[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX6e7t99WsRFIlvxD_ZbT5UU8yeGMD9wTY1ukAFoTwyM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":42,"crawl_stats":33,"alternatives":46,"analysis":151,"fingerprints":272},"sepa-girocode","SEPA Girocode","0.5.1","mhallmann","https:\u002F\u002Fprofiles.wordpress.org\u002Fmhallmann\u002F","\u003Cp>With Girocode\u002FEPC-Codes you can easily provide payments information in a Quick-Response-Code. Customers just have to scan the code with a supported banking app.\u003C\u002Fp>\n","Create EPC-Codes (in Germany known as Girocode) for money transfer | Girocode-Barcode für SEPA-Überweisungen erstellen",20,2077,1,"","4.6.0","4.0",[18,19,20,21],"epc","girocode","sct","sepa","http:\u002F\u002Fwww.halli-online.de\u002Fsepa-girocode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsepa-girocode.0.5.1.zip",78,"2025-06-05 00:00:00","2026-03-15T10:48:56.248Z",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":33,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":25,"updated_date":39,"references":40,"days_to_patch":33},"CVE-2025-49450","sepa-girocode-authenticated-contributor-stored-cross-site-scripting","SEPA Girocode \u003C= 0.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The SEPA Girocode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.5.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-06-11 20:16:45",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa36e599a-c8fb-42e2-acc0-d76a77dce336?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":43,"trust_score":44,"computed_at":45},30,79,"2026-04-04T10:32:14.125Z",[47,68,87,110,133],{"slug":19,"name":48,"version":49,"author":50,"author_profile":51,"description":52,"short_description":53,"active_installs":11,"downloaded":54,"rating":55,"num_ratings":55,"last_updated":56,"tested_up_to":57,"requires_at_least":58,"requires_php":59,"tags":60,"homepage":64,"download_link":65,"security_score":66,"vuln_count":55,"unpatched_count":55,"last_vuln_date":33,"fetched_at":67},"GiroCode","1.0.6","documentid","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocumentid\u002F","\u003Cp>This plugin displays GiroCodes for easy bank transfers. A GiroCode is a QR code with data for a transfer which can be scanned into a banking app.\u003C\u002Fp>\n\u003Cp>GiroCode is a European standard for transfers in the SEPA (Single Euro Payments Area) currently covering 36 countries and territories.\u003C\u002Fp>\n\u003Cp>Shortcode examples:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[girocode beneficiary=\"Deutsches Rotes Kreuz e. V.\" iban=\"DE63370205000005023307\" amount=\"10.00\" purpose=\"Internationale Soforthilfe\"]\n[girocode beneficiary=\"Deutsches Rotes Kreuz e. V.\" iban=\"DE63370205000005023307\" amount=\"10.00\" purpose=\"Internationale Soforthilfe\" type=\"CHAR\"]\n[girocode beneficiary=\"Deutsches Rotes Kreuz e. V.\" iban=\"DE63370205000005023307\" amount=\"10.00\" purpose=\"Internationale Soforthilfe\" size=\"100\"]\n[girocode beneficiary=\"Deutsches Rotes Kreuz e. V.\" IBAN=\"DE63370205000005023307\" amount=\"1.00\" purpose=\"Internationale Soforthilfe\" size=\"200\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The amount is specified in Euro, standard size is 150.\u003C\u002Fp>\n\u003Cp>For a charity donation, type “CHAR” should be specified, marking the transfer as a such in the banking data.\u003C\u002Fp>\n\u003Ch3>Use of External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the external service \u003Ca href=\"https:\u002F\u002Fdocumentid.net\u002Fgirocode\" rel=\"nofollow ugc\">documentid.net\u002Fgirocode\u003C\u002Fa>.\u003Cbr \u002F>\nThe \u003Ca href=\"https:\u002F\u002Fdocumentid.net\u002Fterms-of-service\u002Fgirocode\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> also include information on how your data is handled.\u003C\u002Fp>\n","This plugin displays GiroCodes for easy bank transfers. A GiroCode is a QR code with data for a transfer which can be scanned into a banking app.",2385,0,"2024-11-03T16:58:00.000Z","6.6.5","4.7","7.0",[61,62,19,63,21],"banking","epc-qr-code","qr-code","https:\u002F\u002Fdocumentid.net\u002Fgirocode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgirocode.1.0.7.zip",92,"2026-03-15T15:16:48.613Z",{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":55,"downloaded":76,"rating":55,"num_ratings":55,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":84,"download_link":85,"security_score":86,"vuln_count":55,"unpatched_count":55,"last_vuln_date":33,"fetched_at":67},"donation-qr-block","Donation QR Block","1.0.1","remotedots","https:\u002F\u002Fprofiles.wordpress.org\u002Fremotedots\u002F","\u003Cp>Donation QR Block adds a Gutenberg block that displays an EPC\u002FGiroCode QR code for accepting SEPA bank donations. When scanned with a banking app, the QR code pre-fills all transfer details (recipient, IBAN, BIC, reference) – making it easy for supporters to donate.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Native Gutenberg block\u003C\u002Fstrong> – No shortcodes, works seamlessly with the block editor\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live preview\u003C\u002Fstrong> – QR code updates in real-time as you edit bank details\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fully customizable\u003C\u002Fstrong> – Edit recipient name, bank, IBAN, BIC, amount, and payment reference\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No external services\u003C\u002Fstrong> – QR codes are generated locally, your bank details never leave your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-friendly\u003C\u002Fstrong> – No tracking, no API calls, no external dependencies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable appearance\u003C\u002Fstrong> – Change background color to match your theme\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Graceful fallback\u003C\u002Fstrong> – Shows bank details even if QR generation is unavailable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What is an EPC QR Code?\u003C\u002Fh4>\n\u003Cp>The EPC QR code (European Payments Council Quick Response Code) is a standard for encoding SEPA credit transfer data. In Germany, it’s known as “GiroCode”. When scanned with a compatible banking app, it automatically fills in all payment details, reducing errors and making donations effortless.\u003C\u002Fp>\n\u003Cp>Supported in 36 SEPA countries including: Germany, Austria, Belgium, Netherlands, France, Spain, Italy, and more.\u003C\u002Fp>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Non-profit organizations accepting donations\u003C\u002Fli>\n\u003Cli>Churches and religious organizations\u003C\u002Fli>\n\u003Cli>Sports clubs and associations\u003C\u002Fli>\n\u003Cli>Crowdfunding campaigns\u003C\u002Fli>\n\u003Cli>Event organizers collecting fees\u003C\u002Fli>\n\u003Cli>Any organization accepting SEPA bank transfers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Source Code & Development\u003C\u002Fh3>\n\u003Cp>The full source code for this plugin is available on GitHub:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fremotedots\u002Fdonation-qr-block\u003C\u002Fp>\n\u003Cp>The \u003Ccode>\u002Fbuild\u003C\u002Fcode> directory contains compiled JavaScript and CSS assets generated from source files in the \u003Ccode>\u002Fsrc\u003C\u002Fcode> directory using \u003Ccode>@wordpress\u002Fscripts\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>Building from Source\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Clone the repository: \u003Ccode>git clone https:\u002F\u002Fgithub.com\u002Fremotedots\u002Fdonation-qr-block.git\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Install dependencies: \u003Ccode>npm install\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Build assets: \u003Ccode>npm run build\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Install PHP dependencies: \u003Ccode>composer install --no-dev\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Source Files\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fsrc\u002Findex.js\u003C\u002Fcode> – Block registration\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fsrc\u002Fedit.js\u003C\u002Fcode> – Editor component (React)\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fsrc\u002Feditor.scss\u003C\u002Fcode> – Editor styles\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fsrc\u002Fstyle.scss\u003C\u002Fcode> – Frontend styles\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fsrc\u002Fblock.json\u003C\u002Fcode> – Block metadata\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, store, or transmit any personal data. All QR code generation happens locally on your server and in users’ browsers. No external API calls are made.\u003C\u002Fp>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cp>This plugin is provided as-is without any warranty. The author is not responsible for any financial losses, incorrect transfers, or other damages resulting from the use of this plugin. Users are solely responsible for verifying that all bank details (IBAN, BIC, recipient name, amount) are correct before publishing. Always test QR codes with your banking app before making them publicly available.\u003C\u002Fp>\n","Display an EPC\u002FGiroCode QR code for SEPA bank donations. Scannable by banking apps to pre-fill transfer details.",147,"2026-02-24T10:02:00.000Z","6.9.4","6.0","8.1",[82,83,19,63,21],"bank-transfer","donation","https:\u002F\u002Fgithub.com\u002Fremotedots\u002Fdonation-qr-block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdonation-qr-block.1.0.1.zip",100,{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":108,"download_link":109,"security_score":86,"vuln_count":55,"unpatched_count":55,"last_vuln_date":33,"fetched_at":67},"viva-com-smart-for-woocommerce","Viva.com | Smart Checkout for WooCommerce","1.0.2","Viva.com Support","https:\u002F\u002Fprofiles.wordpress.org\u002Fvivawalletplugins\u002F","\u003Cp>Viva.com | Smart Checkout extends WooCommerce by providing a seamless and secure payment gateway. Accept online payments with a modern checkout experience, and multiple payment methods.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Seamless Checkout\u003C\u002Fstrong> – Provide a frictionless payment experience optimized for conversion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Payment Methods\u003C\u002Fstrong> – Accept credit\u002Fdebit cards, digital wallets, and local payment options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Integration\u003C\u002Fstrong> – Fully compatible with WooCommerce’s payment flow.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Localized Experience\u003C\u002Fstrong> – Support for multiple languages.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.2 – 2025-05-15\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add currency to transaction api calls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.1 – 2025-03-27\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add brand color picker option for smart checkout\u003C\u002Fli>\n\u003Cli>Fix double request to viva during configuration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.0 – 2025-02-05\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Initial release.\u003C\u002Fli>\n\u003C\u002Ful>\n","Take secure online payments on your WooCommerce store with Viva.com Smart Checkout. ---",5000,11366,46,7,"2025-05-15T12:05:00.000Z","6.7.5","6.5","7.4",[104,105,21,106,107],"apple-pay","payments","viva","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fviva-com-smart-for-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fviva-com-smart-for-woocommerce.1.0.2.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":86,"num_ratings":120,"last_updated":121,"tested_up_to":78,"requires_at_least":122,"requires_php":14,"tags":123,"homepage":129,"download_link":130,"security_score":131,"vuln_count":13,"unpatched_count":55,"last_vuln_date":132,"fetched_at":67},"cssigniter-shortcodes","CSSIgniter Shortcodes","2.4.2","Anastis Sourgoutsidis","https:\u002F\u002Fprofiles.wordpress.org\u002Fanastis\u002F","\u003Cp>WordPress blocks are easier to use and this is why we have created a fantastic collection of FREE blocks for the new block editor.\u003Cbr \u002F>\nCheck out \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgutenbee\u002F\" rel=\"ugc\">GutenBee\u003C\u002Fa> now!\u003C\u002Fp>\n\u003Cp>This shortcodes plugin, has been created to complement and be used mainly with CSSIgniter’s premium and free themes. But of course, anyone can use it with any theme.\u003Cbr \u002F>\nA lot of useful shortcodes are defined. See the plugin’s documentation for a complete guide.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fwww.cssigniter.com\u002Fdocs\u002Fshortcodes\u002F\u003C\u002Fp>\n","This plugin defines and allows you to use a lot of useful shortcodes. Need a button? Sure. A message box? You know we have it.",2000,56628,4,"2025-12-02T14:08:00.000Z","5.0",[124,125,126,127,128],"blockquote","box","button","separator","tooltip","https:\u002F\u002Fwww.cssigniter.com\u002Fci-shortcodes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcssigniter-shortcodes.2.4.2.zip",99,"2025-12-02 14:20:18",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":86,"num_ratings":120,"last_updated":143,"tested_up_to":78,"requires_at_least":101,"requires_php":59,"tags":144,"homepage":149,"download_link":150,"security_score":86,"vuln_count":55,"unpatched_count":55,"last_vuln_date":33,"fetched_at":67},"icon-separator","Icon Separator","1.2.4","Phi Phan","https:\u002F\u002Fprofiles.wordpress.org\u002Fmr2p\u002F","\u003Cp>A simple, lightweight, accessibility-ready icon separator block.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Customize the icon width, spacing, color and position.\u003C\u002Fli>\n\u003Cli>Customize the separator width, style, color and position.\u003C\u002Fli>\n\u003Cli>Accessibility ready with ‘separator’ role.\u003C\u002Fli>\n\u003Cli>Simple and easy to use but included full settings even with responsive width and responsive vertical margin.\u003C\u002Fli>\n\u003Cli>An icon library included icons from “Bootstrap Icons”, “Ionicons”, “Dashicons” and new “WordPress Icons”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please take a look at \u003Ca href=\"https:\u002F\u002Fboldpatterns.net\u002Fkeywords\u002Fseparator?utm_source=wp.org&utm_campaign=readme&utm_medium=link&utm_content=Icon+Separator\" rel=\"nofollow ugc\">these custom block patterns\u003C\u002Fa> that use this block to see how it can be applied to real-world sites.\u003C\u002Fp>\n\u003Cp>If this plugin is useful for you, please do a quick review and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ficon-separator\u002Freviews\u002F#new-post\" rel=\"ugc\">rate it\u003C\u002Fa> on WordPress.org to help us spread the word. I would very much appreciate it.\u003C\u002Fp>\n\u003Cp>Please check out my other plugins if you’re interested:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontent-blocks-builder\" rel=\"ugc\">Content Blocks Builder\u003C\u002Fa>\u003C\u002Fstrong> – This plugin turns the Block Editor into a powerful page builder by allowing you to create blocks, variations, and patterns directly in the Block Editor without needing a code editor.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisplay-a-meta-field-as-block\" rel=\"ugc\">Meta Field Block\u003C\u002Fa>\u003C\u002Fstrong> – A block to display custom fields as blocks on the front end. It supports custom fields for posts, terms, users, and setting fields. It can also be used in the Query Loop block.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsvg-block\" rel=\"ugc\">SVG Block\u003C\u002Fa>\u003C\u002Fstrong> – A block to display SVG images as blocks. Useful for images, icons, dividers, and buttons. It allows you to upload SVG images and load them into the icon library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbreadcrumb-block\" rel=\"ugc\">Breadcrumb Block\u003C\u002Fa>\u003C\u002Fstrong> – A simple breadcrumb trail block that supports JSON-LD structured data and is compatible with WooCommerce.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-enhancements\" rel=\"ugc\">Block Enhancements\u003C\u002Fa>\u003C\u002Fstrong> – Adds practical features to blocks like icons, box shadows, transforms, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcounting-number-block\" rel=\"ugc\">Counting Number Block\u003C\u002Fa>\u003C\u002Fstrong> – A block to display numbers with a counting effect\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetter-youtube-embed-block\" rel=\"ugc\">Better YouTube Embed Block\u003C\u002Fa>\u003C\u002Fstrong> – A block to solve the performance issue with embedded YouTube videos. It can also embed multiple videos and playlists.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin is developed using @wordpress\u002Fcreate-block.\u003C\u002Fp>\n","A simple, lightweight, accessibility-ready icon separator block.",1000,21328,"2025-11-22T13:48:00.000Z",[145,146,147,127,148],"block","divider","icon","svg","https:\u002F\u002Fboldblocks.net?utm_source=Icon+Separator&utm_campaign=visit+site&utm_medium=link&utm_content=Plugin+URI","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ficon-separator.1.2.4.zip",{"attackSurface":152,"codeSignals":181,"taintFlows":230,"riskAssessment":249,"analyzedAt":271},{"hooks":153,"ajaxHandlers":169,"restRoutes":170,"shortcodes":171,"cronEvents":179,"entryPointCount":180,"unprotectedCount":55},[154,160,165],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","parse_request","sepa_girocode_parse_request","sepa-girocode.php",476,{"type":161,"name":162,"callback":163,"file":158,"line":164},"filter","query_vars","sepa_girocode_query_vars",477,{"type":155,"name":166,"callback":167,"file":158,"line":168},"upgrader_process_complete","sepa_girocode_upgrade",479,[],[],[172,175],{"tag":19,"callback":173,"file":158,"line":174},"sepa_girocode_shortcode",472,{"tag":176,"callback":177,"file":158,"line":178},"girocode-generator","sepa_girocode_shortcode_generator",473,[],2,{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":190,"fileOperations":225,"externalRequests":55,"nonceChecks":55,"capabilityChecks":55,"bundledLibraries":226},[],{"prepared":55,"raw":180,"locations":184},[185,188],{"file":158,"line":186,"context":187},279,"$wpdb->get_results() with variable interpolation",{"file":158,"line":189,"context":187},288,{"escaped":191,"rawEcho":192,"locations":193},18,13,[194,198,200,203,205,207,209,211,214,216,219,221,223],{"file":195,"line":196,"context":197},"includes\\phpqrcode\\index.php",72,"raw output",{"file":195,"line":199,"context":197},86,{"file":201,"line":202,"context":197},"includes\\phpqrcode\\phpqrcode.php",253,{"file":201,"line":204,"context":197},285,{"file":201,"line":206,"context":197},294,{"file":201,"line":208,"context":197},815,{"file":201,"line":210,"context":197},847,{"file":212,"line":213,"context":197},"includes\\phpqrcode\\qrspec.php",503,{"file":212,"line":215,"context":197},535,{"file":217,"line":218,"context":197},"includes\\phpqrcode\\qrtools.php",120,{"file":217,"line":220,"context":197},152,{"file":217,"line":222,"context":197},161,{"file":158,"line":224,"context":197},344,21,[227],{"name":228,"version":33,"knownCves":229},"TCPDF",[],[231],{"entryPoint":232,"graph":233,"unsanitizedCount":13,"severity":248},"\u003Cindex> (includes\\phpqrcode\\index.php:0)",{"nodes":234,"edges":245},[235,240],{"id":236,"type":237,"label":238,"file":195,"line":239},"n0","source","$_REQUEST",60,{"id":241,"type":242,"label":243,"file":195,"line":196,"wp_function":244},"n1","sink","echo() [XSS]","echo",[246],{"from":236,"to":241,"sanitized":247},false,"low",{"summary":250,"deductions":251},"The \"sepa-girocode\" v0.5.1 plugin exhibits several concerning security practices despite a limited attack surface. While the plugin has no exposed AJAX handlers or REST API routes without authentication, and no critical or high severity taint flows were identified, the codebase has significant weaknesses. The lack of any nonce or capability checks is a major concern, as it implies that even entry points that exist could be exploited without proper authorization. Furthermore, the plugin performs raw SQL queries without using prepared statements, which opens the door to SQL injection vulnerabilities. The presence of a medium severity Cross-Site Scripting (XSS) vulnerability in its history, despite the latest vulnerability being dated in the future (which is likely a data error and should be treated as a current concern), highlights a recurring issue with input sanitization and output escaping, further evidenced by only 58% of output being properly escaped. The use of the bundled TCPDF library also raises a flag, as bundled libraries can become outdated and introduce their own vulnerabilities if not actively maintained.",[252,255,258,261,263,266,268],{"reason":253,"points":254},"Unpatched medium severity CVE",15,{"reason":256,"points":257},"Raw SQL queries without prepared statements",10,{"reason":259,"points":260},"No nonce checks on entry points",5,{"reason":262,"points":260},"No capability checks on entry points",{"reason":264,"points":265},"Significant portion of output not escaped",6,{"reason":267,"points":260},"Flows with unsanitized paths",{"reason":269,"points":270},"Bundled TCPDF library",3,"2026-03-16T22:41:52.500Z",{"wat":273,"direct":279},{"assetPaths":274,"generatorPatterns":276,"scriptPaths":277,"versionParams":278},[275],"\u002Fwp-content\u002Fplugins\u002Fsepa-girocode\u002Fimages\u002Fgirocode.png",[],[],[],{"cssClasses":280,"htmlComments":281,"htmlAttributes":282,"restEndpoints":284,"jsGlobals":285,"shortcodeOutput":287},[],[],[283],"data-sepa-girocode-class",[],[286],"sepa_girocode_class",[288,289],"\u003Cimg src=\"index.php?sepa-girocode=show-code&key=","\u003Ca href=\"index.php?sepa-girocode=get-codefile&key="]