[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhSO1BDtipIrNaGqFZKt-OsXnQoCf-pXcZ1SkenJiGbc":3,"$fJgHEAe_NpHjbviidwgSVZLbPxDjY4qU4Ep2BMFP5ScI":248,"$fxh54mBlTfeNjamASdgiiBF5XtGfx8XDEum4nfvWlkvw":252},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":11,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":37,"analysis":38,"fingerprints":226},"single-product-total","Single Product Total for WooCommerce","3.0.0","WebFix Lab","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfixlab\u002F","\u003Cp>With our plugin, you can easily display the total price on the product page. This will help your customers to quickly understand the cost of the product they’re interested in, based on the quantity they need.\u003C\u002Fp>\n\u003Cp>The plugin supports single, variable and grouped products. It also offers extensive styling options to match your store’s design. With the \u003Cstrong>animation duration\u003C\u002Fstrong> feature, you can adjust price calculation time and with enough time, it will automatically handle \u003Cstrong>Discount plugins\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Additionally, an add to cart button can be placed in fixed positions, such as the bottom right of the page, for improved usability.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsingle-product-total\u002F\" rel=\"ugc\">Bug Report\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebfixlab\u002Fsingle-product-total\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>New! Improved \u003Cstrong>currency and price formats\u003C\u002Fstrong> support.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>8 different positions\u003C\u002Fstrong> to display total price with \u003Cstrong>4 sticky position\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Animation duration option to add time for \u003Cstrong>dynamic discount plugins\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Extra \u003Cstrong>Add to cart button\u003C\u002Fstrong> on sticky positions.\u003C\u002Fli>\n\u003Cli>Supports Single, Variable and \u003Cstrong>Grouped products\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Discount Rules and Dynamic Pricing for WooCommerce\u003C\u002Fstrong> support.\u003C\u002Fli>\n\u003Cli>Easy design customization options.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>BENEFITS\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Discount plugins\u003C\u002Fstrong> support: Discount plugins takes a bit longer to modify prices. If you set longer animation duration, total price will automatically use the discounted price.\u003C\u002Fp>\n\u003Cp>Since price calculation is handled automatically, this,\u003Cbr \u002F>\n– Saves time,\u003Cbr \u002F>\n– Increases customer satisfaction and\u003Cbr \u002F>\n– May yield more sales.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Personalize Product Total\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Get a customized version of the Single Product Total for WooCommerce plugin to perfectly match your unique needs. \u003Ca href=\"https:\u002F\u002Fwebfixlab.com\u002Frequest-quote\u002F\" rel=\"nofollow ugc\">Customize Now\u003C\u002Fa>\u003C\u002Fp>\n","Quickest and lightest way to show total price on product pages. A simple step for a better UX.",100,3741,86,3,"2026-03-30T21:00:00.000Z","6.9.4","4.9","7.0",[20,4,21],"product-total","woocommerce-product-total","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsingle-product-total\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-product-total.3.0.0.zip",0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"webfixlab",6,720,99,30,93,"2026-05-19T20:15:28.860Z",[],{"attackSurface":39,"codeSignals":104,"taintFlows":173,"riskAssessment":220,"analyzedAt":225},{"hooks":40,"ajaxHandlers":100,"restRoutes":101,"shortcodes":102,"cronEvents":103,"entryPointCount":24,"unprotectedCount":24},[41,47,51,57,60,63,67,71,75,78,83,89,92,95,98],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","init","do_activate","includes\\class\\admin\\class-sptotal-loader.php",24,{"type":42,"name":48,"callback":49,"file":45,"line":50},"before_woocommerce_init","wc_init",25,{"type":52,"name":53,"callback":54,"priority":55,"file":45,"line":56},"filter","plugin_row_meta","plugin_desc_meta",10,64,{"type":42,"name":58,"callback":58,"file":45,"line":59},"admin_head",69,{"type":42,"name":61,"callback":61,"file":45,"line":62},"admin_menu",70,{"type":42,"name":64,"callback":65,"file":45,"line":66},"admin_enqueue_scripts","admin_scripts",73,{"type":42,"name":68,"callback":69,"file":45,"line":70},"wp_enqueue_scripts","frontend_scripts",74,{"type":42,"name":72,"callback":73,"file":45,"line":74},"admin_notices","wc_missing_notice",101,{"type":42,"name":72,"callback":76,"file":45,"line":77},"feedback_notice",397,{"type":42,"name":79,"callback":80,"file":81,"line":82},"admin_init","save_settings","includes\\class\\admin\\class-sptotal-settings.php",21,{"type":42,"name":84,"callback":85,"priority":86,"file":87,"line":88},"woocommerce_single_product_summary","display_total",9,"includes\\class\\class-sptotal.php",56,{"type":42,"name":84,"callback":85,"priority":90,"file":87,"line":91},11,58,{"type":42,"name":93,"callback":85,"file":87,"line":94},"woocommerce_after_add_to_cart_button",60,{"type":42,"name":96,"callback":85,"file":87,"line":97},"woocommerce_before_add_to_cart_button",62,{"type":42,"name":99,"callback":85,"file":87,"line":56},"wp_footer",[],[],[],[],{"dangerousFunctions":105,"sqlUsage":106,"outputEscaping":108,"fileOperations":24,"externalRequests":24,"nonceChecks":170,"capabilityChecks":171,"bundledLibraries":172},[],{"prepared":24,"raw":24,"locations":107},[],{"escaped":109,"rawEcho":34,"locations":110},61,[111,114,115,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,161,163,165,167,169],{"file":45,"line":112,"context":113},438,"raw output",{"file":45,"line":112,"context":113},{"file":45,"line":112,"context":113},{"file":81,"line":117,"context":113},85,{"file":81,"line":119,"context":113},88,{"file":81,"line":121,"context":113},108,{"file":81,"line":123,"context":113},116,{"file":81,"line":125,"context":113},122,{"file":81,"line":127,"context":113},128,{"file":81,"line":129,"context":113},130,{"file":81,"line":131,"context":113},135,{"file":81,"line":133,"context":113},140,{"file":81,"line":135,"context":113},142,{"file":81,"line":137,"context":113},147,{"file":81,"line":139,"context":113},153,{"file":81,"line":141,"context":113},159,{"file":81,"line":143,"context":113},161,{"file":81,"line":145,"context":113},166,{"file":81,"line":147,"context":113},172,{"file":81,"line":149,"context":113},179,{"file":81,"line":151,"context":113},188,{"file":81,"line":153,"context":113},197,{"file":81,"line":155,"context":113},210,{"file":87,"line":157,"context":113},171,{"file":159,"line":160,"context":113},"templates\\admin\\sidebar.php",13,{"file":159,"line":162,"context":113},15,{"file":159,"line":164,"context":113},18,{"file":159,"line":166,"context":113},22,{"file":159,"line":168,"context":113},23,{"file":159,"line":46,"context":113},2,1,[],[174,192,200,212],{"entryPoint":175,"graph":176,"unsanitizedCount":24,"severity":191},"feedback_notice (includes\\class\\admin\\class-sptotal-loader.php:406)",{"nodes":177,"edges":188},[178,183],{"id":179,"type":180,"label":181,"file":45,"line":182},"n0","source","$_SERVER (x2)",409,{"id":184,"type":185,"label":186,"file":45,"line":112,"wp_function":187},"n1","sink","echo() [XSS]","echo",[189],{"from":179,"to":184,"sanitized":190},true,"low",{"entryPoint":193,"graph":194,"unsanitizedCount":24,"severity":191},"\u003Cclass-sptotal-loader> (includes\\class\\admin\\class-sptotal-loader.php:0)",{"nodes":195,"edges":198},[196,197],{"id":179,"type":180,"label":181,"file":45,"line":182},{"id":184,"type":185,"label":186,"file":45,"line":112,"wp_function":187},[199],{"from":179,"to":184,"sanitized":190},{"entryPoint":201,"graph":202,"unsanitizedCount":24,"severity":191},"save_settings (includes\\class\\admin\\class-sptotal-settings.php:29)",{"nodes":203,"edges":210},[204,207],{"id":179,"type":180,"label":205,"file":81,"line":206},"$_POST[$meta_key]",42,{"id":184,"type":185,"label":208,"file":81,"line":206,"wp_function":209},"update_option() [Settings Manipulation]","update_option",[211],{"from":179,"to":184,"sanitized":190},{"entryPoint":213,"graph":214,"unsanitizedCount":24,"severity":191},"\u003Cclass-sptotal-settings> (includes\\class\\admin\\class-sptotal-settings.php:0)",{"nodes":215,"edges":218},[216,217],{"id":179,"type":180,"label":205,"file":81,"line":206},{"id":184,"type":185,"label":208,"file":81,"line":206,"wp_function":209},[219],{"from":179,"to":184,"sanitized":190},{"summary":221,"deductions":222},"The \"single-product-total\" plugin v2.4.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any identified CVEs, coupled with a clean taint analysis showing no unsanitized paths, is highly positive. The code also demonstrates good practices in its use of prepared statements for all SQL queries and includes nonce and capability checks, albeit limited in number.  A significant strength is the extremely small attack surface, with no discovered AJAX handlers, REST API routes, shortcodes, or cron events, which minimizes potential entry points for attackers.  \n\nHowever, a notable concern arises from the output escaping. With 91 total outputs and only 67% properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. This means a substantial portion of user-generated or dynamically generated content displayed by the plugin might not be adequately sanitized, potentially allowing malicious scripts to be injected and executed in the user's browser.  While the plugin has no known vulnerabilities historically and a very limited attack surface, the high percentage of unescaped output represents a tangible and potentially exploitable risk that should be addressed.",[223],{"reason":224,"points":162},"High percentage of unescaped output","2026-03-16T21:06:24.820Z",{"wat":227,"direct":240},{"assetPaths":228,"generatorPatterns":233,"scriptPaths":234,"versionParams":235},[229,230,231,232],"\u002Fwp-content\u002Fplugins\u002Fsingle-product-total\u002Fassets\u002Fadmin\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fsingle-product-total\u002Fassets\u002Fadmin\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fsingle-product-total\u002Fassets\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fsingle-product-total\u002Fassets\u002Ffrontend.js",[],[230,232],[236,237,238,239],"single-product-total\u002Fassets\u002Fadmin\u002Fadmin.css?ver=","single-product-total\u002Fassets\u002Fadmin\u002Fadmin.js?ver=","single-product-total\u002Fassets\u002Ffrontend.css?ver=","single-product-total\u002Fassets\u002Ffrontend.js?ver=",{"cssClasses":241,"htmlComments":242,"htmlAttributes":243,"restEndpoints":244,"jsGlobals":245,"shortcodeOutput":247},[],[],[],[],[246],"sptotal_admin_data",[],{"error":190,"url":249,"statusCode":250,"statusMessage":251,"message":251},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsingle-product-total\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":86,"versions":253},[254,260,267,274,281,288,295,302,309],{"version":6,"download_url":23,"svn_tag_url":255,"released_at":25,"has_diff":256,"diff_files_changed":257,"diff_lines":25,"trac_diff_url":258,"vulnerabilities":259,"is_current":190},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsingle-product-total\u002Ftags\u002F3.0.0\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsingle-product-total%2Ftags%2F2.4.0&new_path=%2Fsingle-product-total%2Ftags%2F3.0.0",[],{"version":261,"download_url":262,"svn_tag_url":263,"released_at":25,"has_diff":256,"diff_files_changed":264,"diff_lines":25,"trac_diff_url":265,"vulnerabilities":266,"is_current":256},"2.4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-product-total.2.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsingle-product-total\u002Ftags\u002F2.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsingle-product-total%2Ftags%2F2.3.4&new_path=%2Fsingle-product-total%2Ftags%2F2.4.0",[],{"version":268,"download_url":269,"svn_tag_url":270,"released_at":25,"has_diff":256,"diff_files_changed":271,"diff_lines":25,"trac_diff_url":272,"vulnerabilities":273,"is_current":256},"2.3.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-product-total.2.3.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsingle-product-total\u002Ftags\u002F2.3.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsingle-product-total%2Ftags%2F2.3.2&new_path=%2Fsingle-product-total%2Ftags%2F2.3.4",[],{"version":275,"download_url":276,"svn_tag_url":277,"released_at":25,"has_diff":256,"diff_files_changed":278,"diff_lines":25,"trac_diff_url":279,"vulnerabilities":280,"is_current":256},"2.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-product-total.2.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsingle-product-total\u002Ftags\u002F2.3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsingle-product-total%2Ftags%2F2.3.1&new_path=%2Fsingle-product-total%2Ftags%2F2.3.2",[],{"version":282,"download_url":283,"svn_tag_url":284,"released_at":25,"has_diff":256,"diff_files_changed":285,"diff_lines":25,"trac_diff_url":286,"vulnerabilities":287,"is_current":256},"2.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-product-total.2.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsingle-product-total\u002Ftags\u002F2.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsingle-product-total%2Ftags%2F2.2.2&new_path=%2Fsingle-product-total%2Ftags%2F2.3.1",[],{"version":289,"download_url":290,"svn_tag_url":291,"released_at":25,"has_diff":256,"diff_files_changed":292,"diff_lines":25,"trac_diff_url":293,"vulnerabilities":294,"is_current":256},"2.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-product-total.2.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsingle-product-total\u002Ftags\u002F2.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsingle-product-total%2Ftags%2F2.2.1&new_path=%2Fsingle-product-total%2Ftags%2F2.2.2",[],{"version":296,"download_url":297,"svn_tag_url":298,"released_at":25,"has_diff":256,"diff_files_changed":299,"diff_lines":25,"trac_diff_url":300,"vulnerabilities":301,"is_current":256},"2.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-product-total.2.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsingle-product-total\u002Ftags\u002F2.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsingle-product-total%2Ftags%2F2.1.0&new_path=%2Fsingle-product-total%2Ftags%2F2.2.1",[],{"version":303,"download_url":304,"svn_tag_url":305,"released_at":25,"has_diff":256,"diff_files_changed":306,"diff_lines":25,"trac_diff_url":307,"vulnerabilities":308,"is_current":256},"2.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-product-total.2.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsingle-product-total\u002Ftags\u002F2.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsingle-product-total%2Ftags%2F1.2&new_path=%2Fsingle-product-total%2Ftags%2F2.1.0",[],{"version":310,"download_url":311,"svn_tag_url":312,"released_at":25,"has_diff":256,"diff_files_changed":313,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":314,"is_current":256},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-product-total.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsingle-product-total\u002Ftags\u002F1.2\u002F",[],[]]