[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5-QN7Cud7lDUIbNb0ZmL6tklZnDx4092s5RRUulZ1OI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":9,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":43,"crawl_stats":34,"alternatives":50,"analysis":103,"fingerprints":176},"rvcfdi-para-woocommerce","RVCFDI para Woocommerce","8.1.8","realvirtualmx","https:\u002F\u002Fprofiles.wordpress.org\u002Frealvirtualmx\u002F","","El plugin RVCFDI para WooCommerce es una herramienta que se integra con RV Factura Electronica Web y te permite llevar a cabo el proceso facturacion e &hellip;",70,12139,76,5,"2025-12-18T21:17:00.000Z","6.8.5","4.7.3",[19,20,21],"autofacturacion","cfdi","factura-electronica-mexico","https:\u002F\u002Frealvirtual.com.mx\u002Ffactura-electronica-cfdi-wordpress-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frvcfdi-para-woocommerce.zip",78,1,"2026-02-09 00:00:00","2026-03-15T15:16:48.613Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":34,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":34},"CVE-2025-69386","rvcfdi-para-woocommerce-reflected-cross-site-scripting","RVCFDI para Woocommerce \u003C= 8.1.8 - Reflected Cross-Site Scripting","The RVCFDI para Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 8.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=8.1.8","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-16 21:48:00",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd80a6f8b-8528-48a5-a4f0-01b0b55de95a?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":44,"total_installs":45,"avg_security_score":46,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},2,80,89,30,86,"2026-04-04T06:09:54.382Z",[51,62,82],{"slug":52,"name":53,"version":6,"author":7,"author_profile":8,"description":9,"short_description":54,"active_installs":55,"downloaded":56,"rating":57,"num_ratings":57,"last_updated":58,"tested_up_to":16,"requires_at_least":17,"requires_php":9,"tags":59,"homepage":22,"download_link":60,"security_score":61,"vuln_count":57,"unpatched_count":57,"last_vuln_date":34,"fetched_at":27},"lfecfdi-para-woocommerce","LFECFDI para Woocommerce","El plugin LFECFDI para WooCommerce es una herramienta que se integra con LasFacturasElectronicas.com y te permite llevar a cabo el proceso facturacion &hellip;",10,11473,0,"2025-12-18T21:15:00.000Z",[19,20,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flfecfdi-para-woocommerce.zip",100,{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":57,"downloaded":70,"rating":57,"num_ratings":57,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":80,"download_link":81,"security_score":61,"vuln_count":57,"unpatched_count":57,"last_vuln_date":34,"fetched_at":27},"efitec-facturacion-for-comiti","COMITI Invoicing Cloud for Ecommerce","1.1.33","Arturo Ramirez","https:\u002F\u002Fprofiles.wordpress.org\u002Faramirezm\u002F","\u003Cp>comitifact connects WooCommerce to COMITI’s CFDI 4.0 (Mexico) stamping services.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key features\u003C\u002Fstrong>\u003Cbr \u002F>\n– Generate CFDI 4.0 (XML) and its printable representation (PDF).\u003Cbr \u002F>\n– CFDI cancellation.\u003Cbr \u002F>\n– File uploads attached to orders with size limits and a whitelist of extensions (CSD, XML, ZIP, PEM, etc.).\u003Cbr \u002F>\n– Configurable \u003Cstrong>HTTPS\u003C\u002Fstrong> endpoints for \u003Cstrong>production\u003C\u002Fstrong> and \u003Cstrong>sandbox\u003C\u002Fstrong> environments.\u003Cbr \u002F>\n– Multisite-aware (cleans up on uninstall per site).\u003Cbr \u002F>\n– Internationalization ready (\u003Ccode>Text Domain: comitifact\u003C\u002Fcode>) and loads translations from \u003Ccode>\u002Flanguages\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security\u003C\u002Fstrong>\u003Cbr \u002F>\n– Nonces on AJAX actions.\u003Cbr \u002F>\n– Capability checks (by default requires \u003Ccode>manage_woocommerce\u003C\u002Fcode> for admin actions).\u003Cbr \u002F>\n– Input sanitization and output escaping.\u003Cbr \u002F>\n– Uploads stored in a dedicated folder \u003Ccode>\u002Fwp-content\u002Fuploads\u002Fcomitifact\u002F\u003C\u002Fcode> with MIME checks and size limits.\u003Cbr \u002F>\n– No credentials or endpoints exposed on the front end.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin integrates with an external e-invoicing (timbrado) provider. Depending on your configuration, fiscal data from orders (RFC, legal name, CFDI use, tax address, etc.) may be sent to your provider over \u003Cstrong>HTTPS\u003C\u002Fstrong>. Review and accept the provider’s terms before use. If you process personal data, ensure you have a lawful basis and appropriate privacy notices.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements\u003C\u002Fstrong>\u003Cbr \u002F>\n– WordPress ≥ 5.8\u003Cbr \u002F>\n– PHP ≥ 7.4\u003Cbr \u002F>\n– WooCommerce (a version compatible with your site)\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>This plugin is translation-ready. Text domain: \u003Ccode>comitifact\u003C\u002Fcode>, path: \u003Ccode>\u002Flanguages\u003C\u002Fcode>. You can contribute translations via WordPress.org GlotPress once published.\u003C\u002Fp>\n\u003Ch3>Notes for Reviewers (WordPress.org)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All AJAX actions that write files or data are protected by nonces and capability checks.\u003C\u002Fli>\n\u003Cli>External services are configurable and default to HTTPS endpoints.\u003C\u002Fli>\n\u003Cli>No external tracking; no personal data is transmitted unless configured by the site owner for invoicing purposes.\u003C\u002Fli>\n\u003Cli>Uninstall routine removes options, transients, prefixed tables, cron hooks, and \u003Ccode>\u002Fuploads\u002Fcomitifact\u002F\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n","CFDI 4.0 invoicing extension for WooCommerce integrated with COMITI’s services.",201,"2026-02-22T20:31:00.000Z","6.9.4","5.8","8.2",[20,76,77,78,79],"invoice","mexico","timbrado","woocommerce","https:\u002F\u002Fwww.comiti.mx\u002Fcomitifact-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fefitec-facturacion-for-comiti.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":57,"downloaded":90,"rating":57,"num_ratings":57,"last_updated":91,"tested_up_to":92,"requires_at_least":17,"requires_php":93,"tags":94,"homepage":100,"download_link":101,"security_score":102,"vuln_count":57,"unpatched_count":57,"last_vuln_date":34,"fetched_at":27},"facturo-por-ti-extension-ecommerce","Facturación Electrónica Woocommerce","1.0.0","fptgustavoortiz","https:\u002F\u002Fprofiles.wordpress.org\u002Ffptgustavoortiz\u002F","\u003Cp>Este servicio se puede instalar en wordpress y es compatible con diversos servicios\u003Cbr \u002F>\nde ventas por internet, contáctanos para mas información.\u003C\u002Fp>\n\u003Cp>La integración del plugin que ofrece FacturoPorTi, te permitira sincronizar\u003Cbr \u002F>\nautomáticamente todas tus ventas de manera simple, además tienes un portal\u003Cbr \u002F>\nadministrador para ver detalles o generar la factura global.\u003Cbr \u002F>\nAl usuario se le solicita tres valores:\u003C\u002Fp>\n\u003Ch4>☞ Numero de orden de compra\u003C\u002Fh4>\n\u003Ch4>☞ Monto de la compra\u003C\u002Fh4>\n\u003Ch4>☞ Fecha de la compra\u003C\u002Fh4>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F880974611\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch4>Requisitos minimos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WooCommerce 6.0 o superior\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin Facturación Electrónica para Woocommerce permitiendo al cliente realizar la  factura de las ventas que se hacen desde tu Ecommerce.",1137,"2024-06-12T19:34:00.000Z","6.4.8","7.0",[95,96,97,98,99],"ecommerce-api","factura-electronica","facturacion-ecommerce","facturacion-electronica-woocommerce","portal-de-autofacturacion","https:\u002F\u002Fwww.facturoporti.com.mx\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacturo-por-ti-extension-ecommerce.1.0.zip",92,{"attackSurface":104,"codeSignals":110,"taintFlows":162,"riskAssessment":163,"analyzedAt":175},{"hooks":105,"ajaxHandlers":106,"restRoutes":107,"shortcodes":108,"cronEvents":109,"entryPointCount":57,"unprotectedCount":57},[],[],[],[],[],{"dangerousFunctions":111,"sqlUsage":112,"outputEscaping":114,"fileOperations":159,"externalRequests":160,"nonceChecks":57,"capabilityChecks":57,"bundledLibraries":161},[],{"prepared":44,"raw":57,"locations":113},[],{"escaped":57,"rawEcho":115,"locations":116},18,[117,121,123,125,127,129,131,133,135,137,140,143,146,148,150,152,154,157],{"file":118,"line":119,"context":120},"recursos\\realvirtual_woocommerce_cfdi.php",83,"raw output",{"file":118,"line":122,"context":120},149,{"file":118,"line":124,"context":120},215,{"file":118,"line":126,"context":120},297,{"file":118,"line":128,"context":120},380,{"file":118,"line":130,"context":120},426,{"file":118,"line":132,"context":120},469,{"file":118,"line":134,"context":120},515,{"file":118,"line":136,"context":120},596,{"file":138,"line":139,"context":120},"recursos\\realvirtual_woocommerce_cliente.php",44,{"file":141,"line":142,"context":120},"recursos\\realvirtual_woocommerce_configuracion.php",299,{"file":144,"line":145,"context":120},"recursos\\realvirtual_woocommerce_cuenta.php",59,{"file":144,"line":147,"context":120},101,{"file":149,"line":139,"context":120},"recursos\\realvirtual_woocommerce_emisor.php",{"file":151,"line":139,"context":120},"recursos\\realvirtual_woocommerce_metodopago.php",{"file":153,"line":139,"context":120},"recursos\\realvirtual_woocommerce_metodopago33.php",{"file":155,"line":156,"context":120},"recursos\\realvirtual_woocommerce_pedido.php",1588,{"file":155,"line":158,"context":120},1631,4,22,[],[],{"summary":164,"deductions":165},"The static analysis of \"rvcfdi-para-woocommerce\" v8.1.8 reveals a mixed security posture.  While the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and having a seemingly small attack surface with no reported AJAX handlers, shortcodes, cron events, or REST API routes without authentication, significant concerns arise from the output escaping and lack of capability checks.  The fact that 100% of outputs are not properly escaped is a major red flag, strongly indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.  Furthermore, the absence of any nonce or capability checks on entry points, if any were present but not detected by the static analysis, would amplify this risk. The vulnerability history, with one unpatched medium severity CVE related to XSS, reinforces these concerns, suggesting a recurring pattern of input sanitization issues.  The plugin's overall security is compromised by these critical weaknesses, outweighing its strengths in SQL handling and attack surface management.",[166,169,171,173],{"reason":167,"points":168},"0% output escaping",15,{"reason":170,"points":55},"0 nonce checks",{"reason":172,"points":55},"0 capability checks",{"reason":174,"points":168},"1 unpatched medium CVE","2026-03-16T21:38:29.712Z",{"wat":177,"direct":192},{"assetPaths":178,"generatorPatterns":184,"scriptPaths":185,"versionParams":186},[179,180,181,182,183],"\u002Fwp-content\u002Fplugins\u002Frvcfdi-para-woocommerce\u002Fcss\u002Fjquery-ui.css","\u002Fwp-content\u002Fplugins\u002Frvcfdi-para-woocommerce\u002Fcss\u002Fjquery-ui.structure.css","\u002Fwp-content\u002Fplugins\u002Frvcfdi-para-woocommerce\u002Fcss\u002Fjquery-ui.theme.css","\u002Fwp-content\u002Fplugins\u002Frvcfdi-para-woocommerce\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Frvcfdi-para-woocommerce\u002Fjs\u002Frvcfdi.js",[],[183],[187,188,189,190,191],"rvcfdi-para-woocommerce\u002Fcss\u002Fjquery-ui.css?ver=","rvcfdi-para-woocommerce\u002Fcss\u002Fjquery-ui.structure.css?ver=","rvcfdi-para-woocommerce\u002Fcss\u002Fjquery-ui.theme.css?ver=","rvcfdi-para-woocommerce\u002Fcss\u002Fstyle.css?ver=","rvcfdi-para-woocommerce\u002Fjs\u002Frvcfdi.js?ver=",{"cssClasses":193,"htmlComments":197,"htmlAttributes":200,"restEndpoints":203,"jsGlobals":204,"shortcodeOutput":206},[194,195,196],"rvcfdi-input","rvcfdi-label","rvcfdi-select",[198,199],"\u003C!-- Begin RVCFDI WooCommerce -->","\u003C!-- End RVCFDI WooCommerce -->",[201,202],"data-rvcfdi-field","data-rvcfdi-options",[],[205],"rvcfdi_params",[]]