[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHsBUPYZxEt7YlFAq9uw9DFve554B20wxwSNp2ok7cx4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":118,"fingerprints":258},"wc-paypay-gateway","Payment Gateway PayPay for WooCommerce","0.8","Hiroaki Miyashita","https:\u002F\u002Fprofiles.wordpress.org\u002Fhiroaki-miyashita\u002F","\u003Cp>The Payment Gateway PayPay for WooCommerce plugin adds the functionality to take PayPay payments on your store of WooCommerce.\u003C\u002Fp>\n\u003Ch4>About PayPay\u003C\u002Fh4>\n\u003Cp>PayPay is barcode based payment services in Japan. In order to start PayPay payments, you need to create a PayPay developer account.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.paypay.ne.jp\u002F\" rel=\"nofollow ugc\">PayPay for Developers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In order to make the mode Real, you have to purchase the authentication key at the following site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpmarket.jp\u002F\" rel=\"nofollow ugc\">WordPress Market\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Known Issues \u002F Bugs\u003C\u002Fh3>\n\u003Cp>Nothing.\u003C\u002Fp>\n\u003Ch3>Uninstall\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate the plugin\u003C\u002Fli>\n\u003Cli>That’s it! 🙂\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin adds the functionality to take PayPay payments on your store of WooCommerce.",100,4227,0,"2024-12-03T00:30:00.000Z","6.7.5","4.4","7.0",[19,20,21,22,23],"checkout","ecommerce","payments","paypay","woocommerce","https:\u002F\u002Fwww.wpmarket.jp\u002Fproduct\u002Fwc_paypay_gateway\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-paypay-gateway.0.8.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"hiroaki-miyashita",12,42660,88,223,71,"2026-04-04T09:13:20.827Z",[39,54,71,89,106],{"slug":40,"name":41,"version":42,"author":41,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":13,"last_updated":48,"tested_up_to":15,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":52,"download_link":53,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"freedompay-payment-gateway","FreedomPay","1.10.0","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreedompay\u002F","\u003Cp>It’s pretty easy to receive payments with FreedomPay Payments Provider.\u003C\u002Fp>\n\u003Ch3>International payment service for online business\u003C\u002Fh3>\n\u003Cp>Increase your profits with high-conversion payments. We will set up a convenient payment acceptance for your customers, and you can focus on developing your business!\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an API to create payment requests. It’s necessary for the payment system to work.\u003C\u002Fp>\n\u003Cp>It sends the payment request information, such as the cart data, payment amount, user’s IP every time the payment is created\u003Cbr \u002F>\n(when user clicks on “Pay” button), if the user’s IP is not available, sends empty string.\u003Cbr \u002F>\nThis service is provided by “Freedom Pay LLP”: \u003Ca href=\"https:\u002F\u002Ffreedompay.kz\u002Fen\u002Frules\" rel=\"nofollow ugc\">terms of use\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ffreedompay.kz\u002Fen\u002Fprivacy_policy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa>.\u003C\u002Fp>\n","It's pretty easy to receive payments with FreedomPay Payments Provider.",90,2873,"2025-03-12T04:44:00.000Z","5.0","7.4",[19,20,21,23],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreedompay-payment-gateway.1.10.0.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":50,"tags":67,"homepage":69,"download_link":70,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"paypercut-payments-for-woocommerce","Paypercut Payments for WooCommerce","0.1.4","Paypercut Dev","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaypercutdev\u002F","\u003Cp>Make it easy for customers to pay — and easier for you to manage — with Paypercut for WooCommerce.\u003Cbr \u002F>\nThis plugin brings fast, secure, and intuitive checkout to your online shop,\u003Cbr \u002F>\nhelping you boost conversions and streamline operations.\u003C\u002Fp>\n\u003Cp>Paypercut enables a range of trusted payment methods while giving you a single,\u003Cbr \u002F>\nunified view of all your transactions — whether online or in person.\u003C\u002Fp>\n\u003Cp>Whether you’re selling physical products or digital downloads, Paypercut for WooCommerce\u003Cbr \u002F>\nmakes taking payments effortless — so you can focus on growing your online business.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Paypercut Payments API (api.paypercut.io) to process payments and manage checkout sessions for your WooCommerce store. This connection is required for the plugin to function, as all payment processing is handled through Paypercut’s secure infrastructure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What the service is used for:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Creating and managing payment checkout sessions\u003Cbr \u002F>\n* Processing customer payments securely\u003Cbr \u002F>\n* Verifying payment status and updating order status\u003Cbr \u002F>\n* Managing refunds for completed orders\u003Cbr \u002F>\n* Setting up and managing webhooks for payment notifications\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent and when:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin sends data to Paypercut’s API (https:\u002F\u002Fapi.paypercut.io\u002F) in the following scenarios:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>During checkout session creation\u003C\u002Fstrong> (when a customer initiates checkout):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Store information (store name, store URL, WooCommerce order identifiers)\u003C\u002Fli>\n\u003Cli>Order details (order total, currency, line items, shipping costs, tax amounts)\u003C\u002Fli>\n\u003Cli>Customer billing information (name, billing address, email address)\u003C\u002Fli>\n\u003Cli>Customer shipping information (if applicable: shipping name and address)\u003C\u002Fli>\n\u003Cli>Technical metadata (session identifiers, return URLs, webhook URLs)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During payment verification\u003C\u002Fstrong> (when verifying payment status):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout session identifiers\u003C\u002Fli>\n\u003Cli>Order identifiers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During refund processing\u003C\u002Fstrong> (when a store administrator issues a refund):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Payment intent identifiers\u003C\u002Fli>\n\u003Cli>Refund amount and currency\u003C\u002Fli>\n\u003Cli>Refund reason (if provided)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During webhook setup\u003C\u002Fstrong> (when configuring the plugin):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Webhook URL for payment notifications\u003C\u002Fli>\n\u003Cli>Webhook event types to subscribe to\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During API credential validation\u003C\u002Fstrong> (when testing connection in settings):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>API credentials for authentication purposes only\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> Payment card data (credit card numbers, CVV codes, etc.) is collected and processed directly by Paypercut via their hosted checkout interface. This sensitive payment information never passes through or gets stored by this plugin or your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis service is provided by Paypercut. For more information about how Paypercut handles data, please refer to:\u003Cbr \u002F>\n* Privacy policy: https:\u002F\u002Fpaypercut.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin uses npm and @wordpress\u002Fscripts (which uses webpack) to build the Blocks checkout integration.\u003C\u002Fp>\n\u003Ch3>Source Code Location\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>IMPORTANT:\u003C\u002Fstrong> The human-readable source code for all compiled JavaScript is included in this plugin.\u003C\u002Fp>\n\u003Cp>The minified\u002Fcompiled file \u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode> is generated from the following source file:\u003Cbr \u002F>\n* \u003Cstrong>Source file:\u003C\u002Fstrong> \u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode> – This is the human-readable, unminified source code for the Blocks checkout integration\u003C\u002Fp>\n\u003Cp>All source code is included in the published plugin. The source file (\u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode>) contains the original, readable JavaScript code with ES6 modules, comments, and proper formatting. The compiled version (\u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode>) is generated from this source using the build process described below.\u003C\u002Fp>\n\u003Ch3>Building assets\u003C\u002Fh3>\n\u003Cp>To rebuild the compiled assets from source:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Install dependencies:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm install\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Build production assets:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm run build\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This will compile \u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode> into the minified \u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode> using @wordpress\u002Fscripts.\u003C\u002Fp>\n","Paypercut Payments enables WooCommerce merchants to accept online payments using Paypercut's checkout experience.",20,249,"2026-03-14T18:18:00.000Z","6.9.4","6.6",[19,20,68,21,23],"payment-gateway","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpaypercut-payments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaypercut-payments-for-woocommerce.0.1.4.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":62,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":66,"requires_php":84,"tags":85,"homepage":87,"download_link":88,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"precisionpay-payments-for-woocommerce","PrecisionPay Payments for WooCommerce","4.0.3","daveprecisionpay","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaveprecisionpay\u002F","\u003Cp>PrecisionPay is \u003Cem>the\u003C\u002Fem> payment solution for the firearms industry. We are a staunch supporter of the 2nd Amendment and will never cancel you for exercising your constitutional rights. Download and install our plugin and then visit our website to complete your application. Soon after that, you’ll be able to process payments for guns and ammunition without having to pay the exorbitant fees associated with “high risk” e-commerce categories.\u003C\u002Fp>\n\u003Cp>This plugin uses Plaid (\u003Ca href=\"https:\u002F\u002Fplaid.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fplaid.com\u002F\u003C\u002Fa>) along with the PrecisionPay checkout portal to allow your customers to pay with PrecisionPay as a guest (using Plaid) or as a PrecisionPay user (if they already have an account at \u003Ca href=\"myprecisionpay.com\" rel=\"nofollow ugc\">myprecisionpay.com\u003C\u002Fa>). View the PrecisionPay privacy policy \u003Ca href=\"https:\u002F\u002Fwww.myprecisionpay.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">here\u003C\u002Fa>. View Plaid’s privacy policy \u003Ca href=\"https:\u002F\u002Fplaid.com\u002Flegal\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>The benefits of using PrecisionPay\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>It’s easy for your customers\u003C\u002Fstrong>: There is a built in, fast, and easy to use guest checkout if the user isn’t already using PrecisionPay\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2nd Amendment Friendly\u003C\u002Fstrong>: PrecisionPay is \u003Cem>the\u003C\u002Fem> WooCommerce solution entirely dedicated to supporting the sale of firearms and firearm related products.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Private\u003C\u002Fstrong>: We care about privacy as much as you do. We are transparent about what we store and we don’t sell personal user data. Ever.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure\u003C\u002Fstrong>: We use industry standards, and even go beyond industry standards where possible to keep all your payment processing secure.\u003C\u002Fli>\n\u003C\u002Ful>\n","Accept online bank payments in your WooCommerce store using PrecisionPay - the firearms friendly payments processor.",2007,74,3,"2025-09-09T18:59:00.000Z","6.8.5","7.2",[19,20,21,86,23],"precisionpay","https:\u002F\u002Fgithub.com\u002FMakeCents-NYC\u002Fwoocommerce-gateway-precisionpay","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprecisionpay-payments-for-woocommerce.4.0.3.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":13,"num_ratings":13,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":52,"download_link":104,"security_score":105,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"omipay","Omipay for WooCommerce","1.0.3","hpay","https:\u002F\u002Fprofiles.wordpress.org\u002Fomipay\u002F","\u003Cp>This is the official Omipay payment gateway plugin for WooCommerce.\u003Cbr \u002F>\nContact Omipay’s customer care system for connection support.\u003C\u002Fp>\n\u003Ch3>Dependencies\u003C\u002Fh3>\n\u003Col>\n\u003Cli>WordPress v4.3 and later\u003C\u002Fli>\n\u003Cli>Woocommerce v7.0.0 and later\u003C\u002Fli>\n\u003Cli>PHP v5.6.0 and later\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit the WooCommerce settings page, and click on the Checkout\u002FPayment Gateways tab.\u003C\u002Fli>\n\u003Cli>Click on Omipay to edit the settings. If you do not see Omipay in the list at the top of the screen make sure you have activated the plugin in the WordPress Plugin Manager.\u003C\u002Fli>\n\u003Cli>Enable the Payment Method, add in your email, merchant id and secure_pass.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fcheckout.omipay.vn\" rel=\"nofollow ugc\">Omipay.vn\u003C\u002Fa> for support requests.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>The Omipay WooCommerce plugin is released under the GPLv2 license, same as that\u003Cbr \u002F>\nof WordPress. See the LICENSE file for the complete LICENSE text.\u003C\u002Fp>\n","Allows you to use Omipay payment gateway with the WooCommerce plugin.",10,5252,"2022-11-11T05:01:00.000Z","6.1.10","4.7","5.6",[19,20,90,21,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fomipay.zip",85,{"slug":107,"name":108,"version":109,"author":7,"author_profile":8,"description":110,"short_description":111,"active_installs":97,"downloaded":112,"rating":13,"num_ratings":13,"last_updated":113,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":114,"homepage":116,"download_link":117,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wc-zeus-gateway","Payment Gateway Zeus for WooCommerce","0.3.1","\u003Cp>The Payment Gateway Zeus for WooCommerce plugin adds the functionality to take Zeus payments on your store using Zeus for WooCommerce.\u003C\u002Fp>\n\u003Ch4>About Zeus\u003C\u002Fh4>\n\u003Cp>Zeus is a comprehensive payment platform that offers various online payment methods, such as credit card payment and convenience store payment in Japan.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cardservice.co.jp\u002F\" rel=\"nofollow ugc\">Zeus\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In order to use Zeus, you have to purchase the authentication key at the following site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpmarket.jp\u002F\" rel=\"nofollow ugc\">WordPress Market\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Known Issues \u002F Bugs\u003C\u002Fh3>\n\u003Cp>Nothing.\u003C\u002Fp>\n\u003Ch3>Uninstall\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate the plugin\u003C\u002Fli>\n\u003Cli>That’s it! 🙂\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin adds the functionality to take various online payments on your store using Zeus for WooCommerce.",1518,"2024-12-03T00:38:00.000Z",[19,115,20,21,23],"ec","https:\u002F\u002Fwww.wpmarket.jp\u002Fproduct\u002Fwc_zeus_gateway\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-zeus-gateway.0.3.1.zip",{"attackSurface":119,"codeSignals":177,"taintFlows":194,"riskAssessment":244,"analyzedAt":257},{"hooks":120,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":13,"unprotectedCount":13},[121,127,131,136,140,143,146,150,154,158,161,165,169],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","before_woocommerce_init","closure","wc-paypay-gateway.php",30,{"type":122,"name":128,"callback":129,"file":125,"line":130},"plugins_loaded","wc_paypay_gateway_plugins_loaded",44,{"type":132,"name":133,"callback":134,"file":125,"line":135},"filter","woocommerce_payment_gateways","wc_paypay_gateway_woocommerce_payment_gateways",45,{"type":122,"name":137,"callback":138,"file":125,"line":139},"template_redirect","wc_paypay_gateway_template_redirect",46,{"type":122,"name":141,"callback":142,"file":125,"line":80},"admin_notices","wc_paypay_gateway_missing_admin_notices",{"type":122,"name":141,"callback":144,"file":125,"line":145},"wc_paypay_gateway_mode_admin_notices",80,{"type":132,"name":147,"callback":148,"priority":97,"file":125,"line":149},"woocommerce_gateway_icon","wc_paypay_gateway_woocommerce_gateway_icon",108,{"type":122,"name":151,"callback":152,"file":125,"line":153},"woocommerce_thankyou","wc_paypay_gateway_woocommerce_thankyou",110,{"type":122,"name":155,"callback":156,"file":125,"line":157},"woocommerce_order_status_processing","wc_paypay_gateway_woocommerce_order_status_completed",111,{"type":122,"name":159,"callback":156,"file":125,"line":160},"woocommerce_order_status_completed",112,{"type":122,"name":162,"callback":163,"file":125,"line":164},"woocommerce_order_status_cancelled","wc_paypay_gateway_woocommerce_order_status_cancelled",113,{"type":122,"name":166,"callback":167,"file":125,"line":168},"woocommerce_api_wc_paypay","check_for_webhook",114,{"type":122,"name":170,"callback":171,"file":125,"line":172},"woocommerce_available_payment_gateways","wc_paypay_gateway_woocommerce_available_payment_gateways",115,[],[],[],[],{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":189,"externalRequests":189,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":190},[],{"prepared":13,"raw":13,"locations":180},[],{"escaped":13,"rawEcho":182,"locations":183},2,[184,187],{"file":125,"line":185,"context":186},37,"raw output",{"file":125,"line":188,"context":186},41,1,[191],{"name":192,"version":27,"knownCves":193},"Guzzle",[],[195,212,223,231],{"entryPoint":196,"graph":197,"unsanitizedCount":189,"severity":211},"wc_paypay_gateway_mode_admin_notices (wc-paypay-gateway.php:40)",{"nodes":198,"edges":208},[199,203],{"id":200,"type":201,"label":202,"file":125,"line":188},"n0","source","$_SERVER['HTTP_HOST']",{"id":204,"type":205,"label":206,"file":125,"line":188,"wp_function":207},"n1","sink","echo() [XSS]","echo",[209],{"from":200,"to":204,"sanitized":210},false,"medium",{"entryPoint":213,"graph":214,"unsanitizedCount":189,"severity":211},"wc_paypay_gateway_plugins_loaded (wc-paypay-gateway.php:70)",{"nodes":215,"edges":221},[216,218],{"id":200,"type":201,"label":202,"file":125,"line":217},233,{"id":204,"type":205,"label":219,"file":125,"line":217,"wp_function":220},"wp_remote_get() [SSRF]","wp_remote_get",[222],{"from":200,"to":204,"sanitized":210},{"entryPoint":224,"graph":225,"unsanitizedCount":189,"severity":211},"wc_paypay_gateway_check_authentication_key (wc-paypay-gateway.php:232)",{"nodes":226,"edges":229},[227,228],{"id":200,"type":201,"label":202,"file":125,"line":217},{"id":204,"type":205,"label":219,"file":125,"line":217,"wp_function":220},[230],{"from":200,"to":204,"sanitized":210},{"entryPoint":232,"graph":233,"unsanitizedCount":182,"severity":211},"\u003Cwc-paypay-gateway> (wc-paypay-gateway.php:0)",{"nodes":234,"edges":241},[235,236,237,239],{"id":200,"type":201,"label":202,"file":125,"line":188},{"id":204,"type":205,"label":206,"file":125,"line":188,"wp_function":207},{"id":238,"type":201,"label":202,"file":125,"line":217},"n2",{"id":240,"type":205,"label":219,"file":125,"line":217,"wp_function":220},"n3",[242,243],{"from":200,"to":204,"sanitized":210},{"from":238,"to":240,"sanitized":210},{"summary":245,"deductions":246},"The \"wc-paypay-gateway\" v0.8 plugin exhibits a generally positive security posture regarding its attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events identified. This significantly limits potential entry points for attackers.  Furthermore, the absence of known CVEs and recorded vulnerability history suggests a mature and relatively stable codebase.  However, the static analysis reveals concerning practices in output escaping and a lack of explicit capability checks.  The fact that 100% of outputs are not properly escaped is a significant weakness, potentially leading to cross-site scripting (XSS) vulnerabilities.  The presence of file operations and external HTTP requests, while not inherently insecure, warrants careful review given the lack of clear authorization checks for these actions.  The use of Guzzle as a bundled library also requires vigilance for potential outdated versions, although no specific vulnerability information is provided for this.\n\nWhile the plugin avoids common pitfalls like raw SQL queries and provides a clean attack surface, the critical issue of unescaped output presents a clear and present danger.  The lack of nonce and capability checks on potentially sensitive operations (file operations, external requests) also introduces risk.  The taint analysis, while showing no critical or high severity unsanitized paths, analyzed a small number of flows, making it difficult to declare complete safety.  In conclusion, the plugin has strong foundations with its limited attack surface and clean history, but the unescaped output and insufficient authorization checks for certain operations are significant vulnerabilities that require immediate attention and remediation.",[247,250,253,255],{"reason":248,"points":249},"Outputs are not properly escaped",8,{"reason":251,"points":252},"No nonce checks on potentially sensitive operations",7,{"reason":254,"points":252},"No capability checks on potentially sensitive operations",{"reason":256,"points":81},"Bundled library (Guzzle) may be outdated","2026-03-16T20:38:29.265Z",{"wat":259,"direct":268},{"assetPaths":260,"generatorPatterns":263,"scriptPaths":264,"versionParams":265},[261,262],"\u002Fwp-content\u002Fplugins\u002Fwc-paypay-gateway\u002Fassets\u002Fcss\u002Fpaypay-gateway.css","\u002Fwp-content\u002Fplugins\u002Fwc-paypay-gateway\u002Fassets\u002Fjs\u002Fpaypay-gateway.js",[],[262],[266,267],"wc-paypay-gateway\u002Fassets\u002Fcss\u002Fpaypay-gateway.css?ver=","wc-paypay-gateway\u002Fassets\u002Fjs\u002Fpaypay-gateway.js?ver=",{"cssClasses":269,"htmlComments":271,"htmlAttributes":274,"restEndpoints":276,"jsGlobals":278,"shortcodeOutput":280},[270],"paypay-gateway-checkout-form",[272,273],"\u003C!-- PayPay Gateway: Payment Fields Start -->","\u003C!-- PayPay Gateway: Payment Fields End -->",[275],"data-paypay-gateway-nonce",[277],"\u002Fwp-json\u002Fwc-paypay-gateway\u002Fv1\u002Fpayment-status",[279],"paypayGatewayParams",[281],"[paypay_gateway_payment_form]"]