[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBmjy2UN3ksccEnzvhm_LQ2MxNaMXIRXjYy5Luku2ehU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":62,"crawl_stats":36,"alternatives":67,"analysis":91,"fingerprints":618},"sema-api","SEMA API","6.22","ssema","https:\u002F\u002Fprofiles.wordpress.org\u002Fssema\u002F","\u003Cp>The plugin is built to automatically transfer auto parts data from SEMA Data Coop to WordPress\u002FwooCommerce.  A comprehensive frontend catalog search page offers functions like year make model search, vehicle compatible fitment sheet and parts attributes fitlers.\u003Cbr \u002F>\nJust download the plugin, select the brands and categories of products you want to list, and begin automated imports to your online store, while simultaneously allowing product searches by vehicle, categories, and attribute filters.\u003Cbr \u002F>\nHere’s a link to \u003Ca href=\"http:\u002F\u002Fdemo.semadata.org\u002Fcatalog-search\u002F\" rel=\"nofollow ugc\">Frontend Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FQOiT2Jin_kg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","The plugin is built to automatically transfer auto parts data from SEMA Data Coop to Wordpress\u002FwooCommerce.  A comprehensive frontend catalog search p &hellip;",30,10215,2,"2025-12-05T17:40:00.000Z","6.8.5","6.2","5.2.4",[19,20,21,22,23],"auto-parts-filter","auto-parts-search","sema-product-import","year-make-model-filter","year-make-model-search","http:\u002F\u002Fdemo.semadata.org\u002Fhow-to-install-and-set-up-the-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsema-api.zip",96,0,"2025-01-08 22:08:32","2026-03-15T15:16:48.613Z",[31,46],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":13},"CVE-2024-12285","sema-api-reflected-cross-site-scripting-via-catid-parameter","SEMA API \u003C= 5.27 - Reflected Cross-Site Scripting via catid Parameter","The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=5.27","5.30","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-10 19:01:08",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F42b9e16c-8e53-452d-9c0b-34c424d6f508?source=api-prod",{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":36,"affected_versions":51,"patched_in_version":52,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2022-0836","sema-api-sql-injection","SEMA API \u003C= 3.64 - SQL Injection","The SEMA API WordPress plugin through 3.64 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users","\u003C=3.64","4.02","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2022-04-13 00:00:00","2024-01-22 19:56:02",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5183d676-eb91-4c03-8d12-c15c68839f02?source=api-prod",650,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":63,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},1,326,76,"2026-04-04T20:18:24.821Z",[68],{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":78,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":83,"download_link":88,"security_score":89,"vuln_count":63,"unpatched_count":27,"last_vuln_date":90,"fetched_at":29},"ymm-search","Year Make Model Search for WooCommerce","1.0.12","Pektsekye","https:\u002F\u002Fprofiles.wordpress.org\u002Fpektsekye\u002F","\u003Cp>It has fixed number and the sort order of the drop-down selects:\u003Cbr \u002F>\n— Make —\u003Cbr \u002F>\n— Model —\u003Cbr \u002F>\n— Year —\u003C\u002Fp>\n\u003Cp>Product restrictions are used for searching and for drop-downs options in the search box.\u003Cbr \u002F>\nSo if you set a restriction like:\u003Cbr \u002F>\nAcura, CL, 1997, 1998\u003C\u002Fp>\n\u003Cp>for a product.\u003C\u002Fp>\n\u003Cp>The “Acura CL 1997” will be already selectable in the search box on the front-end.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search for products on the home page\u003C\u002Fli>\n\u003Cli>Filter products on category pages\u003C\u002Fli>\n\u003Cli>List applicable vehicles on the front-end product view page\u003C\u002Fli>\n\u003Cli>CSV import \u002F export for product restrictions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can check the demo website here:\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fdemo\u002Fwp\u002Fymm\u002F\" rel=\"nofollow ugc\">DEMO Website\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can read the installation instructions here:\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fdemo\u002Fwp\u002Fymm\u002FREADME.html\" rel=\"nofollow ugc\">README\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Simple Code Idea:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The idea of this plugin is to keep the base version as simple as possible.\u003Cbr \u002F>\nAnd to add the new features as modifications.\u003C\u002Fp>\n\u003Cp>This plugin has just 28 files to make it easy to use and customize. If you need more features check the modifications page \u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fymm_modifications\" rel=\"nofollow ugc\">hottons.com\u002Fymm_modifications\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Contact me by email \u003Ca href=\"mailto:pektsekye@gmail.com\" rel=\"nofollow ugc\">pektsekye@gmail.com\u003C\u002Fa> if you have questions or need help.\u003C\u002Fp>\n\u003Ch3>Other plugins\u003C\u002Fh3>\n\u003Ch4>If you like this plugin check also:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fwoocommerce\u002Fattribute-search.html\" rel=\"nofollow ugc\">Attribute Search\u003C\u002Fa> (PAID)\u003Cbr \u002F>\nFor tyre and rim search.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexploded-view-filter\u002F\" rel=\"ugc\">Exploded View Filter\u003C\u002Fa>\u003Cbr \u002F>\nDisplays a diagram image with links to filter products.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translators\u003C\u002Fh3>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (Default)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation is available \u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fdemo\u002Fwp\u002Fymm\u002FREADME.html\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","It will find products for selected make and model.",1000,27946,100,34,"2026-02-20T10:02:00.000Z","6.9.4","4.7","",[85,86,23,87],"part-finder","tyre-search","ymm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fymm-search.zip",99,"2025-05-19 00:00:00",{"attackSurface":92,"codeSignals":175,"taintFlows":381,"riskAssessment":599,"analyzedAt":617},{"hooks":93,"ajaxHandlers":151,"restRoutes":160,"shortcodes":161,"cronEvents":170,"entryPointCount":174,"unprotectedCount":13},[94,100,102,104,106,112,116,122,126,130,134,138,141,144,147],{"type":95,"name":96,"callback":97,"file":98,"line":99},"filter","http_request_timeout","bump_request_timeout","includes\\importer\\class-sema-product-import.php",122,{"type":95,"name":96,"callback":97,"file":98,"line":101},487,{"type":95,"name":96,"callback":97,"file":98,"line":103},674,{"type":95,"name":96,"callback":97,"file":98,"line":105},920,{"type":107,"name":108,"callback":109,"file":110,"line":111},"action","admin_menu","sema_add_admin_menu","options.php",24,{"type":107,"name":113,"callback":114,"file":110,"line":115},"admin_init","sema_settings_init",252,{"type":95,"name":117,"callback":118,"priority":119,"file":120,"line":121},"woocommerce_product_tabs","sema_new_product_tab",999,"sema-api.php",60,{"type":95,"name":123,"callback":124,"file":120,"line":125},"query_vars","closure",445,{"type":107,"name":127,"callback":128,"priority":27,"file":120,"line":129},"admin_head","insert_pages_admin_init",742,{"type":107,"name":131,"callback":132,"priority":63,"file":120,"line":133},"init","insert_pages_init",767,{"type":107,"name":135,"callback":136,"file":120,"line":137},"before_delete_post","sema_delete_post",779,{"type":95,"name":139,"callback":139,"file":120,"line":140},"woocommerce_screen_ids",1859,{"type":107,"name":131,"callback":142,"file":120,"line":143},"load_plugin_textdomain",1861,{"type":107,"name":113,"callback":145,"file":120,"line":146},"register_importers",1863,{"type":95,"name":148,"callback":149,"file":120,"line":150},"intermediate_image_sizes","sa_remove_stock_image_sizes",1867,[152,157],{"action":153,"nopriv":154,"callback":155,"hasNonce":154,"hasCapCheck":154,"file":120,"line":156},"get_semadata",false,"sema_getdata_callback",783,{"action":153,"nopriv":158,"callback":155,"hasNonce":154,"hasCapCheck":154,"file":120,"line":159},true,784,[],[162,166],{"tag":163,"callback":164,"file":120,"line":165},"semasearch","shortcode_handle_semasearch",442,{"tag":167,"callback":168,"file":120,"line":169},"semasearchbar","shortcode_handle_semasearchbar",443,[171],{"hook":172,"callback":172,"file":98,"line":173},"woocommerce_flush_rewrite_rules",1853,4,{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":193,"fileOperations":379,"externalRequests":250,"nonceChecks":27,"capabilityChecks":179,"bundledLibraries":380},[],{"prepared":178,"raw":179,"locations":180},217,5,[181,184,187,189,191],{"file":120,"line":182,"context":183},832,"$wpdb->get_var() with variable interpolation",{"file":120,"line":185,"context":186},834,"$wpdb->query() with variable interpolation",{"file":120,"line":188,"context":186},835,{"file":120,"line":190,"context":186},836,{"file":120,"line":192,"context":186},837,{"escaped":194,"rawEcho":195,"locations":196},316,89,[197,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,245,247,249,251,253,255,258,260,262,264,266,268,270,271,273,275,277,279,282,285,286,288,290,292,293,295,297,299,301,303,304,306,308,311,313,315,317,320,322,324,326,328,330,333,335,337,339,341,343,345,347,349,351,353,355,357,359,361,363,365,367,369,371,373,375,377],{"file":198,"line":78,"context":199},"imports.php","raw output",{"file":198,"line":201,"context":199},253,{"file":198,"line":203,"context":199},336,{"file":98,"line":205,"context":199},231,{"file":98,"line":207,"context":199},314,{"file":98,"line":209,"context":199},368,{"file":98,"line":211,"context":199},413,{"file":98,"line":213,"context":199},471,{"file":98,"line":215,"context":199},504,{"file":98,"line":217,"context":199},572,{"file":98,"line":219,"context":199},578,{"file":98,"line":221,"context":199},713,{"file":98,"line":223,"context":199},794,{"file":98,"line":225,"context":199},803,{"file":98,"line":227,"context":199},885,{"file":98,"line":229,"context":199},1005,{"file":98,"line":231,"context":199},1059,{"file":98,"line":233,"context":199},1068,{"file":98,"line":235,"context":199},1073,{"file":98,"line":237,"context":199},1123,{"file":98,"line":239,"context":199},1182,{"file":98,"line":241,"context":199},2989,{"file":243,"line":244,"context":199},"includes\\importer\\views\\html-sema-import-category.php",25,{"file":243,"line":246,"context":199},26,{"file":248,"line":79,"context":199},"includes\\importer\\views\\html-sema-import-log.php",{"file":248,"line":250,"context":199},35,{"file":248,"line":252,"context":199},58,{"file":248,"line":254,"context":199},61,{"file":256,"line":257,"context":199},"includes\\importer\\views\\html-sema-import-step2.php",77,{"file":256,"line":259,"context":199},78,{"file":256,"line":261,"context":199},135,{"file":256,"line":263,"context":199},174,{"file":265,"line":246,"context":199},"includes\\menutab.php",{"file":265,"line":267,"context":199},27,{"file":265,"line":269,"context":199},29,{"file":265,"line":11,"context":199},{"file":265,"line":272,"context":199},39,{"file":265,"line":274,"context":199},44,{"file":265,"line":276,"context":199},45,{"file":265,"line":278,"context":199},52,{"file":280,"line":281,"context":199},"includes\\parallet.php",57,{"file":283,"line":284,"context":199},"includes\\views\\html-sema-attribute.php",33,{"file":283,"line":79,"context":199},{"file":283,"line":287,"context":199},64,{"file":283,"line":289,"context":199},98,{"file":283,"line":291,"context":199},108,{"file":283,"line":99,"context":199},{"file":283,"line":294,"context":199},123,{"file":283,"line":296,"context":199},132,{"file":283,"line":298,"context":199},140,{"file":283,"line":300,"context":199},248,{"file":302,"line":287,"context":199},"includes\\views\\html-sema-fitment-edit.php",{"file":302,"line":65,"context":199},{"file":302,"line":305,"context":199},104,{"file":302,"line":307,"context":199},105,{"file":309,"line":310,"context":199},"includes\\views\\html-sema-fitment-new.php",19,{"file":309,"line":312,"context":199},20,{"file":309,"line":314,"context":199},21,{"file":309,"line":316,"context":199},163,{"file":318,"line":319,"context":199},"includes\\views\\html-sema-fitment.php",36,{"file":318,"line":321,"context":199},130,{"file":318,"line":323,"context":199},203,{"file":318,"line":325,"context":199},215,{"file":318,"line":327,"context":199},224,{"file":318,"line":329,"context":199},235,{"file":331,"line":332,"context":199},"includes\\views\\html-sema-import-greeting.php",182,{"file":120,"line":334,"context":199},141,{"file":120,"line":336,"context":199},688,{"file":120,"line":338,"context":199},729,{"file":120,"line":340,"context":199},1016,{"file":120,"line":342,"context":199},1026,{"file":120,"line":344,"context":199},1034,{"file":120,"line":346,"context":199},1046,{"file":120,"line":348,"context":199},1055,{"file":120,"line":350,"context":199},1070,{"file":120,"line":352,"context":199},1330,{"file":120,"line":354,"context":199},1385,{"file":120,"line":356,"context":199},1452,{"file":120,"line":358,"context":199},1472,{"file":120,"line":360,"context":199},1475,{"file":120,"line":362,"context":199},1485,{"file":120,"line":364,"context":199},1488,{"file":120,"line":366,"context":199},1497,{"file":120,"line":368,"context":199},1498,{"file":120,"line":370,"context":199},1745,{"file":120,"line":372,"context":199},1756,{"file":120,"line":374,"context":199},1764,{"file":120,"line":376,"context":199},1773,{"file":120,"line":378,"context":199},1783,3,[],[382,400,452,476,503,517,563],{"entryPoint":383,"graph":384,"unsanitizedCount":27,"severity":399},"\u003Chtml-sema-fitment-edit> (includes\\views\\html-sema-fitment-edit.php:0)",{"nodes":385,"edges":397},[386,391],{"id":387,"type":388,"label":389,"file":302,"line":390},"n0","source","$_GET",9,{"id":392,"type":393,"label":394,"file":302,"line":395,"wp_function":396},"n1","sink","echo() [XSS]",139,"echo",[398],{"from":387,"to":392,"sanitized":158},"low",{"entryPoint":401,"graph":402,"unsanitizedCount":63,"severity":451},"dispatch (includes\\importer\\class-sema-product-import.php:81)",{"nodes":403,"edges":444},[404,407,411,414,417,421,426,429,434,437,441],{"id":387,"type":388,"label":405,"file":98,"line":406},"$_GET (x3)",181,{"id":392,"type":393,"label":408,"file":98,"line":409,"wp_function":410},"get_row() [SQLi]",187,"get_row",{"id":412,"type":388,"label":413,"file":98,"line":406},"n2","$_GET (x5)",{"id":415,"type":393,"label":394,"file":98,"line":416,"wp_function":396},"n3",223,{"id":418,"type":388,"label":419,"file":98,"line":420},"n4","$_GET (x2)",394,{"id":422,"type":393,"label":423,"file":98,"line":424,"wp_function":425},"n5","query() [SQLi]",455,"query",{"id":427,"type":388,"label":389,"file":98,"line":428},"n6",522,{"id":430,"type":393,"label":431,"file":98,"line":432,"wp_function":433},"n7","get_var() [SQLi]",523,"get_var",{"id":435,"type":388,"label":389,"file":98,"line":436},"n8",496,{"id":438,"type":439,"label":440,"file":98,"line":436},"n9","transform","→ importProduct()",{"id":442,"type":393,"label":423,"file":98,"line":443,"wp_function":425},"n10",1651,[445,446,447,448,449,450],{"from":387,"to":392,"sanitized":158},{"from":412,"to":415,"sanitized":158},{"from":418,"to":422,"sanitized":158},{"from":427,"to":430,"sanitized":158},{"from":435,"to":438,"sanitized":154},{"from":438,"to":442,"sanitized":154},"high",{"entryPoint":453,"graph":454,"unsanitizedCount":63,"severity":451},"\u003Cclass-sema-product-import> (includes\\importer\\class-sema-product-import.php:0)",{"nodes":455,"edges":469},[456,458,459,460,461,463,464,465,466,467,468],{"id":387,"type":388,"label":457,"file":98,"line":406},"$_GET (x4)",{"id":392,"type":393,"label":408,"file":98,"line":409,"wp_function":410},{"id":412,"type":388,"label":413,"file":98,"line":406},{"id":415,"type":393,"label":394,"file":98,"line":416,"wp_function":396},{"id":418,"type":388,"label":462,"file":98,"line":420},"$_GET (x6)",{"id":422,"type":393,"label":423,"file":98,"line":424,"wp_function":425},{"id":427,"type":388,"label":405,"file":98,"line":428},{"id":430,"type":393,"label":431,"file":98,"line":432,"wp_function":433},{"id":435,"type":388,"label":389,"file":98,"line":436},{"id":438,"type":439,"label":440,"file":98,"line":436},{"id":442,"type":393,"label":423,"file":98,"line":443,"wp_function":425},[470,471,472,473,474,475],{"from":387,"to":392,"sanitized":158},{"from":412,"to":415,"sanitized":158},{"from":418,"to":422,"sanitized":158},{"from":427,"to":430,"sanitized":158},{"from":435,"to":438,"sanitized":154},{"from":438,"to":442,"sanitized":154},{"entryPoint":477,"graph":478,"unsanitizedCount":502,"severity":451},"\u003Chtml-sema-attribute> (includes\\views\\html-sema-attribute.php:0)",{"nodes":479,"edges":497},[480,483,486,488,489,491,493,495],{"id":387,"type":388,"label":481,"file":283,"line":482},"$_REQUEST (x3)",10,{"id":392,"type":393,"label":484,"file":283,"line":244,"wp_function":485},"get_results() [SQLi]","get_results",{"id":412,"type":388,"label":487,"file":283,"line":482},"$_REQUEST",{"id":415,"type":393,"label":394,"file":283,"line":284,"wp_function":396},{"id":418,"type":388,"label":481,"file":283,"line":490},119,{"id":422,"type":393,"label":423,"file":283,"line":492,"wp_function":425},121,{"id":427,"type":388,"label":487,"file":283,"line":494},136,{"id":430,"type":393,"label":394,"file":283,"line":496,"wp_function":396},202,[498,499,500,501],{"from":387,"to":392,"sanitized":154},{"from":412,"to":415,"sanitized":154},{"from":418,"to":422,"sanitized":154},{"from":427,"to":430,"sanitized":158},7,{"entryPoint":504,"graph":505,"unsanitizedCount":13,"severity":451},"__construct (sema-api.php:50)",{"nodes":506,"edges":514},[507,510,512,513],{"id":387,"type":388,"label":508,"file":120,"line":509},"$_POST",82,{"id":392,"type":393,"label":431,"file":120,"line":511,"wp_function":433},134,{"id":412,"type":388,"label":508,"file":120,"line":509},{"id":415,"type":393,"label":394,"file":120,"line":334,"wp_function":396},[515,516],{"from":387,"to":392,"sanitized":154},{"from":412,"to":415,"sanitized":154},{"entryPoint":518,"graph":519,"unsanitizedCount":267,"severity":451},"sema_getdata_callback (sema-api.php:966)",{"nodes":520,"edges":555},[521,524,528,530,532,534,535,537,539,542,544,545,550,552],{"id":387,"type":388,"label":522,"file":120,"line":523},"$_GET (x10)",1098,{"id":392,"type":393,"label":525,"file":120,"line":526,"wp_function":527},"wp_remote_get() [SSRF]",1168,"wp_remote_get",{"id":412,"type":388,"label":405,"file":120,"line":529},1081,{"id":415,"type":393,"label":431,"file":120,"line":531,"wp_function":433},1189,{"id":418,"type":388,"label":533,"file":120,"line":523},"$_GET (x8)",{"id":422,"type":393,"label":394,"file":120,"line":352,"wp_function":396},{"id":427,"type":388,"label":389,"file":120,"line":536},1513,{"id":430,"type":393,"label":408,"file":120,"line":538,"wp_function":410},1531,{"id":435,"type":388,"label":540,"file":120,"line":541},"$_POST (x2)",1518,{"id":438,"type":393,"label":423,"file":120,"line":543,"wp_function":425},1536,{"id":442,"type":388,"label":419,"file":120,"line":523},{"id":546,"type":393,"label":547,"file":120,"line":548,"wp_function":549},"n11","wp_remote_post() [SSRF]",1550,"wp_remote_post",{"id":551,"type":388,"label":389,"file":120,"line":536},"n12",{"id":553,"type":393,"label":423,"file":120,"line":554,"wp_function":425},"n13",1604,[556,557,558,559,560,561,562],{"from":387,"to":392,"sanitized":154},{"from":412,"to":415,"sanitized":154},{"from":418,"to":422,"sanitized":154},{"from":427,"to":430,"sanitized":154},{"from":435,"to":438,"sanitized":154},{"from":442,"to":546,"sanitized":154},{"from":551,"to":553,"sanitized":154},{"entryPoint":564,"graph":565,"unsanitizedCount":319,"severity":451},"\u003Csema-api> (sema-api.php:0)",{"nodes":566,"edges":589},[567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,583,585,587],{"id":387,"type":388,"label":508,"file":120,"line":509},{"id":392,"type":393,"label":431,"file":120,"line":511,"wp_function":433},{"id":412,"type":388,"label":508,"file":120,"line":509},{"id":415,"type":393,"label":394,"file":120,"line":334,"wp_function":396},{"id":418,"type":388,"label":522,"file":120,"line":523},{"id":422,"type":393,"label":525,"file":120,"line":526,"wp_function":527},{"id":427,"type":388,"label":413,"file":120,"line":529},{"id":430,"type":393,"label":431,"file":120,"line":531,"wp_function":433},{"id":435,"type":388,"label":533,"file":120,"line":523},{"id":438,"type":393,"label":394,"file":120,"line":352,"wp_function":396},{"id":442,"type":388,"label":389,"file":120,"line":536},{"id":546,"type":393,"label":408,"file":120,"line":538,"wp_function":410},{"id":551,"type":388,"label":540,"file":120,"line":541},{"id":553,"type":393,"label":423,"file":120,"line":543,"wp_function":425},{"id":582,"type":388,"label":419,"file":120,"line":523},"n14",{"id":584,"type":393,"label":547,"file":120,"line":548,"wp_function":549},"n15",{"id":586,"type":388,"label":462,"file":120,"line":536},"n16",{"id":588,"type":393,"label":423,"file":120,"line":554,"wp_function":425},"n17",[590,591,592,593,594,595,596,597,598],{"from":387,"to":392,"sanitized":154},{"from":412,"to":415,"sanitized":154},{"from":418,"to":422,"sanitized":154},{"from":427,"to":430,"sanitized":154},{"from":435,"to":438,"sanitized":154},{"from":442,"to":546,"sanitized":154},{"from":551,"to":553,"sanitized":154},{"from":582,"to":584,"sanitized":154},{"from":586,"to":588,"sanitized":154},{"summary":600,"deductions":601},"The sema-api v6.22 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation (98%) and a majority of output escaping (78%), several significant concerns are present. The presence of two unprotected AJAX handlers creates a substantial attack surface, potentially allowing unauthenticated users to trigger plugin functionality.  Taint analysis reveals six high-severity flows with unsanitized paths, indicating potential vulnerabilities where user input could be manipulated to achieve unintended or malicious outcomes, even though no critical severity flows were found.\n\nThe plugin's vulnerability history, with two known CVEs including one critical and one medium, both related to Cross-Site Scripting and SQL Injection, is concerning. While there are currently no unpatched vulnerabilities, the recurring nature of these vulnerability types suggests a pattern of inadequate input sanitization and output escaping, particularly for specific input vectors. The last vulnerability being recent further underscores the need for vigilance.\n\nIn conclusion, sema-api v6.22 has some strengths in its handling of database interactions. However, the unprotected entry points, high-severity taint flows, and past critical vulnerabilities necessitate careful consideration. The plugin's security would be significantly improved by addressing the unprotected AJAX handlers and thoroughly reviewing and sanitizing all user-influenced data flows identified by the taint analysis, especially in light of its historical vulnerabilities.",[602,604,607,610,613,615],{"reason":603,"points":482},"Unprotected AJAX handlers",{"reason":605,"points":606},"High severity unsanitized taint flows",12,{"reason":608,"points":609},"Historical critical CVE (XSS\u002FSQLi)",15,{"reason":611,"points":612},"Historical medium CVE (XSS\u002FSQLi)",8,{"reason":614,"points":482},"Lack of nonce checks",{"reason":616,"points":174},"Percentage of improperly escaped output","2026-03-16T22:37:43.205Z",{"wat":619,"direct":628},{"assetPaths":620,"generatorPatterns":623,"scriptPaths":624,"versionParams":625},[621,622],"\u002Fwp-content\u002Fplugins\u002Fsema-api\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fsema-api\u002Fjs\u002Fscript.js",[],[622],[626,627],"sema-api\u002Fstyle.css?ver=","sema-api\u002Fjs\u002Fscript.js?ver=",{"cssClasses":629,"htmlComments":631,"htmlAttributes":632,"restEndpoints":637,"jsGlobals":638,"shortcodeOutput":644},[630],"sema_product_fitment_field",[],[633,634,635,636],"id=\"sema_product_data_fitments\"","id=\"ymm_search_field\"","class=\"ymm-result-select\"","id=\"sema_ymms_changed\"",[],[639,640,641,642,643],"var ajax_url='","function sema_new_product_tab( $tabs )","function sema_product_tab( $array )","function sema_product_content_fitment()","function sema_save_fitments( $post_id )",[]]