[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fq1nxc7nFHSRRmkOWgOrinp6WQegV3N92myqrkveI-CI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":149},"vamp-fashion","Vamp Fashion","1.0.3","Keramaros Antonios","https:\u002F\u002Fprofiles.wordpress.org\u002Fantoniskeramaros\u002F","\u003Cp>This plugin fetches product details like names, descriptions, and images, making them ready for you to customize and sell. Expand your store’s product range with ease and focus on creating an engaging shopping experience for your customers. Perfect for fashion retailers looking to save time and streamline product management.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the vamp.keramaros.gr API to retrieve and display product information, including descriptions, images, and metadata. This functionality is essential to ensure the plugin can dynamically present up-to-date product details in your wordpress.\u003C\u002Fp>\n\u003Cp>The plugin sends the following information to the API:\u003C\u002Fp>\n\u003Col>\n\u003Cli>API key or authentication credentials (as required by the API).\u003C\u002Fli>\n\u003Cli>Request parameters specifying the desired product or category data.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Data is sent every time the plugin queries the API to retrieve or update product information. This typically occurs during:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Initial setup of the plugin.\u003C\u002Fli>\n\u003Cli>User-initiated requests to update or fetch product data.\u003C\u002Fli>\n\u003Cli>Links to Terms of Service and Privacy Policy\u003C\u002Fli>\n\u003Cli>For more details about how the vamp.keramaros.gr API processes and safeguards data, refer to the following:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Terms of Service https:\u002F\u002Fkeramaros.gr\u002Fterms-of-use-for-vamp-fashion-api\u003Cbr \u002F>\nPrivacy Policy https:\u002F\u002Fkeramaros.gr\u002Fprivacy-policy-for-vamp-fashion-api\u003C\u002Fp>\n","Effortlessly import products from the Vamp Fashion API into your WooCommerce store.",0,363,"2025-11-22T16:17:00.000Z","6.7.5","5.0","7.0",[18],"vamp-woocommerce-products-import-api","https:\u002F\u002Fkeramaros.gr\u002Fproduct\u002Fvamp-fashion-products-api-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvamp-fashion.1.0.3.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":21,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"antoniskeramaros",3,20,30,94,"2026-04-05T03:25:34.799Z",[],{"attackSurface":34,"codeSignals":71,"taintFlows":105,"riskAssessment":140,"analyzedAt":148},{"hooks":35,"ajaxHandlers":60,"restRoutes":67,"shortcodes":68,"cronEvents":69,"entryPointCount":70,"unprotectedCount":70},[36,42,45,47,51,54,56],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","closure","admin\\menu.php",6,{"type":37,"name":43,"callback":39,"file":40,"line":44},"admin_enqueue_scripts",89,{"type":37,"name":43,"callback":39,"file":40,"line":46},101,{"type":37,"name":48,"callback":39,"file":49,"line":50},"plugins_loaded","vamp-fashion.php",21,{"type":37,"name":52,"callback":39,"file":49,"line":53},"admin_notices",28,{"type":37,"name":52,"callback":39,"file":49,"line":55},38,{"type":37,"name":57,"callback":39,"priority":58,"file":49,"line":59},"upgrader_process_complete",10,61,[61,65],{"action":62,"nopriv":63,"callback":39,"hasNonce":63,"hasCapCheck":63,"file":40,"line":64},"vamp_fashion_product_insert",false,29,{"action":66,"nopriv":63,"callback":39,"hasNonce":63,"hasCapCheck":63,"file":40,"line":59},"vamp_fashion_product_preview",[],[],[],2,{"dangerousFunctions":72,"sqlUsage":73,"outputEscaping":75,"fileOperations":11,"externalRequests":103,"nonceChecks":70,"capabilityChecks":11,"bundledLibraries":104},[],{"prepared":11,"raw":11,"locations":74},[],{"escaped":44,"rawEcho":76,"locations":77},12,[78,81,83,85,87,89,91,93,95,97,99,101],{"file":79,"line":76,"context":80},"admin\\home.php","raw output",{"file":79,"line":82,"context":80},120,{"file":79,"line":84,"context":80},123,{"file":79,"line":86,"context":80},126,{"file":79,"line":88,"context":80},129,{"file":79,"line":90,"context":80},132,{"file":79,"line":92,"context":80},159,{"file":79,"line":94,"context":80},200,{"file":79,"line":96,"context":80},203,{"file":79,"line":98,"context":80},206,{"file":79,"line":100,"context":80},209,{"file":79,"line":102,"context":80},212,1,[],[106],{"entryPoint":107,"graph":108,"unsanitizedCount":70,"severity":139},"\u003Chome> (admin\\home.php:0)",{"nodes":109,"edges":134},[110,115,119,125,128,131],{"id":111,"type":112,"label":113,"file":79,"line":114},"n0","source","$_GET",106,{"id":116,"type":117,"label":118,"file":79,"line":114},"n1","transform","→ vampFashion_tablenavPagesHead()",{"id":120,"type":121,"label":122,"file":79,"line":123,"wp_function":124},"n2","sink","echo() [XSS]",23,"echo",{"id":126,"type":112,"label":113,"file":79,"line":127},"n3",233,{"id":129,"type":117,"label":130,"file":79,"line":127},"n4","→ vampFashion_tablenavPagesFoot()",{"id":132,"type":121,"label":122,"file":79,"line":133,"wp_function":124},"n5",52,[135,136,137,138],{"from":111,"to":116,"sanitized":63},{"from":116,"to":120,"sanitized":63},{"from":126,"to":129,"sanitized":63},{"from":129,"to":132,"sanitized":63},"medium",{"summary":141,"deductions":142},"The \"vamp-fashion\" v1.0.3 plugin exhibits a mixed security posture.  On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, having no known vulnerabilities (CVEs) recorded, and a low number of file operations and external HTTP requests. The high percentage of properly escaped output also indicates attention to preventing cross-site scripting (XSS) vulnerabilities.\n\nHowever, significant concerns arise from the attack surface. Two AJAX handlers are present, and alarmingly, both lack authentication checks. This directly exposes these handlers to potential unauthorized access and manipulation by unauthenticated users, which is a critical security oversight. While the taint analysis found only one flow and no critical or high-severity issues, the presence of an \"unsanitized path\" flow, even if not critical, combined with the unprotected AJAX endpoints, suggests a potential risk if user input can influence file paths or other sensitive operations within those endpoints.\n\nWith no historical vulnerability data, it's difficult to infer long-term patterns. However, the current static analysis highlights a clear and immediate risk due to the unprotected AJAX endpoints. While the plugin avoids several common pitfalls, the unprotected entry points are a significant weakness that could be exploited. The plugin has strengths in its SQL handling and output escaping, but the unprotected AJAX actions are a critical concern.",[143,145],{"reason":144,"points":58},"AJAX handlers without authentication",{"reason":146,"points":147},"Flow with unsanitized paths",5,"2026-03-17T06:32:58.858Z",{"wat":150,"direct":159},{"assetPaths":151,"generatorPatterns":154,"scriptPaths":155,"versionParams":156},[152,153],"\u002Fwp-content\u002Fplugins\u002Fvamp-fashion\u002Fassets\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fvamp-fashion\u002Fassets\u002Fstyle.css",[],[152],[157,158],"vamp-fashion\u002Fassets\u002Fscript.js?ver=","vamp-fashion\u002Fassets\u002Fstyle.css?ver=",{"cssClasses":160,"htmlComments":164,"htmlAttributes":165,"restEndpoints":167,"jsGlobals":168,"shortcodeOutput":170},[161,162,163],"sync","edit","view",[],[166],"aria-label",[],[169],"vampFashion",[]]