[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjFcn4oGDHGDSZicb31sgOvC91x-IdcrOwjgzlQDwk4c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":156},"storenvy","Storenvy","0.4","Kailey (trepmal)","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrepmal\u002F","\u003Cp>This is a plugin for getting items from a Storenvy shop and displaying them. It gets the info from the ‘products.json’ feed, so only information that’s in the feed can be pulled in to your page\u002Fpost.\u003Cbr \u002F>\nThe plugin allows you to configure how the info is displayed.\u003C\u002Fp>\n\u003Cp>The plugin has not been tested with anything prior to WordPress 3.0 (at least not recently)\u003C\u002Fp>\n\u003Cp>Supports shorcodes and template tags.\u003C\u002Fp>\n\u003Ch4>Old Vimeo Walkthrough\u003C\u002Fh4>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F22814757\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Get and display items from your Storenvy shop",30,4102,80,1,"2012-12-20T07:31:00.000Z","3.5.2","3.0","",[4],"http:\u002F\u002Ftrepmal.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstorenvy.0.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":11,"trust_score":32,"computed_at":33},"trepmal",12,2430,86,84,"2026-04-04T19:04:07.632Z",[],{"attackSurface":36,"codeSignals":71,"taintFlows":97,"riskAssessment":139,"analyzedAt":155},{"hooks":37,"ajaxHandlers":58,"restRoutes":64,"shortcodes":65,"cronEvents":69,"entryPointCount":70,"unprotectedCount":14},[38,43,46,50,53],{"type":39,"name":40,"callback":40,"file":41,"line":42},"action","init","storenvy.php",48,{"type":39,"name":44,"callback":44,"file":41,"line":45},"admin_menu",49,{"type":39,"name":47,"callback":48,"file":41,"line":49},"admin_footer-settings_page_storenvy\u002Fstorenvy","admin_footer",51,{"type":39,"name":51,"callback":51,"file":41,"line":52},"wp_head",52,{"type":39,"name":54,"callback":55,"priority":56,"file":41,"line":57},"contextual_help","help",10,53,[59],{"action":60,"nopriv":61,"callback":62,"hasNonce":61,"hasCapCheck":61,"file":41,"line":63},"get_store_name",false,"get_store_name_cb",50,[],[66],{"tag":4,"callback":67,"file":41,"line":68},"show",54,[],2,{"dangerousFunctions":72,"sqlUsage":73,"outputEscaping":75,"fileOperations":23,"externalRequests":95,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":96},[],{"prepared":23,"raw":23,"locations":74},[],{"escaped":70,"rawEcho":76,"locations":77},8,[78,81,83,85,87,89,91,93],{"file":41,"line":79,"context":80},90,"raw output",{"file":41,"line":82,"context":80},106,{"file":41,"line":84,"context":80},109,{"file":41,"line":86,"context":80},124,{"file":41,"line":88,"context":80},133,{"file":41,"line":90,"context":80},160,{"file":41,"line":92,"context":80},179,{"file":41,"line":94,"context":80},494,3,[],[98,121],{"entryPoint":99,"graph":100,"unsanitizedCount":14,"severity":120},"get_store_name_cb (storenvy.php:191)",{"nodes":101,"edges":117},[102,107,111],{"id":103,"type":104,"label":105,"file":41,"line":106},"n0","source","$_POST",194,{"id":108,"type":109,"label":110,"file":41,"line":106},"n1","transform","→ _get_store_name()",{"id":112,"type":113,"label":114,"file":41,"line":115,"wp_function":116},"n2","sink","wp_remote_get() [SSRF]",211,"wp_remote_get",[118,119],{"from":103,"to":108,"sanitized":61},{"from":108,"to":112,"sanitized":61},"medium",{"entryPoint":122,"graph":123,"unsanitizedCount":138,"severity":120},"\u003Cstorenvy> (storenvy.php:0)",{"nodes":124,"edges":134},[125,128,129,130,132],{"id":103,"type":104,"label":126,"file":41,"line":127},"$_POST (x3)",193,{"id":108,"type":113,"label":114,"file":41,"line":115,"wp_function":116},{"id":112,"type":104,"label":105,"file":41,"line":106},{"id":131,"type":109,"label":110,"file":41,"line":106},"n3",{"id":133,"type":113,"label":114,"file":41,"line":115,"wp_function":116},"n4",[135,136,137],{"from":103,"to":108,"sanitized":61},{"from":112,"to":131,"sanitized":61},{"from":131,"to":133,"sanitized":61},4,{"summary":140,"deductions":141},"The Storenvy v0.4 plugin exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and uses prepared statements for all its SQL queries, which is a strong indicator of secure database interaction. The absence of dangerous functions, file operations, and bundled libraries also reduces potential attack vectors.  However, significant concerns arise from the static analysis. The plugin exposes an AJAX handler without any authentication checks, creating a direct entry point for potential attackers. Furthermore, the taint analysis reveals flows with unsanitized paths, although no critical or high severity issues were flagged. The low percentage of properly escaped output (20%) indicates a risk of cross-site scripting (XSS) vulnerabilities, as user-supplied data is likely being rendered directly into the page without sufficient sanitization. The lack of nonce and capability checks on its entry points further exacerbates these risks, making it easier for unauthenticated or unauthorized users to trigger potentially harmful actions.",[142,144,147,150,153],{"reason":143,"points":76},"AJAX handler without auth check",{"reason":145,"points":146},"Flows with unsanitized paths",6,{"reason":148,"points":149},"Low output escaping percentage",5,{"reason":151,"points":152},"No nonce checks",7,{"reason":154,"points":152},"No capability checks","2026-03-16T22:35:23.429Z",{"wat":157,"direct":166},{"assetPaths":158,"generatorPatterns":160,"scriptPaths":161,"versionParams":163},[159],"\u002Fwp-content\u002Fplugins\u002Fstorenvy\u002Fstorenvy.css",[],[162],"\u002Fwp-content\u002Fplugins\u002Fstorenvy\u002Fstorenvy.js",[164,165],"storenvy\u002Fstorenvy.css?ver=","storenvy\u002Fstorenvy.js?ver=",{"cssClasses":167,"htmlComments":169,"htmlAttributes":170,"restEndpoints":171,"jsGlobals":172,"shortcodeOutput":180},[168],"se-item",[],[],[],[173,174,175,176,177,178,179],"se_storenvyspacer","se_id","se_name","se_description","se_short_url","se_price","se_marketplace_category",[181,182,183,184,185,186,187,188],"[storenvy]","[id]","[name]","[description]","[short_url]","[on_sale]","[price]","[marketplace_category]"]