[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWIPpLOFC1zs9vh3v0Kr3YA6y-ZMMgP9NiCRjtHm5FTs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":31,"analysis":32,"fingerprints":79},"wc-gateway-payburner","Payburner Payment Gateway","1.0.4","payburner","https:\u002F\u002Fprofiles.wordpress.org\u002Fpayburner\u002F","\u003Cp>This gateway allows you to accept XRP payment on wc enabled wp sites using the Payburner service.  Payburner is an XRP wallet deployed as a browser extension.\u003C\u002Fp>\n\u003Cp>This WordPress plugin imports two javascript files from https:\u002F\u002Fwww.payburner.com in order to connect the page to the browser extension and to render and control the Payburner pay button.\u003C\u002Fp>\n\u003Cp>The source code for these two javascript files is located at:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fpayburner\u002Fpayburner.js\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fpayburner\u002Fpaybutton.js\u003C\u002Fp>\n\u003Cp>payburner.js interacts solely with the payburner browser extension which can be found at https:\u002F\u002Fchrome.google.com\u002Fwebstore\u002Fdetail\u002Fpayburner-browser-extensi\u002Fghigcfhmoaokccllienfhdhdndkfhmop\u003C\u002Fp>\n\u003Cp>The browser extension itself is a what is called a non-custodial hot wallet.  The users maintain full control over the wallet and their funds.\u003C\u002Fp>\n\u003Cp>paybutton.js interacts with https:\u002F\u002Fgateway.payburner.com to manage the status of the payment on the payburner payment gateway.\u003C\u002Fp>\n\u003Cp>On the back end, the php class class-payburner-api.php interacts with https:\u002F\u002Fgateway.payburner.com to check the payment status.\u003C\u002Fp>\n\u003Cp>The privacy policy of Payburner and its related sites, including https:\u002F\u002Fwww.payburner.com and https:\u002F\u002Fgateway.payburner.com can be found at: https:\u002F\u002Fwww.payburner.com\u002Fpayburner-privacy-policy.txt\u003C\u002Fp>\n","This is an XRP payment gateway for wc, using Payburner.",10,817,0,"2020-06-10T12:38:00.000Z","4.8.28","4.0","5.6",[19],"xrp-woocommerce-payment-gateway","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-gateway-payburner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-gateway-payburner.1.0.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},1,30,84,"2026-04-05T03:24:56.517Z",[],{"attackSurface":33,"codeSignals":55,"taintFlows":66,"riskAssessment":67,"analyzedAt":78},{"hooks":34,"ajaxHandlers":51,"restRoutes":52,"shortcodes":53,"cronEvents":54,"entryPointCount":13,"unprotectedCount":13},[35,41,46],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","wp_enqueue_scripts","payment_scripts","includes\\class-wc-gateway-payburner.php",47,{"type":36,"name":42,"callback":43,"file":44,"line":45},"plugins_loaded","init_gateways","wc-gateway-payburner.php",73,{"type":47,"name":48,"callback":49,"file":44,"line":50},"filter","woocommerce_payment_gateways","add_gateways",90,[],[],[],[],{"dangerousFunctions":56,"sqlUsage":57,"outputEscaping":59,"fileOperations":13,"externalRequests":27,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":65},[],{"prepared":13,"raw":13,"locations":58},[],{"escaped":60,"rawEcho":27,"locations":61},15,[62],{"file":39,"line":63,"context":64},80,"raw output",[],[],{"summary":68,"deductions":69},"The plugin \"wc-gateway-payburner\" v1.0.4 exhibits a generally strong security posture based on the provided static analysis.  The absence of known vulnerabilities and CVEs, combined with the use of prepared statements for all SQL queries and a high percentage of properly escaped output, are positive indicators. The attack surface is remarkably small, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events, further enhancing its security.  However, the lack of any nonce checks or capability checks on potential entry points, while currently not exposed, represents a theoretical weakness that could become a significant risk if new entry points are introduced without proper authentication and authorization mechanisms. The presence of a single external HTTP request also warrants attention, as it could be a vector for supply chain attacks or other vulnerabilities if not carefully managed and validated.",[70,73,75],{"reason":71,"points":72},"Missing capability checks",7,{"reason":74,"points":72},"Missing nonce checks",{"reason":76,"points":77},"External HTTP request present",3,"2026-03-17T01:40:10.530Z",{"wat":80,"direct":92},{"assetPaths":81,"generatorPatterns":85,"scriptPaths":86,"versionParams":89},[82,83,84],"\u002Fwp-content\u002Fplugins\u002Fwc-gateway-payburner\u002Fassets\u002Fimg\u002Fpay_with_payburner.png","\u002Fwp-content\u002Fplugins\u002Fwc-gateway-payburner\u002Fassets\u002Fjs\u002Fjquery.initialize.js","\u002Fwp-content\u002Fplugins\u002Fwc-gateway-payburner\u002Fassets\u002Fjs\u002Fpayburner-checkout.js",[],[87,88],"https:\u002F\u002Fwww.payburner.com\u002Fpayburner.js","https:\u002F\u002Fwww.payburner.com\u002Fpay-button\u002Fpay-button.js",[90,91],"wc-gateway-payburner\u002Fassets\u002Fjs\u002Fjquery.initialize.js?ver=","wc-gateway-payburner\u002Fassets\u002Fjs\u002Fpayburner-checkout.js?ver=",{"cssClasses":93,"htmlComments":94,"htmlAttributes":95,"restEndpoints":100,"jsGlobals":101,"shortcodeOutput":103},[],[],[96,97,98,99],"data-email","data-amount","data-currency","pay-button",[],[102],"wc_payburner_params",[104],"\u003Cpay-button"]