[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxQpu_G858JtGBY6Wr7oLnUenxxRZwFASxjQMOU0bWK4":3,"$fKBjbxeontrvqNWiPYM2RznkmNXATsxYw34tccUKZJ1k":442,"$fm_EWMRy2_ztbP4xWmf-PvIUSHiCBqhATKZoY9OrYGio":445},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":65,"crawl_stats":36,"alternatives":73,"analysis":74,"fingerprints":345},"virtual-hdm-for-taxservice-am","TAX SERVICE Electronic HDM","1.2.3","HK Digital Agency LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fhkdigitalagency\u002F","\u003Cp>\u003Cstrong>TAX SERVICE Electronic HDM\u003C\u002Fstrong> is a WooCommerce plugin that seamlessly integrates the Electronic Fiscal Data Module (Էլեկտրոնային ՀԴՄ) system required by Armenian tax authorities.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automated Fiscal Receipts\u003C\u002Fstrong> – Generate electronic fiscal receipts automatically for WooCommerce orders\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JKS Certificate Support\u003C\u002Fstrong> – Upload and manage .jks certification files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tax Type Management\u003C\u002Fstrong> – Configure tax types, departments, and cashier information\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Product Configuration\u003C\u002Fstrong> – Set HS codes, product codes, and measurement units per product\u003C\u002Fli>\n\u003Cli>\u003Cstrong>VAT Flexibility\u003C\u002Fstrong> – Support for VAT-taxable and non-VAT items with receipt-like printouts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Delivery Service Integration\u003C\u002Fstrong> – Built-in shipping\u002Fdelivery functionality\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Updates\u003C\u002Fstrong> – Keep the plugin up-to-date with automatic update notifications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Who Is This For?\u003C\u002Fh4>\n\u003Cp>This plugin is designed specifically for Armenian businesses operating in Armenia who:\u003Cbr \u002F>\n* Use WooCommerce for e-commerce\u003Cbr \u002F>\n* Are required to comply with Armenian tax regulations\u003Cbr \u002F>\n* Need to issue electronic fiscal receipts (Էլեկտրոնային ՀԴՄ)\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>WooCommerce 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>Valid Electronic HDM registration with Armenian tax authorities\u003C\u002Fli>\n\u003Cli>SSL certificate recommended\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Getting Started\u003C\u002Fh4>\n\u003Cp>Before using this plugin, you must complete the identification process:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Visit our website: \u003Ca href=\"https:\u002F\u002Fhkdigital.am\u002F\" rel=\"nofollow ugc\">hkdigital.am\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Call us: \u003Cstrong>033 779-779\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Email us: \u003Cstrong>support@hkdigital.am\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The identification service is paid. Contact us for pricing details.\u003C\u002Fp>\n\u003Ch4>Documentation & Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.hkdigital.am\u002Fterms.html\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.hkdigital.am\u002Fterms.html\" rel=\"nofollow ugc\">Support Portal\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Email: support@hkdigital.am\u003C\u002Fli>\n\u003Cli>Phone: 033 779-779\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Armenian (hy) – Native\u003C\u002Fli>\n\u003Cli>English (en)\u003C\u002Fli>\n\u003Cli>Russian (ru)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin:\u003Cbr \u002F>\n* Does not collect personal data from visitors\u003Cbr \u002F>\n* Processes order data as required for fiscal receipt generation\u003Cbr \u002F>\n* Communicates with Armenian tax authority servers for receipt validation\u003Cbr \u002F>\n* Stores certificate and configuration data locally in WordPress database\u003Cbr \u002F>\n* Does not share data with third parties except as required by Armenian tax law\u003C\u002Fp>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Ch4>System Requirements\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Minimum:\u003C\u002Fstrong>\u003Cbr \u002F>\n* WordPress 5.0+\u003Cbr \u002F>\n* WooCommerce 5.0+\u003Cbr \u002F>\n* PHP 7.4+\u003Cbr \u002F>\n* MySQL 5.6+ or MariaDB 10.0+\u003Cbr \u002F>\n* SSL Certificate (recommended)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recommended:\u003C\u002Fstrong>\u003Cbr \u002F>\n* WordPress 6.7+\u003Cbr \u002F>\n* WooCommerce 9.0+\u003Cbr \u002F>\n* PHP 8.1+\u003Cbr \u002F>\n* MySQL 8.0+ or MariaDB 10.6+\u003Cbr \u002F>\n* SSL Certificate (required for production)\u003C\u002Fp>\n\u003Ch4>Automatic Updates\u003C\u002Fh4>\n\u003Cp>The plugin includes automatic update notifications. We regularly release updates to:\u003Cbr \u002F>\n* Maintain compatibility with WordPress and WooCommerce\u003Cbr \u002F>\n* Add new features\u003Cbr \u002F>\n* Fix bugs and improve performance\u003Cbr \u002F>\n* Ensure compliance with Armenian tax authority requirements\u003C\u002Fp>\n\u003Cp>Update service terms and conditions are available on our website.\u003C\u002Fp>\n\u003Ch4>Copyright & Licensing\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Copyright © 2024 HK Digital Agency LLC (ԷՅՋԿԱ ԴԻՋԻՏԱԼ ԷՋԵՆՍԻ ՍՊԸ)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin and its contents are protected by copyright law.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Restrictions:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Distribution, modification, or adaptation of the plugin code is prohibited without written permission\u003Cbr \u002F>\n* Use of trademarks and branding materials is restricted\u003Cbr \u002F>\n* The plugin is licensed for use, not for resale or redistribution\u003C\u002Fp>\n\u003Cp>\u003Cstrong>License Grant:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Users receive a paid license to use the plugin on their WordPress\u002FWooCommerce site\u003Cbr \u002F>\n* License is non-transferable and site-specific\u003Cbr \u002F>\n* Pricing and terms available at \u003Ca href=\"https:\u002F\u002Fhkdigital.am\u002F\" rel=\"nofollow ugc\">hkdigital.am\u003C\u002Fa> or by calling 033 779-779\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disclaimer:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>HK Digital Agency LLC is not responsible for:\u003Cbr \u002F>\n* Services provided by third-party plugins, applications, platforms, or organizations\u003Cbr \u002F>\n* Technical issues arising from updates to WordPress, WooCommerce, or other plugins\u003Cbr \u002F>\n* Partial or complete plugin malfunction due to third-party updates\u003Cbr \u002F>\n* Website uptime, security, or data integrity (user responsibility)\u003Cbr \u002F>\n* Compliance with tax laws (user must ensure proper configuration)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Email: support@hkdigital.am\u003Cbr \u002F>\n* Phone: 033 779-779\u003Cbr \u002F>\n* Website: \u003Ca href=\"https:\u002F\u002Fhkdigital.am\u002F\" rel=\"nofollow ugc\">hkdigital.am\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Developed by \u003Cstrong>HK Digital Agency LLC\u003C\u002Fstrong>\u003Cbr \u002F>\n* Website: \u003Ca href=\"https:\u002F\u002Fhkdigital.am\u002F\" rel=\"nofollow ugc\">hkdigital.am\u003C\u002Fa>\u003Cbr \u002F>\n* Email: support@hkdigital.am\u003Cbr \u002F>\n* Phone: 033 779-779\u003C\u002Fp>\n\u003Cp>Special thanks to all businesses using our plugin and providing valuable feedback.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin communicates with the following external services:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Armenian Tax Service API\u003C\u002Fstrong>\u003Cbr \u002F>\n* Purpose: Generate and validate fiscal receipts\u003Cbr \u002F>\n* Data Sent: Order details, tax information, certificate credentials\u003Cbr \u002F>\n* Privacy Policy: Contact Armenian State Revenue Committee\u003Cbr \u002F>\n* Terms of Service: Armenian tax law requirements\u003Cbr \u002F>\n* Website: \u003Ca href=\"https:\u002F\u002Fpetekamutner.am\u002F\" rel=\"nofollow ugc\">petekamutner.am\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Use of this plugin requires compliance with Armenian tax laws and regulations. Users are responsible for ensuring proper configuration and legal compliance.\u003C\u002Fp>\n","Armenian Electronic Fiscal Data Module (HDM) integration for WooCommerce. Tax compliance for Armenian businesses.",10,1098,0,"2025-11-05T23:23:00.000Z","6.7.5","5.0","7.4",[19,20,21,22],"electronic-hdm","hdm","%d5%b0%d5%a4%d5%b4","%d5%a7%d5%ac%d5%a5%d5%af%d5%bf%d6%80%d5%b8%d5%b6%d5%a1%d5%b5%d5%ab%d5%b6-%d5%b0%d5%a4%d5%b4","#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvirtual-hdm-for-taxservice-am.1.2.3.zip",93,2,"2025-11-05 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[31,49],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":27,"updated_date":43,"references":44,"days_to_patch":46,"patch_diff_files":47,"patch_trac_url":36,"research_status":36,"research_verified":48,"research_rounds_completed":13,"research_plan":36,"research_summary":36,"research_vulnerable_code":36,"research_fix_diff":36,"research_exploit_outline":36,"research_model_used":36,"research_started_at":36,"research_completed_at":36,"research_error":36,"poc_status":36,"poc_video_id":36,"poc_summary":36,"poc_steps":36,"poc_tested_at":36,"poc_wp_version":36,"poc_php_version":36,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":48,"poc_model_used":36,"poc_verification_depth":36},"CVE-2025-12061","tax-service-electronic-hdm-unauthenticated-arbitrary-sql-injection","Tax Service Electronic HDM \u003C= 1.2.0 - Unauthenticated Arbitrary SQL Injection","The TAX SERVICE Electronic HDM plugin for WordPress is vulnerable to SQL Injection via the 'importTaxService' AJAX endpoint in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query and a missing capability check. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database and inject new users to completely takeover the site.",null,"\u003C=1.2.0","1.2.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Missing Authorization","2025-12-01 17:08:03",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F92d5be7a-ce96-4e26-afd1-a84b6f46b03f?source=api-prod",27,[],false,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":36,"affected_versions":54,"patched_in_version":6,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63,"patch_diff_files":64,"patch_trac_url":36,"research_status":36,"research_verified":48,"research_rounds_completed":13,"research_plan":36,"research_summary":36,"research_vulnerable_code":36,"research_fix_diff":36,"research_exploit_outline":36,"research_model_used":36,"research_started_at":36,"research_completed_at":36,"research_error":36,"poc_status":36,"poc_video_id":36,"poc_summary":36,"poc_steps":36,"poc_tested_at":36,"poc_wp_version":36,"poc_php_version":36,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":48,"poc_model_used":36,"poc_verification_depth":36},"CVE-2024-54261","tax-service-electronic-hdm-unauthenticated-sql-injection","TAX SERVICE Electronic HDM \u003C= 1.1.2 - Unauthenticated SQL Injection","The TAX SERVICE Electronic HDM plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C=1.1.2","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2024-12-06 00:00:00","2025-11-11 14:51:39",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F970c7495-e43c-4606-8154-e2ac7d1c4816?source=api-prod",341,[],{"slug":66,"display_name":7,"profile_url":8,"plugin_count":67,"total_installs":68,"avg_security_score":69,"avg_patch_time_days":70,"trust_score":71,"computed_at":72},"hkdigitalagency",13,690,91,275,73,"2026-05-20T10:16:18.944Z",[],{"attackSurface":75,"codeSignals":190,"taintFlows":264,"riskAssessment":329,"analyzedAt":344},{"hooks":76,"ajaxHandlers":166,"restRoutes":185,"shortcodes":186,"cronEvents":187,"entryPointCount":188,"unprotectedCount":189},[77,83,89,94,98,103,107,112,116,118,120,126,130,134,138,141,144,147,150,152,154,156,158,160,162,164],{"type":78,"name":79,"callback":80,"file":81,"line":82},"filter","admin_footer_text","remove_footer_admin","admin\u002Fcontrollers\u002FMainController.php",57,{"type":78,"name":84,"callback":85,"priority":86,"file":87,"line":88},"woocommerce_product_data_tabs","add_tax_service_product_data_tab",99,"admin\u002Fcontrollers\u002FProductSettingsController.php",18,{"type":90,"name":91,"callback":92,"file":87,"line":93},"action","woocommerce_product_data_panels","add_tax_service_product_data_fields",21,{"type":90,"name":95,"callback":96,"file":87,"line":97},"woocommerce_process_product_meta","tax_service_process_product_meta_fields_save",24,{"type":90,"name":99,"callback":100,"priority":101,"file":102,"line":26},"woocommerce_thankyou","woocomerceTaxServiceThankYouPage",999,"checkout\u002Fcheckout.php",{"type":90,"name":104,"callback":105,"file":106,"line":26},"admin_init","pluginActivateTaxService","includes\u002Factivate.php",{"type":90,"name":108,"callback":109,"file":110,"line":111},"admin_menu","hkdigital_admin_menu_tax_service","index.php",23,{"type":90,"name":113,"callback":114,"file":110,"line":115},"init","closure",36,{"type":90,"name":113,"callback":114,"file":110,"line":117},52,{"type":90,"name":104,"callback":114,"file":110,"line":119},61,{"type":90,"name":121,"callback":122,"priority":123,"file":124,"line":125},"woocommerce_order_status_changed","statusChangeHook",3,"payment\u002FWCHKDTaxServicePaymentController.php",55,{"type":90,"name":127,"callback":128,"priority":123,"file":124,"line":129},"woocommerce_order_edit_status","statusChangeHookSubscription",56,{"type":78,"name":131,"callback":132,"file":124,"line":133},"manage_edit-shop_order_columns","addTaxServiceColumnInOrdersPage",58,{"type":90,"name":135,"callback":136,"priority":11,"file":124,"line":137},"manage_shop_order_posts_custom_column","addTaxServiceOrderContent",59,{"type":78,"name":139,"callback":132,"file":124,"line":140},"woocommerce_shop_order_list_table_columns",60,{"type":90,"name":142,"callback":143,"priority":11,"file":124,"line":119},"woocommerce_shop_order_list_table_custom_column","addTaxServiceOrderContentHook2",{"type":78,"name":145,"callback":114,"file":124,"line":146},"wp_mail_content_type",375,{"type":78,"name":148,"callback":114,"file":124,"line":149},"wp_mail_charset",379,{"type":78,"name":145,"callback":114,"file":124,"line":151},394,{"type":78,"name":148,"callback":114,"file":124,"line":153},397,{"type":78,"name":145,"callback":114,"file":124,"line":155},533,{"type":78,"name":148,"callback":114,"file":124,"line":157},537,{"type":78,"name":145,"callback":114,"file":124,"line":159},553,{"type":78,"name":148,"callback":114,"file":124,"line":161},557,{"type":78,"name":145,"callback":114,"file":124,"line":163},623,{"type":78,"name":148,"callback":114,"file":124,"line":165},627,[167,171,175,178,181],{"action":168,"nopriv":48,"callback":169,"hasNonce":48,"hasCapCheck":48,"file":110,"line":170},"exportTaxService","exportSettingsAndData",74,{"action":172,"nopriv":48,"callback":173,"hasNonce":48,"hasCapCheck":48,"file":110,"line":174},"importTaxService","importTaxServiceData",75,{"action":176,"nopriv":48,"callback":176,"hasNonce":48,"hasCapCheck":48,"file":110,"line":177},"checkTaxServiceVerification",79,{"action":179,"nopriv":48,"callback":180,"hasNonce":48,"hasCapCheck":48,"file":124,"line":82},"print_hdm_manually","checkOrderActions",{"action":182,"nopriv":48,"callback":182,"hasNonce":183,"hasCapCheck":183,"file":124,"line":184},"getPrintBody",true,64,[],[],[],5,4,{"dangerousFunctions":191,"sqlUsage":198,"outputEscaping":201,"fileOperations":189,"externalRequests":188,"nonceChecks":189,"capabilityChecks":188,"bundledLibraries":260},[192,196],{"fn":193,"file":81,"line":194,"context":195},"move_uploaded_file",186,"move_uploaded_file($files['tmp_name'], $taxServiceUploadFilePath);",{"fn":193,"file":81,"line":197,"context":195},202,{"prepared":199,"raw":13,"locations":200},30,[],{"escaped":202,"rawEcho":203,"locations":204},414,26,[205,209,211,213,215,217,219,221,223,225,227,229,232,234,235,237,239,241,243,246,248,250,252,254,256,258],{"file":206,"line":207,"context":208},"admin\u002Fviews\u002Fsettings.php",63,"raw output",{"file":206,"line":210,"context":208},141,{"file":206,"line":212,"context":208},145,{"file":206,"line":214,"context":208},156,{"file":206,"line":216,"context":208},167,{"file":206,"line":218,"context":208},657,{"file":206,"line":220,"context":208},682,{"file":206,"line":222,"context":208},694,{"file":102,"line":224,"context":208},117,{"file":102,"line":226,"context":208},217,{"file":102,"line":228,"context":208},292,{"file":230,"line":231,"context":208},"checkout\u002Femail.php",154,{"file":230,"line":233,"context":208},198,{"file":230,"line":197,"context":208},{"file":230,"line":236,"context":208},206,{"file":230,"line":238,"context":208},210,{"file":230,"line":240,"context":208},302,{"file":230,"line":242,"context":208},404,{"file":244,"line":245,"context":208},"checkout\u002Frefund.php",150,{"file":244,"line":247,"context":208},182,{"file":244,"line":249,"context":208},203,{"file":244,"line":251,"context":208},207,{"file":244,"line":253,"context":208},211,{"file":244,"line":255,"context":208},215,{"file":244,"line":257,"context":208},307,{"file":244,"line":259,"context":208},409,[261],{"name":262,"version":36,"knownCves":263},"jQuery",[],[265,284,292,300,313,321],{"entryPoint":266,"graph":267,"unsanitizedCount":13,"severity":283},"importTaxServiceData (admin\u002Fcontrollers\u002FImportController.php:3)",{"nodes":268,"edges":281},[269,275],{"id":270,"type":271,"label":272,"file":273,"line":274},"n0","source","$_FILES","admin\u002Fcontrollers\u002FImportController.php",25,{"id":276,"type":277,"label":278,"file":273,"line":279,"wp_function":280},"n1","sink","file_get_contents() [SSRF\u002FLFI]",38,"file_get_contents",[282],{"from":270,"to":276,"sanitized":183},"low",{"entryPoint":285,"graph":286,"unsanitizedCount":13,"severity":283},"importFile (admin\u002Fcontrollers\u002FImportController.php:14)",{"nodes":287,"edges":290},[288,289],{"id":270,"type":271,"label":272,"file":273,"line":274},{"id":276,"type":277,"label":278,"file":273,"line":279,"wp_function":280},[291],{"from":270,"to":276,"sanitized":183},{"entryPoint":293,"graph":294,"unsanitizedCount":13,"severity":283},"\u003CImportController> (admin\u002Fcontrollers\u002FImportController.php:0)",{"nodes":295,"edges":298},[296,297],{"id":270,"type":271,"label":272,"file":273,"line":274},{"id":276,"type":277,"label":278,"file":273,"line":279,"wp_function":280},[299],{"from":270,"to":276,"sanitized":183},{"entryPoint":301,"graph":302,"unsanitizedCount":26,"severity":283},"plugin_page (admin\u002Fcontrollers\u002FMainController.php:3)",{"nodes":303,"edges":311},[304,307],{"id":270,"type":271,"label":305,"file":81,"line":306},"$_FILES (x2)",179,{"id":276,"type":277,"label":308,"file":81,"line":309,"wp_function":310},"update_option() [Settings Manipulation]",188,"update_option",[312],{"from":270,"to":276,"sanitized":48},{"entryPoint":314,"graph":315,"unsanitizedCount":26,"severity":283},"saveTaxServiceSettings (admin\u002Fcontrollers\u002FMainController.php:148)",{"nodes":316,"edges":319},[317,318],{"id":270,"type":271,"label":305,"file":81,"line":306},{"id":276,"type":277,"label":308,"file":81,"line":309,"wp_function":310},[320],{"from":270,"to":276,"sanitized":48},{"entryPoint":322,"graph":323,"unsanitizedCount":26,"severity":283},"\u003CMainController> (admin\u002Fcontrollers\u002FMainController.php:0)",{"nodes":324,"edges":327},[325,326],{"id":270,"type":271,"label":305,"file":81,"line":306},{"id":276,"type":277,"label":308,"file":81,"line":309,"wp_function":310},[328],{"from":270,"to":276,"sanitized":48},{"summary":330,"deductions":331},"The \"virtual-hdm-for-taxservice-am\" v1.2.3 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling, with 100% of queries using prepared statements, and a high percentage of output escaping, significant concerns remain regarding its attack surface. The presence of four unprotected AJAX handlers represents a critical security gap, allowing unauthenticated users to potentially trigger plugin functionalities. The `move_uploaded_file` function, flagged as a dangerous function, combined with unsanitized path taint flows, further elevates the risk of arbitrary file upload vulnerabilities if not handled with extreme care. The plugin's vulnerability history, including past critical and high severity issues related to missing authorization and SQL injection, highlights a recurring pattern of insecure coding practices. Although there are currently no unpatched CVEs, the history suggests a tendency to introduce vulnerabilities that require external patching, underscoring the need for more robust internal security controls and development lifecycle integration.",[332,334,337,339,342],{"reason":333,"points":11},"High number of unprotected AJAX handlers",{"reason":335,"points":336},"Use of dangerous function: move_uploaded_file",7,{"reason":338,"points":188},"Taint flows with unsanitized paths",{"reason":340,"points":341},"Past critical CVE (Missing Authorization)",15,{"reason":343,"points":11},"Past high CVE (SQL Injection)","2026-04-16T12:03:44.160Z",{"wat":346,"direct":359},{"assetPaths":347,"generatorPatterns":352,"scriptPaths":353,"versionParams":354},[348,349,350,351],"\u002Fwp-content\u002Fplugins\u002Fvirtual-hdm-for-taxservice-am\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fvirtual-hdm-for-taxservice-am\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fvirtual-hdm-for-taxservice-am\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fvirtual-hdm-for-taxservice-am\u002Fassets\u002Fjs\u002Fmain.js",[],[350,351],[355,356,357,358],"virtual-hdm-for-taxservice-am\u002Fassets\u002Fcss\u002Fadmin.css?ver=","virtual-hdm-for-taxservice-am\u002Fassets\u002Fcss\u002Fmain.css?ver=","virtual-hdm-for-taxservice-am\u002Fassets\u002Fjs\u002Fadmin.js?ver=","virtual-hdm-for-taxservice-am\u002Fassets\u002Fjs\u002Fmain.js?ver=",{"cssClasses":360,"htmlComments":428,"htmlAttributes":429,"restEndpoints":436,"jsGlobals":438,"shortcodeOutput":441},[361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427],"hkd_tax_service_admin_wrap","hkd_tax_service_admin_main","hkd_tax_service_admin_item","hkd_tax_service_admin_row","hkd_tax_service_admin_label","hkd_tax_service_admin_control","hkd_tax_service_admin_btn","hkd_tax_service_admin_header","hkd_tax_service_admin_content","hkd_tax_service_admin_form","hkd_tax_service_admin_menu","hkd_tax_service_admin_logo","hkd_tax_service_admin_logo_img","hkd_tax_service_admin_menu_title","hkd_tax_service_admin_menu_item","hkd_tax_service_admin_menu_item_active","hkd_tax_service_admin_menu_item_link","hkd_tax_service_admin_content_wrap","hkd_tax_service_admin_title","hkd_tax_service_admin_description","hkd_tax_service_admin_note","hkd_tax_service_admin_text","hkd_tax_service_admin_btn_save","hkd_tax_service_admin_btn_cancel","hkd_tax_service_admin_btn_reset","hkd_tax_service_admin_field","hkd_tax_service_admin_field_label","hkd_tax_service_admin_field_input","hkd_tax_service_admin_field_select","hkd_tax_service_admin_field_textarea","hkd_tax_service_admin_field_checkbox","hkd_tax_service_admin_field_radio","hkd_tax_service_admin_field_file","hkd_tax_service_admin_field_date","hkd_tax_service_admin_field_time","hkd_tax_service_admin_field_color","hkd_tax_service_admin_field_image","hkd_tax_service_admin_field_upload","hkd_tax_service_admin_field_wysiwyg","hkd_tax_service_admin_field_editor","hkd_tax_service_admin_field_map","hkd_tax_service_admin_field_hidden","hkd_tax_service_admin_field_disabled","hkd_tax_service_admin_field_readonly","hkd_tax_service_admin_field_error","hkd_tax_service_admin_field_success","hkd_tax_service_admin_field_warning","hkd_tax_service_admin_field_info","hkd_tax_service_admin_field_tooltip","hkd_tax_service_admin_field_placeholder","hkd_tax_service_admin_field_required","hkd_tax_service_admin_field_optional","hkd_tax_service_admin_field_default","hkd_tax_service_admin_field_custom","hkd_tax_service_admin_field_advanced","hkd_tax_service_admin_field_basic","hkd_tax_service_admin_field_general","hkd_tax_service_admin_field_advanced_settings","hkd_tax_service_admin_field_general_settings","hkd_tax_service_admin_field_plugin_settings","hkd_tax_service_admin_field_api_settings","hkd_tax_service_admin_field_payment_settings","hkd_tax_service_admin_field_tax_settings","hkd_tax_service_admin_field_report_settings","hkd_tax_service_admin_field_error_settings","hkd_tax_service_admin_field_request_settings","hkd_tax_service_admin_field_verification_settings",[],[430,431,432,433,434,435],"data-hkd-tax-service-verification-id","data-hkd-tax-service-owner-site-url","data-hkd-tax-service-plugin-url","data-hkd-tax-service-page","data-hkd-tax-service-dirname","data-hkd-tax-service-api-url",[437],"\u002Fwp-json\u002Fvirtual-hdm-for-taxservice-am\u002Fv1\u002Fsettings",[439,440],"virtualHDMTaxServiceAdmin","virtualHDMTaxServiceMain",[],{"error":183,"url":443,"statusCode":242,"statusMessage":444,"message":444},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fvirtual-hdm-for-taxservice-am\u002Fbundle","no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":26,"versions":446},[447,452],{"version":6,"download_url":24,"svn_tag_url":448,"released_at":36,"has_diff":48,"diff_files_changed":449,"diff_lines":36,"trac_diff_url":450,"vulnerabilities":451,"is_current":183},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvirtual-hdm-for-taxservice-am\u002Ftags\u002F1.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fvirtual-hdm-for-taxservice-am%2Ftags%2F1.2.2&new_path=%2Fvirtual-hdm-for-taxservice-am%2Ftags%2F1.2.3",[],{"version":453,"download_url":454,"svn_tag_url":455,"released_at":36,"has_diff":48,"diff_files_changed":456,"diff_lines":36,"trac_diff_url":36,"vulnerabilities":457,"is_current":48},"1.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvirtual-hdm-for-taxservice-am.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fvirtual-hdm-for-taxservice-am\u002Ftags\u002F1.2.2\u002F",[],[458],{"id":50,"url_slug":51,"title":52,"severity":55,"cvss_score":56,"vuln_type":58,"patched_in_version":6}]