[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftgkDMpk2NUQEAsDbiqnmTm5rTLbffcNykiNZ_Uka8gs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":36,"fingerprints":326},"sedox-performance-vehicle-catalogue","Sedox Performance Vehicle Catalogue","1.5.1-build.1","Sedox Performance","https:\u002F\u002Fprofiles.wordpress.org\u002Fsedoxperformance\u002F","\u003Cp>If you are a vehicle tuner or want to offer ECU remaps to your clients, Sedox Performance Vehicle Catalogue plugin allows you to integrate our vehicle data into your website so you don’t have to maintain it. It includes vehicle brands, manufacturer logos, models and engines data for bikes, cars, trucks, agriculture and marine vehicles, together with detailed Stage1, Stage2 remaps or deactivation information, an overview of engine and ECU characteristics and compatible flashing tools.\u003C\u002Fp>\n\u003Cp>The purchase API key is mandatory to be able to use it. Please visit \u003Ca href=\"https:\u002F\u002Ftuningfiles.com\u002Fvehicle-api\u002F\" rel=\"nofollow ugc\">Tuningfiles website\u003C\u002Fa> for more information about our API packages.\u003C\u002Fp>\n\u003Cp>The plugin allows customization per your needs, including change of company logo, name, vehicle images, colors etc.\u003C\u002Fp>\n","This plugin allows you to include Sedox Performance Vehicle Catalogue directly into your Wordpress website. The purchase of the Vehicle Catalogue API  …",40,4606,0,"2024-05-16T11:29:00.000Z","6.5.8","5.1","7.2",[19,20,21,22],"chiptuning","ecu-remaps","sedox-performance","vehicle-catalogue","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsedox-performance-vehicle-catalogue.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"sedoxperformance",1,30,88,"2026-04-05T12:12:35.707Z",[],{"attackSurface":37,"codeSignals":96,"taintFlows":290,"riskAssessment":307,"analyzedAt":325},{"hooks":38,"ajaxHandlers":70,"restRoutes":87,"shortcodes":88,"cronEvents":93,"entryPointCount":94,"unprotectedCount":95},[39,45,49,54,59,64],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","admin_menu","addAdminMenu","src\\Api\\SettingsApi.php",20,{"type":40,"name":46,"callback":47,"file":43,"line":48},"admin_init","registerCustomFields",24,{"type":40,"name":50,"callback":51,"file":52,"line":53},"admin_enqueue_scripts","enqueueAdmin","src\\Base\\Enqueue.php",11,{"type":40,"name":55,"callback":56,"priority":57,"file":52,"line":58},"wp_enqueue_scripts","enqueueFront",9999,12,{"type":40,"name":60,"callback":61,"file":62,"line":63},"plugins_loaded","loadTranslations","src\\Base\\Translations.php",21,{"type":65,"name":66,"callback":67,"file":68,"line":69},"filter","wp_mail_content_type","set_email_content_type","vendor_mozart\\Analog\\Handler\\WPMail.php",37,[71,77,80,84],{"action":72,"nopriv":73,"callback":74,"hasNonce":73,"hasCapCheck":73,"file":75,"line":76},"sedox_api",false,"getApiData","src\\Init.php",34,{"action":72,"nopriv":78,"callback":74,"hasNonce":73,"hasCapCheck":73,"file":75,"line":79},true,35,{"action":81,"nopriv":73,"callback":82,"hasNonce":73,"hasCapCheck":73,"file":75,"line":83},"logo_get_image","getLogoImage",36,{"action":85,"nopriv":73,"callback":86,"hasNonce":73,"hasCapCheck":73,"file":75,"line":69},"clear_cache","clearCache",[],[89],{"tag":90,"callback":91,"file":75,"line":92},"sedox-catalogue","renderCatalogCode",33,[],5,4,{"dangerousFunctions":97,"sqlUsage":103,"outputEscaping":106,"fileOperations":206,"externalRequests":285,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":286},[98],{"fn":99,"file":100,"line":101,"context":102},"exec","vendor_mozart\\Analog\\Handler\\Apprise.php",31,"exec (",{"prepared":104,"raw":13,"locations":105},6,[],{"escaped":101,"rawEcho":107,"locations":108},97,[109,113,115,117,119,121,123,125,127,129,132,134,136,138,140,142,144,146,148,150,152,155,157,159,161,163,165,167,169,171,173,175,177,179,181,182,184,186,187,189,190,192,194,196,198,200,203,205,207,209,210,211,212,213,214,215,216,218,219,221,223,224,225,226,228,230,231,232,234,235,236,237,238,239,240,242,244,246,248,250,252,254,256,258,260,261,263,265,267,269,271,273,275,277,279,281,283],{"file":110,"line":111,"context":112},"src\\Api\\Callbacks\\ManagerCallbacks.php",81,"raw output",{"file":110,"line":114,"context":112},94,{"file":110,"line":116,"context":112},108,{"file":110,"line":118,"context":112},139,{"file":110,"line":120,"context":112},160,{"file":110,"line":122,"context":112},180,{"file":110,"line":124,"context":112},210,{"file":110,"line":126,"context":112},222,{"file":110,"line":128,"context":112},239,{"file":130,"line":131,"context":112},"src\\Controllers\\DataController.php",112,{"file":130,"line":133,"context":112},133,{"file":130,"line":135,"context":112},141,{"file":130,"line":137,"context":112},145,{"file":130,"line":139,"context":112},163,{"file":130,"line":141,"context":112},173,{"file":130,"line":143,"context":112},183,{"file":130,"line":145,"context":112},193,{"file":130,"line":147,"context":112},203,{"file":130,"line":149,"context":112},232,{"file":130,"line":151,"context":112},247,{"file":153,"line":154,"context":112},"templates\\settings.php",3,{"file":153,"line":156,"context":112},64,{"file":158,"line":76,"context":112},"views\\content.php",{"file":158,"line":160,"context":112},38,{"file":158,"line":162,"context":112},39,{"file":158,"line":164,"context":112},46,{"file":158,"line":166,"context":112},47,{"file":158,"line":168,"context":112},48,{"file":158,"line":170,"context":112},53,{"file":158,"line":172,"context":112},62,{"file":158,"line":174,"context":112},65,{"file":158,"line":176,"context":112},70,{"file":158,"line":178,"context":112},73,{"file":158,"line":180,"context":112},78,{"file":158,"line":111,"context":112},{"file":158,"line":183,"context":112},86,{"file":158,"line":185,"context":112},90,{"file":158,"line":25,"context":112},{"file":158,"line":188,"context":112},93,{"file":158,"line":114,"context":112},{"file":158,"line":191,"context":112},95,{"file":158,"line":193,"context":112},99,{"file":158,"line":195,"context":112},100,{"file":158,"line":197,"context":112},102,{"file":158,"line":199,"context":112},103,{"file":201,"line":202,"context":112},"views\\partials\\car_content.php",22,{"file":201,"line":204,"context":112},25,{"file":201,"line":206,"context":112},26,{"file":201,"line":208,"context":112},27,{"file":201,"line":92,"context":112},{"file":201,"line":160,"context":112},{"file":201,"line":164,"context":112},{"file":201,"line":172,"context":112},{"file":201,"line":156,"context":112},{"file":201,"line":156,"context":112},{"file":201,"line":174,"context":112},{"file":201,"line":217,"context":112},72,{"file":201,"line":178,"context":112},{"file":201,"line":220,"context":112},75,{"file":201,"line":222,"context":112},77,{"file":201,"line":222,"context":112},{"file":201,"line":180,"context":112},{"file":201,"line":180,"context":112},{"file":201,"line":227,"context":112},83,{"file":201,"line":229,"context":112},85,{"file":201,"line":229,"context":112},{"file":201,"line":229,"context":112},{"file":201,"line":233,"context":112},89,{"file":201,"line":233,"context":112},{"file":201,"line":188,"context":112},{"file":201,"line":188,"context":112},{"file":201,"line":114,"context":112},{"file":201,"line":107,"context":112},{"file":201,"line":107,"context":112},{"file":201,"line":241,"context":112},98,{"file":201,"line":243,"context":112},109,{"file":201,"line":245,"context":112},123,{"file":201,"line":247,"context":112},126,{"file":201,"line":249,"context":112},127,{"file":201,"line":251,"context":112},130,{"file":201,"line":253,"context":112},131,{"file":201,"line":255,"context":112},134,{"file":201,"line":257,"context":112},135,{"file":201,"line":259,"context":112},138,{"file":201,"line":118,"context":112},{"file":201,"line":262,"context":112},142,{"file":201,"line":264,"context":112},143,{"file":201,"line":266,"context":112},146,{"file":201,"line":268,"context":112},147,{"file":201,"line":270,"context":112},150,{"file":201,"line":272,"context":112},151,{"file":201,"line":274,"context":112},159,{"file":201,"line":276,"context":112},166,{"file":201,"line":278,"context":112},168,{"file":201,"line":280,"context":112},178,{"file":201,"line":282,"context":112},184,{"file":201,"line":284,"context":112},195,7,[287],{"name":288,"version":26,"knownCves":289},"Guzzle",[],[291],{"entryPoint":292,"graph":293,"unsanitizedCount":31,"severity":306},"\u003CDataController> (src\\Controllers\\DataController.php:0)",{"nodes":294,"edges":304},[295,299],{"id":296,"type":297,"label":298,"file":130,"line":241},"n0","source","$_POST",{"id":300,"type":301,"label":302,"file":130,"line":147,"wp_function":303},"n1","sink","echo() [XSS]","echo",[305],{"from":296,"to":300,"sanitized":73},"low",{"summary":308,"deductions":309},"The sedox-performance-vehicle-catalogue plugin, version 1.5.1-build.1, presents a mixed security posture. While it demonstrates good practices in database querying by exclusively using prepared statements and has no recorded vulnerability history, significant concerns arise from its attack surface and code signals.  The presence of four unprotected AJAX handlers and a lack of nonce and capability checks across its entry points expose it to potential unauthorized actions and privilege escalation vulnerabilities. Furthermore, the use of the 'exec' function, even if not directly evidenced in taint analysis, is a critical security risk that could lead to arbitrary code execution if exploited.  The taint analysis, while limited to one flow, did identify an unsanitized path, indicating a potential for localized vulnerabilities.\n\nDespite the absence of known CVEs and the solid approach to SQL, the large number of unprotected entry points, particularly AJAX handlers, coupled with the dangerous `exec` function and the identified unsanitized path, create a substantial risk. The plugin's history of no vulnerabilities is a positive indicator, but it cannot mitigate the current findings of insecure coding practices. The overall risk is elevated due to the combination of a broad attack surface without proper authorization and the presence of high-risk functions and code patterns. It is recommended to immediately address the identified security weaknesses.",[310,313,315,317,320,323],{"reason":311,"points":312},"Unprotected AJAX handlers",8,{"reason":314,"points":94},"Missing nonce checks on AJAX",{"reason":316,"points":94},"Missing capability checks",{"reason":318,"points":319},"Dangerous function 'exec' used",15,{"reason":321,"points":322},"Unsanitized path in taint flow",10,{"reason":324,"points":95},"Low output escaping percentage","2026-03-16T22:17:55.515Z",{"wat":327,"direct":340},{"assetPaths":328,"generatorPatterns":335,"scriptPaths":336,"versionParams":339},[329,330,331,332,333,334],"\u002Fwp-content\u002Fplugins\u002Fsedox-performance-vehicle-catalogue\u002Fassets\u002Fsedox_catalog_css_admin.css","\u002Fwp-content\u002Fplugins\u002Fsedox-performance-vehicle-catalogue\u002Fassets\u002Fjs\u002Fsedox_catalog_js_admin.js","\u002Fwp-content\u002Fplugins\u002Fsedox-performance-vehicle-catalogue\u002Fassets\u002Fsedox_catalog_css_front.css","\u002Fwp-content\u002Fplugins\u002Fsedox-performance-vehicle-catalogue\u002Fassets\u002FChartjs\u002FChart.min.js","\u002Fwp-content\u002Fplugins\u002Fsedox-performance-vehicle-catalogue\u002Fassets\u002FChartjs\u002FChart.min.css","\u002Fwp-content\u002Fplugins\u002Fsedox-performance-vehicle-catalogue\u002Fassets\u002Fjs\u002Fsedox_catalog_js_front.js",[],[337,338,329,330,331,332,333,334],"https:\u002F\u002Fuse.typekit.net\u002Fkck4ntk.css","https:\u002F\u002Ffonts.googleapis.com\u002Fcss?family=Oswald:300,400,500,600,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext",[],{"cssClasses":341,"htmlComments":342,"htmlAttributes":343,"restEndpoints":346,"jsGlobals":348,"shortcodeOutput":351},[],[],[344,345],"data-main-menu-slug=\"sedox_vehicle_catalogue\"","data-text-domain=\"sedox-catalogue\"",[347],"\u002Fwp-json\u002Fsedox-catalogue\u002Fv1\u002Fadmin\u002Fdata",[349,350],"const sc_ajax = ","var sedox_vehicle_catalogue_vars = ",[352],"[sedox_vehicle_catalogue_display]"]