[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f87OoDy4gEF_YTdV446BZvmJ-mo71V2H38rLjzbDcNG4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":15,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":30,"analysis":71,"fingerprints":211},"sell-on-consignment","Sell On Consignment","1.4","Charlene Copeland","https:\u002F\u002Fprofiles.wordpress.org\u002Fsjcope\u002F","\u003Cp>This plugin is meant for people who sell products online through their own website and sell their products on consignment through another store – can be physical or online. It will help you to track how your product is sold and to track a consignment price, and the split owed to you.\u003C\u002Fp>\n\u003Cp>You will need to have installed and activated WooCommerce, and added your products through WooCommerce.\u003C\u002Fp>\n\u003Cp>The plugin helps you to track how your product is sold and to track a consignment price, and the split owed to you.\u003C\u002Fp>\n\u003Cp>Pre-requisites:\u003Cbr \u002F>\nWooCommerce\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set up products individually in WooCommerce and then add consignment details to the product. The details are consignment store, price and the split.\u003C\u002Fli>\n\u003Cli>The consignment price will only be visible in Admin. When the public visits your store they will only see your regular and sales prices.\u003C\u002Fli>\n\u003Cli>When your item sells through the consignment store, go to Create Order to select the products. The order will use the consignment price. If the consignment price changed as part of a negotiation, simply edit the product first to change the price and then create the order.\u003C\u002Fli>\n\u003Cli>Once the order is created, it will have status of PROCESSING. You may manage the order at WooCommerce->Orders.\u003C\u002Fli>\n\u003Cli>You may restrict access to each function in Settings. This plugin assumes the user will have at least edit_posts capability. That typically includes Super Admin, Administrator, Editor, Author, Contributor and Shop Manager.\u003C\u002Fli>\n\u003C\u002Ful>\n","Sell your WooCommerce products on consignment.",0,1396,"2025-05-04T19:38:00.000Z","6.8.5","",[17,18],"consignment","sell-products-on-consignment","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsell-on-consignment.1.4.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},"sjcope",3,30,94,"2026-04-05T17:30:44.547Z",[31,51],{"slug":32,"name":33,"version":34,"author":35,"author_profile":36,"description":37,"short_description":38,"active_installs":11,"downloaded":39,"rating":11,"num_ratings":11,"last_updated":40,"tested_up_to":41,"requires_at_least":42,"requires_php":43,"tags":44,"homepage":49,"download_link":50,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22},"freightmate-for-woocommerce","Freightmate for WooCommerce","1.0.4","Freightmate","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreightmate\u002F","\u003Cp>The Freightmate for WooCommerce enables you to streamline your shipping process by creating consignments and manifests for your WooCommerce orders. You can track orders using the consignment number via a tracking page created in the admin panel. The plugin provides three shipping options: “WooCommerce calculated”, “Freightmate Calculated”, and “Freightmate Charges + Markup”, which are applied during the WooCommerce checkout process.\u003C\u002Fp>\n\u003Ch3>API Usage\u003C\u002Fh3>\n\u003Cp>When using this plugin, you may need to create a Freightmate account to access its services. Here are key functionalities supported by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Tracking Consignment Status:\u003C\u002Fstrong> The plugin allows you to track your consignments in real-time by retrieving information from the Freightmate servers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Proof of Delivery (POD):\u003C\u002Fstrong> Consignment details, including links to Proof of Delivery images, are fetched from the Freightmate API. For example:\u003Cbr \u002F>\n“https:\u002F\u002Ffreightmate.com\u002Fcustomerassets\u002F241\u002Fpod\u002F2024\u002F06\u002F13\u002FYTOZ00028293-054527.png”\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create consignments and manifests for WooCommerce orders.\u003C\u002Fli>\n\u003Cli>Track orders using consignment numbers.\u003C\u002Fli>\n\u003Cli>Three shipping options: “WooCommerce calculated”, “Freightmate Calculated”, and “Freightmate Charges + Markup”.\u003C\u002Fli>\n\u003Cli>Seamless integration with WooCommerce checkout process.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Further Reading\u003C\u002Fh3>\n\u003Cp>For more information, visit \u003Ca href=\"https:\u002F\u002Fwww.freightmate.com\u002Flogin\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.freightmate.com\u002Flogin\" rel=\"nofollow ugc\">link to support forum\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin allows you to create consignments and manifests for WooCommerce orders, track orders, and apply various shipping options during checkout.",611,"2026-02-04T12:29:00.000Z","6.7.5","6.5","8.0.30",[17,45,46,47,48],"freight","shipping","tracking","woocommerce","https:\u002F\u002Fwww.freightmate.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreightmate-for-woocommerce.1.0.4.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":11,"downloaded":59,"rating":11,"num_ratings":11,"last_updated":60,"tested_up_to":61,"requires_at_least":62,"requires_php":63,"tags":64,"homepage":68,"download_link":69,"security_score":70,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22},"huxloe-shipping","Huxloe Shipping","1.0.0","Huxloe Logistics","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuxloe\u002F","\u003Cp>Huxloe Shipping for Woocommerce is a plugin that integrates with the Huxloe 360 Shipping platform to generate shipping labels.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Generate Label: Create shipping labels for orders.\u003C\u002Fli>\n\u003Cli>Generate Consignment Number: Automatically generate a Consignment Number for each order.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Important: This plugin sends order data to an external service for label generation. By using this plugin, you agree to the terms and privacy policies of the external service.\u003C\u002Fp>\n\u003Ch4>External API Endpoints\u003C\u002Fh4>\n\u003Cp>This plugin interacts with the following external domains:\u003Cbr \u002F>\n* \u003Ccode>https:\u002F\u002Flabel.svc.huxloe360.com\u003C\u002Fcode> – Used for generating shipping labels and consignment numbers.\u003C\u002Fp>\n\u003Cp>Documentation for External Service\u003Cbr \u002F>\nService Link: \u003Ca href=\"https:\u002F\u002Fhuxloe.com\u002F\" rel=\"noreferrer nofollow ugc\">Huxloe 360 Shipping Platform\u003C\u002Fa>\u003Cbr \u002F>\nTerms of Use: \u003Ca href=\"https:\u002F\u002Fhuxloe.com\u002Fcookie-policy\u002F\" rel=\"noreferrer nofollow ugc\">Huxloe 360 Cookie Policy\u003C\u002Fa>\u003Cbr \u002F>\nPrivacy Policy: \u003Ca href=\"https:\u002F\u002Fhuxloe.com\u002Fprivacy\u002F\" rel=\"noreferrer nofollow ugc\">Huxloe 360 Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Generate labels on the Huxloe 360 Shipping platform.",455,"2024-07-05T06:38:00.000Z","6.5.8","5.0","5.6",[65,66,67,46,48],"consignment-number","generate-label","huxloe","https:\u002F\u002Fhuxloe.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhuxloe-shipping.1.0.0.zip",92,{"attackSurface":72,"codeSignals":103,"taintFlows":143,"riskAssessment":201,"analyzedAt":210},{"hooks":73,"ajaxHandlers":99,"restRoutes":100,"shortcodes":101,"cronEvents":102,"entryPointCount":11,"unprotectedCount":11},[74,80,83,85,88,91,93],{"type":75,"name":76,"callback":77,"file":78,"line":79},"action","plugins_loaded","anonymous","includes\\class-cwsoc-sell.php",132,{"type":75,"name":81,"callback":77,"file":78,"line":82},"admin_enqueue_scripts",147,{"type":75,"name":81,"callback":77,"file":78,"line":84},148,{"type":75,"name":86,"callback":77,"file":78,"line":87},"admin_menu",149,{"type":75,"name":89,"callback":77,"file":78,"line":90},"wp_enqueue_scripts",163,{"type":75,"name":89,"callback":77,"file":78,"line":92},164,{"type":75,"name":94,"callback":95,"priority":96,"file":97,"line":98},"init","init_shortcodes",20,"public\\class-cwsoc-sell-public.php",55,[],[],[],[],{"dangerousFunctions":104,"sqlUsage":105,"outputEscaping":125,"fileOperations":11,"externalRequests":11,"nonceChecks":141,"capabilityChecks":11,"bundledLibraries":142},[],{"prepared":106,"raw":107,"locations":108},16,6,[109,113,115,117,120,123],{"file":110,"line":111,"context":112},"admin\\class-cwsoc-sell-admin.php",515,"$wpdb->get_results() with variable interpolation",{"file":110,"line":114,"context":112},610,{"file":110,"line":116,"context":112},711,{"file":110,"line":118,"context":119},737,"$wpdb->query() with variable interpolation",{"file":121,"line":122,"context":119},"sell-on-consignment.php",59,{"file":121,"line":124,"context":119},60,{"escaped":126,"rawEcho":127,"locations":128},165,5,[129,133,135,137,139],{"file":130,"line":131,"context":132},"admin\\partials\\cwsoc-sell-admin-display.php",124,"raw output",{"file":130,"line":134,"context":132},356,{"file":130,"line":136,"context":132},467,{"file":130,"line":138,"context":132},496,{"file":130,"line":140,"context":132},789,13,[],[144,169,182],{"entryPoint":145,"graph":146,"unsanitizedCount":167,"severity":168},"cwsoc_manage_products_page (admin\\class-cwsoc-sell-admin.php:243)",{"nodes":147,"edges":163},[148,153,157],{"id":149,"type":150,"label":151,"file":110,"line":152},"n0","source","$_POST (x2)",287,{"id":154,"type":155,"label":156,"file":110,"line":152},"n1","transform","→ cwsocEnterConsignmentProduct()",{"id":158,"type":159,"label":160,"file":130,"line":161,"wp_function":162},"n2","sink","echo() [XSS]",369,"echo",[164,166],{"from":149,"to":154,"sanitized":165},false,{"from":154,"to":158,"sanitized":165},2,"medium",{"entryPoint":170,"graph":171,"unsanitizedCount":167,"severity":168},"cwsoc_showsellorder_page (admin\\class-cwsoc-sell-admin.php:339)",{"nodes":172,"edges":179},[173,175,177],{"id":149,"type":150,"label":151,"file":110,"line":174},379,{"id":154,"type":155,"label":176,"file":110,"line":174},"→ cwsocCreateOrderForm()",{"id":158,"type":159,"label":160,"file":130,"line":178,"wp_function":162},579,[180,181],{"from":149,"to":154,"sanitized":165},{"from":154,"to":158,"sanitized":165},{"entryPoint":183,"graph":184,"unsanitizedCount":200,"severity":168},"\u003Cclass-cwsoc-sell-admin> (admin\\class-cwsoc-sell-admin.php:0)",{"nodes":185,"edges":195},[186,187,188,189,191,193],{"id":149,"type":150,"label":151,"file":110,"line":152},{"id":154,"type":155,"label":156,"file":110,"line":152},{"id":158,"type":159,"label":160,"file":130,"line":161,"wp_function":162},{"id":190,"type":150,"label":151,"file":110,"line":174},"n3",{"id":192,"type":155,"label":176,"file":110,"line":174},"n4",{"id":194,"type":159,"label":160,"file":130,"line":178,"wp_function":162},"n5",[196,197,198,199],{"from":149,"to":154,"sanitized":165},{"from":154,"to":158,"sanitized":165},{"from":190,"to":192,"sanitized":165},{"from":192,"to":194,"sanitized":165},4,{"summary":202,"deductions":203},"The plugin 'sell-on-consignment' v1.4 exhibits a generally strong security posture based on the provided static analysis. A significant portion of SQL queries utilize prepared statements, and the vast majority of output is properly escaped, indicating good development practices for preventing common web vulnerabilities. The absence of file operations and external HTTP requests further reduces the potential attack surface. The plugin also demonstrates a clean vulnerability history with no recorded CVEs, suggesting a mature and well-maintained codebase.\n\nHowever, there are some areas for concern. The taint analysis reveals three flows with unsanitized paths. While these did not reach critical or high severity in the automated analysis, unsanitized paths can be a precursor to vulnerabilities if not handled carefully. Furthermore, the complete absence of capability checks is a notable weakness. Relying solely on implicit checks might leave certain functionalities exposed to unauthorized users if an entry point were to be discovered or introduced in the future. The lack of explicit authorization checks on any identified entry points (AJAX, REST API, shortcodes, cron) also presents a potential risk if any of these were to become active or exposed.\n\nIn conclusion, while the plugin has a clean track record and good output sanitization, the presence of unsanitized paths and a complete lack of explicit capability checks are potential risks that warrant attention. The low attack surface is a positive, but the absence of authorization checks on the few potential entry points remains a point of caution. Addressing the unsanitized paths and implementing robust capability checks would significantly strengthen the plugin's security.",[204,207],{"reason":205,"points":206},"Flows with unsanitized paths found",8,{"reason":208,"points":209},"No capability checks found",10,"2026-03-17T06:35:02.089Z",{"wat":212,"direct":220},{"assetPaths":213,"generatorPatterns":216,"scriptPaths":217,"versionParams":218},[214,215],"\u002Fwp-content\u002Fplugins\u002Fsell-on-consignment\u002Fadmin\u002Fcss\u002Fcwsoc-sell-admin.css","\u002Fwp-content\u002Fplugins\u002Fsell-on-consignment\u002Fadmin\u002Fjs\u002Fcwsoc-sell-admin.js",[],[],[219],"cwsoc-sell-admin?ver=1.4",{"cssClasses":221,"htmlComments":224,"htmlAttributes":225,"restEndpoints":228,"jsGlobals":229,"shortcodeOutput":233},[222,223],"cwsoc-sell-admin","cwsoc_sell_top_level",[],[226,227],"data-product_id","data-nonce",[],[230,231,232],"available_functions","allSplits","available_roles",[]]