[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fG_vMeBzdaHe6ISGp30lzmNXXDX_UTOKGLudFyaFO9iQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":39,"analysis":151,"fingerprints":547},"vatomi","Vatomi","1.0.3","nK","https:\u002F\u002Fprofiles.wordpress.org\u002Fnko\u002F","\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Envato oAuth button in registration form\u003C\u002Fli>\n\u003Cli>AwesomeSupport integration for Envato products\u003C\u002Fli>\n\u003Cli>Activation API for themes and plugins developers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Activation themes\u002Fplugins for developers\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Fill settings in \u003Cstrong>wp_admin > Vatomi > Settings > Envato Settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Create Licenses page in \u003Cstrong>wp_admin > Vatomi > Settings > Licenses\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Use these links to let users activate your theme\u002Fplugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Activate\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ca href=\"\u003C?php echo esc_attr( 'https:\u002F\u002F{YOUR_SITE}\u002Flicenses\u002F?vatomi_item_id={ITEM_ID}&vatomi_action=activate&vatomi_site=' . urlencode( home_url( '\u002F' ) ) . '&vatomi_redirect=' . urlencode( admin_url( 'admin.php?page={YOUR_THEME_PAGE}' ) ) ); ?>\" class=\"button button-primary\">Activate\u003C\u002Fa>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>After button clicked, user will be redirected back to their site on the page \u003Ccode>admin_url( 'admin.php?page={YOUR_THEME_PAGE}' )\u003C\u002Fcode> with available GET variables, that you can use:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>vatomi_action\u003C\u002Fstrong> (activate, deactivate)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>vatomi_item_id\u003C\u002Fstrong> (item ID)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>vatomi_license_code\u003C\u002Fstrong> (Envato purchase code)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Deactivate\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ca href=\"\u003C?php echo esc_attr( 'https:\u002F\u002F{YOUR_SITE}\u002Flicenses\u002F?vatomi_item_id={ITEM_ID}&vatomi_action=deactivate&vatomi_license={PURCHASE_CODE}&vatomi_redirect=' . urlencode( admin_url( 'admin.php?page={YOUR_THEME_PAGE}' ) ) ); ?>\" class=\"button button-primary\">Deactivate\u003C\u002Fa>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>After button clicked, user will be redirected back to their site on the page \u003Ccode>admin_url( 'admin.php?page={YOUR_THEME_PAGE}' )\u003C\u002Fcode> with available GET variables, that you can use:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>vatomi_action (activate, deactivate)\u003C\u002Fli>\n\u003Cli>vatomi_item_id (item ID)\u003C\u002Fli>\n\u003Cli>vatomi_license_code (Envato purchase code)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>After theme\u002Fplugin activated, you will be able to use Vatomi API:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Get URL to ZIP file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002F{YOUR_SITE}\u002Fwp-json\u002Fvatomi\u002Fv1\u002Fenvato\u002Fitem_wp_url\u002F{ITEM_ID}?license={PURCHASE_CODE}&site={ACTIVATED_SITE_ADDRESS}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Get item current version number:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002F{YOUR_SITE}\u002Fwp-json\u002Fvatomi\u002Fv1\u002Fenvato\u002Fitem_version\u002F{ITEM_ID}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Check valid purchase code (if user purchased item from you):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002F{YOUR_SITE}\u002Fwp-json\u002Fvatomi\u002Fv1\u002Fenvato\u002Fcheck_license\u002F{PURCHASE_CODE}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Envato oAuth registration. Support Envato customers users with AwesomeSupport plugin.",10,1441,0,"2019-11-02T22:26:00.000Z","5.3.21","4.8.0","5.4",[19,20,21,22,23],"activation","envato","license","oauth","support","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvatomi.1.0.3.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":32,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"nko","Danny van Kooten",90,2079550,91,522,73,"2026-04-04T07:03:43.584Z",[40,63,84,105,127],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":13,"num_ratings":13,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":13,"last_vuln_date":62,"fetched_at":28},"license-envato","License For Envato","1.1.0","Ashraful Sarkar Naiem","https:\u002F\u002Fprofiles.wordpress.org\u002Fashrafulsarkar\u002F","\u003Cp>Are you a theme or plugin developer and selling your product in the Envato market? Can’t manage your product license? If all questions are yes. This plugin help you. Now you can manage all Envato licenses with this plugin.\u003C\u002Fp>\n\u003Ch3>⚡ Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy installation\u003C\u002Fli>\n\u003Cli>License management\u003C\u002Fli>\n\u003Cli>Search with purchasecode\u003C\u002Fli>\n\u003Cli>Lightweight and fast\u003C\u002Fli>\n\u003C\u002Ful>\n","\"License For Envato\" is a Envato theme & plugin license management Software.",8000,60465,"2025-12-17T06:33:00.000Z","6.9.4","6.0","7.2",[55,21,41,56,57],"envato-license","license-manager","plugin-license","https:\u002F\u002Fgithub.com\u002Fashrafulsarkar\u002Fenvato-licenser","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flicense-envato.1.1.0.zip",94,2,"2025-04-21 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":17,"tags":78,"homepage":82,"download_link":83,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"toolkit-for-envato","Envato Toolkit","1.4","KestutisIT","https:\u002F\u002Fprofiles.wordpress.org\u002Fkestutisit\u002F","\u003Cp>It is a 3 files library + Visual UI, to validate the purchase codes of your customers, get details about specific Envato user (country, city, total followers, total sales, avatar), get his license purchase and support expiration dates, license type he bought, check for updates of purchased plugins and themes and get the download links for them.\u003C\u002Fp>\n\u003Cp>Plus – this library has Envato Item Id search feature by providing plugin’s or theme’s name and author. So – yes, this is a tool you, as a developer \u002F author, have been looking for months.\u003C\u002Fp>\n\u003Cp>If you are looking for the library-only version to integrate into your plugin \u002F theme, it’s on GitHub:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FKestutisIT\u002FEnvatoToolkit\" title=\"Envato Toolkit (Standalone)\" rel=\"nofollow ugc\">Envato Toolkit (Standalone)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The main purpose of this plugin is to help you to start much easier without having a headache trying to understand \u003Ccode>WordPress - Envato Market\u003C\u002Fcode> plugins code, that is the only one built by Envato, and has so complicated and unclear code, that you never get how it works (see example below).\u003C\u002Fp>\n\u003Cp>When I tried to create plugin’s \u003Ccode>[Check for Update]\u003C\u002Fcode> and \u003Ccode>[Validate Purchase Code]\u003C\u002Fcode> feature-buttons in the plugin myself, and I saw the code of the \u003Ccode>WordPress - Envato Market\u003C\u002Fcode> plugin, I was shocked how badly it is written and how you should not to code.\u003C\u002Fp>\n\u003Cp>For example – you would like to give an error message, if Envato user token is empty, which is a required string, i.e. – \u003Ccode>pAA0aBCdeFGhiJKlmNOpqRStuVWxyZ44\u003C\u002Fcode>. If you like K.I.S.S., PSR-2, D.R.Y., clean code coding standards and paradigms, you’d probably just have these five lines of code, so that every developer would get it:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = get_user_meta(get_current_user_id(), 'envato_token', TRUE);\nif($token == \"\")\n{\n    return new \\WP_Error('api_token_error', __('An API token is required.', 'envato-toolkit'));\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Now lets see how the same task traceback looks like in \u003Ccode>WordPress - Envato Market\u003C\u002Fcode> plugin:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Ccode>[Api.php -> request(..)]\u003C\u002Fcode> Check if the token is empty:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>if ( empty( $token ) )\n{\n    return new WP_Error( 'api_token_error', __( 'An API token is required.', 'envato-market' ) );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[Api.php -> request(..)]\u003C\u002Fcode> Parse it from another string:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = trim( str_replace( 'Bearer', '', $args['headers']['Authorization'] ) );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[Api.php -> request(..)]\u003C\u002Fcode> Parse it one more time – this time from arguments array:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>public function request( $url, $args = array() ) {\n    $defaults = array(\n        'timeout' => 20,\n    );\n    $args = wp_parse_args( $args, $defaults );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[Api.php -> download(..)]\u003C\u002Fcode> Transfer the token variable one more time – this time via params:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>class Envato_Market_API {\n    public function download( $id, $args = array() ) {\n        $url = 'https:\u002F\u002Fapi.envato.com\u002Fv2\u002Fmarket\u002Fbuyer\u002Fdownload?item_id=' . $id . '&shorten_url=true';\n        return $this->request( $url, $args );\n    }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> maybe_deferred_download(..)]\u003C\u002Fcode> Pass it again – this time get it to args array from another method call:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function maybe_deferred_download( $options ) {\n    $args = $this->set_bearer_args();\n    $options['package'] = envato_market()->api()->download( $vars['item_id'], $args );\n    return $options;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> set_bearer_args(..)]\u003C\u002Fcode> Wrap the token into multi-dimensional string array:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$args = array(\n    'headers' => array(\n        'Authorization' => 'Bearer ' . $token,\n    ),\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> set_bearer_args(..)]\u003C\u002Fcode> Pass the wrapped token one more time – this time get it from get_option:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>foreach ( envato_market()->get_option( 'items', array() ) as $item ) {\n    if ( $item['id'] === $id ) {\n        $token = $item['token'];\n        break;\n    }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> get_option(..)]\u003C\u002Fcode> So what’s in this \u003Ccode>get_option\u003C\u002Fcode>? – Correct, another call to another method – \u003Ccode>get_options()\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>public function get_option( $name, $default = '' ) {\n    $options = self::get_options();\n    $name = self::sanitize_key( $name );\n    return isset( $options[ $name ] ) ? $options[ $name ] : $default;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> get_options()]\u003C\u002Fcode> Finally, after almost 10 steps in the tree, we are finally getting the original\u003Cbr \u002F>\nWordPress method call, but now I’m getting confused again – what is that \u003Ccode>option_name\u003C\u002Fcode> variable here:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>public function get_options() {\n    return get_option( $this->option_name, array() );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[envato-market.php -> init_globals()]\u003C\u002Fcode> Here is it is – the \u003Ccode>option name\u003C\u002Fcode> key name is… Oh wait…\u003Cbr \u002F>\nNo it is not here it. It is equals to another variable, who is is put\u003Cbr \u002F>\nin another clean-up function – look like I’m keep seeing this for the 2 time in the tree – the sanitization of sanitization:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$this->option_name = self::sanitize_key( $this->slug );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[envato-market.php -> init_globals()]\u003C\u002Fcode> So the \u003Ccode>option name\u003C\u002Fcode> key name is the name of \u003Ccode>$this->slug\u003C\u002Fcode>.\u003Cbr \u002F>\nNow lets see what is the value of \u003Ccode>$this->slug\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$this->slug        = 'envato-market';\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>So it takes \u003Cstrong>eleven (!)\u003C\u002Fstrong> steps to understand one variable. And the whole code of that plugin is like that. The example above was the headache I had, until I realized that I must write a new Envato API Management Toolkit, instead of trying to use what Envato is giving, because otherwise I won’t get anything working ever.\u003C\u002Fp>\n\u003Cp>And, I believe, that many other developers had the same issue when tried to create update check feature for their plugins or themes.\u003C\u002Fp>\n\u003Cp>So instead of using that library for myself, I decided that I want to help all these developers to save their time, and I’m sharing this code with you. I’m releasing it under MIT license, which allows you to use this code in your plugin without any restrictions for both – free and commercial use.\u003C\u002Fp>\n\u003Cp>Plus – I’m giving a promise to you, that this plugin is and will always be 100% free, without any ads, ‘Subscribe’, ‘Follow us’, ‘Check our page’, ‘Get Pro Version’ or similar links.\u003C\u002Fp>\n\u003Cp>If you created in hi-quality code a valuable additional functionality to the library and you want to share it with everyone – I’m open here to support your efforts, and add your code to the plugin’s library, so that we all together make this plugin better for authors – the better is the plugin, the better plugins authors will make for their customers. The better quality products we will have on the internet, the happier people will be all over the world.\u003C\u002Fp>\n\u003Cp>Finally – the code is poetry – \u003Cstrong>the better is the plugin, the happier is the world\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The pseudo-code of example output of the plugin is this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Details about you:\n----------------------------------------------------------\nList of all different plugins you bought:\n\u003C?php foreach($plugins AS $pluginId => $plugin): ?>\n    \u003C?='Plugin Id: '.$pluginId.', Name: '.$plugin['name'];?>, Licenses:\n    \u003C?php foreach($plugin['licenses'] AS $license): ?>\n        Code: \u003C?=$license['purchase_code'];?>,\n        License: \u003C?=$license['license'];?>,\n        Purchased: \u003C?=$license['license_purchase_date'];?> \u003C?=$license['license_purchase_time'];?>,\n        Expires: \u003C?=$license['support_expiration_date'];?> \u003C?=$license['support_expiration_time'];?>,\n        Support Status: \u003C?=$license['support_active'];?>\n    \u003C?php endforeach; ?>\n\u003C?php endforeach; ?>\n\nList of all different themes you bought:\n\u003C?php foreach($themes AS $themeId => $theme): ?>\n    \u003C?='Theme Id: '.$themeId.', Name: '.$theme['name'];?>, Licenses:\n    \u003C?php foreach($theme['licenses'] AS $license): ?>\n        Code: \u003C?=$license['purchase_code'];?>,\n        License: \u003C?=$license['license'];?>,\n        Purchased: \u003C?=$license['license_purchase_date'];?> \u003C?=$license['license_purchase_time'];?>,\n        Expires: \u003C?=$license['support_expiration_date'];?> \u003C?=$license['support_expiration_time'];?>,\n        Status: \u003C?=$license['support_active'] == 1 ? \"Supported\" : \"Support Expired\";?>\n    \u003C?php endforeach; ?>\n\u003C?php endforeach; ?>\n\nYour summary:\nYour location is \u003C?=$authorCity;?>, \u003C?=$authorCountry;?>.\nYou've sold your items \u003C?=$authorSales;?> times and you have \u003C?=$authorFollowers;?> followers on Envato.\n\n1. Your Customer's License Details\n----------------------------------------------------------\nPurchase Code: \u003C?=$targetPurchaseCode;?>\nIs Valid License: \u003C?=$isValidTargetLicense ? 'Yes' : 'No';?>\nBuyer Username: \u003C?=$targetLicenseBuyer;?>\nLicense Type: \u003C?=$targetLicenseType;?>\nPurchased At: \u003C?=$targetLicensePurchasedAt;?>\nSupported Until: \u003C?=$targetLicenseSupportedUntil;?>\nSupport Status: \u003C?=$targetLicenseSupportActive == 1 ? \"Supported\" : \"Support Expired\";?>\n\n2. Details About Target Envato User - \u003C?=$targetUsername;?>\n----------------------------------------------------------\n\u003C?=$targetUsername;?> is located in \u003C?=$targetUserCity;?>, \u003C?=$targetUserCountry;?>.\nHe sold his items \u003C?=$targetUserSales;?> times and has \u003C?=$targetUserFollowers;?> followers on Envato.\n\n3. Status of Purchased Plugin ID - \u003C?=$targetPluginId;?>\n----------------------------------------------------------\nPlugin Name: \u003C?=$nameOfTargetPluginId;?>\nPlugin Update Available: \u003C?=$pluginUpdateAvailable ? 'Yes' : 'No';?>\nInstalled Plugin Version: \u003C?=$installedPluginVersion;?>\nAvailable Plugin Version: \u003C?=$availablePluginVersion;?>\nPlugin Update Download URL:\n\u003Ca href=\"\u003C?=$pluginUpdateDownloadUrl;?>\" target=\"_blank\" title=\"Download newest version\">Download newest version\u003C\u002Fa>\n\n4. Status of Purchased Theme ID - \u003C?=$targetThemeId;?>:\n----------------------------------------------------------\nTheme Name: \u003C?=$nameOfTargetThemeId;?>\nTheme Update Available: \u003C?=$themeUpdateAvailable ? 'Yes' : 'No';?>\nInstalled Theme Version: \u003C?=$installedThemeVersion;?>\nAvailable Theme Version: \u003C?=$availableThemeVersion;?>\nTheme Update Download URL:\n\u003Ca href=\"\u003C?=$themeUpdateDownloadUrl;?>\" target=\"_blank\" title=\"Download newest version\">Download newest version\u003C\u002Fa>\n\n5. Envato Item Id of Purchased Plugin\n----------------------------------------------------------\nSearched for Name: \u003C?=$targetPluginName;?>\nSearched for Author: \u003C?=$targetPluginAuthor;?>\nFound Plugin Id: \u003C?=$foundPluginId;?>\n\n6. Envato Item Id of Purchased Theme\n----------------------------------------------------------\nSearched for Name: \u003C?=$targetThemeName;?>\nSearched for Author: \u003C?=$targetThemeAuthor;?>\nFound Theme Id: \u003C?=$foundThemeId;?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>And the example input of the output above, it this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$objToolkit = new EnvatoAPIManager($toolkitSettings);\n\n\u002F\u002F Details about you\n$purchasedPlugins = $objToolkit->getPurchasedPluginsWithDetails();\n$plugins = array();\nforeach($purchasedPlugins AS $pluginId => $purchasedPlugin)\n{\n    $purchasedPlugin['licenses'] = $objToolkit->getLicensesByItemId($pluginId);\n    $plugins[$pluginId] = $purchasedPlugin;\n}\n\n$purchasedThemes = $objToolkit->getPurchasedThemesWithDetails();\n$themes = array();\nforeach($purchasedThemes AS $themeId => $purchasedTheme)\n{\n    $purchasedTheme['licenses'] = $objToolkit->getLicensesByItemId($themeId);\n    $themes[$themeId] = $purchasedTheme;\n}\n\n$authorDetails = $objToolkit->getUserDetails($sanitizedEnvatoUsername);\n\u002F\u002F View vars\n$view->plugins = $plugins;\n$view->themes = $themes;\nif($authorDetails != FALSE)\n{\n    $view->authorCity = $authorDetails['city'];\n    $view->authorCountry = $authorDetails['country'];\n    $view->authorSales = $authorDetails['sales'];\n    $view->authorFollowers = $authorDetails['followers'];\n} else\n{\n    $view->authorCity = '';\n    $view->authorCountry = '';\n    $view->authorSales = 0;\n    $view->authorFollowers = 0;\n}\n\n\u002F\u002F 1. Details About Target Purchase Code\n$targetLicenseDetails = $objToolkit->getLicenseDetails($sanitizedTargetPurchaseCode);\n\u002F\u002F View vars\n$view->targetPurchaseCode = esc_html($sanitizedTargetPurchaseCode); \u002F\u002F Ready for print\n$view->isValidTargetLicense = $objToolkit->isValidLicense($sanitizedTargetPurchaseCode);\n$view->targetLicenseBuyer = $targetLicenseDetails['buyer_username'];\n$view->targetLicense = $targetLicenseDetails['license'];\n$view->targetLicensePurchasedAt = $targetLicenseDetails['license_purchase_date'].' '.$targetLicenseDetails['license_purchase_time'];\n$view->targetLicenseSupportedUntil = $targetLicenseDetails['support_expiration_date'].' '.$targetLicenseDetails['support_expiration_time'];\n$view->targetLicenseSupportActive = $targetLicenseDetails['support_active'];\n\n\u002F\u002F 2. Details About Target Envato User\n$targetUserDetails = $objToolkit->getUserDetails($sanitizedTargetUsername);\n\u002F\u002F View vars\n$view->targetUsername = esc_html($sanitizedTargetUsername); \u002F\u002F Ready for print\n$view->targetUserCity = $targetUserDetails['city'];\n$view->targetUserCountry = $targetUserDetails['country'];\n$view->targetUserSales = $targetUserDetails['sales'];\n$view->targetUserFollowers = $targetUserDetails['followers'];\n\n\u002F\u002F 3. Status of Purchased Plugin ID\n$availablePluginVersion = $objToolkit->getAvailableVersion($sanitizedTargetPluginId);\n$pluginUpdateAvailable = version_compare($sanitizedInstalledPluginVersion, $availablePluginVersion, '\u003C');\n\u002F\u002F View vars\n$view->targetPluginId = intval($sanitizedTargetPluginId); \u002F\u002F Ready for print\n$view->installedPluginVersion = esc_html($sanitizedInstalledPluginVersion); \u002F\u002F Ready for print\n$view->nameOfTargetPluginId = esc_html($objToolkit->getItemName($sanitizedTargetPluginId));\n$view->availablePluginVersion = $availablePluginVersion;\n$view->pluginUpdateAvailable = $pluginUpdateAvailable;\n$view->pluginUpdateDownloadUrl = $pluginUpdateAvailable ? $objToolkit->getDownloadUrlIfPurchased($sanitizedTargetPluginId) : '';\n\n\u002F\u002F 4. Status of Purchased Theme ID\n$availableThemeVersion = $objToolkit->getAvailableVersion($sanitizedTargetThemeId);\n$themeUpdateAvailable = version_compare($sanitizedInstalledThemeVersion, $availableThemeVersion, '\u003C');\n\u002F\u002F View vars\n$view->targetThemeId = intval($sanitizedTargetThemeId); \u002F\u002F Ready for print\n$view->installedThemeVersion = esc_html($sanitizedInstalledThemeVersion); \u002F\u002F Ready for print\n$view->nameOfTargetThemeId = esc_html($objToolkit->getItemName($sanitizedTargetThemeId));\n$view->availableThemeVersion = $availableThemeVersion;\n$view->themeUpdateAvailable = $themeUpdateAvailable;\n$view->themeUpdateDownloadUrl = $themeUpdateAvailable ? $objToolkit->getDownloadUrlIfPurchased($sanitizedTargetThemeId) : '';\n\n\u002F\u002F 5. Envato Item Id of Purchased Plugin\n$view->targetPluginName = esc_html($sanitizedTargetPluginName); \u002F\u002F Ready for print\n$view->targetPluginAuthor = esc_html($sanitizedTargetPluginAuthor); \u002F\u002F Ready for print\n$view->foundPluginId = $objToolkit->getItemIdByPluginAndAuthorIfPurchased($sanitizedTargetPluginName, $sanitizedTargetPluginAuthor);\n\n\u002F\u002F 6. Envato Item Id of Purchased Theme\n$view->targetThemeName = esc_html($sanitizedTargetThemeName); \u002F\u002F Ready for print\n$view->targetThemeAuthor = esc_html($sanitizedTargetThemeAuthor); \u002F\u002F Ready for print\n$view->foundThemeId = $objToolkit->getItemIdByThemeAndAuthorIfPurchased($sanitizedTargetThemeName, $sanitizedTargetThemeAuthor);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Validate purchase code, check for item update & support expiration, download newest version, lookup for user details, search for Envato item id & more",6000,126000,56,9,"2021-04-26T18:00:00.000Z","5.7.15","4.6",[79,20,21,80,81],"api","purchase-validator","update-checker","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoolkit-for-envato\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoolkit-for-envato.zip",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":13,"num_ratings":13,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":24,"tags":97,"homepage":103,"download_link":104,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"generate-dap-license-key","DAP TO LICENSE KEY","1.1","chatthasumit","https:\u002F\u002Fprofiles.wordpress.org\u002Fchatthasumit\u002F","\u003Cp>Now in these days lots of Internet Marketers are selling their products\u002Fplugins using DAP (Digital Access Pass). But DAP is not providing the facility to generate the unique license key for activating the plugin.\u003C\u002Fp>\n\u003Cp>So this plugin will generate unique license key for every user.\u003C\u002Fp>\n\u003Cp>To use this plugin you need to sync your DAP plugin with wordpress.\u003C\u002Fp>\n","To generate the license key once DAP user created",20,1285,"2018-01-12T12:56:00.000Z","4.9.29","3.0.1",[98,99,100,101,102],"dap","dap-license-key","digital-access-pass","license-key","plugin-activation-key","http:\u002F\u002Fwww.viralsoftwares.com\u002Fdap-to-license-key","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgenerate-dap-license-key.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":51,"requires_at_least":52,"requires_php":118,"tags":119,"homepage":123,"download_link":124,"security_score":35,"vuln_count":125,"unpatched_count":13,"last_vuln_date":126,"fetched_at":28},"bbpress","bbPress","2.6.14","John James Jacoby","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnjamesjacoby\u002F","\u003Cp>Are you looking for a timeless, elegant, and streamlined discussion board? bbPress is easy to integrate, easy to use, and is built to scale with your growing community.\u003C\u002Fp>\n\u003Cp>bbPress is intentionally simple yet infinitely powerful forum software, built by contributors to WordPress.\u003C\u002Fp>\n","bbPress is forum software for WordPress.",100000,9266210,78,343,"2025-07-02T15:44:00.000Z","5.6.20",[120,121,122,23],"discussion","forum","forums","https:\u002F\u002Fbbpress.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbbpress.2.6.14.zip",6,"2025-03-04 00:00:00",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":113,"downloaded":135,"rating":136,"num_ratings":137,"last_updated":138,"tested_up_to":51,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":147,"download_link":148,"security_score":149,"vuln_count":92,"unpatched_count":13,"last_vuln_date":150,"fetched_at":28},"themeisle-companion","Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More","3.0.5","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FfoS_QbuY-Lg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Why Choose Orbit Fox?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>All Essential Website Features in One Place\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Orbit Fox includes all the popular functionality most site owners need: SVG support, social sharing, website templates, custom fonts, stock photos, page builder widgets, menu icons, and site customization tools.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Eliminate Plugin Bloat\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Replace over a dozen individual utility plugins with just one solution. Reduce plugin management complexity, minimize potential conflicts, and keep your WordPress dashboard organized.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart Performance Optimization\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Modules only load when enabled and are compatible with your existing theme and plugins, ensuring optimal site performance and preventing conflicts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save Time on Setup and Maintenance\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Skip installing a dozen separate plugins when building new sites. Get fully functional websites in minutes, not hours. Plus, maintain just one plugin instead of managing multiple updates, settings, and compatibility issues.\u003C\u002Fp>\n\u003Ch3>Orbit Fox Modules\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Content & Design:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Website Templates – 45+ professional starter website templates to choose from\u003C\u002Fli>\n\u003Cli>Custom Fonts – Upload and use any custom font on your website\u003C\u002Fli>\n\u003Cli>Reading Progress Bar – Increase engagement with a visual reading progress indicator\u003C\u002Fli>\n\u003Cli>SVG Support – Enable safe SVG file uploads\u003C\u002Fli>\n\u003Cli>Free Stock Photos – 1,300+ free images to use for personal and commercial purposes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Page Building & Widgets:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Elementor Widgets – Add 6 popular widgets to Elementor\u003C\u002Fli>\n\u003Cli>Beaver Builder Modules – Add 6 popular modules to Beaver Builder\u003C\u002Fli>\n\u003Cli>Customize Login Page – Change the design of your site’s login page and customize your login form\u003C\u002Fli>\n\u003Cli>Duplicate Page or Post – Duplicate any post or page on your website with one click\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>User Experience:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Social Share Buttons – Add social sharing buttons to your website with mobile\u002Fdesktop optimization\u003C\u002Fli>\n\u003Cli>Menu Icons – Add icons to any menu\u003C\u002Fli>\n\u003Cli>GDPR\u002FCCPA Cookie Notice – Show GDPR\u002FCCPA-compliant cookie notifications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Site Management:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Header and Footer Scripts – Add tracking codes and custom CSS\u002FJS\u003C\u002Fli>\n\u003Cli>Disable Comments – Site-wide comment control\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Works With Any Theme\u003C\u002Fh3>\n\u003Cp>Orbit Fox is designed to work seamlessly with all WordPress themes. For the best experience, pair it with our professional themes like \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fthemes\u002Fneve\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Neve\u003C\u002Fstrong>\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fthemes\u002Fhestia\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Hestia\u003C\u002Fstrong>\u003C\u002Fa> – built by the same team for perfect integration.\u003C\u002Fp>\n\u003Ch3>Who Should Use Orbit Fox\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Beginners\u003C\u002Fstrong> – Get professional features without the learning curve\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Freelancers & Agencies\u003C\u002Fstrong> – Build efficient, streamlined client websites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Website Owners\u003C\u002Fstrong> – Access essential functionality through one organized solution\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone\u003C\u002Fstrong> who wants commonly needed features without multiple plugin installations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We’re here to help. Feel free to open a new thread on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fthemeisle-companion\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Need help getting started? Check out our \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Farticle\u002F951-orbit-fox-documentation\" rel=\"nofollow ugc\">complete documentation\u003C\u002Fa> for step-by-step guides on every feature.\u003C\u002Fp>\n\u003Ch3>Useful Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>If you like Orbit Fox, you’re sure to love \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">our other plugins\u003C\u002Fa> as well.\u003C\u002Fli>\n\u003Cli>Learn more about WordPress on our \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fblog\u002F\" rel=\"nofollow ugc\">blog\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Get the most out of your WordPress website with our helpful \u003Ca href=\"https:\u002F\u002Fyoutube.com\u002Fplaylist?list=PLmRasCVwuvpSep2MOsIoE0ncO9JE3FcKP\" rel=\"nofollow ugc\">YouTube Tutorials\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add modules like share buttons, header & footer scripts, disable comments, reading progress bar, custom fonts, custom login page & more in one plugin.",13570171,96,317,"2025-12-10T19:26:00.000Z","5.3","7.4",[142,143,144,145,146],"cookie-notice","duplicate-page","login-customizer","share-buttons","svg-support","https:\u002F\u002Forbitfox.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemeisle-companion.zip",83,"2025-11-03 00:00:00",{"attackSurface":152,"codeSignals":346,"taintFlows":447,"riskAssessment":533,"analyzedAt":546},{"hooks":153,"ajaxHandlers":326,"restRoutes":335,"shortcodes":336,"cronEvents":344,"entryPointCount":345,"unprotectedCount":13},[154,160,165,169,173,177,181,184,189,194,197,200,204,207,211,215,218,222,226,230,233,236,239,243,246,251,254,257,261,264,268,270,273,277,280,284,288,292,296,299,303,307,310,312,315,318,320,323],{"type":155,"name":156,"callback":157,"priority":11,"file":158,"line":159},"filter","wpas_plugin_settings","filter_import_envato_settings","admin\\class-awesome-support.php",21,{"type":161,"name":162,"callback":163,"priority":11,"file":158,"line":164},"action","update_option_wpas_options","action_import_envato_products",22,{"type":161,"name":166,"callback":167,"file":158,"line":168},"admin_enqueue_scripts","action_import_envato_notifications",23,{"type":161,"name":170,"callback":171,"priority":11,"file":158,"line":172},"product_add_form_fields","action_envato_product_meta_add_form",26,{"type":161,"name":174,"callback":175,"priority":11,"file":158,"line":176},"product_edit_form_fields","action_envato_products_meta_edit_form",27,{"type":161,"name":178,"callback":179,"priority":11,"file":158,"line":180},"edited_product","action_envato_products_save_meta",28,{"type":161,"name":182,"callback":179,"priority":11,"file":158,"line":183},"create_product",29,{"type":155,"name":185,"callback":186,"priority":11,"file":187,"line":188},"login_message","login_errors_message","admin\\class-envato-api.php",519,{"type":161,"name":190,"callback":191,"file":192,"line":193},"init","register_post_type","admin\\class-licenses.php",37,{"type":155,"name":195,"callback":195,"priority":11,"file":192,"line":196},"display_post_states",40,{"type":161,"name":198,"callback":198,"file":192,"line":199},"template_redirect",43,{"type":155,"name":201,"callback":202,"file":192,"line":203},"the_content","add_content_shortcode",46,{"type":155,"name":205,"callback":205,"file":192,"line":206},"post_row_actions",49,{"type":155,"name":208,"callback":209,"file":192,"line":210},"bulk_actions-edit-vatomi_license","bulk_actions",52,{"type":155,"name":212,"callback":213,"file":192,"line":214},"manage_edit-vatomi_license_columns","manage_edit_columns",55,{"type":161,"name":216,"callback":217,"priority":11,"file":192,"line":73},"manage_vatomi_license_posts_custom_column","manage_columns",{"type":161,"name":219,"callback":220,"file":192,"line":221},"posts_join","action_extend_licenses_search_join",59,{"type":161,"name":223,"callback":224,"file":192,"line":225},"posts_where","action_extend_licenses_search_where",60,{"type":161,"name":227,"callback":228,"file":192,"line":229},"posts_distinct","action_extend_licenses_search_distinct",61,{"type":161,"name":190,"callback":191,"file":231,"line":232},"admin\\class-logging.php",38,{"type":161,"name":190,"callback":234,"file":231,"line":235},"register_taxonomy",41,{"type":161,"name":190,"callback":237,"file":231,"line":238},"maybe_prune_logs",44,{"type":161,"name":240,"callback":241,"file":231,"line":242},"restrict_manage_posts","add_taxonomy_filters",51,{"type":155,"name":244,"callback":245,"file":231,"line":210},"parse_query","taxonomy_filter_post_type_request",{"type":161,"name":247,"callback":248,"file":249,"line":250},"rest_api_init","register_routes","admin\\class-rest-api.php",119,{"type":161,"name":252,"callback":252,"file":253,"line":183},"admin_init","admin\\class-settings.php",{"type":161,"name":255,"callback":255,"file":253,"line":256},"admin_menu",30,{"type":155,"name":258,"callback":259,"file":260,"line":159},"manage_users_columns","filter_envato_url_users_column","admin\\class-user-settings.php",{"type":155,"name":262,"callback":263,"priority":11,"file":260,"line":164},"manage_users_custom_column","filter_envato_url_users_column_row",{"type":161,"name":265,"callback":266,"file":260,"line":267},"show_user_profile","action_envato_profile_fields",25,{"type":161,"name":269,"callback":266,"file":260,"line":172},"edit_user_profile",{"type":161,"name":271,"callback":272,"file":260,"line":183},"pre_user_search","action_extend_user_search",{"type":155,"name":274,"callback":275,"priority":11,"file":276,"line":159},"wpas_cf_taxonomy_oredered_terms","filter_processing_envato_products","front\\class-awesome-support.php",{"type":161,"name":278,"callback":279,"priority":11,"file":276,"line":164},"wpas_submission_form_inside_before_subject","action_add_envato_login_button",{"type":155,"name":281,"callback":282,"priority":11,"file":276,"line":283},"wpas_before_submit_new_ticket_checks","filter_envato_product_validation",24,{"type":161,"name":185,"callback":285,"file":286,"line":287},"vatomi_login_with_wordpress_form","shortcodes\\envato-login-shortcode.php",122,{"type":161,"name":289,"callback":290,"file":286,"line":291},"wpas_before_login_form","vatomi_login_with_awesome_support_form",126,{"type":161,"name":293,"callback":294,"file":286,"line":295},"bp_before_register_page","vatomi_login_with_buddypress_form",130,{"type":161,"name":255,"callback":255,"file":297,"line":298},"vatomi.php",113,{"type":155,"name":300,"callback":301,"file":297,"line":302},"parent_file","admin_menu_highlight_items",114,{"type":161,"name":304,"callback":305,"file":297,"line":306},"after_setup_theme","envato_sign_action",116,{"type":161,"name":304,"callback":308,"priority":11,"file":297,"line":309},"envato_cookie_redirect_action",117,{"type":161,"name":166,"callback":166,"file":297,"line":311},118,{"type":161,"name":166,"callback":313,"file":297,"line":314},"enqueue_scripts_everywhere",120,{"type":161,"name":316,"callback":313,"file":297,"line":317},"wp_enqueue_scripts",121,{"type":161,"name":319,"callback":313,"file":297,"line":287},"login_head",{"type":155,"name":321,"callback":321,"file":297,"line":322},"mce_css",125,{"type":161,"name":166,"callback":166,"file":324,"line":325},"vendors\\wedevs-settings-api.php",36,[327,332],{"action":328,"nopriv":329,"callback":330,"hasNonce":331,"hasCapCheck":331,"file":276,"line":172},"vatomi_refresh_user_data",false,"ajax_refresh_user_data",true,{"action":333,"nopriv":329,"callback":334,"hasNonce":331,"hasCapCheck":329,"file":276,"line":176},"vatomi_get_wpas_products_select","ajax_get_wpas_products_select",[],[337,340],{"tag":338,"callback":338,"file":286,"line":339},"vatomi_login_form",14,{"tag":341,"callback":341,"file":342,"line":343},"vatomi_licenses","shortcodes\\licenses.php",15,[],4,{"dangerousFunctions":347,"sqlUsage":354,"outputEscaping":356,"fileOperations":13,"externalRequests":441,"nonceChecks":61,"capabilityChecks":442,"bundledLibraries":443},[348,351],{"fn":349,"file":158,"line":242,"context":350},"unserialize","$vatomi_exist_products = unserialize( get_transient( 'vatomi_exist_products' ) );",{"fn":352,"file":324,"line":302,"context":353},"create_function","$callback = create_function( '', 'echo \"' . str_replace( '\"', '\\\"', $section['desc'] ) . '\";' );",{"prepared":61,"raw":13,"locations":355},[],{"escaped":357,"rawEcho":199,"locations":358},147,[359,362,364,366,368,370,372,374,376,377,378,380,382,383,385,387,389,391,393,395,397,399,401,403,405,406,408,410,412,414,416,417,419,421,423,425,427,429,431,433,435,437,439],{"file":192,"line":360,"context":361},226,"raw output",{"file":192,"line":363,"context":361},238,{"file":192,"line":365,"context":361},250,{"file":192,"line":367,"context":361},262,{"file":192,"line":369,"context":361},274,{"file":192,"line":371,"context":361},301,{"file":192,"line":373,"context":361},315,{"file":192,"line":375,"context":361},331,{"file":192,"line":116,"context":361},{"file":260,"line":33,"context":361},{"file":260,"line":379,"context":361},97,{"file":260,"line":381,"context":361},106,{"file":260,"line":311,"context":361},{"file":260,"line":384,"context":361},135,{"file":260,"line":386,"context":361},140,{"file":260,"line":388,"context":361},141,{"file":260,"line":390,"context":361},142,{"file":260,"line":392,"context":361},143,{"file":260,"line":394,"context":361},144,{"file":260,"line":396,"context":361},171,{"file":276,"line":398,"context":361},98,{"file":276,"line":400,"context":361},100,{"file":276,"line":402,"context":361},185,{"file":276,"line":404,"context":361},235,{"file":286,"line":60,"context":361},{"file":286,"line":407,"context":361},103,{"file":286,"line":409,"context":361},112,{"file":324,"line":411,"context":361},191,{"file":324,"line":413,"context":361},220,{"file":324,"line":415,"context":361},239,{"file":324,"line":367,"context":361},{"file":324,"line":418,"context":361},284,{"file":324,"line":420,"context":361},305,{"file":324,"line":422,"context":361},322,{"file":324,"line":424,"context":361},332,{"file":324,"line":426,"context":361},345,{"file":324,"line":428,"context":361},361,{"file":324,"line":430,"context":361},380,{"file":324,"line":432,"context":361},396,{"file":324,"line":434,"context":361},412,{"file":324,"line":436,"context":361},430,{"file":324,"line":438,"context":361},524,{"file":324,"line":440,"context":361},536,3,7,[444],{"name":445,"version":27,"knownCves":446},"TinyMCE",[],[448,473,483,511],{"entryPoint":449,"graph":450,"unsanitizedCount":471,"severity":472},"envato_sign_action (vatomi.php:227)",{"nodes":451,"edges":468},[452,457,461],{"id":453,"type":454,"label":455,"file":297,"line":456},"n0","source","$_COOKIE",254,{"id":458,"type":459,"label":460,"file":297,"line":456},"n1","transform","→ create_and_authorize_user()",{"id":462,"type":463,"label":464,"file":465,"line":466,"wp_function":467},"n2","sink","header() [Header Injection]","admin\\class-envato-wordpress-api.php",403,"header",[469,470],{"from":453,"to":458,"sanitized":329},{"from":458,"to":462,"sanitized":329},1,"medium",{"entryPoint":474,"graph":475,"unsanitizedCount":471,"severity":472},"\u003Cvatomi> (vatomi.php:0)",{"nodes":476,"edges":480},[477,478,479],{"id":453,"type":454,"label":455,"file":297,"line":456},{"id":458,"type":459,"label":460,"file":297,"line":456},{"id":462,"type":463,"label":464,"file":465,"line":466,"wp_function":467},[481,482],{"from":453,"to":458,"sanitized":329},{"from":458,"to":462,"sanitized":329},{"entryPoint":484,"graph":485,"unsanitizedCount":13,"severity":510},"template_redirect (admin\\class-licenses.php:145)",{"nodes":486,"edges":505},[487,490,492,496,499,502],{"id":453,"type":454,"label":488,"file":192,"line":489},"$_GET",179,{"id":458,"type":459,"label":491,"file":192,"line":489},"→ deactivate()",{"id":462,"type":463,"label":493,"file":192,"line":494,"wp_function":495},"wp_redirect() [Open Redirect]",665,"wp_redirect",{"id":497,"type":454,"label":488,"file":192,"line":498},"n3",183,{"id":500,"type":459,"label":501,"file":192,"line":498},"n4","→ activate()",{"id":503,"type":463,"label":493,"file":192,"line":504,"wp_function":495},"n5",577,[506,507,508,509],{"from":453,"to":458,"sanitized":329},{"from":458,"to":462,"sanitized":331},{"from":497,"to":500,"sanitized":329},{"from":500,"to":503,"sanitized":331},"low",{"entryPoint":512,"graph":513,"unsanitizedCount":13,"severity":510},"\u003Cclass-licenses> (admin\\class-licenses.php:0)",{"nodes":514,"edges":527},[515,518,519,520,521,522,523,525],{"id":453,"type":454,"label":516,"file":192,"line":517},"$_GET (x2)",158,{"id":458,"type":463,"label":493,"file":192,"line":504,"wp_function":495},{"id":462,"type":454,"label":488,"file":192,"line":489},{"id":497,"type":459,"label":491,"file":192,"line":489},{"id":500,"type":463,"label":493,"file":192,"line":494,"wp_function":495},{"id":503,"type":454,"label":488,"file":192,"line":498},{"id":524,"type":459,"label":501,"file":192,"line":498},"n6",{"id":526,"type":463,"label":493,"file":192,"line":504,"wp_function":495},"n7",[528,529,530,531,532],{"from":453,"to":458,"sanitized":331},{"from":462,"to":497,"sanitized":329},{"from":497,"to":500,"sanitized":331},{"from":503,"to":524,"sanitized":329},{"from":524,"to":526,"sanitized":331},{"summary":534,"deductions":535},"The \"vatomi\" plugin v1.0.3 demonstrates a mixed security posture. On the positive side, it exhibits good practices such as using prepared statements for all SQL queries and implementing nonce and capability checks on its entry points. The lack of known vulnerabilities in its history also suggests a potentially stable codebase.\n\nHowever, the static analysis reveals significant concerns. The presence of dangerous functions like `unserialize` and `create_function` is a major red flag, as these can be exploited if user-supplied input is passed to them without proper sanitization. While the taint analysis indicates no critical or high severity flows with unsanitized paths, the identified \"flows with unsanitized paths\" still warrant careful investigation. Furthermore, only 77% of output is properly escaped, leaving potential for cross-site scripting (XSS) vulnerabilities. The inclusion of TinyMCE, a library that can be a vector for vulnerabilities if not properly maintained and used, also adds to the risk profile.\n\nOverall, while \"vatomi\" v1.0.3 shows strengths in areas like SQL handling and authentication checks, the critical risks associated with dangerous functions and partially unsanitized data flows, combined with a less-than-perfect output escaping rate, indicate a need for thorough security review and potential remediation.",[536,538,540,542,544],{"reason":537,"points":343},"Dangerous function: unserialize detected",{"reason":539,"points":343},"Dangerous function: create_function detected",{"reason":541,"points":11},"2 flows with unsanitized paths",{"reason":543,"points":125},"23% of outputs not properly escaped",{"reason":545,"points":441},"Bundled library TinyMCE detected","2026-03-17T00:08:23.927Z",{"wat":548,"direct":557},{"assetPaths":549,"generatorPatterns":552,"scriptPaths":553,"versionParams":554},[550,551],"\u002Fwp-content\u002Fplugins\u002Fvatomi\u002Fassets\u002Fcss\u002Fvatomi.css","\u002Fwp-content\u002Fplugins\u002Fvatomi\u002Fassets\u002Fjs\u002Fvatomi.js",[],[551],[555,556],"vatomi\u002Fassets\u002Fcss\u002Fvatomi.css?ver=","vatomi\u002Fassets\u002Fjs\u002Fvatomi.js?ver=",{"cssClasses":558,"htmlComments":567,"htmlAttributes":576,"restEndpoints":582,"jsGlobals":587,"shortcodeOutput":589},[559,560,561,562,563,564,565,566],"vatomi-btn","vatomi-login-button","vatomi-licenses-table","vatomi-tab-content","vatomi-tab-nav","vatomi-log-list","vatomi-license-item","vatomi-license-key-input",[568,569,570,571,572,573,574,575],"Vatomi admin notices start","Vatomi admin notices end","Vatomi login form start","Vatomi login form end","Vatomi licenses list start","Vatomi licenses list end","Vatomi logs list start","Vatomi logs list end",[577,578,579,580,581],"data-vatomi-login-url","data-vatomi-ajax-url","data-vatomi-nonce","data-vatomi-license-id","data-vatomi-action",[583,584,585,586],"\u002Fwp-json\u002Fvatomi\u002Fv1\u002Flicenses","\u002Fwp-json\u002Fvatomi\u002Fv1\u002Flogs","\u002Fwp-json\u002Fvatomi\u002Fv1\u002Factivate","\u002Fwp-json\u002Fvatomi\u002Fv1\u002Fdeactivate",[4,588],"VatomiAJAX",[590,591,592],"[vatomi_login]","[vatomi_licenses]","[vatomi_support_form]"]