[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fO7dqeV89_E-MOuOjGSX7XV2wGZnjoipiRPeLGNDDdJo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":78,"crawl_stats":38,"alternatives":84,"analysis":170,"fingerprints":629},"unify","Unify","3.4.10","CodeClouds","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodeclouds\u002F","\u003Cp>Unify is a WordPress\u002FWooCommerce plugin which integrates advanced features in your checkout to enhance the experience for your customers and increase your sales potential. With Unify you can process transactions through a supported CRM, process subscription-type orders, set up customer portals where you can access the light-weight support ticket system and support chat. In addition to the free features, the Unify Pro plugin allows you to set up 1-click upsells, sync between your CRM and WooCommerce, and much more. A full list of the features can be found below. \u003Ca href=\"https:\u002F\u002Fwww.codeclouds.com\u002Funify\u002F\" rel=\"nofollow ugc\">Learn more about Unify WordPress >\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Supported CRMS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.codeclouds.com\u002Fsticky-io\u002F\" rel=\"nofollow ugc\">Sticky.io\u003C\u002Fa> (Formerly \u003Ca href=\"https:\u002F\u002Fwww.codeclouds.com\u002Fcrm\u002Flimelight-crm\u002F\" rel=\"nofollow ugc\">Sticky.io (Formally Limelight) CRM\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.codeclouds.com\u002Fcrm\u002Fkonnektive-crm\u002F\" rel=\"nofollow ugc\">Konnektive CRM\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.codeclouds.com\u002Fcrm\u002Fresponse-crm\u002F\" rel=\"nofollow ugc\">Response CRM\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.codeclouds.com\u002Fcrm\u002Fsublytics\u002F\" rel=\"nofollow ugc\">Sublytics CRM\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>External Service\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>We are using \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">ipinfo\u003C\u002Fa> to get the location country for registration. Click here to check the \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">terms and contitions\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BUILT-IN FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Connect to a supported CRM\u003C\u002Fli>\n\u003Cli>Process regular and subscription-based orders through your CRM\u003C\u002Fli>\n\u003Cli>Map products between your storefront and CRM\u003C\u002Fli>\n\u003Cli>Batch import products\u003C\u002Fli>\n\u003Cli>Support for Sticky.io Billing Model\u003C\u002Fli>\n\u003Cli>Reverse synchronization between storefront and CRM\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>UNIFY PRO FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All features from the free tier\u003C\u002Fli>\n\u003Cli>Set up true 1-click upsells\u003C\u002Fli>\n\u003Cli>Coupon\u002Fpromo code manager\u003C\u002Fli>\n\u003Cli>Recover abandoned carts via third-party services\u003C\u002Fli>\n\u003Cli>And various other add-ons to enhance your checkout!\u003C\u002Fli>\n\u003Cli>Customer portal integration for users to:\n\u003Cul>\n\u003Cli>Manage their subscriptions and orders\u003C\u002Fli>\n\u003Cli>Request cancellation, return or refund on a subscription or order\u003C\u002Fli>\n\u003Cli>Submit a support ticket\u003C\u002Fli>\n\u003Cli>Message support through the chat system\u003C\u002Fli>\n\u003Cli>View order details and history\u003C\u002Fli>\n\u003Cli>Manage account and address\u003C\u002Fli>\n\u003Cli>Switch to a different subscription product\u003C\u002Fli>\n\u003Cli>“Skip a cycle” also available\u003C\u002Fli>\n\u003Cli>Store and manage user preferences\u003C\u002Fli>\n\u003Cli>Various portal templates available; Physical, Digital, Membership Boxes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you are interested in Unify Pro, \u003Ca href=\"https:\u002F\u002Fwww.codeclouds.com\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">get in touch\u003C\u002Fa> with CodeClouds today!\u003C\u002Fp>\n","A CRM payment plugin which enables connectivity with Sticky.io (Formally Limelight)\u002FKonnektive CRM and many more.",100,10303,90,2,"2026-01-27T09:59:00.000Z","6.9.4","4.0","5.6",[20,21,22,23,24],"checkout","crm","ecommerce","payment","woocommerce","https:\u002F\u002Fwww.codeclouds.com\u002Funify\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funify.3.4.10.zip",95,3,0,"2026-01-06 19:46:16","2026-03-15T15:16:48.613Z",[33,48,63],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-13529","unify-missing-authorization-to-unauthenticated-option-deletion-via-unifyplugindowngrade-parameter","Unify \u003C= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter","The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unify_plugin_downgrade' parameter.",null,"\u003C=3.4.9","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-03 18:53:43",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb5fd4a47-0549-4d03-b81a-ad97d3d5d390?source=api-prod",28,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2025-9130","unify-authenticated-contributor-stored-cross-site-scripting-via-unifycheckout-shortcode","Unify \u003C= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode","The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unify_checkout shortcode in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=3.4.7","3.4.8",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-10-02 22:11:23","2025-10-17 19:14:29",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1703a5be-f399-4ea5-8d98-a2efda674aa6?source=api-prod",15,{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":70,"cvss_score":71,"cvss_vector":72,"vuln_type":57,"published_date":73,"updated_date":74,"references":75,"days_to_patch":77},"WF-5e6218e5-84d9-4180-8275-7da24c554c72-unify","unify-cross-site-scripting","Unify \u003C= 3.2.5 - Cross-Site Scripting","The Unify plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to and including 3.2.5.","\u003C=3.2.5","3.3.0","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2022-04-06 00:00:00","2024-01-22 19:56:02",[76],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5e6218e5-84d9-4180-8275-7da24c554c72?source=api-prod",657,{"slug":79,"display_name":7,"profile_url":8,"plugin_count":80,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":81,"trust_score":82,"computed_at":83},"codeclouds",1,233,76,"2026-04-04T14:08:48.528Z",[85,105,121,139,157],{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":16,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":103,"download_link":104,"security_score":11,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"iyzico-woocommerce","iyzico for WooCommerce","3.5.28","iyzico","https:\u002F\u002Fprofiles.wordpress.org\u002Fiyzico\u002F","\u003Cul>\n\u003Cli>\n\u003Cp>It is an open-source WooCommerce module developed by the iyzico integration team.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After completing your integration with this module, you can automatically use the Pay with iyzico option (iyzico’s alternative payment method) and start accepting secure and fast payments on your e-commerce site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can integrate the iyzico WooCommerce module into your site within minutes and provide a seamless and reliable payment experience. Some of the module’s key advantages include:\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can increase your conversion rate by adding the iyzico Check-Out Form as responsive or popup.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Our plugin is regularly scanned by SUCURI and is completely secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Thanks to its open-source code structure, you can make customizations according to your development needs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It is compatible with SEO tools and works with 100% Google integration.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It offers a Sandbox environment so you can comprehensively test your website before integration.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>With installment payment support, you can provide your customers with different payment options.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After iyzico integration, your customers will have access to 24\u002F7 live support and order tracking through Buyer Protection.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>It is 100% compatible with the WooCommerce and WordPress ecosystem.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After integration, you can provide your customers with manual order creation and payment collection support.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Requirements\u003Cbr \u002F>\nPHP 7.4.33 and greater.\u003Cbr \u002F>\ncURL\u003Cbr \u002F>\nWooCommerce 9.0.0 requires WordPress 6.6.2+\u003C\u002Fp>\n","iyzico latest payment processing solution. Accept credit\u002Fdebit cards, alternative digital wallets and bank accounts.",10000,203436,34,19,"2025-12-23T08:59:00.000Z","6.6.2","7.4.33",[101,102,22,89,23],"checkout-woocommerce","credit-card","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fiyzico-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiyzico-woocommerce.3.5.28.zip",{"slug":106,"name":107,"version":108,"author":106,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":11,"num_ratings":80,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":119,"download_link":120,"security_score":11,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"aplazame","Aplazame","4.2.1","https:\u002F\u002Fprofiles.wordpress.org\u002Faplazame\u002F","\u003Ch4>Introduction\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Faplazame.com\" rel=\"nofollow ugc\">Aplazame\u003C\u002Fa> is an instant credit payment method for online purchases that allows WooCommerce stores to sell more and increase average ticket values with a risk-free solution. A simple, secure and flexible over time payment method integrated at the ecommerce checkout. Once you activate and successfully integrate Aplazame in your site, you will be able to offer financing as a payment method to your customers.\u003C\u002Fp>\n\u003Cp>WooCommerce stores can highlight our instant credit solution in activating our widget. This widget is a minimal and fully customizable credit simulator that will be displayed on both your product description and shopping cart views. It will allow the ecommerce to easily communicate the customer the possibility of financing her\u002Fhis purchases at every step of the customer journey.\u003C\u002Fp>\n\u003Cp>Once Aplazame is integrated in WooCommerce stores, they can achieve:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Boost sales by 50% and reach more customers\u003C\u002Fli>\n\u003Cli>Increase the average order value by 200%\u003C\u002Fli>\n\u003Cli>Improve conversion rate by 20%\u003C\u002Fli>\n\u003Cli>Aplazame guarantees all purchases and settles directly with merchants after order confirmation\u003C\u002Fli>\n\u003Cli>Reduce your cart abandonment rate by reducing price sensitivity and increasing affordability\u003C\u002Fli>\n\u003Cli>In order to start working with us in your store, you have to create a free merchant account with Aplazame. You have to do this before starting the configuration. You can create your own free account from this link: https:\u002F\u002Faplazame.com\u002F#\u002Faccount\u002Fsignup\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin is free. Our business pricing is just a variable fee per transaction that ranges from 0,5 to 1,5% of the order amount depending on the volume (https:\u002F\u002Faplazame.com\u002Fprices\u002F)\u003C\u002Fp>\n\u003Cp>Aplazame operates in Spain. So if your store is located in Spain, you can integrate Aplazame as your payment method.\u003C\u002Fp>\n\u003Cp>At this moment our service only use Euros.\u003C\u002Fp>\n","Aplazame is an instant credit payment method for online purchases that allows Magento stores to boost sales by 50% by using financing as a marketing l &hellip;",600,28384,"2026-03-11T12:18:00.000Z","6.8.5","4.0.1","5.3.0",[106,20,22,23,24],"https:\u002F\u002Fgithub.com\u002Faplazame\u002Fwoocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faplazame.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":11,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":115,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":137,"download_link":138,"security_score":11,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"bolt-checkout-woocommerce","Bolt Checkout for WooCommerce","2.21.1","boltpay","https:\u002F\u002Fprofiles.wordpress.org\u002Fboltpay\u002F","\u003Cp>Bolt is the ultimate checkout solution for WooCommerce sellers who want to boost their sales and provide the security & speed customers expect. With Bolt, deliver a better-than-Amazon checkout experience on your WooCommerce site, with zero fraud built in.\u003C\u002Fp>\n\u003Ch4>WHY WOOCOMMERCE SELLERS LOVE BOLT:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Lift conversion – Bolt drives 10-20% more completed orders.\u003C\u002Fli>\n\u003Cli>Boost customer LTV – Single-click checkout for seamless repeat purchases.\u003C\u002Fli>\n\u003Cli>Zero fraud guarantee – Approve more good customers with Bolt’s precision fraud engine. Bolt’s fraud decisioning comes with complete chargeback coverage.\u003C\u002Fli>\n\u003Cli>Eliminate costs — No more chargebacks, third-party fraud tools, or manual review. Bolt gives you freedom to focus on your business.\u003C\u002Fli>\n\u003Cli>Made for Mobile – Bolt is built to convert, no matter the device. Bolt improves mobile conversion rates by 83%.*                     \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Single-click checkout that plugs directly into your website for seamless desktop and mobile commerce.\u003C\u002Fli>\n\u003Cli>Hassle-free integration that ranges from a couple of days to a week.\u003C\u002Fli>\n\u003Cli>Dedicated account management\u003C\u002Fli>\n\u003Cli>100% coverage of fraudulent chargebacks including full international risk coverage.\u003C\u002Fli>\n\u003Cli>Leading fraud detection, powered by machine learning and Bolt’s team of risk experts, which frees you to focus on your business\u003C\u002Fli>\n\u003Cli>Bank-level security. Bolt is PCI DSS Level I and GDPR compliant.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WHAT YOU DON’T NEED IF YOU USE BOLT:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Bolt takes what has historically needed 3+ tools and solves them in 1 platform.\u003C\u002Fli>\n\u003Cli>Checkout UI \u002F optimization tools: Bolt is world-class checkout for WooCommerce. We relentlessly A\u002FB test across the Bolt Network, and our highest performing updates automatically deploy to your site.\u003C\u002Fli>\n\u003Cli>A payment processor: No need to install Apple Pay, PayPal, Stripe, Braintree, or other tools. Bolt handles all payment processing for credit and debit cards.\u003C\u002Fli>\n\u003Cli>Fraud scoring or fraud detection software: Bolt leads the industry with its precision fraud engine. Say goodbye to setting up order blocking rules or buying expensive third-party solutions — we have you covered.\u003C\u002Fli>\n\u003Cli>Manual fraud review: Don’t spend hours reviewing orders. Bolt’s team of risk experts reviews each flagged order, freeing up time for you to focus on your business.\u003C\u002Fli>\n\u003Cli>Chargeback representment tools: All representment, including for non-fraud chargebacks, is coordinated by Bolt.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>* Percentage increase in mobile conversion rates compares Bolt checkout completion rates across online retail partners from Aug 6 – Sep 4, 2018 to compiled benchmarks from, Barilliance, Formisimo, and the Baymard Institute.\u003C\u002Fem>\u003C\u002Fp>\n","Bring the world's fastest checkout to your WooCommerce site",46698,60,10,"2025-07-08T05:30:00.000Z","5.0","7.0",[136,20,22,23,24],"bolt","https:\u002F\u002Fbolt.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbolt-checkout-woocommerce.2.21.1.zip",{"slug":140,"name":141,"version":142,"author":143,"author_profile":144,"description":145,"short_description":146,"active_installs":11,"downloaded":147,"rating":29,"num_ratings":29,"last_updated":148,"tested_up_to":149,"requires_at_least":150,"requires_php":134,"tags":151,"homepage":154,"download_link":155,"security_score":156,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wc-paypay-gateway","Payment Gateway PayPay for WooCommerce","0.8","Hiroaki Miyashita","https:\u002F\u002Fprofiles.wordpress.org\u002Fhiroaki-miyashita\u002F","\u003Cp>The Payment Gateway PayPay for WooCommerce plugin adds the functionality to take PayPay payments on your store of WooCommerce.\u003C\u002Fp>\n\u003Ch4>About PayPay\u003C\u002Fh4>\n\u003Cp>PayPay is barcode based payment services in Japan. In order to start PayPay payments, you need to create a PayPay developer account.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.paypay.ne.jp\u002F\" rel=\"nofollow ugc\">PayPay for Developers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In order to make the mode Real, you have to purchase the authentication key at the following site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpmarket.jp\u002F\" rel=\"nofollow ugc\">WordPress Market\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Known Issues \u002F Bugs\u003C\u002Fh3>\n\u003Cp>Nothing.\u003C\u002Fp>\n\u003Ch3>Uninstall\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate the plugin\u003C\u002Fli>\n\u003Cli>That’s it! 🙂\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin adds the functionality to take PayPay payments on your store of WooCommerce.",4227,"2024-12-03T00:30:00.000Z","6.7.5","4.4",[20,22,152,153,24],"payments","paypay","https:\u002F\u002Fwww.wpmarket.jp\u002Fproduct\u002Fwc_paypay_gateway\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-paypay-gateway.0.8.zip",92,{"slug":158,"name":159,"version":160,"author":159,"author_profile":161,"description":162,"short_description":163,"active_installs":13,"downloaded":164,"rating":29,"num_ratings":29,"last_updated":165,"tested_up_to":149,"requires_at_least":133,"requires_php":166,"tags":167,"homepage":168,"download_link":169,"security_score":156,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"freedompay-payment-gateway","FreedomPay","1.10.0","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreedompay\u002F","\u003Cp>It’s pretty easy to receive payments with FreedomPay Payments Provider.\u003C\u002Fp>\n\u003Ch3>International payment service for online business\u003C\u002Fh3>\n\u003Cp>Increase your profits with high-conversion payments. We will set up a convenient payment acceptance for your customers, and you can focus on developing your business!\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an API to create payment requests. It’s necessary for the payment system to work.\u003C\u002Fp>\n\u003Cp>It sends the payment request information, such as the cart data, payment amount, user’s IP every time the payment is created\u003Cbr \u002F>\n(when user clicks on “Pay” button), if the user’s IP is not available, sends empty string.\u003Cbr \u002F>\nThis service is provided by “Freedom Pay LLP”: \u003Ca href=\"https:\u002F\u002Ffreedompay.kz\u002Fen\u002Frules\" rel=\"nofollow ugc\">terms of use\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ffreedompay.kz\u002Fen\u002Fprivacy_policy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa>.\u003C\u002Fp>\n","It's pretty easy to receive payments with FreedomPay Payments Provider.",2873,"2025-03-12T04:44:00.000Z","7.4",[20,22,152,24],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreedompay-payment-gateway.1.10.0.zip",{"attackSurface":171,"codeSignals":444,"taintFlows":546,"riskAssessment":612,"analyzedAt":628},{"hooks":172,"ajaxHandlers":397,"restRoutes":435,"shortcodes":436,"cronEvents":441,"entryPointCount":442,"unprotectedCount":443},[173,179,183,189,191,193,198,201,205,208,211,215,219,223,227,232,236,239,242,246,250,253,257,261,265,269,273,276,280,284,287,291,295,299,303,307,310,314,318,322,326,330,334,337,339,343,347,350,355,359,362,365,367,371,375,378,382,385,389,393,394],{"type":174,"name":175,"callback":176,"file":177,"line":178},"action","woocommerce_thankyou_unify","thankyou_page","Models\\Unify_Payment.php",56,{"type":174,"name":180,"callback":181,"priority":131,"file":177,"line":182},"woocommerce_email_before_order_table","email_instructions",59,{"type":174,"name":184,"callback":185,"priority":186,"file":187,"line":188},"woocommerce_checkout_after_order_review","second_place_order_button",5,"Models\\Unify_Paypal_Payment.php",62,{"type":174,"name":175,"callback":176,"file":187,"line":190},65,{"type":174,"name":180,"callback":181,"priority":131,"file":187,"line":192},67,{"type":174,"name":194,"callback":195,"file":196,"line":197},"admin_enqueue_scripts","load_admin_assets_unify_connections","Services\\Hooks.php",16,{"type":174,"name":194,"callback":199,"file":196,"line":200},"unify_load_fontawesome_local",27,{"type":174,"name":202,"callback":203,"file":196,"line":204},"init","unify_connections",32,{"type":174,"name":206,"callback":207,"file":196,"line":95},"admin_menu","add_settings_to_menu",{"type":174,"name":206,"callback":209,"file":196,"line":210},"alter_menu_label",35,{"type":174,"name":212,"callback":213,"file":196,"line":214},"add_meta_boxes","add_unify_connections_metaboxes",37,{"type":174,"name":216,"callback":217,"priority":80,"file":196,"line":218},"save_post","save_unify_connections_metaboxes",39,{"type":174,"name":220,"callback":221,"file":196,"line":222},"woocommerce_product_options_related","product_options_grouping",44,{"type":174,"name":224,"callback":225,"file":196,"line":226},"woocommerce_process_product_meta","save_connection_id",46,{"type":228,"name":229,"callback":230,"file":196,"line":231},"filter","manage_edit-product_columns","woo_product_extra_columns",51,{"type":174,"name":233,"callback":234,"file":196,"line":235},"manage_posts_custom_column","woo_product_extra_columns_content",53,{"type":174,"name":237,"callback":202,"file":196,"line":238},"plugins_loaded",58,{"type":228,"name":240,"callback":241,"file":196,"line":130},"woocommerce_payment_gateways","add_unify_gateway_class",{"type":174,"name":243,"callback":244,"file":196,"line":245},"before_woocommerce_init","woocommerce_hpos_compatible",61,{"type":174,"name":247,"callback":248,"file":196,"line":249},"woocommerce_checkout_fields","checkout_validation",63,{"type":174,"name":251,"callback":252,"file":196,"line":190},"woocommerce_checkout_process","process_unify_payment",{"type":174,"name":254,"callback":255,"file":196,"line":256},"woocommerce_admin_order_data_after_order_details","add_connection_details_to_view",70,{"type":174,"name":258,"callback":259,"file":196,"line":260},"admin_post_codeclouds_unify_tool_import","import_connections",75,{"type":174,"name":262,"callback":263,"file":196,"line":264},"admin_post_codeclouds_unify_tool_download","download_csv",77,{"type":174,"name":266,"callback":267,"file":196,"line":268},"admin_post_codeclouds_unify_tool_mapping","product_mapping",79,{"type":174,"name":270,"callback":271,"file":196,"line":272},"in_admin_footer","copyright_msg",84,{"type":174,"name":274,"callback":275,"file":196,"line":13},"wp_footer","checkout_js_validation",{"type":174,"name":277,"callback":278,"file":196,"line":279},"admin_post_unify_connections_post","save_connection",93,{"type":174,"name":281,"callback":282,"file":196,"line":283},"admin_post_unify_connections_delete","delete_connection",94,{"type":174,"name":285,"callback":286,"file":196,"line":27},"admin_post_unify_product_post","save_product",{"type":174,"name":288,"callback":289,"file":196,"line":290},"admin_post_unify_product_shipping","save_shipping",96,{"type":174,"name":292,"callback":293,"file":196,"line":294},"admin_post_request_unify_pro","request_unify_pro",97,{"type":174,"name":296,"callback":297,"file":196,"line":298},"admin_post_unify_settings_form_post","save_settings",98,{"type":174,"name":300,"callback":301,"file":196,"line":302},"admin_post_unify_paypal_settings_form_post","save_paypal_settings",99,{"type":228,"name":304,"callback":305,"file":196,"line":306},"admin_body_class","closure",107,{"type":174,"name":202,"callback":308,"file":196,"line":309},"custom_post_status_active",121,{"type":174,"name":311,"callback":312,"file":196,"line":313},"template_redirect","collect_affiliate_param",124,{"type":174,"name":315,"callback":316,"priority":131,"file":196,"line":317},"woocommerce_product_after_variable_attributes","add_custom_field_to_variations",128,{"type":174,"name":319,"callback":320,"priority":131,"file":196,"line":321},"woocommerce_save_product_variation","save_custom_field_variations",129,{"type":174,"name":323,"callback":324,"priority":131,"file":196,"line":325},"woocommerce_available_payment_gateways","unify_gateway_disable_paypal",135,{"type":174,"name":327,"callback":328,"file":196,"line":329},"wp_loaded","unify_front_end_function",137,{"type":174,"name":331,"callback":332,"priority":131,"file":196,"line":333},"woocommerce_before_checkout_form","wnd_checkout_code",139,{"type":174,"name":331,"callback":335,"file":196,"line":336},"toUnify",145,{"type":174,"name":206,"callback":305,"file":196,"line":338},146,{"type":174,"name":206,"callback":340,"priority":341,"file":196,"line":342},"remove_free_menu",999,152,{"type":228,"name":344,"callback":345,"priority":131,"file":196,"line":346},"is_active_sidebar","unify_remove_sidebar",156,{"type":174,"name":202,"callback":348,"file":196,"line":349},"unify_woocommerce_clear_cart_url",160,{"type":228,"name":351,"callback":352,"priority":353,"file":196,"line":354},"woocommerce_rest_prepare_product_object","custom_change_product_response",20,162,{"type":174,"name":356,"callback":357,"priority":131,"file":196,"line":358},"woocommerce_new_order","modify_data_after_order",164,{"type":174,"name":327,"callback":360,"priority":62,"file":196,"line":361},"woocommerce_add_multiple_products_to_cart",166,{"type":174,"name":274,"callback":363,"file":196,"line":364},"checkout_Pro_js",168,{"type":174,"name":202,"callback":305,"file":196,"line":366},170,{"type":174,"name":368,"callback":369,"priority":131,"file":196,"line":370},"woocommerce_after_add_to_cart_button","add_custom_buy_now_button",194,{"type":174,"name":372,"callback":373,"file":196,"line":374},"woocommerce_add_to_cart_redirect","redirect_to_checkout",196,{"type":174,"name":311,"callback":376,"file":196,"line":377},"unify_collect_query_params",201,{"type":174,"name":379,"callback":380,"file":196,"line":381},"admin_head","unify_admin_menu_new_item",212,{"type":174,"name":327,"callback":383,"file":196,"line":384},"unify_pro_admin_menu",214,{"type":228,"name":386,"callback":387,"file":196,"line":388},"http_request_timeout","unify_timeout_extend",217,{"type":174,"name":390,"callback":305,"file":391,"line":392},"admin_notices","Services\\Notice.php",23,{"type":174,"name":390,"callback":305,"file":391,"line":95},{"type":174,"name":390,"callback":305,"file":395,"line":396},"unify.php",33,[398,402,405,408,411,414,417,420,423,426,429,432],{"action":399,"nopriv":400,"callback":399,"hasNonce":400,"hasCapCheck":400,"file":196,"line":401},"bulk_delete_conn",false,102,{"action":403,"nopriv":400,"callback":403,"hasNonce":400,"hasCapCheck":400,"file":196,"line":404},"bulk_restore_conn",103,{"action":406,"nopriv":400,"callback":406,"hasNonce":400,"hasCapCheck":400,"file":196,"line":407},"activate_conn",104,{"action":409,"nopriv":400,"callback":409,"hasNonce":400,"hasCapCheck":400,"file":196,"line":410},"validate_crm_connection",131,{"action":412,"nopriv":400,"callback":412,"hasNonce":400,"hasCapCheck":400,"file":196,"line":413},"unify_plugin_lead_generate",132,{"action":415,"nopriv":400,"callback":415,"hasNonce":400,"hasCapCheck":400,"file":196,"line":416},"validate_pro_license",143,{"action":418,"nopriv":400,"callback":418,"hasNonce":400,"hasCapCheck":400,"file":196,"line":419},"clearcart",198,{"action":418,"nopriv":421,"callback":418,"hasNonce":400,"hasCapCheck":400,"file":196,"line":422},true,199,{"action":424,"nopriv":400,"callback":424,"hasNonce":400,"hasCapCheck":400,"file":196,"line":425},"configurationDataCollection",203,{"action":427,"nopriv":400,"callback":427,"hasNonce":400,"hasCapCheck":400,"file":196,"line":428},"unify_pro_request",206,{"action":430,"nopriv":400,"callback":430,"hasNonce":400,"hasCapCheck":400,"file":196,"line":431},"requestCancellation",208,{"action":433,"nopriv":400,"callback":433,"hasNonce":400,"hasCapCheck":400,"file":196,"line":434},"downgrading",210,[],[437],{"tag":438,"callback":439,"file":196,"line":440},"unify_checkout","unify_checkout_hook",158,[],13,12,{"dangerousFunctions":445,"sqlUsage":451,"outputEscaping":454,"fileOperations":28,"externalRequests":517,"nonceChecks":443,"capabilityChecks":186,"bundledLibraries":545},[446],{"fn":447,"file":448,"line":449,"context":450},"unserialize","Services\\Helper.php",190,"!empty($proLicenseFromOptionTable) && is_string($proLicenseFromOptionTable) && $proLicenseFromOption",{"prepared":452,"raw":29,"locations":453},11,[],{"escaped":112,"rawEcho":455,"locations":456},40,[457,461,463,465,467,469,471,473,475,477,479,481,483,485,487,490,492,494,496,497,498,500,502,504,506,508,510,512,515,518,519,522,525,527,529,532,535,538,541,544],{"file":458,"line":459,"context":460},"Actions\\Connection.php",249,"raw output",{"file":458,"line":462,"context":460},274,{"file":458,"line":464,"context":460},279,{"file":458,"line":466,"context":460},307,{"file":458,"line":468,"context":460},342,{"file":458,"line":470,"context":460},372,{"file":458,"line":472,"context":460},375,{"file":458,"line":474,"context":460},379,{"file":458,"line":476,"context":460},389,{"file":458,"line":478,"context":460},392,{"file":458,"line":480,"context":460},396,{"file":458,"line":482,"context":460},406,{"file":458,"line":484,"context":460},409,{"file":458,"line":486,"context":460},413,{"file":488,"line":489,"context":460},"Actions\\Dashboard.php",354,{"file":488,"line":491,"context":460},485,{"file":488,"line":493,"context":460},488,{"file":495,"line":210,"context":460},"Actions\\PlatformApi.php",{"file":495,"line":214,"context":460},{"file":495,"line":455,"context":460},{"file":495,"line":499,"context":460},165,{"file":495,"line":501,"context":460},243,{"file":495,"line":503,"context":460},581,{"file":495,"line":505,"context":460},583,{"file":495,"line":507,"context":460},605,{"file":495,"line":509,"context":460},611,{"file":495,"line":511,"context":460},614,{"file":513,"line":514,"context":460},"Actions\\Product.php",346,{"file":516,"line":517,"context":460},"Lib\\_SelfLoader-1.0\\bin\\loader.php",21,{"file":187,"line":349,"context":460},{"file":520,"line":521,"context":460},"Templates\\connection-list.php",141,{"file":523,"line":524,"context":460},"Templates\\dashboard.php",260,{"file":526,"line":325,"context":460},"Templates\\free-trial-license-registration.php",{"file":528,"line":306,"context":460},"Templates\\license-management.php",{"file":530,"line":531,"context":460},"Templates\\Notice\\lead-notice-msgone.php",14,{"file":533,"line":534,"context":460},"Templates\\Notice\\lead-notice-msgtwo.php",9,{"file":536,"line":537,"context":460},"Templates\\Tools\\product-mapping.php",31,{"file":539,"line":540,"context":460},"Templates\\Tools\\shipping-mapping.php",50,{"file":542,"line":543,"context":460},"Templates\\upgrade-to-pro.php",250,{"file":395,"line":95,"context":460},[],[547,564,582,594,602],{"entryPoint":548,"graph":549,"unsanitizedCount":80,"severity":40},"unify_front_end_function (Actions\\OrderConfirmation.php:66)",{"nodes":550,"edges":562},[551,556],{"id":552,"type":553,"label":554,"file":555,"line":543},"n0","source","$_GET","Actions\\OrderConfirmation.php",{"id":557,"type":558,"label":559,"file":555,"line":560,"wp_function":561},"n1","sink","wp_remote_post() [SSRF]",258,"wp_remote_post",[563],{"from":552,"to":557,"sanitized":400},{"entryPoint":565,"graph":566,"unsanitizedCount":28,"severity":40},"\u003COrderConfirmation> (Actions\\OrderConfirmation.php:0)",{"nodes":567,"edges":579},[568,569,570,574],{"id":552,"type":553,"label":554,"file":555,"line":543},{"id":557,"type":558,"label":559,"file":555,"line":560,"wp_function":561},{"id":571,"type":553,"label":572,"file":555,"line":573},"n2","$_GET (x2)",319,{"id":575,"type":558,"label":576,"file":555,"line":577,"wp_function":578},"n3","wp_remote_get() [SSRF]",345,"wp_remote_get",[580,581],{"from":552,"to":557,"sanitized":400},{"from":571,"to":575,"sanitized":400},{"entryPoint":583,"graph":584,"unsanitizedCount":80,"severity":593},"\u003CProduct> (Actions\\Product.php:0)",{"nodes":585,"edges":591},[586,588],{"id":552,"type":553,"label":587,"file":513,"line":428},"$_FILES",{"id":557,"type":558,"label":589,"file":513,"line":514,"wp_function":590},"echo() [XSS]","echo",[592],{"from":552,"to":557,"sanitized":400},"low",{"entryPoint":595,"graph":596,"unsanitizedCount":29,"severity":593},"\u003Cconnection-list> (Templates\\connection-list.php:0)",{"nodes":597,"edges":600},[598,599],{"id":552,"type":553,"label":554,"file":520,"line":537},{"id":557,"type":558,"label":589,"file":520,"line":279,"wp_function":590},[601],{"from":552,"to":557,"sanitized":421},{"entryPoint":603,"graph":604,"unsanitizedCount":29,"severity":593},"\u003Cconnection> (Templates\\connection.php:0)",{"nodes":605,"edges":610},[606,608],{"id":552,"type":553,"label":554,"file":607,"line":197},"Templates\\connection.php",{"id":557,"type":558,"label":589,"file":607,"line":609,"wp_function":590},278,[611],{"from":552,"to":557,"sanitized":421},{"summary":613,"deductions":614},"The 'unify' v3.4.10 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling (100% prepared statements) and output escaping (94% proper), significant concerns arise from its extensive unprotected attack surface. With 12 out of 13 entry points lacking authentication checks, particularly the AJAX handlers, this plugin is highly susceptible to unauthorized actions and privilege escalation if any of these endpoints can be triggered by unauthenticated users. The presence of `unserialize` is a potential risk, especially if user-controlled data is being unserialized without strict validation, although the taint analysis did not reveal critical or high-severity unsanitized flows. \n\nThe plugin's vulnerability history, with 3 known CVEs including one high-severity issue, points to recurring security weaknesses. The common vulnerability types of Missing Authorization and Cross-site Scripting suggest that authorization controls and input sanitization have been areas of past concern. The fact that all past vulnerabilities are currently patched is a positive sign, but the pattern of past issues indicates a need for ongoing vigilance and robust security practices. \n\nIn conclusion, 'unify' v3.4.10 presents a moderate to high risk due to its large attack surface with inadequate authorization. While the code quality in some areas is commendable, the lack of authentication on numerous entry points is a critical flaw that could be exploited, especially given its history of authorization and XSS vulnerabilities. Developers should prioritize implementing proper authentication and authorization checks on all AJAX handlers immediately.",[615,617,619,621,623,625],{"reason":616,"points":131},"Large attack surface without authentication",{"reason":618,"points":131},"12 AJAX handlers without auth checks",{"reason":620,"points":186},"Presence of unserialize function",{"reason":622,"points":62},"1 high severity vulnerability in history",{"reason":624,"points":131},"2 medium severity vulnerabilities in history",{"reason":626,"points":627},"Historically common vulnerability types (Auth\u002FXSS)",8,"2026-03-16T20:52:09.249Z",{"wat":630,"direct":651},{"assetPaths":631,"generatorPatterns":647,"scriptPaths":648,"versionParams":649},[632,633,634,635,636,637,638,639,640,641,642,643,644,645,646],"\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fcss\u002Ftools.css","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fcss\u002Fabout.css","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fcss\u002Fgrid.css","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Fjquery.validate.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Fvalidation.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Fcommon.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Fcreatejs.min.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002FCanvas.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Fsettings-pro.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Ftools.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Fadd-connection.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Fsettings.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Fconnection-list.js","\u002Fwp-content\u002Fplugins\u002Funify\u002Fassets\u002Fjs\u002Fupgrade-to-pro.js",[],[636,637,638,639,640,641,642,643,644,645,646],[650],"ver=3.4.10",{"cssClasses":652,"htmlComments":660,"htmlAttributes":663,"restEndpoints":666,"jsGlobals":667,"shortcodeOutput":670},[653,654,655,656,657,658,659],"unify-settings-wrap","unify-section","unify-form-row","unify-input-group","unify-btn","unify-connection-list-table","unify-connection-list-item",[661,662],"\u003C!-- Plugin 'woocommerce' is Active -->","\u003C!-- This loads admin assets based on page parameters -->",[664,665],"data-unify-field","data-unify-tab",[],[668,669],"canvasJsObject","unifySettings",[]]