[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJ47j6O4djBqeO75AXxtU8-hyvdLv-A_bDi9KoKyC2WA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":51,"analysis":145,"fingerprints":245},"saphali-liqpay-for-donate","Saphali LiqPay for donate","1.0.3","Saphali","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaphali\u002F","\u003Cp>Кнопка для приема пожертвований с помощью LiqPay (v 3.0). Работа заключается в добавлении шорткода на страницу при ее редактировании (добавляется нажатием в визуальном редакторе кнопки или в режиме html кнопки с соотв. надписью). Для работы нужен только WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ВНИМАНИЕ!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Также, если у Вас есть интернет магазин на Woocommerce, то Вы можете подключить к магазину все самые популярные российские и украинские платежные системы:\u003Cbr \u002F>\nQIWI, Приват24, LiqPay, WebMoney, Яндекс.Деньги, Интеркасса, PayPal для России и Украины, Z-payment, ChronoPay!\u003Cbr \u002F>\nПодробнее о плагинах платежных шлюзов: http:\u002F\u002Fsaphali.com\u002Fwordpress\u002Fpayment-gateways\u003C\u002Fp>\n\u003Cp>Другие русские плагины для интернет-магазина на Woocommerce смотрите в нашем каталоге http:\u002F\u002Fsaphali.com\u002Fwordpress\u002Fwoocommerce-plugins\u003C\u002Fp>\n\u003Ch4>Особенности\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Позволяет добавлять шотрткодом кнопку для приема пожертвований;\u003C\u002Fli>\n\u003Cli>Задавать администратору надпись названия кнопки;\u003C\u002Fli>\n\u003Cli>Задавать администратору сумму по умолчанию для приема пожертвований;\u003C\u002Fli>\n\u003Cli>Как принято для пожертвований, пользователь при совершении пожертвования может указать произвольную сумму.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Этот плагин является бесплатным для всех, поскольку он выпущен под GPL. Вы можете использовать его бесплатно в ваших интернет-магазинах. Но если Вам нравится этот плагин, вы можете поблагодарить нас, если поделитесь с друзями и коллегами ссылкой на наш сайт.\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>Проверить этот плагин в работе вы можете на этой странице http:\u002F\u002Fdemo2.saphali.com\u002F?page_id=62\u003C\u002Fp>\n","Кнопка для приема пожертвований с помощью LiqPay (v 3.0). Работа заключается в добавлении шорткода на страницу при ее редактировании (добавляется нажа &hellip;",30,3595,0,"2025-11-06T15:15:00.000Z","6.8.5","3.3","",[19,20,21,22],"donate","liqpay","saphali","woocommerce","http:\u002F\u002Fsaphali.com\u002Fsaphali-woocommerce-plugin-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsaphali-liqpay-for-donate.zip",99,1,"2025-11-07 20:46:02","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":6,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":26},"CVE-2025-12643","saphali-liqpay-for-donate-authenticated-contributor-stored-cross-site-scripting-via-shortcode","Saphali LiqPay for donate \u003C= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saphali_liqpay' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-11-08 09:28:10",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F63d73de6-56ac-41ab-a673-4e379eeed26c?source=api-prod",{"slug":21,"display_name":7,"profile_url":8,"plugin_count":45,"total_installs":46,"avg_security_score":47,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},3,10130,95,91,76,"2026-04-05T09:25:08.465Z",[52,74,95,112,127],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":17,"tags":67,"homepage":17,"download_link":71,"security_score":72,"vuln_count":26,"unpatched_count":13,"last_vuln_date":73,"fetched_at":28},"donations-for-woocommerce","Potent Donations for WooCommerce","1.1.14","WP Zone","https:\u002F\u002Fprofiles.wordpress.org\u002Faspengrovestudios\u002F","\u003Cp>The Donations for WooCommerce plugin facilitates acceptance of donations of varying amounts through your WooCommerce store. It adds a Donation product type that allows the end user to set the price.\u003C\u002Fp>\n\u003Cp>If you like this plugin, please consider leaving a comment or review.\u003C\u002Fp>\n\u003Ch3>You may also like these plugins\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpzone.co\u002F\" rel=\"nofollow ugc\">WP Zone\u003C\u002Fa> has built a whole bunch of plugins, add-ons, and themes. Check out other favorites here on the repository and don’t forget to leave a 5-star review to help others in the community decide.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproduct-sales-report-for-woocommerce\u002F\" rel=\"ugc\">Product Sales Report for WooCommerce\u003C\u002Fa> – setup a custom sales report for the products in your WooCommerce store with toggle sorting options. Including or excluding items based on date range, sale status, product category and id, define display order, choose what fields to include, and generate your report with a click.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexport-order-items-for-woocommerce\u002F\" rel=\"ugc\">Export Order Items for WooCommerce\u003C\u002Fa> – export the order details for each sale in your WooCommerce store. Simplify order fulfillment, generate accounting reports in a few clicks, and download into CSV format for readability and universal compatibility with Export Order Items.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freplace-image\u002F\" rel=\"ugc\">Replace Image\u003C\u002Fa> – keep the same URL when uploading to the WordPress media library\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforce-update-check-for-plugins-and-themes\u002F\" rel=\"ugc\">Force Update Check for Plugins and Themes\u003C\u002Fa> -force Update Check for Plugins and Themes forces WordPress to run a theme and plugin update check whenever you visit the WordPress updates page\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnect-sendgrid-for-emails\u002F\" rel=\"ugc\">Connect SendGrid for Emails\u003C\u002Fa> –  connect SendGrid for Emails is a third-party fork of (and a drop-in replacement for) the official SendGrid plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-css-and-javascript\u002F\" rel=\"ugc\">Custom CSS and JavaScript\u003C\u002Fa> – allows you to add custom site-wide CSS styles and JavaScript code to your WordPress site. Useful for overriding your theme’s styles and adding client-side functionality.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-registration-notification-emails\u002F\" rel=\"ugc\">Disable User Registration Notification Emails\u003C\u002Fa> – when this plugin is activated, it disables the notification sent to the admin email when a new user account is registered.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-upload-for-bbpress\u002F\" rel=\"ugc\">Inline Image Upload for BBPress\u003C\u002Fa> – enables the TinyMCE WYSIWYG editor for BBPress forum topics and replies and adds a button to the editor’s “Insert\u002Fedit image” dialog that allows forum users to upload images from their computer and insert them inline into their posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-strength-for-woocommerce\u002F\" rel=\"ugc\">Password Strength for WooCommerce\u003C\u002Fa> – disables password strength enforcement in WooCommerce.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortcodes-for-divi\u002F\" rel=\"ugc\">Shortcodes for Divi\u003C\u002Fa> – allows to use Divi Library layouts as shortcodes everywhere where text comes.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-export-and-import-for-woocommerce\u002F\" rel=\"ugc\">Stock Export and Import for WooCommerce\u003C\u002Fa> – generates reports on the stock status (in stock \u002F out of stock) and quantity of individual WooCommerce products.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frandom-quiz-addon-for-lifterlms\u002F\" rel=\"ugc\">Random Quiz Generator for LifterLMS\u003C\u002Fa> – pull a random set of questions from your quiz so users never get the same question twice when retaking or setting up a practice quiz.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-and-divi-icons\u002F\" rel=\"ugc\">WP and Divi Icons\u003C\u002Fa> – adds over 660 custom outline SVG icons to your website. SVG icons are vector icons, so they are sharp and look good on any screen at any size.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-layouts\u002F\" rel=\"ugc\">WP Layouts\u003C\u002Fa> – the best way to organize, import, and export your layouts, especially if you have multiple websites.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-squish\u002F\" rel=\"ugc\">WP Squish\u003C\u002Fa> – reduce the amount of storage space consumed by your WordPress installation through the application of user-definable JPEG compression levels and image resolution limits to uploaded images.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To view WP Zone’s premium WordPress plugins and themes, visit our \u003Ca href=\"https:\u002F\u002Fwpzone.co\u002Fproduct\u002F\" rel=\"nofollow ugc\">WordPress products catalog page\u003C\u002Fa>.\u003C\u002Fp>\n","Easily accept donations of varying amounts through your WooCommerce store.",2000,65235,90,39,"2024-09-05T18:12:00.000Z","6.6.5","3.5",[19,68,69,70,22],"donation","donations","fundraising","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdonations-for-woocommerce.1.1.14.zip",92,"2023-06-20 00:00:00",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":17,"download_link":93,"security_score":94,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"wc-liqpay","Payment Gateway for LiqPay for Woocommerce","2.8.5","Serhii Ivanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeyivanovj\u002F","\u003Cp>Payment for products of online stores (Woocommerce) through the LiqPay service. Works in conjunction with the Woocommerce plugin.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Payment for any type of products\u003C\u002Fli>\n\u003Cli>Support for block themes\u003C\u002Fli>\n\u003Cli>Support for PPO (Fiscal Receipt Printing)\u003C\u002Fli>\n\u003Cli>Debugging in standard WooCommerce logs\u003C\u002Fli>\n\u003Cli>Configuration options:\n\u003Cul>\n\u003Cli>Payment method name\u003C\u002Fli>\n\u003Cli>Payment method description\u003C\u002Fli>\n\u003Cli>Payment method icon\u003C\u002Fli>\n\u003Cli>Language of LiqPay payment pages\u003C\u002Fli>\n\u003Cli>Order status after payment\u003C\u002Fli>\n\u003Cli>Payment destination\u003C\u002Fli>\n\u003Cli>Redirect page in case of payment failure\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable PPO\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable WooCommerce debug log\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Now you can use the filter:\u003Cbr \u002F>\n    \u003Ccode>add_filter('wc_liqpay_request_filter', 'modify_request');\u003Cbr \u002F>\nfunction modify_request($request) {\u003Cbr \u002F>\n    \u002F\u002F Modify the $request array here\u003Cbr \u002F>\n    $request['version'] = '3';\u003Cbr \u002F>\n    return $request;\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English – default, always included\u003C\u002Fli>\n\u003Cli>Ukraine: always with you!\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin for paying for products through the LiqPay service. Works in conjunction with the Woocommerce plugin",1000,13409,86,13,"2025-12-04T13:42:00.000Z","6.9.4","5.7.2","7.4",[91,20,92,22],"gateway","payment","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-liqpay.2.8.5.zip",100,{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":82,"downloaded":103,"rating":94,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":17,"tags":108,"homepage":17,"download_link":111,"security_score":94,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"webplus-liqpay-woocommerce","WebPlus Gateway for LiqPay on WooCommerce","3.4","borysenko","https:\u002F\u002Fprofiles.wordpress.org\u002Fborysenko\u002F","\u003Cp>Добавления способа оплаты \u003Ca href=\"https:\u002F\u002Fwww.liqpay.ua\u002Fapi\u002Freferral\u002Fi13901439870\" rel=\"nofollow ugc\">LiqPay\u003C\u002Fa> – v.3 для WooCommerce.\u003Cbr \u002F>\nВ этой версии плагина покупатели смогут только оплачивать товары из корзины вашего интернет магазина выбрав способ оплаты LiqPay.\u003C\u002Fp>\n\u003Cp>Для заказа версии с каллбэком (это смена статуса в заказах после успешной оплаты), каллбэк вызывает liqpay и передает статус или заказа версии с РРО (ПРРО) – отправкой фискальных чеков в налоговую – пишите +380502360568\u003C\u002Fp>\n\u003Ch3>Оценить плагин\u003C\u002Fh3>\n\u003Cp>Прошу, после установки плагина, оценить плагин – оставить отзыв и поставить 5 звездочек!\u003C\u002Fp>\n\u003Ch3>Еще мои плагины\u003C\u002Fh3>\n\u003Cp>Рекоммендуем вам еще один мой плагин \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwebplus-gallery\u002F\" rel=\"ugc\">webplus-gallery\u003C\u002Fa> – это галерея слайдер. Очень красивая и удобная.\u003C\u002Fp>\n\u003Ch3>Установка\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Разархивируйте содержимое zip файла в папку плагинов вашего сайта (wp-content\u002Fplugins\u002F), используя вашу любимую FTP программу.\u003C\u002Fli>\n\u003Cli>Активируйте плагин на странице “Плагины” в панели администратора.\u003C\u002Fli>\n\u003Cli>Всё установка завершена.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>После установки и активации плагина зайдите в админке в левом меню в WooCommerce -> Настройки (Settings) -> Платежи (Payments) и активируйте LiqPay, затем зайдите в него и пропишите public_key и private_key – их вы получите при регистрации в системе liqpay.ua и добавления в него вашего сайта.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Этот плагин является бесплатным для всех, поскольку он выпущен под GPL. Вы можете использовать его бесплатно в ваших интернет-магазинах.\u003C\u002Fp>\n","Плагин LiqPay для WooCommerce",30628,25,"2025-06-26T20:38:00.000Z","6.7.5","1.0",[20,92,109,22,110],"privat24","woocommerce-liqpay","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebplus-liqpay-woocommerce.3.4.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":94,"num_ratings":26,"last_updated":122,"tested_up_to":65,"requires_at_least":17,"requires_php":89,"tags":123,"homepage":125,"download_link":126,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"wc-liqpay-payments","LiqPay payment gateway for WooCommerce","1.1.1","kirillbdev","https:\u002F\u002Fprofiles.wordpress.org\u002Fkirillbdev\u002F","\u003Cp>\u003Cstrong>Integrate supporting of LiqPay payment gateway to your WooCommerce store in few simple steps.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fkirillbdev.pro\u002Fdocs\u002Fwc-liqpay-payments-base-setup\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Pay WooCommerce orders through LiqPay gateway.\u003C\u002Fli>\n\u003Cli>Ability to retry payment process after failure transaction.\u003C\u002Fli>\n\u003Cli>Support both PROD and SANDBOX environments.\u003C\u002Fli>\n\u003Cli>Ability to set language of gateway interface.\u003C\u002Fli>\n\u003Cli>WPML and Polylang compatibility (for gateway interface).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Prepayment feature. You can set up different for which your customer must prepay for order. For example, customer must pay 200 UAH if selected shipping method equals Nova Poshta COD.\u003C\u002Fli>\n\u003Cli>Premium support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fkirillbdev.pro\u002Fwc-liqpay-payments\u002F\" rel=\"nofollow ugc\">Buy PRO version\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Known Issues\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin use LiqPay payment gateway (\u003Ca href=\"https:\u002F\u002Fwww.liqpay.ua\u002Finformation\u002Fterms\u002F\" rel=\"nofollow ugc\">terms and conditions\u003C\u002Fa>) and its \u003Ca href=\"https:\u002F\u002Fwww.liqpay.ua\u002Fdoc\u002Fapi\u002Finternet_acquiring\u002Fcheckout?tab=1\" rel=\"nofollow ugc\">acquirer API\u003C\u002Fa> to process payments.\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin that adds supporting of LiqPay payment gateway to your WooCommerce store.",50,1794,"2024-07-31T15:43:00.000Z",[91,20,124,22],"payments","https:\u002F\u002Fkirillbdev.pro\u002Fwc-liqpay-payments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-liqpay-payments.1.1.1.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":13,"num_ratings":13,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":17,"tags":140,"homepage":17,"download_link":143,"security_score":144,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"easy-liqpay","Easy LiqPay","0.9","hermit931","https:\u002F\u002Fprofiles.wordpress.org\u002Fhermit931\u002F","\u003Cp>The plugin allows you add a form on the website to receive donations with a payment system LiqPay. The form can be added via the widget or shortcode [elp_donate]\u003C\u002Fp>\n","Adding a form for receive donations use the LiqPay",40,3302,"2019-11-10T13:59:00.000Z","5.2.24","4.4",[19,20,141,109,142],"pb","privatbank","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-liqpay.zip",85,{"attackSurface":146,"codeSignals":193,"taintFlows":214,"riskAssessment":232,"analyzedAt":244},{"hooks":147,"ajaxHandlers":176,"restRoutes":185,"shortcodes":186,"cronEvents":191,"entryPointCount":45,"unprotectedCount":192},[148,154,157,160,164,167,172],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","init","loadTextDomain","liqpay-d.php",23,{"type":149,"name":155,"callback":156,"file":152,"line":104},"wp_enqueue_scripts","scripts_method",{"type":149,"name":158,"callback":156,"file":152,"line":159},"admin_enqueue_scripts",26,{"type":149,"name":161,"callback":162,"file":152,"line":163},"admin_menu","adminMenu",38,{"type":149,"name":165,"callback":166,"file":152,"line":63},"admin_init","add_button",{"type":168,"name":169,"callback":170,"file":152,"line":171},"filter","mce_external_plugins","add_plugin",300,{"type":168,"name":173,"callback":174,"file":152,"line":175},"mce_buttons","register_button",301,[177,182],{"action":178,"nopriv":179,"callback":180,"hasNonce":179,"hasCapCheck":179,"file":152,"line":181},"liqpay_sign",false,"lqsignature",27,{"action":178,"nopriv":183,"callback":180,"hasNonce":179,"hasCapCheck":179,"file":152,"line":184},true,28,[],[187],{"tag":188,"callback":189,"file":152,"line":190},"saphali_liqpay","shortcode",24,[],2,{"dangerousFunctions":194,"sqlUsage":195,"outputEscaping":197,"fileOperations":13,"externalRequests":26,"nonceChecks":26,"capabilityChecks":45,"bundledLibraries":213},[],{"prepared":13,"raw":13,"locations":196},[],{"escaped":198,"rawEcho":199,"locations":200},17,6,[201,203,205,207,209,211],{"file":152,"line":94,"context":202},"raw output",{"file":152,"line":204,"context":202},104,{"file":152,"line":206,"context":202},229,{"file":152,"line":208,"context":202},230,{"file":152,"line":210,"context":202},231,{"file":152,"line":212,"context":202},232,[],[215],{"entryPoint":216,"graph":217,"unsanitizedCount":13,"severity":231},"\u003Cliqpay-d> (liqpay-d.php:0)",{"nodes":218,"edges":229},[219,224],{"id":220,"type":221,"label":222,"file":152,"line":223},"n0","source","$_POST (x4)",120,{"id":225,"type":226,"label":227,"file":152,"line":206,"wp_function":228},"n1","sink","echo() [XSS]","echo",[230],{"from":220,"to":225,"sanitized":183},"low",{"summary":233,"deductions":234},"The \"saphali-liqpay-for-donate\" plugin v1.0.3 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and having a single nonce check, significant concerns arise from its attack surface. Specifically, two AJAX handlers lack authentication checks, presenting a clear entry point for unauthorized actions. The plugin also has a history of medium severity vulnerabilities, with a past Cross-Site Scripting (XSS) issue, indicating a recurring tendency for input sanitization and output escaping to be potential weak points.\n\nDespite the absence of critical or high severity issues in the current static analysis and a lack of currently unpatched CVEs, the unprotected AJAX handlers are a serious risk. The 74% output escaping rate, while not critically low, suggests that some outputs may still be vulnerable to XSS if certain conditions are met. The presence of an external HTTP request, while not inherently dangerous, warrants attention in conjunction with other identified weaknesses. Overall, the plugin's strengths in SQL handling are overshadowed by its unprotected entry points and a history of vulnerabilities that require careful consideration and ongoing monitoring.",[235,238,241],{"reason":236,"points":237},"Unprotected AJAX handlers found",10,{"reason":239,"points":240},"Partial output escaping (74%)",5,{"reason":242,"points":243},"History of medium severity CVEs (XSS)",15,"2026-03-16T22:30:15.992Z",{"wat":246,"direct":252},{"assetPaths":247,"generatorPatterns":248,"scriptPaths":249,"versionParams":250},[],[],[],[251],"saphali-liqpay-for-donate\u002Fstyle.css?ver=",{"cssClasses":253,"htmlComments":255,"htmlAttributes":256,"restEndpoints":260,"jsGlobals":261,"shortcodeOutput":262},[254],"form__input__new",[],[257,258,259],"data-amount","data-order_id","data-signature",[],[],[263,264,265],"\u003Cform id=\"liqpayform\" method=\"POST\" action=\"https:\u002F\u002Fwww.liqpay.ua\u002Fapi\u002Fcheckout\" accept-charset=\"utf-8\">","\u003Cinput type=\"hidden\" name=\"data\" value=\"","\u003Cinput type=\"text\" class=\"form__input__new\" name=\"amount\" value=\""]