[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQN6JSxePsBH5Ew_mco892TXkiOWHUr4sSi38PNiyShY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":39,"fingerprints":198},"product-widget-glopart","Витрина товаров Glopart","1.0.3","Ivan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmoney\u002F","\u003Cp>Теперь вы можете активно зарабатывать на продаже топовых товаров из каталога партнерских программ Glopart.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fglopart.ru\" rel=\"nofollow ugc\">Перейти на сайт Glopart.ru\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Описание\u003C\u002Fh3>\n\u003Cp>Плагин «\u003Cstrong>Витрина товаров Glopart\u003C\u002Fstrong>» – партнерское решение для сайтов на WordPress:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>автоматически сделает вас партнером топовых партнерских программ,\u003C\u002Fli>\n\u003Cli>наполнит ваш сайт WP партнесркими предложениями (landing pages),\u003C\u002Fli>\n\u003Cli>самостоятельно обновит все товары без необходимости совершать дополнительные действия.\u003C\u002Fli>\n\u003Cli>pro версия плагина доступна на сайте плагина \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FWxX1Cj8CzXw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpmoney.ru\u002F\" rel=\"nofollow ugc\">Чем отличается PRO версия от этой?\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Настройка плагина\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FWxX1Cj8CzXw\" rel=\"nofollow ugc\">Инструкция по установке и настройке плагина\u003C\u002Fa>\u003C\u002Fp>\n","Теперь вы можете активно зарабатывать на продаже топовых товаров из каталога партнерских программ Glopart. Перейти на сайт Glopart.ru",10,1725,100,3,"2018-09-19T20:01:00.000Z","4.9.29","4.7.11","5.6",[20,21,22,23,24],"%d0%b2%d0%b8%d1%82%d1%80%d0%b8%d0%bd%d0%b0-%d0%bf%d0%b0%d1%80%d1%82%d0%bd%d0%b5%d1%80%d1%81%d0%ba%d0%b8%d1%85-%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%be%d0%b2-wordpress","%d0%ba%d0%b0%d1%82%d0%b0%d0%bb%d0%be%d0%b3-%d1%86%d0%b8%d1%84%d1%80%d0%be%d0%b2%d1%8b%d1%85-%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%be%d0%b2-wordpress","%d0%ba%d1%83%d1%80%d1%81%d1%8b-glopart","glopart-%d0%ba%d0%b0%d0%ba-%d0%b7%d0%b0%d1%80%d0%b0%d0%b1%d0%be%d1%82%d0%b0%d1%82%d1%8c","glopart-wp","https:\u002F\u002Fru.wordpress.org\u002Fplugins\u002Fproduct-widget-glopart\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproduct-widget-glopart.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"wpmoney",1,30,84,"2026-04-05T09:17:01.482Z",[],{"attackSurface":40,"codeSignals":56,"taintFlows":167,"riskAssessment":186,"analyzedAt":197},{"hooks":41,"ajaxHandlers":52,"restRoutes":53,"shortcodes":54,"cronEvents":55,"entryPointCount":28,"unprotectedCount":28},[42,48],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","admin_enqueue_scripts","pwg_admin_scripts","product-widget-glopart.php",21,{"type":43,"name":49,"callback":50,"file":46,"line":51},"widgets_init","pwg_product_glopart",23,[],[],[],[],{"dangerousFunctions":57,"sqlUsage":58,"outputEscaping":60,"fileOperations":28,"externalRequests":165,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":166},[],{"prepared":28,"raw":28,"locations":59},[],{"escaped":28,"rawEcho":61,"locations":62},63,[63,67,69,71,73,75,77,79,80,81,83,85,86,87,89,91,92,93,95,97,98,99,101,103,104,105,107,108,110,111,113,114,116,117,119,121,122,123,125,127,129,131,133,134,136,137,139,140,142,143,145,146,148,150,151,152,154,155,157,158,160,161,163],{"file":64,"line":65,"context":66},"includes\\engine.php",24,"raw output",{"file":46,"line":68,"context":66},49,{"file":46,"line":70,"context":66},52,{"file":46,"line":72,"context":66},70,{"file":46,"line":74,"context":66},72,{"file":46,"line":76,"context":66},104,{"file":46,"line":78,"context":66},105,{"file":46,"line":78,"context":66},{"file":46,"line":78,"context":66},{"file":46,"line":82,"context":66},109,{"file":46,"line":84,"context":66},110,{"file":46,"line":84,"context":66},{"file":46,"line":84,"context":66},{"file":46,"line":88,"context":66},114,{"file":46,"line":90,"context":66},115,{"file":46,"line":90,"context":66},{"file":46,"line":90,"context":66},{"file":46,"line":94,"context":66},119,{"file":46,"line":96,"context":66},120,{"file":46,"line":96,"context":66},{"file":46,"line":96,"context":66},{"file":46,"line":100,"context":66},124,{"file":46,"line":102,"context":66},125,{"file":46,"line":102,"context":66},{"file":46,"line":102,"context":66},{"file":46,"line":106,"context":66},138,{"file":46,"line":106,"context":66},{"file":46,"line":109,"context":66},139,{"file":46,"line":109,"context":66},{"file":46,"line":112,"context":66},140,{"file":46,"line":112,"context":66},{"file":46,"line":115,"context":66},141,{"file":46,"line":115,"context":66},{"file":46,"line":118,"context":66},146,{"file":46,"line":120,"context":66},147,{"file":46,"line":120,"context":66},{"file":46,"line":120,"context":66},{"file":46,"line":124,"context":66},154,{"file":46,"line":126,"context":66},156,{"file":46,"line":128,"context":66},158,{"file":46,"line":130,"context":66},160,{"file":46,"line":132,"context":66},163,{"file":46,"line":132,"context":66},{"file":46,"line":135,"context":66},164,{"file":46,"line":135,"context":66},{"file":46,"line":138,"context":66},165,{"file":46,"line":138,"context":66},{"file":46,"line":141,"context":66},166,{"file":46,"line":141,"context":66},{"file":46,"line":144,"context":66},167,{"file":46,"line":144,"context":66},{"file":46,"line":147,"context":66},172,{"file":46,"line":149,"context":66},173,{"file":46,"line":149,"context":66},{"file":46,"line":149,"context":66},{"file":46,"line":153,"context":66},183,{"file":46,"line":153,"context":66},{"file":46,"line":156,"context":66},184,{"file":46,"line":156,"context":66},{"file":46,"line":159,"context":66},185,{"file":46,"line":159,"context":66},{"file":46,"line":162,"context":66},193,{"file":46,"line":164,"context":66},195,2,[],[168],{"entryPoint":169,"graph":170,"unsanitizedCount":34,"severity":185},"\u003Cproduct-widget-glopart> (product-widget-glopart.php:0)",{"nodes":171,"edges":182},[172,177],{"id":173,"type":174,"label":175,"file":46,"line":176},"n0","source","$_SERVER",61,{"id":178,"type":179,"label":180,"file":46,"line":72,"wp_function":181},"n1","sink","echo() [XSS]","echo",[183],{"from":173,"to":178,"sanitized":184},false,"low",{"summary":187,"deductions":188},"The \"product-widget-glopart\" v1.0.3 plugin exhibits a mixed security posture. On the positive side, the absence of known CVEs, lack of dangerous functions, and exclusive use of prepared statements for SQL queries are strong indicators of good development practices. The plugin also appears to have a minimal attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events contributing to potential entry points. However, significant concerns arise from the static analysis of its code.  A critical finding is that 100% of its output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, there is a single taint flow identified with an unsanitized path, which, while not flagged as critical or high severity in this analysis, still warrants careful attention as it represents a potential avenue for malicious input processing. The plugin also performs external HTTP requests, and while no specific vulnerabilities are detailed, this functionality can introduce risks if not handled securely.\n\nThe lack of any recorded vulnerability history is a positive sign, suggesting the plugin has not been a frequent target or source of security issues. However, this can also be misleading if the plugin has not been subjected to thorough security audits or if the current lack of escape for output has simply gone unnoticed.  The overall security profile is therefore a balance between a seemingly clean history and coding practices that introduce immediate, albeit potentially unexploited, risks, particularly concerning output escaping. Users should be aware of the XSS risks and the potential implications of the unsanitized taint flow.",[189,192,195],{"reason":190,"points":191},"100% of outputs are not properly escaped",15,{"reason":193,"points":194},"Taint flow with unsanitized path",8,{"reason":196,"points":14},"External HTTP requests without context","2026-03-17T01:21:07.351Z",{"wat":199,"direct":206},{"assetPaths":200,"generatorPatterns":202,"scriptPaths":203,"versionParams":204},[201],"\u002Fwp-content\u002Fplugins\u002Fproduct-widget-glopart\u002Fassets\u002Fcss\u002Fstyle.css",[],[],[205],"product-widget-glopart\u002Fassets\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":207,"htmlComments":209,"htmlAttributes":210,"restEndpoints":224,"jsGlobals":225,"shortcodeOutput":226},[208],"example",[],[211,212,213,214,215,216,217,218,219,220,221,222,223],"id=\"pwg_glopart\"","for=\"pwg_glopart-title\"","name=\"pwg_glopart-title\"","id=\"pwg_glopart-glopart_id\"","name=\"pwg_glopart-glopart_id\"","id=\"pwg_glopart-glopart_count\"","name=\"pwg_glopart-glopart_count\"","id=\"pwg_glopart-glopart_img_width\"","name=\"pwg_glopart-glopart_img_width\"","id=\"pwg_glopart-glopart_img_align\"","name=\"pwg_glopart-glopart_img_align\"","id=\"pwg_glopart-glopart_img_border_radius\"","name=\"pwg_glopart-glopart_img_border_radius\"",[],[],[]]