[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbUTyEpvw2AgH-k3ZZ0conAW7X3rffGydX3dogl5SAug":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":41,"crawl_stats":31,"alternatives":47,"analysis":65,"fingerprints":126},"roi-calculator","Roi Calculator","1.1","mgplugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fmgplugin\u002F","\u003Cp>\u003Cstrong>For using This plugin you Can Know ratio that compares the gain or loss from an investment relative to its cost.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>you can know the result of profit or lose derived from any investment and get price of investment gain.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Also know calculate annualized rate of return which is equivalent annual return an investor receives over a given period.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To run this plugin you need to put shortcode in your page:\u003Cbr \u002F>\n([roi_calc])\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy To Use\u003C\u002Fli>\n\u003Cli>Mobile Friendly Ui\u003C\u002Fli>\n\u003Cli>Customize Header Title Text And Font Size\u003C\u002Fli>\n\u003Cli>Also Customize Header Border Color\u003C\u002Fli>\n\u003Cli>Customize body Title color, Border Color, Background Color\u003C\u002Fli>\n\u003Cli>Customize Input Field Background Hover Color\u003C\u002Fli>\n\u003Cli>Select chart type\u003C\u002Fli>\n\u003Cli>Change chart invested and profit amount color\u003C\u002Fli>\n\u003Cli>Customize calculation result setting\u003C\u002Fli>\n\u003Cli>Customize calculation heading text setting\u003C\u002Fli>\n\u003Cli>Customize calculation results title text setting\u003C\u002Fli>\n\u003Cli>Set min and max investment amount with default investment\u003C\u002Fli>\n\u003Cli>Set min and max return amount with default return\u003C\u002Fli>\n\u003Cli>Set min and max investment period with default year\u003C\u002Fli>\n\u003Cli>Display result with chart\u003C\u002Fli>\n\u003Cli>Display result with table\u003C\u002Fli>\n\u003C\u002Ful>\n","For using This plugin you Can Know ratio that compares the gain or loss from an investment relative to its cost.",100,2431,1,"2025-05-26T15:23:00.000Z","6.8.5","5.5","",[19,4],"return-on-investment-calculator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Froi-calculator.zip",99,0,"2025-01-24 00:00:00","2026-03-15T15:16:48.613Z",[26],{"id":27,"url_slug":28,"title":29,"description":30,"plugin_slug":4,"theme_slug":31,"affected_versions":32,"patched_in_version":6,"severity":33,"cvss_score":34,"cvss_vector":35,"vuln_type":36,"published_date":23,"updated_date":37,"references":38,"days_to_patch":40},"CVE-2025-24756","roi-calculator-cross-site-request-forgery-to-stored-cross-site-scripting","Roi Calculator \u003C= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The Roi Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-01-28 18:18:06",[39],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd2427236-f8cf-4fbf-8461-77bb75638a0a?source=api-prod",5,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":42,"total_installs":43,"avg_security_score":44,"avg_patch_time_days":40,"trust_score":45,"computed_at":46},10,850,95,97,"2026-04-04T05:55:03.290Z",[48],{"slug":49,"name":50,"version":51,"author":52,"author_profile":53,"description":54,"short_description":55,"active_installs":56,"downloaded":57,"rating":11,"num_ratings":13,"last_updated":58,"tested_up_to":15,"requires_at_least":59,"requires_php":60,"tags":61,"homepage":17,"download_link":64,"security_score":11,"vuln_count":22,"unpatched_count":22,"last_vuln_date":31,"fetched_at":24},"smart-investment-calculator","Smart Investment Calculator (For businesses)","1.7","wppluginboxdev","https:\u002F\u002Fprofiles.wordpress.org\u002Fwppluginboxdev\u002F","\u003Cp>Whether you’re considering getting started with investing or you’re already a seasoned investor, this investment calculator can help you or your web visitors figure out how to meet your goals. It can show how your initial investment, frequency of contributions and risk tolerance can all affect how your money grows.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FQKJjBpd_2qc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Plugin Usage Data\u003C\u002Fh3>\n\u003Cp>This plugin may collect non-sensitive usage data to help us improve the usual bugs and design conflicts to provide you best experience ever.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Fully Responsive\u003C\u002Fli>\n\u003Cli>Set Calculator Theme Color\u003C\u002Fli>\n\u003Cli>Translate \u002F Edit Labels\u003C\u002Fli>\n\u003Cli>Support All Currencies \u003C\u002Fli>\n\u003Cli>Change Chart Colors\u003C\u002Fli>\n\u003Cli>Set Default Input Values\u003C\u002Fli>\n\u003Cli>Show \u002F Hide Inputs\u003C\u002Fli>\n\u003Cli>Admin Backend settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Frequency of Contributions\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Annually\u003C\u002Fli>\n\u003Cli>Semi-Annually\u003C\u002Fli>\n\u003Cli>Monthly\u003C\u002Fli>\n\u003Cli>Weekly\u003C\u002Fli>\n\u003Cli>Bi-Weekly\u003C\u002Fli>\n\u003C\u002Fol>\n","Investment Calculator for professionals & businesses with contribution frequency of Annually, Semi-Annually, Monthly, Weekly & Bi-Weekly.",200,8018,"2025-06-01T11:29:00.000Z","4.0","5.6",[62,4,63],"investment-calculator","savings-calculator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-investment-calculator.1.7.zip",{"attackSurface":66,"codeSignals":97,"taintFlows":113,"riskAssessment":114,"analyzedAt":125},{"hooks":67,"ajaxHandlers":88,"restRoutes":89,"shortcodes":90,"cronEvents":96,"entryPointCount":13,"unprotectedCount":22},[68,74,77,81,83],{"type":69,"name":70,"callback":71,"file":72,"line":73},"action","admin_init","roi_calculator_generator_settings_init","backend\\backend.php",43,{"type":69,"name":70,"callback":75,"file":72,"line":76},"roi_calculator_generator_add_settings_fields",103,{"type":69,"name":78,"callback":79,"file":72,"line":80},"admin_menu","roi_calculator_generator_admin_menu",444,{"type":69,"name":70,"callback":75,"file":72,"line":82},445,{"type":69,"name":84,"callback":85,"file":86,"line":87},"wp_enqueue_scripts","roi_load_script_style","roi-calculator.php",58,[],[],[91],{"tag":92,"callback":93,"file":94,"line":95},"roi_calc","roi_calculator","frontend\\frontend.php",191,[],{"dangerousFunctions":98,"sqlUsage":99,"outputEscaping":101,"fileOperations":22,"externalRequests":22,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":112},[],{"prepared":22,"raw":22,"locations":100},[],{"escaped":102,"rawEcho":103,"locations":104},138,3,[105,108,110],{"file":72,"line":106,"context":107},183,"raw output",{"file":72,"line":109,"context":107},193,{"file":72,"line":111,"context":107},198,[],[],{"summary":115,"deductions":116},"The roi-calculator plugin version 1.1 exhibits a generally good security posture due to its adherence to several best practices. The static analysis reveals a minimal attack surface with only one shortcode and no AJAX handlers or REST API routes, and importantly, none of these entry points appear unprotected.  The code also demonstrates strong SQL query sanitization, with 100% of queries using prepared statements, and a high percentage of output (98%) being properly escaped, which significantly reduces the risk of common vulnerabilities like SQL injection and cross-site scripting. The absence of file operations and external HTTP requests further strengthens its security. \n\nHowever, there are a few areas of concern. The complete lack of nonce checks and capability checks across all entry points is a significant weakness. While the current attack surface is small, any future expansion or modification could easily introduce vulnerabilities if these fundamental security mechanisms are not implemented. The vulnerability history indicates a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability. While it is currently patched, the presence of such a vulnerability suggests that the plugin's development might not consistently incorporate robust security checks, particularly for state-changing operations that are susceptible to CSRF. The taint analysis showing zero flows analyzed is also a missed opportunity for deeper security assurance.\n\nIn conclusion, roi-calculator v1.1 benefits from a small attack surface and good practices in SQL and output sanitization. However, the absence of nonce and capability checks represents a notable oversight that could expose the plugin to risks, especially if its functionality expands. The past CSRF vulnerability serves as a reminder to ensure comprehensive security across all actions.",[117,119,121,123],{"reason":118,"points":40},"Missing nonce checks",{"reason":120,"points":40},"Missing capability checks",{"reason":122,"points":40},"Past medium severity CVE (CSRF)",{"reason":124,"points":103},"Taint analysis not performed","2026-03-16T20:55:34.703Z",{"wat":127,"direct":137},{"assetPaths":128,"generatorPatterns":132,"scriptPaths":133,"versionParams":134},[129,130,131],"\u002Fwp-content\u002Fplugins\u002Froi-calculator\u002Ffrontend\u002Fasset\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Froi-calculator\u002Ffrontend\u002Fasset\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Froi-calculator\u002Ffrontend\u002Fasset\u002Fjs\u002Fchart.js",[],[130,131],[135,136],"roi-calculator\u002Ffrontend\u002Fasset\u002Fjs\u002Fscript.js?ver=","roi-calculator\u002Ffrontend\u002Fasset\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":138,"htmlComments":156,"htmlAttributes":157,"restEndpoints":159,"jsGlobals":160,"shortcodeOutput":161},[139,140,141,142,143,144,145,146,147,148,149,150,151,152,140,153,154,139,155],"roi_containers_rows","roi_inner_header","roi_invt_form","roi_calc_heading_1","roi_calc_col","roi_field_name","calc_conditions","roi_calc_filed","roi_result_title","roi_table_row","roi-table","roi_chart","roi_calc_header","roi_title","roi_containers","roi_calc_form","roi_header1",[],[158],"roi_calc_style",[],[158],[162,163,164,165,166,167,168,169,170],"\u003Csection class=\"roi_calc_header\">","\u003Cdiv class=\"roi_title\">","\u003Cdiv class=\"roi_inner_header\">","\u003Ch2 class=\"font-weight-bold\">","\u003Cdiv class=\"roi_containers\">","\u003Cdiv id=\"roi_calc_form\" class=\"roi_calc_form\">","\u003Cform class=\"roi_invt_form\">","\u003Cdiv class=\"roi_containers_rows\">","\u003Cdiv class=\"roi_header1\">"]