[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffQ3y36BkcWl7dAQWzCt1zcY_cNWauTJ-CZ_DIyM9GgI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":72,"crawl_stats":36,"alternatives":77,"analysis":78,"fingerprints":345},"residential-address-detection","Residential Address Detection","2.5.11","enituretechnology","https:\u002F\u002Fprofiles.wordpress.org\u002Fenituretechnology\u002F","\u003Cp>An add-on plugin developed by Eniture Technology. The plugin works with Eniture Technology’s Small Package Quotes and LTL Freight Quotes plugins. It identifies the address type of the ship-to address provided by website visitors. When the address type is residential, the residential delivery fee is included in the shipping rate estimate returned by the carrier.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When enabled, automatically identifies residential and commercial addresses.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Requirements\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WooCommerce 6.4 or newer.\u003C\u002Fli>\n\u003Cli>The installation of at least one of Eniture Technology’s Small Package Quotes or LTL Freight Quotes plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n","Real-time identification of residential and commercial address types.",200,10701,40,1,"2026-01-13T09:03:00.000Z","6.9.4","6.4","",[20,21,22],"auto-residential","residential-address","residential-detection","https:\u002F\u002Feniture.com\u002Fproducts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresidential-address-detection.2.5.11.zip",93,3,0,"2025-07-16 00:00:00","2026-03-15T15:16:48.613Z",[31,47,59],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-48155","residential-address-detection-missing-authorization-2","Residential Address Detection \u003C= 2.5.9 - Missing Authorization","The Residential Address Detection plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.9. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=2.5.9","2.5.10","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-07-21 21:23:32",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faeee2aa6-060e-4f4e-8547-44b2bd4e823e?source=api-prod",6,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":54,"updated_date":55,"references":56,"days_to_patch":58},"CVE-2025-30916","residential-address-detection-missing-authorization","Residential Address Detection \u003C= 2.5.4 - Missing Authorization","The Residential Address Detection plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.4. This makes it possible for unauthenticated attackers to perform an unauthorized action.","\u003C=2.5.4","2.5.5","2025-04-02 00:00:00","2025-04-08 15:11:39",[57],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F554bea9d-903f-4e6f-8013-9816aa375f70?source=api-prod",7,{"id":60,"url_slug":61,"title":62,"description":63,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":64,"cvss_score":65,"cvss_vector":66,"vuln_type":42,"published_date":67,"updated_date":68,"references":69,"days_to_patch":71},"CVE-2025-27270","residential-address-detection-unauthenticated-arbitrary-options-update","Residential Address Detection \u003C= 2.5.4 - Unauthenticated Arbitrary Options Update","The Residential Address Detection plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on a function in all versions up to, and including, 2.5.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","2025-02-21 00:00:00","2025-03-03 21:47:20",[70],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F19c824ce-40e2-44fb-a356-6a02bd13cc67?source=api-prod",11,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":73,"total_installs":74,"avg_security_score":75,"avg_patch_time_days":71,"trust_score":25,"computed_at":76},29,1090,98,"2026-04-04T13:49:18.839Z",[],{"attackSurface":79,"codeSignals":177,"taintFlows":240,"riskAssessment":333,"analyzedAt":344},{"hooks":80,"ajaxHandlers":143,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":156,"unprotectedCount":27},[81,88,94,99,104,109,113,116,121,126,131,136,140],{"type":82,"name":83,"callback":84,"priority":85,"file":86,"line":87},"filter","en_woo_addons_check_for_lift_gate_delivery_option","liftgate_delivery",10,"admin\\templates\\en-woo-addon-liftgate-delivery-template.php",24,{"type":89,"name":90,"callback":91,"file":92,"line":93},"action","woocommerce_settings_wc_settings_quote_section_end_residential_addresses_after","eniture_woo_addons_end_residential_addresses_table","includes\\addresses\\inc\\en-template.php",2,{"type":89,"name":95,"callback":96,"file":97,"line":98},"admin_footer","eniture_rad_address_scripting_table","includes\\addresses\\js\\en-rad-distance-request.php",5,{"type":82,"name":100,"callback":101,"priority":85,"file":102,"line":103},"en_woo_addons_carrier_service_quotes_request","carrier_service_quotes_request","includes\\en-woo-addons-carrier-service.php",30,{"type":82,"name":105,"callback":106,"priority":71,"file":107,"line":108},"en_woo_addons_sections","en_woo_rad_addons_sections_arr","includes\\en-woo-addons-forms-handler.php",27,{"type":82,"name":110,"callback":111,"priority":85,"file":107,"line":112},"en_woo_addons_settings","en_woo_addons_settings_arr",28,{"type":89,"name":114,"callback":115,"priority":85,"file":107,"line":73},"woocommerce_settings_tabs_array","en_woo_addons_popup_notifi_disabl_to_plan",{"type":89,"name":117,"callback":118,"priority":14,"file":119,"line":120},"woocommerce_checkout_order_processed","unset_session_request_key","includes\\en-woo-addons-genrt-request-key.php",15,{"type":89,"name":122,"callback":123,"file":124,"line":125},"admin_enqueue_scripts","en_woo_addons_common_style","includes\\en-woo-addons-includes.php",25,{"type":82,"name":127,"callback":128,"priority":85,"file":129,"line":130},"en_woo_addons_web_quotes","en_woo_addons_web_quotes_array","includes\\en-woo-addons-web-quotes.php",21,{"type":89,"name":132,"callback":133,"file":134,"line":135},"before_woocommerce_init","closure","residential-address-detection.php",19,{"type":89,"name":137,"callback":138,"file":134,"line":139},"admin_notices","eniture_woo_addons_avaibility_error",45,{"type":89,"name":122,"callback":141,"file":134,"line":142},"eniture_res_add_address_script_load",110,[144,150,154,157,159,162,165,168,171],{"action":145,"nopriv":146,"callback":147,"hasNonce":146,"hasCapCheck":148,"file":149,"line":58},"en_rad_get_address",false,"get_rad_address_api_ajax",true,"includes\\addresses\\inc\\en-ajax-request.php",{"action":151,"nopriv":146,"callback":152,"hasNonce":148,"hasCapCheck":148,"file":149,"line":153},"en_rad_save_address","en_rad_save_address_list",8,{"action":155,"nopriv":146,"callback":155,"hasNonce":148,"hasCapCheck":148,"file":149,"line":156},"en_default_unconfirmed_address_types_to",9,{"action":158,"nopriv":146,"callback":158,"hasNonce":148,"hasCapCheck":148,"file":149,"line":85},"en_rad_delete_address",{"action":160,"nopriv":146,"callback":160,"hasNonce":148,"hasCapCheck":148,"file":161,"line":108},"en_woo_addons_upgrade_plan_submit","includes\\en-woo-addons-ajax-request.php",{"action":163,"nopriv":146,"callback":163,"hasNonce":148,"hasCapCheck":148,"file":161,"line":164},"suspend_automatic_detection",32,{"action":166,"nopriv":146,"callback":166,"hasNonce":148,"hasCapCheck":148,"file":161,"line":167},"en_need_suspended_rad_ajax",37,{"action":169,"nopriv":146,"callback":169,"hasNonce":148,"hasCapCheck":148,"file":161,"line":170},"residential_delivery_options_disclosure_types_to",41,{"action":172,"nopriv":146,"callback":172,"hasNonce":148,"hasCapCheck":148,"file":161,"line":173},"eniture_update_option_not_show_rates_for_pobox_addresses",46,[],[],[],{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":27,"externalRequests":93,"nonceChecks":153,"capabilityChecks":156,"bundledLibraries":239},[],{"prepared":27,"raw":27,"locations":180},[],{"escaped":182,"rawEcho":73,"locations":183},35,[184,187,189,190,192,194,196,198,200,202,204,206,208,210,212,214,215,216,217,219,221,223,225,227,229,231,233,235,237],{"file":149,"line":185,"context":186},16,"raw output",{"file":149,"line":188,"context":186},23,{"file":149,"line":103,"context":186},{"file":149,"line":191,"context":186},152,{"file":149,"line":193,"context":186},156,{"file":149,"line":195,"context":186},188,{"file":149,"line":197,"context":186},201,{"file":149,"line":199,"context":186},204,{"file":149,"line":201,"context":186},237,{"file":149,"line":203,"context":186},254,{"file":149,"line":205,"context":186},258,{"file":149,"line":207,"context":186},262,{"file":149,"line":209,"context":186},297,{"file":92,"line":211,"context":186},87,{"file":92,"line":213,"context":186},88,{"file":97,"line":112,"context":186},{"file":97,"line":73,"context":186},{"file":97,"line":103,"context":186},{"file":97,"line":218,"context":186},31,{"file":161,"line":220,"context":186},56,{"file":161,"line":222,"context":186},69,{"file":161,"line":224,"context":186},76,{"file":161,"line":226,"context":186},109,{"file":161,"line":228,"context":186},119,{"file":161,"line":230,"context":186},148,{"file":161,"line":232,"context":186},158,{"file":161,"line":234,"context":186},163,{"file":161,"line":236,"context":186},173,{"file":161,"line":238,"context":186},178,[],[241,264,275,285,296,306,316],{"entryPoint":242,"graph":243,"unsanitizedCount":27,"severity":263},"en_default_unconfirmed_address_types_to (includes\\addresses\\inc\\en-ajax-request.php:13)",{"nodes":244,"edges":260},[245,250,255,258],{"id":246,"type":247,"label":248,"file":149,"line":249},"n0","source","$_POST['en_default_unconfirmed_selected_address_types_to']",20,{"id":251,"type":252,"label":253,"file":149,"line":249,"wp_function":254},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":256,"type":247,"label":257,"file":149,"line":130},"n2","$_POST['en_default_missing_selected_address_types_to']",{"id":259,"type":252,"label":253,"file":149,"line":130,"wp_function":254},"n3",[261,262],{"from":246,"to":251,"sanitized":148},{"from":256,"to":259,"sanitized":148},"low",{"entryPoint":265,"graph":266,"unsanitizedCount":27,"severity":263},"\u003Cen-ajax-request> (includes\\addresses\\inc\\en-ajax-request.php:0)",{"nodes":267,"edges":272},[268,269,270,271],{"id":246,"type":247,"label":248,"file":149,"line":249},{"id":251,"type":252,"label":253,"file":149,"line":249,"wp_function":254},{"id":256,"type":247,"label":257,"file":149,"line":130},{"id":259,"type":252,"label":253,"file":149,"line":130,"wp_function":254},[273,274],{"from":246,"to":251,"sanitized":148},{"from":256,"to":259,"sanitized":148},{"entryPoint":276,"graph":277,"unsanitizedCount":27,"severity":263},"suspend_automatic_detection (includes\\en-woo-addons-ajax-request.php:73)",{"nodes":278,"edges":283},[279,282],{"id":246,"type":247,"label":280,"file":161,"line":281},"$_POST (x6)",84,{"id":251,"type":252,"label":253,"file":161,"line":213,"wp_function":254},[284],{"from":246,"to":251,"sanitized":148},{"entryPoint":286,"graph":287,"unsanitizedCount":27,"severity":263},"en_woo_addons_upgrade_plan_submit (includes\\en-woo-addons-ajax-request.php:116)",{"nodes":288,"edges":294},[289,292],{"id":246,"type":247,"label":290,"file":161,"line":291},"$_POST",123,{"id":251,"type":252,"label":253,"file":161,"line":293,"wp_function":254},135,[295],{"from":246,"to":251,"sanitized":148},{"entryPoint":297,"graph":298,"unsanitizedCount":27,"severity":263},"residential_delivery_options_disclosure_types_to (includes\\en-woo-addons-ajax-request.php:155)",{"nodes":299,"edges":304},[300,303],{"id":246,"type":247,"label":301,"file":161,"line":302},"$_POST['residential_delivery_options_disclosure_types_to']",162,{"id":251,"type":252,"label":253,"file":161,"line":302,"wp_function":254},[305],{"from":246,"to":251,"sanitized":148},{"entryPoint":307,"graph":308,"unsanitizedCount":27,"severity":263},"eniture_update_option_not_show_rates_for_pobox_addresses (includes\\en-woo-addons-ajax-request.php:170)",{"nodes":309,"edges":314},[310,313],{"id":246,"type":247,"label":311,"file":161,"line":312},"$_POST['eniture_not_show_rates_for_pobox_addresses']",177,{"id":251,"type":252,"label":253,"file":161,"line":312,"wp_function":254},[315],{"from":246,"to":251,"sanitized":148},{"entryPoint":317,"graph":318,"unsanitizedCount":27,"severity":263},"\u003Cen-woo-addons-ajax-request> (includes\\en-woo-addons-ajax-request.php:0)",{"nodes":319,"edges":329},[320,322,323,324,325,327],{"id":246,"type":247,"label":321,"file":161,"line":281},"$_POST (x7)",{"id":251,"type":252,"label":253,"file":161,"line":213,"wp_function":254},{"id":256,"type":247,"label":301,"file":161,"line":302},{"id":259,"type":252,"label":253,"file":161,"line":302,"wp_function":254},{"id":326,"type":247,"label":311,"file":161,"line":312},"n4",{"id":328,"type":252,"label":253,"file":161,"line":312,"wp_function":254},"n5",[330,331,332],{"from":246,"to":251,"sanitized":148},{"from":256,"to":259,"sanitized":148},{"from":326,"to":328,"sanitized":148},{"summary":334,"deductions":335},"The \"residential-address-detection\" plugin v2.5.11 exhibits a mixed security posture. On the positive side, the static analysis reveals strong adherence to several security best practices, including the absence of dangerous functions, 100% usage of prepared statements for SQL queries, and a robust implementation of nonce and capability checks for all identified AJAX entry points.  Taint analysis also shows no critical or high-severity unsanitized flows, which is commendable.\n\nHowever, a significant concern arises from the plugin's vulnerability history. With three known CVEs, including a past critical vulnerability, and a recent vulnerability discovered in July 2025, there's a clear pattern of past security weaknesses. While none are currently unpatched, the prevalence of 'Missing Authorization' as a common vulnerability type suggests a recurring area of weakness that requires ongoing vigilance.\n\nThe primary weakness identified in the code analysis is the moderate percentage of improperly escaped output (45%). While not as critical as unpatched vulnerabilities or unsanitized taint flows, this could still lead to Cross-Site Scripting (XSS) vulnerabilities in certain scenarios. In conclusion, while the current version of the plugin has addressed past critical vulnerabilities and implements good practices around SQL and AJAX handling, the historical trend and the output escaping issues warrant attention.",[336,338,340,342],{"reason":337,"points":46},"45% of output not properly escaped",{"reason":339,"points":120},"Past critical CVE (unpatched history)",{"reason":341,"points":120},"Recent CVE (2025-07-16)",{"reason":343,"points":46},"Two medium CVEs in history","2026-03-16T20:12:48.152Z",{"wat":346,"direct":357},{"assetPaths":347,"generatorPatterns":351,"scriptPaths":352,"versionParams":353},[348,349,350],"\u002Fwp-content\u002Fplugins\u002Fresidential-address-detection\u002Fincludes\u002Faddresses\u002Fcss\u002Fen-rad-style.css","\u002Fwp-content\u002Fplugins\u002Fresidential-address-detection\u002Fincludes\u002Faddresses\u002Fjs\u002Fen-rad-update-form.js","\u002Fwp-content\u002Fplugins\u002Fresidential-address-detection\u002Fincludes\u002Faddresses\u002Fjs\u002Fen-rad-address-submit-form.js",[],[349,350],[354,355,356],"en-rad-update-form.js?ver=1.1.1","en-rad-address-submit-form.js?ver=1.1.1","en-rad-style.css?ver=1.3.3",{"cssClasses":358,"htmlComments":359,"htmlAttributes":360,"restEndpoints":361,"jsGlobals":362,"shortcodeOutput":364},[],[],[],[],[363],"rad_address_script",[]]