCount":267,"severity":38},"\u003CComparisonRestApi> (addons\\premmerce-product-comparison\\src\\RestApi\\ComparisonRestApi.php:0)",{"nodes":371,"edges":378},[372,373,374,376],{"id":346,"type":347,"label":348,"file":163,"line":349},{"id":351,"type":352,"label":353,"file":163,"line":349,"wp_function":354},{"id":375,"type":347,"label":362,"file":163,"line":363},"n2",{"id":377,"type":352,"label":353,"file":163,"line":365,"wp_function":354},"n3",[379,380],{"from":346,"to":351,"sanitized":256},{"from":375,"to":377,"sanitized":256},{"entryPoint":382,"graph":383,"unsanitizedCount":26,"severity":390},"init (src\\Addons\\AddonsManager.php:57)",{"nodes":384,"edges":387},[385,386],{"id":346,"type":347,"label":348,"file":215,"line":24},{"id":351,"type":352,"label":353,"file":215,"line":24,"wp_function":354},[388],{"from":346,"to":351,"sanitized":389},true,"low",{"entryPoint":392,"graph":393,"unsanitizedCount":26,"severity":390},"\u003CAddonsManager> (src\\Addons\\AddonsManager.php:0)",{"nodes":394,"edges":397},[395,396],{"id":346,"type":347,"label":348,"file":215,"line":24},{"id":351,"type":352,"label":353,"file":215,"line":24,"wp_function":354},[398],{"from":346,"to":351,"sanitized":389},{"entryPoint":400,"graph":401,"unsanitizedCount":26,"severity":390},"runAction (src\\Admin\\Handlers\\PluginsHandler.php:29)",{"nodes":402,"edges":410},[403,406],{"id":346,"type":347,"label":404,"file":405,"line":126},"$_REQUEST","src\\Admin\\Handlers\\PluginsHandler.php",{"id":351,"type":352,"label":407,"file":405,"line":408,"wp_function":409},"call_user_func() [RCE]",71,"call_user_func",[411],{"from":346,"to":351,"sanitized":389},{"entryPoint":413,"graph":414,"unsanitizedCount":26,"severity":390},"\u003CPluginsHandler> (src\\Admin\\Handlers\\PluginsHandler.php:0)",{"nodes":415,"edges":418},[416,417],{"id":346,"type":347,"label":404,"file":405,"line":126},{"id":351,"type":352,"label":407,"file":405,"line":408,"wp_function":409},[419],{"from":346,"to":351,"sanitized":389},{"entryPoint":421,"graph":422,"unsanitizedCount":106,"severity":390},"runAction (src\\Admin\\Handlers\\WizardHandler.php:31)",{"nodes":423,"edges":434},[424,427,430],{"id":346,"type":347,"label":425,"file":426,"line":208},"$_POST","src\\Admin\\Handlers\\WizardHandler.php",{"id":351,"type":428,"label":429,"file":426,"line":208},"transform","→ updatePositions()",{"id":375,"type":352,"label":431,"file":432,"line":205,"wp_function":433},"update_option() [Settings Manipulation]","src\\Api\\WizardApi.php","update_option",[435,436],{"from":346,"to":351,"sanitized":256},{"from":351,"to":375,"sanitized":256},{"entryPoint":438,"graph":439,"unsanitizedCount":106,"severity":390},"handleContainerState (src\\Admin\\Handlers\\WizardHandler.php:63)",{"nodes":440,"edges":445},[441,442,444],{"id":346,"type":347,"label":425,"file":426,"line":281},{"id":351,"type":428,"label":443,"file":426,"line":281},"→ updateContainerState()",{"id":375,"type":352,"label":431,"file":432,"line":181,"wp_function":433},[446,447],{"from":346,"to":351,"sanitized":256},{"from":351,"to":375,"sanitized":256},{"entryPoint":449,"graph":450,"unsanitizedCount":267,"severity":390},"\u003CWizardHandler> (src\\Admin\\Handlers\\WizardHandler.php:0)",{"nodes":451,"edges":460},[452,453,454,455,456,458],{"id":346,"type":347,"label":425,"file":426,"line":208},{"id":351,"type":428,"label":429,"file":426,"line":208},{"id":375,"type":352,"label":431,"file":432,"line":205,"wp_function":433},{"id":377,"type":347,"label":425,"file":426,"line":281},{"id":457,"type":428,"label":443,"file":426,"line":281},"n4",{"id":459,"type":352,"label":431,"file":432,"line":181,"wp_function":433},"n5",[461,462,463,464],{"from":346,"to":351,"sanitized":256},{"from":351,"to":375,"sanitized":256},{"from":377,"to":457,"sanitized":256},{"from":457,"to":459,"sanitized":256},{"summary":466,"deductions":467},"The Premmerce plugin v1.3.22 presents a mixed security posture. While it demonstrates good practices in SQL query handling with 100% prepared statements and a high rate of output escaping, significant concerns arise from its attack surface and vulnerability history.  The presence of two AJAX handlers without authentication checks creates a direct entry point for unauthorized actions. Taint analysis, though showing no critical or high severity unsanitized flows, still indicates six flows with unsanitized paths, suggesting potential for vulnerabilities if not handled carefully in future updates. The plugin's history of four known CVEs, including a high severity cross-site scripting (XSS) vulnerability and PHP remote file inclusion (RFI) issues, is a significant red flag. The recentness of the last reported vulnerability (2026-02-06) is also concerning, indicating ongoing issues. The combination of an exposed attack surface and past critical vulnerability types points to a need for heightened vigilance.",[468,470,472,475,477,479],{"reason":469,"points":143},"2 AJAX handlers without auth checks",{"reason":471,"points":131},"6 flows with unsanitized paths",{"reason":473,"points":474},"1 high severity vulnerability in history",15,{"reason":476,"points":240},"3 medium severity vulnerabilities in history",{"reason":478,"points":266},"Bundled Freemius v1.0 library",{"reason":480,"points":481},"67% output escaping is not properly escaped",7,"2026-03-16T19:34:39.022Z",{"wat":484,"direct":495},{"assetPaths":485,"generatorPatterns":492,"scriptPaths":493,"versionParams":494},[486,487,488,489,490,491],"\u002Fwp-content\u002Fplugins\u002Fpremmerce-product-comparison\u002Ffrontend\u002Fcss\u002Fpremmerce-product-comparison.css","\u002Fwp-content\u002Fplugins\u002Fpremmerce-product-comparison\u002Ffrontend\u002Fjs\u002Fpremmerce-product-comparison.js","\u002Fwp-content\u002Fplugins\u002Fpremmerce-woocommerce-toolkit\u002Fassets\u002Fcss\u002Fadmin\u002Fpremium.css","\u002Fwp-content\u002Fplugins\u002Fpremmerce-woocommerce-toolkit\u002Fassets\u002Fcss\u002Ffrontend\u002Fpremium.css","\u002Fwp-content\u002Fplugins\u002Fpremmerce-woocommerce-toolkit\u002Fassets\u002Fjs\u002Fadmin\u002Fpremium.js","\u002Fwp-content\u002Fplugins\u002Fpremmerce-woocommerce-toolkit\u002Fassets\u002Fjs\u002Ffrontend\u002Fpremium.js",[],[487],[],{"cssClasses":496,"htmlComments":498,"htmlAttributes":499,"restEndpoints":501,"jsGlobals":503,"shortcodeOutput":504},[497],"premmerce-product-comparison",[],[500],"data-premmerce-compare-url",[502],"\u002Fwp-json\u002Fpremmerce\u002Fcomparison\u002Fdelete\u002F",[],[505],"[comparisons_page]"]