[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTqJjq5xNk83ZuZOQTZOZHYTX9Un0ZmhfI0CbbFOXE5k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":63,"crawl_stats":36,"alternatives":68,"analysis":165,"fingerprints":508},"ssl-wireless-sms-notification","SSL Wireless SMS Notification","3.8.1","sslplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fsslplugins\u002F","\u003Cp>This is the official Woocommerce SMS Notification Plugin of SSL Wireless.\u003C\u002Fp>\n\u003Cp>SSL Wireless has helped launch Mobile VAS and SMS Banking for the first time in Bangladesh, which has transformed into mobile financial services today. SSL is one of the key players behind popularizing value-added services, e-commerce & fintech services in the telecom and financial sector over the past decade that are used by millions of people today.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* Easy to install!\n* Reporting Panel\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Prerequisites\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.x.x \u003C\u002Fli>\n\u003Cli>WooCommerce 4.2.x\u003C\u002Fli>\n\u003Cli>cURL php extension.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Open Admin Panel. [Check Screenshot-1]\u003C\u002Fli>\n\u003Cli>Navigate to \u003Ccode>SSL Wireless\u003C\u002Fcode> tab. [Check Screenshot-2]\u003C\u002Fli>\n\u003Cli>Enable plugin, select platform(ISMS or ISMSPlus), Use your API Hash(Only for ISMSPlus), Use your panel credential as \u003Ccode>API User\u002FPassword\u003C\u002Fcode>(Only for ISMS), Use \u003Ccode>SID\u003C\u002Fcode> for both platform.\u003C\u002Fli>\n\u003Cli>Set the SMS Alert & SMS Template.\u003C\u002Fli>\n\u003Cli>You can also set an Admin phone number and SMS template. If you want to get alert on every successful order.\u003C\u002Fli>\n\u003Cli>If you want to use the OTP Login Register Feature go to the OTP Login Register Menu under SSL Wireless Menu in the Admin Panel. Follow the Guidelines from there. This feature works with Woocommerce My Account.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>GPL3\u003C\u002Fli>\n\u003C\u002Ful>\n","This is the official Woocommerce SMS Notification Plugin of SSL Wireless.",80,3675,0,"2025-05-12T11:42:00.000Z","6.7.5","5.0","7.2",[19,20,21,22,23],"bangladesh","isms","official","ssl-wireless","woocommerce","https:\u002F\u002Fsslwireless.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fssl-wireless-sms-notification.3.8.1.zip",95,2,"2025-01-03 00:00:00","2026-03-15T15:16:48.613Z",[31,47],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-56284","ssl-wireless-sms-notification-unauthenticated-sql-injection","SSL Wireless SMS Notification \u003C= 3.5.0 - Unauthenticated SQL Injection","The SSL Wireless SMS Notification plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=3.5.0","3.6.0","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-01-16 21:36:10",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4b800842-f757-4e1c-8c93-ef21f90a11c7?source=api-prod",14,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2024-56220","ssl-wireless-sms-notification-unauthenticated-privilege-escalation","SSL Wireless SMS Notification \u003C= 3.6.0 - Unauthenticated Privilege Escalation","The SSL Wireless SMS Notification plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.","\u003C=3.6.0","3.7.0","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Incorrect Privilege Assignment","2024-12-19 00:00:00","2025-02-25 14:36:43",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdd7f3a48-d851-4533-967c-f0aa98bb85d1?source=api-prod",69,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":64,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},1,42,85,"2026-04-04T16:01:21.438Z",[69,92,113,130,146],{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":13,"num_ratings":13,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":88,"download_link":89,"security_score":90,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":91},"bangladeshi-bank-payment-method","Bangladeshi Bank Payment Method","1.0.6","Raisul Islam Shagor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshagor447\u002F","\u003Cp>This plugin adds a secure \u003Cstrong>Bank Payment with Receipt Upload\u003C\u002Fstrong> option to your WooCommerce store, specially designed for merchants and customers in Bangladesh.\u003Cbr \u002F>\nInstead of just entering a transaction ID, customers can \u003Cstrong>upload a screenshot or photo of their bank payment receipt\u003C\u002Fstrong> (e.g., mobile banking confirmation) directly on the checkout page. The uploaded image is securely stored and displayed in the order details for easy manual verification by the store admin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect for businesses that require visual proof of payment before processing orders.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Accept bank transfer payments from any Bangladeshi bank (City Bank, IFIC BANK, UCB Bank, Islami Bank etc.).\u003Cbr \u002F>\n* Customers upload a \u003Cstrong>payment receipt image\u003C\u002Fstrong> (PNG\u002FJPG) during checkout.\u003Cbr \u002F>\n* Automatic file validation (max 1MB, only images allowed).\u003Cbr \u002F>\n* Uploaded receipt is visible in the \u003Cstrong>WooCommerce order details\u003C\u002Fstrong> in the admin dashboard.\u003Cbr \u002F>\n* Displays your bank account details clearly on the checkout page.\u003Cbr \u002F>\n* Fully compatible with WooCommerce emails, order statuses, and cart flow.\u003Cbr \u002F>\n* You can change your bank icon, it will make it visually clear and easier for customers to understand.\u003Cbr \u002F>\n* No sensitive data stored — secure and lightweight.\u003C\u002Fp>\n\u003Ch3>Update Notice\u003C\u002Fh3>\n\u003Cp>= 1.0.6 =\u003Cbr \u002F>\nVersion 1.0.6 has been released as a stable version.\u003C\u002Fp>\n","WooCommerce gateway for Bangladeshi businesses allowing customers to upload bank payment receipts at checkout.",10,253,"2025-12-19T12:37:00.000Z","6.9.4","6.0","7.4",[84,85,86,87,23],"bangladesh-bank-transfer","bangladeshi-bank-payment-gateway","manual-payment","payment-gateway","https:\u002F\u002Fraisul.dev\u002Fprojects\u002Fbangladeshi-bank-payment-method-for-woocommerce-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbangladeshi-bank-payment-method.1.0.6.zip",100,"2026-03-15T14:54:45.397Z",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":77,"downloaded":100,"rating":90,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":111,"download_link":112,"security_score":66,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"bangladeshi-taka-in-woocommerce","Bangladeshi Taka in WooCommerce","1.0.1","asadiqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fasadiqbal\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.pricedhost.com\u002F\" rel=\"nofollow ugc\">Priced Host\u003C\u002Fa> is proudly announcing our first plugin for wordpress users specially eCommerce site owners from Bangladesh. By default WooCommerce didn’t support Bangladeshi currency (BDT); this little plugin adds the functionality to support BDT.\u003C\u002Fp>\n\u003Ch4>More\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Vist the \u003Ca href=\"http:\u002F\u002Fwww.pricedhost.com\u002Fblog\u002Fbangladeshi-taka-in-woocommerce\u002F\" rel=\"nofollow ugc\">blog post\u003C\u002Fa> to know more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Thank you for using or trying our first plugin – We are open to your suggestions and feedback.\u003C\u002Fli>\n\u003Cli>Drop us a line at \u003Ca href=\"http:\u002F\u002Fwww.pricedhost.com\" rel=\"nofollow ugc\">www.pricedhost.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin adds Bangladeshi Taka (BDT) to WooCommerce powered store",2258,3,"2013-05-30T17:36:00.000Z","3.5.2","3.0.","",[107,108,109,110,23],"bangladeshi-currecy","bdt","bdt-symbol","currency","http:\u002F\u002Fwww.pricedhost.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbangladeshi-taka-in-woocommerce.zip",{"slug":114,"name":115,"version":95,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":77,"downloaded":120,"rating":13,"num_ratings":13,"last_updated":105,"tested_up_to":121,"requires_at_least":122,"requires_php":82,"tags":123,"homepage":127,"download_link":128,"security_score":90,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":129},"city-based-shipping-for-bangladesh","City Based Shipping for Bangladesh","Md Shorov Abedin","https:\u002F\u002Fprofiles.wordpress.org\u002Fiamovk\u002F","\u003Cp>City Based Shipping for Bangladesh provides an easy way to configure different flat rate shipping costs for customers inside Dhaka and those elsewhere in Bangladesh.  Simply set up two WooCommerce Flat Rate methods in your shipping zone (one for Dhaka and one for outside Dhaka) and then configure their instance IDs and labels on the plugin settings page.  The plugin will hide the wrong rate at checkout and can even override the cost and label displayed.  City and state field changes update totals in real time thanks to a small JavaScript helper.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Match shipping methods by instance ID or label.\u003C\u002Fli>\n\u003Cli>Optionally override the cost and label of each rate at checkout.\u003C\u002Fli>\n\u003Cli>Watches the city and state fields (including Select2 dropdowns) and refreshes shipping instantly.\u003C\u002Fli>\n\u003Cli>Tested with WooCommerce and the standard checkout fields; supports Bangladesh districts.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds automatic city-based shipping rates for WooCommerce stores in Bangladesh (Dhaka vs outside Dhaka).",213,"6.8.5","5.8",[19,124,125,126,23],"checkout","rates","shipping","https:\u002F\u002Fgithub.com\u002Fovick1997\u002Fcity-based-shipping-bd","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcity-based-shipping-for-bangladesh.1.0.1.zip","2026-03-15T10:48:56.248Z",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":77,"downloaded":138,"rating":13,"num_ratings":13,"last_updated":139,"tested_up_to":80,"requires_at_least":122,"requires_php":82,"tags":140,"homepage":144,"download_link":145,"security_score":90,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"ecomate-ecommerce-toolkit-for-bangladesh","EcoMate – Ecommerce Toolkit for Bangladesh","1.0.0","Mahmudul Hasan Riaz","https:\u002F\u002Fprofiles.wordpress.org\u002Fmahmudriazbd\u002F","\u003Cp>\u003Cstrong>EcoMate\u003C\u002Fstrong> is designed specifically for Bangladeshi e-commerce businesses using WooCommerce. It simplifies your order fulfillment process by providing easy-to-use tools for printing invoices and shipping labels (stickers) directly from your WooCommerce dashboard.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Print Invoices\u003C\u002Fstrong>: Generate clean, professional invoices for your orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Print Shipping Stickers\u003C\u002Fstrong>: Create shipping labels\u002Fstickers for your packages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Actions\u003C\u002Fstrong>: Print invoices or stickers for multiple orders at once from the order list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Dashboard Integration\u003C\u002Fstrong>: Seamlessly integrated into the WooCommerce order list and order details pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable\u003C\u002Fstrong>: Add your business logo, name, address, phone number, and terms & conditions via the settings page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is lightweight and focused on speed, ensuring it doesn’t slow down your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Learn more\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fecomate-ecommerce-toolkit-for-bangladesh\u002F\" rel=\"ugc\">WordPress.org plugin page\u003C\u002Fa>\u003C\u002Fp>\n","The essential ecommerce toolkit for Bangladeshi stores using WooCommerce. Currently features invoice and shipping sticker printing with bulk actions.",113,"2026-01-06T19:57:00.000Z",[19,141,142,143,23],"bulk-actions","invoice","shipping-label","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fecomate-ecommerce-toolkit-for-bangladesh\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fecomate-ecommerce-toolkit-for-bangladesh.1.0.0.zip",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":77,"downloaded":154,"rating":13,"num_ratings":13,"last_updated":155,"tested_up_to":156,"requires_at_least":157,"requires_php":158,"tags":159,"homepage":163,"download_link":164,"security_score":66,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"mobile-pay-bd","Mobile Pay BD","2.2","Md Safiqul Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Fmahadi8457\u002F","\u003Cp>This is a cool plugin to integrate a payment gateway in any WooCommerce based website to process nagad payment. It is lightweight and easy to use.\u003C\u002Fp>\n\u003Cp>Please note:\u003Cbr \u002F>\n– This is a WooCommerce based plugin, so WooCommerce plugin must be activated before active this plugin.\u003Cbr \u002F>\n– You must have a nagadaccount to get payments.\u003C\u002Fp>\n\u003Ch4>Using the Plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Download the plugin, install and active.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Click on \u003Cstrong>Settings\u003C\u002Fstrong> or go to \u003Cstrong>WooCommerce\u003C\u002Fstrong> > \u003Cstrong>Settings\u003C\u002Fstrong> > \u003Cstrong>Woo nagad\u003C\u002Fstrong>,\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Now you will see few default setup. You must fill up nagad account number and account type and also adjust other fields to get payment.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>That’s it. You are ready to go!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Mobile Pay BD is a Payment Gateway for WooCommerce",1613,"2023-02-11T13:08:00.000Z","6.1.10","5.6.0","5.2.4",[19,160,161,162,23],"dak-bivag","gateway","nagad","https:\u002F\u002Fbeetech4u.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmobile-pay-bd.zip",{"attackSurface":166,"codeSignals":288,"taintFlows":337,"riskAssessment":494,"analyzedAt":507},{"hooks":167,"ajaxHandlers":253,"restRoutes":280,"shortcodes":281,"cronEvents":286,"entryPointCount":287,"unprotectedCount":13},[168,174,178,182,186,190,194,198,203,207,211,215,219,223,227,231,235,238,242,245,249],{"type":169,"name":170,"callback":171,"file":172,"line":173},"action","admin_init","create_tables_on_admin_init","sslWireless.php",87,{"type":169,"name":175,"callback":176,"file":172,"line":177},"wp","create_tables_on_wp",88,{"type":169,"name":179,"callback":180,"file":172,"line":181},"before_woocommerce_init","closure",156,{"type":169,"name":183,"callback":184,"file":172,"line":185},"admin_enqueue_scripts","wpdocs_enqueue_custom_admin_style",184,{"type":169,"name":187,"callback":188,"file":172,"line":189},"admin_menu","otp_login_register_admin_menu",220,{"type":169,"name":191,"callback":192,"file":172,"line":193},"admin_post_download_csv","serve_csv_file",580,{"type":169,"name":195,"callback":196,"file":172,"line":197},"wp_enqueue_scripts","enqueue_my_script",709,{"type":199,"name":200,"callback":201,"priority":77,"file":172,"line":202},"filter","login_redirect","custom_login_redirect",1456,{"type":169,"name":204,"callback":205,"file":172,"line":206},"template_redirect","custom_my_account_redirect",1459,{"type":169,"name":208,"callback":209,"file":172,"line":210},"woocommerce_edit_account_form","add_sslcare_login_phone_field",1506,{"type":169,"name":212,"callback":213,"file":172,"line":214},"woocommerce_save_account_details","save_sslcare_login_phone_field",1542,{"type":199,"name":216,"callback":217,"file":172,"line":218},"woocommerce_save_account_details_requires_password","__return_false",1545,{"type":169,"name":220,"callback":221,"file":172,"line":222},"user_new_form","add_phone_field_to_user_creation_form",1550,{"type":169,"name":224,"callback":225,"priority":77,"file":172,"line":226},"user_profile_update_errors","validate_unique_phone_number",1582,{"type":169,"name":228,"callback":229,"file":172,"line":230},"user_register","save_phone_number_user_meta",1609,{"type":169,"name":232,"callback":233,"file":172,"line":234},"show_user_profile","display_phone_field_in_user_profile",1620,{"type":169,"name":236,"callback":233,"file":172,"line":237},"edit_user_profile",1621,{"type":169,"name":239,"callback":240,"file":172,"line":241},"personal_options_update","save_phone_number_on_user_profile_update",1657,{"type":169,"name":243,"callback":240,"file":172,"line":244},"edit_user_profile_update",1658,{"type":169,"name":246,"callback":247,"file":172,"line":248},"woocommerce_admin_order_data_after_billing_address","add_sslcare_create_user_checkbox_to_order",1711,{"type":169,"name":250,"callback":251,"priority":77,"file":172,"line":252},"woocommerce_process_shop_order_meta","process_create_user_on_order_save",1761,[254,260,262,266,268,272,274,278],{"action":255,"nopriv":256,"callback":257,"hasNonce":258,"hasCapCheck":256,"file":172,"line":259},"otp_login_ajax_action",false,"otp_login_ajax_callback",true,711,{"action":255,"nopriv":258,"callback":257,"hasNonce":258,"hasCapCheck":256,"file":172,"line":261},712,{"action":263,"nopriv":256,"callback":264,"hasNonce":258,"hasCapCheck":256,"file":172,"line":265},"otp_register_ajax_action","otp_register_ajax_callback",714,{"action":263,"nopriv":258,"callback":264,"hasNonce":258,"hasCapCheck":256,"file":172,"line":267},715,{"action":269,"nopriv":256,"callback":270,"hasNonce":258,"hasCapCheck":256,"file":172,"line":271},"otp_send_ajax_action","otp_send_ajax_callback",717,{"action":269,"nopriv":258,"callback":270,"hasNonce":258,"hasCapCheck":256,"file":172,"line":273},718,{"action":275,"nopriv":256,"callback":276,"hasNonce":258,"hasCapCheck":256,"file":172,"line":277},"final_login_ajax_action","final_login_ajax_callback",720,{"action":275,"nopriv":258,"callback":276,"hasNonce":258,"hasCapCheck":256,"file":172,"line":279},721,[],[282],{"tag":283,"callback":284,"file":172,"line":285},"sslcare_otp_login_register","sslcare_otp_login_register_shortcode_function",1444,[],9,{"dangerousFunctions":289,"sqlUsage":290,"outputEscaping":304,"fileOperations":101,"externalRequests":27,"nonceChecks":287,"capabilityChecks":332,"bundledLibraries":333},[],{"prepared":291,"raw":292,"locations":293},35,4,[294,297,300,302],{"file":172,"line":295,"context":296},150,"$wpdb->query() with variable interpolation",{"file":298,"line":299,"context":296},"uninstall.php",15,{"file":298,"line":301,"context":296},16,{"file":298,"line":303,"context":296},17,{"escaped":305,"rawEcho":306,"locations":307},74,12,[308,311,313,314,316,318,320,322,324,326,328,330],{"file":172,"line":309,"context":310},289,"raw output",{"file":172,"line":312,"context":310},329,{"file":172,"line":312,"context":310},{"file":172,"line":315,"context":310},351,{"file":172,"line":317,"context":310},352,{"file":172,"line":319,"context":310},383,{"file":172,"line":321,"context":310},384,{"file":172,"line":323,"context":310},487,{"file":172,"line":325,"context":310},490,{"file":172,"line":327,"context":310},631,{"file":172,"line":329,"context":310},632,{"file":172,"line":331,"context":310},1743,7,[334],{"name":335,"version":36,"knownCves":336},"DataTables",[],[338,356,370,388,405,419,429,440],{"entryPoint":339,"graph":340,"unsanitizedCount":64,"severity":355},"display_phone_field_in_user_profile (sslWireless.php:1623)",{"nodes":341,"edges":353},[342,347],{"id":343,"type":344,"label":345,"file":172,"line":346},"n0","source","$_GET",1650,{"id":348,"type":349,"label":350,"file":172,"line":351,"wp_function":352},"n1","sink","echo() [XSS]",1651,"echo",[354],{"from":343,"to":348,"sanitized":256},"medium",{"entryPoint":357,"graph":358,"unsanitizedCount":13,"severity":369},"otp_login_register_page_content (sslWireless.php:222)",{"nodes":359,"edges":367},[360,363],{"id":343,"type":344,"label":361,"file":172,"line":362},"$_POST",251,{"id":348,"type":349,"label":364,"file":172,"line":365,"wp_function":366},"query() [SQLi]",279,"query",[368],{"from":343,"to":348,"sanitized":258},"low",{"entryPoint":371,"graph":372,"unsanitizedCount":13,"severity":369},"all_csv_upload_mobile_number_page_content (sslWireless.php:583)",{"nodes":373,"edges":385},[374,377,380],{"id":343,"type":344,"label":375,"file":172,"line":376},"$_FILES",621,{"id":348,"type":378,"label":379,"file":172,"line":376},"transform","→ update_user_phone_from_csv()",{"id":381,"type":349,"label":382,"file":172,"line":383,"wp_function":384},"n2","get_var() [SQLi]",458,"get_var",[386,387],{"from":343,"to":348,"sanitized":256},{"from":348,"to":381,"sanitized":258},{"entryPoint":389,"graph":390,"unsanitizedCount":13,"severity":369},"otp_login_ajax_callback (sslWireless.php:764)",{"nodes":391,"edges":402},[392,394,396,397],{"id":343,"type":344,"label":361,"file":172,"line":393},785,{"id":348,"type":349,"label":382,"file":172,"line":395,"wp_function":384},799,{"id":381,"type":344,"label":361,"file":172,"line":393},{"id":398,"type":349,"label":399,"file":172,"line":400,"wp_function":401},"n3","get_row() [SQLi]",831,"get_row",[403,404],{"from":343,"to":348,"sanitized":258},{"from":381,"to":398,"sanitized":258},{"entryPoint":406,"graph":407,"unsanitizedCount":13,"severity":369},"otp_register_ajax_callback (sslWireless.php:938)",{"nodes":408,"edges":416},[409,411,413,414],{"id":343,"type":344,"label":361,"file":172,"line":410},958,{"id":348,"type":349,"label":382,"file":172,"line":412,"wp_function":384},976,{"id":381,"type":344,"label":361,"file":172,"line":410},{"id":398,"type":349,"label":399,"file":172,"line":415,"wp_function":401},1010,[417,418],{"from":343,"to":348,"sanitized":258},{"from":381,"to":398,"sanitized":258},{"entryPoint":420,"graph":421,"unsanitizedCount":13,"severity":369},"otp_send_ajax_callback (sslWireless.php:1112)",{"nodes":422,"edges":427},[423,425],{"id":343,"type":344,"label":361,"file":172,"line":424},1129,{"id":348,"type":349,"label":399,"file":172,"line":426,"wp_function":401},1168,[428],{"from":343,"to":348,"sanitized":258},{"entryPoint":430,"graph":431,"unsanitizedCount":13,"severity":369},"final_login_ajax_callback (sslWireless.php:1217)",{"nodes":432,"edges":438},[433,436],{"id":343,"type":344,"label":434,"file":172,"line":435},"$_POST (x2)",1239,{"id":348,"type":349,"label":399,"file":172,"line":437,"wp_function":401},1287,[439],{"from":343,"to":348,"sanitized":258},{"entryPoint":441,"graph":442,"unsanitizedCount":13,"severity":369},"\u003CsslWireless> (sslWireless.php:0)",{"nodes":443,"edges":484},[444,445,446,448,452,455,457,459,461,464,466,469,474,476,478,480,482],{"id":343,"type":344,"label":361,"file":172,"line":362},{"id":348,"type":349,"label":364,"file":172,"line":365,"wp_function":366},{"id":381,"type":344,"label":447,"file":172,"line":362},"$_POST (x3)",{"id":398,"type":349,"label":449,"file":172,"line":450,"wp_function":451},"get_results() [SQLi]",362,"get_results",{"id":453,"type":344,"label":454,"file":172,"line":362},"n4","$_POST (x12)",{"id":456,"type":349,"label":350,"file":172,"line":319,"wp_function":352},"n5",{"id":458,"type":344,"label":434,"file":172,"line":393},"n6",{"id":460,"type":349,"label":382,"file":172,"line":395,"wp_function":384},"n7",{"id":462,"type":344,"label":463,"file":172,"line":393},"n8","$_POST (x5)",{"id":465,"type":349,"label":399,"file":172,"line":400,"wp_function":401},"n9",{"id":467,"type":344,"label":361,"file":172,"line":468},"n10",252,{"id":470,"type":349,"label":471,"file":172,"line":472,"wp_function":473},"n11","wp_redirect() [Open Redirect]",1479,"wp_redirect",{"id":475,"type":344,"label":345,"file":172,"line":346},"n12",{"id":477,"type":349,"label":350,"file":172,"line":351,"wp_function":352},"n13",{"id":479,"type":344,"label":375,"file":172,"line":376},"n14",{"id":481,"type":378,"label":379,"file":172,"line":376},"n15",{"id":483,"type":349,"label":382,"file":172,"line":383,"wp_function":384},"n16",[485,486,487,488,489,490,491,492,493],{"from":343,"to":348,"sanitized":258},{"from":381,"to":398,"sanitized":258},{"from":453,"to":456,"sanitized":258},{"from":458,"to":460,"sanitized":258},{"from":462,"to":465,"sanitized":258},{"from":467,"to":470,"sanitized":258},{"from":475,"to":477,"sanitized":258},{"from":479,"to":481,"sanitized":256},{"from":481,"to":483,"sanitized":258},{"summary":495,"deductions":496},"The 'ssl-wireless-sms-notification' v3.8.1 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a good effort in implementing security measures. The vast majority of SQL queries utilize prepared statements, and output escaping is generally well-handled. Nonce and capability checks are present for a significant number of entry points, and there are no publicly disclosed vulnerabilities that are currently unpatched. This suggests that the developers have a foundational understanding of WordPress security best practices.\n\nHowever, concerns arise from the vulnerability history. The plugin has a history of critical and high-severity vulnerabilities, specifically related to SQL injection and incorrect privilege assignment. While none are currently unpatched, this pattern indicates a recurring weakness in how user-supplied data is handled or how permissions are managed, especially in past versions. The static analysis also flags one flow with an unsanitized path, which, while not classified as critical or high, warrants attention as it represents a potential vector for vulnerabilities. The presence of bundled libraries like DataTables, while common, can also introduce risks if not kept up-to-date and properly secured.\n\nIn conclusion, while the current version demonstrates improvements in some security areas, the historical vulnerability data is a significant red flag. Developers should prioritize a thorough review of past vulnerabilities to ensure that the underlying causes have been permanently addressed and that all user inputs are rigorously validated and sanitized. The single unsanitized path flow, even without a high severity rating, should be investigated and remediated as a proactive measure.",[497,500,502,505],{"reason":498,"points":499},"History of Critical CVEs (1 critical)",20,{"reason":501,"points":299},"History of High CVEs (1 high)",{"reason":503,"points":504},"Flow with unsanitized paths",8,{"reason":506,"points":101},"Bundled libraries (DataTables)","2026-03-16T21:31:07.801Z",{"wat":509,"direct":516},{"assetPaths":510,"generatorPatterns":512,"scriptPaths":513,"versionParams":514},[511],"\u002Fwp-content\u002Fplugins\u002Fssl-wireless-sms-notification\u002Flib\u002Fasset\u002Fcss\u002Fstyle-backend-sslcare-otp-login-register.css",[],[],[515],"ssl-wireless-sms-notification\u002Flib\u002Fasset\u002Fcss\u002Fstyle-backend-sslcare-otp-login-register.css?ver=",{"cssClasses":517,"htmlComments":518,"htmlAttributes":519,"restEndpoints":520,"jsGlobals":521,"shortcodeOutput":522},[],[],[],[],[],[]]