[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftxTD-fU3axNJXo2XF0Xiii1jXpvFLXXL2LDAESlbBbI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":30,"analysis":31,"fingerprints":104},"product-question-and-answer","Product Question and Answer","1.1.0","acespritech","https:\u002F\u002Fprofiles.wordpress.org\u002Facespritech\u002F","\u003Cp>Features:-\u003Cbr \u002F>\n1) Let your users ask a question on specific WooCommerce\u003Cbr \u002F>\nproducts.\u003Cbr \u002F>\n2) Let your users answer a question on the product page.\u003Cbr \u002F>\n3) Manage easily questions and answers.\u003Cbr \u002F>\n4) This plugin allows register customer of your shop to ask\u003Cbr \u002F>\nquestions about products. Both admin and other register\u003Cbr \u002F>\ncustomer can answers to them and guest customer can see all\u003Cbr \u002F>\nquestion and answer of all product of your shop.\u003Cbr \u002F>\n5) Work with simple product and variable products.\u003C\u002Fp>\n\u003Cp>Avails logged-in customers to ask question and give answer about\u003Cbr \u002F>\neach product.\u003Cbr \u002F>\nUser can give multiple answers for one question for same login\u003Cbr \u002F>\naccount.\u003Cbr \u002F>\nIt is working on simple product and variable product in woocommerce.\u003C\u002Fp>\n\u003Cp>Admin can enable Product Q\u002FA tab in particular product page and\u003Cbr \u002F>\ndisable for particular product page.\u003Cbr \u002F>\nAdmin can show list of question order by post date ,user name ,user\u003Cbr \u002F>\nemail id and approve status.\u003C\u002Fp>\n\u003Cp>No configuration needed! just install and it will start working from\u003Cbr \u002F>\nthere, you can change the settings at any time though.\u003C\u002Fp>\n","This plugin allows the customers to ask questions about each product in your store and any one can answers for those Questions.",0,913,"","5.2.24","5.1","5.0",[4],"https:\u002F\u002Facespritech.com\u002Fservices\u002Fwordpress-extensions\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproduct-question-and-answer.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":26,"avg_security_score":27,"avg_patch_time_days":26,"trust_score":28,"computed_at":29},9,30,93,89,"2026-04-04T05:30:46.019Z",[],{"attackSurface":32,"codeSignals":38,"taintFlows":68,"riskAssessment":95,"analyzedAt":103},{"hooks":33,"ajaxHandlers":34,"restRoutes":35,"shortcodes":36,"cronEvents":37,"entryPointCount":11,"unprotectedCount":11},[],[],[],[],[],{"dangerousFunctions":39,"sqlUsage":40,"outputEscaping":63,"fileOperations":11,"externalRequests":11,"nonceChecks":66,"capabilityChecks":11,"bundledLibraries":67},[],{"prepared":41,"raw":42,"locations":43},6,7,[44,48,50,54,56,58,61],{"file":45,"line":46,"context":47},"answer.php",18,"$wpdb->get_results() with variable interpolation",{"file":45,"line":49,"context":47},51,{"file":51,"line":52,"context":53},"db.php",13,"$wpdb->get_var() with variable interpolation",{"file":51,"line":55,"context":53},38,{"file":57,"line":26,"context":47},"mainqa.php",{"file":59,"line":60,"context":47},"tabs_qa.php",58,{"file":59,"line":62,"context":47},59,{"escaped":64,"rawEcho":11,"locations":65},63,[],1,[],[69,87],{"entryPoint":70,"graph":71,"unsanitizedCount":11,"severity":86},"aspl_qa_render_list_page (mainqa.php:216)",{"nodes":72,"edges":83},[73,78],{"id":74,"type":75,"label":76,"file":57,"line":77},"n0","source","$_REQUEST['page']",231,{"id":79,"type":80,"label":81,"file":57,"line":77,"wp_function":82},"n1","sink","echo() [XSS]","echo",[84],{"from":74,"to":79,"sanitized":85},true,"low",{"entryPoint":88,"graph":89,"unsanitizedCount":11,"severity":86},"\u003Cmainqa> (mainqa.php:0)",{"nodes":90,"edges":93},[91,92],{"id":74,"type":75,"label":76,"file":57,"line":77},{"id":79,"type":80,"label":81,"file":57,"line":77,"wp_function":82},[94],{"from":74,"to":79,"sanitized":85},{"summary":96,"deductions":97},"The \"product-question-and-answer\" v1.1.0 plugin exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of identified CVEs and a clean taint analysis are positive indicators, suggesting a well-maintained codebase. All identified output is properly escaped, and the plugin avoids dangerous functions, file operations, and external HTTP requests, which are common sources of vulnerabilities. The presence of a nonce check and the fact that all SQL queries utilize prepared statements, to a significant degree, further contribute to its secure design.\n\nHowever, a key concern arises from the complete lack of capability checks. This means that any functionality exposed by the plugin, even if through entry points not immediately obvious from the provided attack surface data, could be accessed by any logged-in user, regardless of their role or permissions. While the attack surface appears small and unprotected entry points are zero, this absence of capability checks is a significant oversight that could allow for privilege escalation or unauthorized actions if an entry point is discovered or if certain administrative functions are implicitly present. The moderate usage of prepared statements (46%) also implies that a portion of the SQL queries are not secured, posing a potential SQL injection risk, although the taint analysis did not flag any issues in this area.\n\nIn conclusion, the plugin demonstrates strong adherence to several fundamental security practices, particularly in output escaping and avoiding risky functions. The lack of historical vulnerabilities is encouraging. The primary weakness lies in the complete omission of capability checks, which represents a significant potential risk that needs to be addressed to ensure robust security. The incomplete use of prepared statements for SQL queries is a secondary concern that warrants attention.",[98,101],{"reason":99,"points":100},"No capability checks implemented",15,{"reason":102,"points":42},"54% of SQL queries not using prepared statements","2026-03-17T06:02:01.934Z",{"wat":105,"direct":116},{"assetPaths":106,"generatorPatterns":111,"scriptPaths":112,"versionParams":115},[107,108,109,110],"\u002Fwp-content\u002Fplugins\u002Fproduct-question-and-answer\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fproduct-question-and-answer\u002Fcss\u002Faspl_qa_custom_css.css","\u002Fwp-content\u002Fplugins\u002Fproduct-question-and-answer\u002Fjs\u002Fcustom.js","\u002Fwp-content\u002Fplugins\u002Fproduct-question-and-answer\u002Fjs\u002Ffontawesome.min.js",[],[113,114],"js\u002Fcustom.js","js\u002Ffontawesome.min.js",[],{"cssClasses":117,"htmlComments":119,"htmlAttributes":120,"restEndpoints":123,"jsGlobals":124,"shortcodeOutput":126},[118],"aspl_question_answer",[],[121,122],"id='_enableqa'","id='aspl_question_answer'",[],[125],"aspl_custom_ajax_data",[]]