[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBzipOxd4HltraOBAbPOu9OKYmywUwZdWD5kcgT2KiMY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":118,"fingerprints":247},"wc-remise-gateway","Payment Gateway Remise for WooCommerce","0.1.2","Hiroaki Miyashita","https:\u002F\u002Fprofiles.wordpress.org\u002Fhiroaki-miyashita\u002F","\u003Cp>The Payment Gateway Remise for WooCommerce plugin adds the functionality to take Remise payments on your store of WooCommerce.\u003C\u002Fp>\n\u003Ch4>About Remise\u003C\u002Fh4>\n\u003Cp>Remise is a comprehensive payment platform that offers various online payment methods, such as credit card payment and convenience store payment in Japan.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.remise.jp\u002F\" rel=\"nofollow ugc\">Remise\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In order to use Remise, you have to purchase the authentication key at the following site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpmarket.jp\u002F\" rel=\"nofollow ugc\">WordPress Market\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Known Issues \u002F Bugs\u003C\u002Fh3>\n\u003Cp>Nothing.\u003C\u002Fp>\n\u003Ch3>Uninstall\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate the plugin\u003C\u002Fli>\n\u003Cli>That’s it! 🙂\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin adds the functionality to take Remise payments on your store of WooCommerce.",0,1386,"2025-04-09T06:52:00.000Z","6.7.5","4.4","7.0",[18,19,20,21,22],"checkout","ec","ecommerce","payments","woocommerce","https:\u002F\u002Fwww.wpmarket.jp\u002Fproduct\u002Fwc_remise_gateway\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-remise-gateway.0.1.2.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"hiroaki-miyashita",12,42660,88,223,71,"2026-04-04T14:20:24.802Z",[38,51,66,83,101],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":25,"downloaded":44,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":46,"homepage":48,"download_link":49,"security_score":50,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wc-paypay-gateway","Payment Gateway PayPay for WooCommerce","0.8","\u003Cp>The Payment Gateway PayPay for WooCommerce plugin adds the functionality to take PayPay payments on your store of WooCommerce.\u003C\u002Fp>\n\u003Ch4>About PayPay\u003C\u002Fh4>\n\u003Cp>PayPay is barcode based payment services in Japan. In order to start PayPay payments, you need to create a PayPay developer account.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.paypay.ne.jp\u002F\" rel=\"nofollow ugc\">PayPay for Developers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In order to make the mode Real, you have to purchase the authentication key at the following site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpmarket.jp\u002F\" rel=\"nofollow ugc\">WordPress Market\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Known Issues \u002F Bugs\u003C\u002Fh3>\n\u003Cp>Nothing.\u003C\u002Fp>\n\u003Ch3>Uninstall\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate the plugin\u003C\u002Fli>\n\u003Cli>That’s it! 🙂\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin adds the functionality to take PayPay payments on your store of WooCommerce.",4227,"2024-12-03T00:30:00.000Z",[18,20,21,47,22],"paypay","https:\u002F\u002Fwww.wpmarket.jp\u002Fproduct\u002Fwc_paypay_gateway\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-paypay-gateway.0.8.zip",92,{"slug":52,"name":53,"version":54,"author":53,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":11,"num_ratings":11,"last_updated":60,"tested_up_to":14,"requires_at_least":61,"requires_php":62,"tags":63,"homepage":64,"download_link":65,"security_score":50,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"freedompay-payment-gateway","FreedomPay","1.10.0","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreedompay\u002F","\u003Cp>It’s pretty easy to receive payments with FreedomPay Payments Provider.\u003C\u002Fp>\n\u003Ch3>International payment service for online business\u003C\u002Fh3>\n\u003Cp>Increase your profits with high-conversion payments. We will set up a convenient payment acceptance for your customers, and you can focus on developing your business!\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an API to create payment requests. It’s necessary for the payment system to work.\u003C\u002Fp>\n\u003Cp>It sends the payment request information, such as the cart data, payment amount, user’s IP every time the payment is created\u003Cbr \u002F>\n(when user clicks on “Pay” button), if the user’s IP is not available, sends empty string.\u003Cbr \u002F>\nThis service is provided by “Freedom Pay LLP”: \u003Ca href=\"https:\u002F\u002Ffreedompay.kz\u002Fen\u002Frules\" rel=\"nofollow ugc\">terms of use\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ffreedompay.kz\u002Fen\u002Fprivacy_policy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa>.\u003C\u002Fp>\n","It's pretty easy to receive payments with FreedomPay Payments Provider.",90,2873,"2025-03-12T04:44:00.000Z","5.0","7.4",[18,20,21,22],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreedompay-payment-gateway.1.10.0.zip",{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":11,"num_ratings":11,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":62,"tags":79,"homepage":81,"download_link":82,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"paypercut-payments-for-woocommerce","Paypercut Payments for WooCommerce","0.1.4","Paypercut Dev","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaypercutdev\u002F","\u003Cp>Make it easy for customers to pay — and easier for you to manage — with Paypercut for WooCommerce.\u003Cbr \u002F>\nThis plugin brings fast, secure, and intuitive checkout to your online shop,\u003Cbr \u002F>\nhelping you boost conversions and streamline operations.\u003C\u002Fp>\n\u003Cp>Paypercut enables a range of trusted payment methods while giving you a single,\u003Cbr \u002F>\nunified view of all your transactions — whether online or in person.\u003C\u002Fp>\n\u003Cp>Whether you’re selling physical products or digital downloads, Paypercut for WooCommerce\u003Cbr \u002F>\nmakes taking payments effortless — so you can focus on growing your online business.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Paypercut Payments API (api.paypercut.io) to process payments and manage checkout sessions for your WooCommerce store. This connection is required for the plugin to function, as all payment processing is handled through Paypercut’s secure infrastructure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What the service is used for:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Creating and managing payment checkout sessions\u003Cbr \u002F>\n* Processing customer payments securely\u003Cbr \u002F>\n* Verifying payment status and updating order status\u003Cbr \u002F>\n* Managing refunds for completed orders\u003Cbr \u002F>\n* Setting up and managing webhooks for payment notifications\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent and when:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin sends data to Paypercut’s API (https:\u002F\u002Fapi.paypercut.io\u002F) in the following scenarios:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>During checkout session creation\u003C\u002Fstrong> (when a customer initiates checkout):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Store information (store name, store URL, WooCommerce order identifiers)\u003C\u002Fli>\n\u003Cli>Order details (order total, currency, line items, shipping costs, tax amounts)\u003C\u002Fli>\n\u003Cli>Customer billing information (name, billing address, email address)\u003C\u002Fli>\n\u003Cli>Customer shipping information (if applicable: shipping name and address)\u003C\u002Fli>\n\u003Cli>Technical metadata (session identifiers, return URLs, webhook URLs)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During payment verification\u003C\u002Fstrong> (when verifying payment status):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout session identifiers\u003C\u002Fli>\n\u003Cli>Order identifiers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During refund processing\u003C\u002Fstrong> (when a store administrator issues a refund):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Payment intent identifiers\u003C\u002Fli>\n\u003Cli>Refund amount and currency\u003C\u002Fli>\n\u003Cli>Refund reason (if provided)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During webhook setup\u003C\u002Fstrong> (when configuring the plugin):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Webhook URL for payment notifications\u003C\u002Fli>\n\u003Cli>Webhook event types to subscribe to\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During API credential validation\u003C\u002Fstrong> (when testing connection in settings):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>API credentials for authentication purposes only\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> Payment card data (credit card numbers, CVV codes, etc.) is collected and processed directly by Paypercut via their hosted checkout interface. This sensitive payment information never passes through or gets stored by this plugin or your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis service is provided by Paypercut. For more information about how Paypercut handles data, please refer to:\u003Cbr \u002F>\n* Privacy policy: https:\u002F\u002Fpaypercut.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin uses npm and @wordpress\u002Fscripts (which uses webpack) to build the Blocks checkout integration.\u003C\u002Fp>\n\u003Ch3>Source Code Location\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>IMPORTANT:\u003C\u002Fstrong> The human-readable source code for all compiled JavaScript is included in this plugin.\u003C\u002Fp>\n\u003Cp>The minified\u002Fcompiled file \u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode> is generated from the following source file:\u003Cbr \u002F>\n* \u003Cstrong>Source file:\u003C\u002Fstrong> \u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode> – This is the human-readable, unminified source code for the Blocks checkout integration\u003C\u002Fp>\n\u003Cp>All source code is included in the published plugin. The source file (\u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode>) contains the original, readable JavaScript code with ES6 modules, comments, and proper formatting. The compiled version (\u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode>) is generated from this source using the build process described below.\u003C\u002Fp>\n\u003Ch3>Building assets\u003C\u002Fh3>\n\u003Cp>To rebuild the compiled assets from source:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Install dependencies:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm install\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Build production assets:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm run build\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This will compile \u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode> into the minified \u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode> using @wordpress\u002Fscripts.\u003C\u002Fp>\n","Paypercut Payments enables WooCommerce merchants to accept online payments using Paypercut's checkout experience.",20,249,"2026-03-14T18:18:00.000Z","6.9.4","6.6",[18,20,80,21,22],"payment-gateway","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpaypercut-payments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaypercut-payments-for-woocommerce.0.1.4.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":74,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":78,"requires_php":96,"tags":97,"homepage":99,"download_link":100,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"precisionpay-payments-for-woocommerce","PrecisionPay Payments for WooCommerce","4.0.3","daveprecisionpay","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaveprecisionpay\u002F","\u003Cp>PrecisionPay is \u003Cem>the\u003C\u002Fem> payment solution for the firearms industry. We are a staunch supporter of the 2nd Amendment and will never cancel you for exercising your constitutional rights. Download and install our plugin and then visit our website to complete your application. Soon after that, you’ll be able to process payments for guns and ammunition without having to pay the exorbitant fees associated with “high risk” e-commerce categories.\u003C\u002Fp>\n\u003Cp>This plugin uses Plaid (\u003Ca href=\"https:\u002F\u002Fplaid.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fplaid.com\u002F\u003C\u002Fa>) along with the PrecisionPay checkout portal to allow your customers to pay with PrecisionPay as a guest (using Plaid) or as a PrecisionPay user (if they already have an account at \u003Ca href=\"myprecisionpay.com\" rel=\"nofollow ugc\">myprecisionpay.com\u003C\u002Fa>). View the PrecisionPay privacy policy \u003Ca href=\"https:\u002F\u002Fwww.myprecisionpay.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">here\u003C\u002Fa>. View Plaid’s privacy policy \u003Ca href=\"https:\u002F\u002Fplaid.com\u002Flegal\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>The benefits of using PrecisionPay\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>It’s easy for your customers\u003C\u002Fstrong>: There is a built in, fast, and easy to use guest checkout if the user isn’t already using PrecisionPay\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2nd Amendment Friendly\u003C\u002Fstrong>: PrecisionPay is \u003Cem>the\u003C\u002Fem> WooCommerce solution entirely dedicated to supporting the sale of firearms and firearm related products.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Private\u003C\u002Fstrong>: We care about privacy as much as you do. We are transparent about what we store and we don’t sell personal user data. Ever.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure\u003C\u002Fstrong>: We use industry standards, and even go beyond industry standards where possible to keep all your payment processing secure.\u003C\u002Fli>\n\u003C\u002Ful>\n","Accept online bank payments in your WooCommerce store using PrecisionPay - the firearms friendly payments processor.",2007,74,3,"2025-09-09T18:59:00.000Z","6.8.5","7.2",[18,20,21,98,22],"precisionpay","https:\u002F\u002Fgithub.com\u002FMakeCents-NYC\u002Fwoocommerce-gateway-precisionpay","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprecisionpay-payments-for-woocommerce.4.0.3.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":11,"num_ratings":11,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":64,"download_link":116,"security_score":117,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"omipay","Omipay for WooCommerce","1.0.3","hpay","https:\u002F\u002Fprofiles.wordpress.org\u002Fomipay\u002F","\u003Cp>This is the official Omipay payment gateway plugin for WooCommerce.\u003Cbr \u002F>\nContact Omipay’s customer care system for connection support.\u003C\u002Fp>\n\u003Ch3>Dependencies\u003C\u002Fh3>\n\u003Col>\n\u003Cli>WordPress v4.3 and later\u003C\u002Fli>\n\u003Cli>Woocommerce v7.0.0 and later\u003C\u002Fli>\n\u003Cli>PHP v5.6.0 and later\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit the WooCommerce settings page, and click on the Checkout\u002FPayment Gateways tab.\u003C\u002Fli>\n\u003Cli>Click on Omipay to edit the settings. If you do not see Omipay in the list at the top of the screen make sure you have activated the plugin in the WordPress Plugin Manager.\u003C\u002Fli>\n\u003Cli>Enable the Payment Method, add in your email, merchant id and secure_pass.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fcheckout.omipay.vn\" rel=\"nofollow ugc\">Omipay.vn\u003C\u002Fa> for support requests.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>The Omipay WooCommerce plugin is released under the GPLv2 license, same as that\u003Cbr \u002F>\nof WordPress. See the LICENSE file for the complete LICENSE text.\u003C\u002Fp>\n","Allows you to use Omipay payment gateway with the WooCommerce plugin.",10,5252,"2022-11-11T05:01:00.000Z","6.1.10","4.7","5.6",[18,20,102,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fomipay.zip",85,{"attackSurface":119,"codeSignals":162,"taintFlows":184,"riskAssessment":235,"analyzedAt":246},{"hooks":120,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":11,"unprotectedCount":11},[121,127,131,136,140,143,147,151,154,156],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","before_woocommerce_init","closure","wc-remise-gateway.php",22,{"type":122,"name":128,"callback":129,"file":125,"line":130},"plugins_loaded","wc_remise_gateway_plugins_loaded",36,{"type":132,"name":133,"callback":134,"file":125,"line":135},"filter","woocommerce_payment_gateways","wc_remise_gateway_woocommerce_payment_gateways",37,{"type":122,"name":137,"callback":138,"file":125,"line":139},"admin_notices","wc_remise_gateway_missing_admin_notices",43,{"type":122,"name":137,"callback":141,"file":125,"line":142},"wc_remise_gateway_mode_admin_notices",49,{"type":122,"name":144,"callback":145,"file":125,"line":146},"woocommerce_api_wc_remise","check_for_webhook",80,{"type":132,"name":148,"callback":149,"file":125,"line":150},"woocommerce_order_email_verification_required","__return_false",83,{"type":132,"name":152,"callback":149,"file":125,"line":153},"woocommerce_order_received_verify_known_shoppers",86,{"type":132,"name":148,"callback":149,"file":125,"line":155},375,{"type":132,"name":152,"callback":149,"file":125,"line":157},378,[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":11,"externalRequests":182,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":183},[],{"prepared":11,"raw":11,"locations":165},[],{"escaped":167,"rawEcho":168,"locations":169},24,6,[170,173,175,176,178,180],{"file":125,"line":171,"context":172},29,"raw output",{"file":125,"line":174,"context":172},33,{"file":125,"line":34,"context":172},{"file":125,"line":177,"context":172},236,{"file":125,"line":179,"context":172},436,{"file":125,"line":181,"context":172},451,1,[],[185,202,213,221],{"entryPoint":186,"graph":187,"unsanitizedCount":182,"severity":201},"wc_remise_gateway_mode_admin_notices (wc-remise-gateway.php:32)",{"nodes":188,"edges":198},[189,193],{"id":190,"type":191,"label":192,"file":125,"line":174},"n0","source","$_SERVER['HTTP_HOST']",{"id":194,"type":195,"label":196,"file":125,"line":174,"wp_function":197},"n1","sink","echo() [XSS]","echo",[199],{"from":190,"to":194,"sanitized":200},false,"medium",{"entryPoint":203,"graph":204,"unsanitizedCount":182,"severity":201},"wc_remise_gateway_plugins_loaded (wc-remise-gateway.php:39)",{"nodes":205,"edges":211},[206,208],{"id":190,"type":191,"label":192,"file":125,"line":207},198,{"id":194,"type":195,"label":209,"file":125,"line":207,"wp_function":210},"wp_remote_get() [SSRF]","wp_remote_get",[212],{"from":190,"to":194,"sanitized":200},{"entryPoint":214,"graph":215,"unsanitizedCount":182,"severity":201},"wc_remise_gateway_check_authentication_key (wc-remise-gateway.php:197)",{"nodes":216,"edges":219},[217,218],{"id":190,"type":191,"label":192,"file":125,"line":207},{"id":194,"type":195,"label":209,"file":125,"line":207,"wp_function":210},[220],{"from":190,"to":194,"sanitized":200},{"entryPoint":222,"graph":223,"unsanitizedCount":234,"severity":201},"\u003Cwc-remise-gateway> (wc-remise-gateway.php:0)",{"nodes":224,"edges":231},[225,226,227,229],{"id":190,"type":191,"label":192,"file":125,"line":174},{"id":194,"type":195,"label":196,"file":125,"line":174,"wp_function":197},{"id":228,"type":191,"label":192,"file":125,"line":207},"n2",{"id":230,"type":195,"label":209,"file":125,"line":207,"wp_function":210},"n3",[232,233],{"from":190,"to":194,"sanitized":200},{"from":228,"to":230,"sanitized":200},2,{"summary":236,"deductions":237},"The 'wc-remise-gateway' plugin, in version 0.1.2, exhibits a strong security posture in several key areas, particularly concerning its limited attack surface and the absence of known historical vulnerabilities.  The static analysis reveals no direct entry points like AJAX handlers, REST API routes, or shortcodes that are exposed without authentication or proper checks.  Furthermore, the plugin demonstrates good practices by using prepared statements exclusively for its SQL queries and a high percentage of properly escaped output, which mitigates common injection and cross-site scripting risks. The lack of file operations and external HTTP requests (beyond one, which is not detailed) also reduces potential attack vectors.\n\nHowever, there are notable areas of concern. The presence of 4 'flows with unsanitized paths' in the taint analysis, while not classified as critical or high severity in this specific scan, warrants attention. These flows represent potential pathways where user-supplied data might not be adequately validated or cleaned before being used in sensitive operations, even if the immediate impact isn't severe in this version. The complete absence of nonce checks and capability checks across all potential (though currently zero) entry points is a significant weakness. This means that if new entry points are introduced or if existing ones were missed in the analysis, there would be no built-in protection against CSRF attacks or unauthorized actions by unprivileged users.\n\nIn conclusion, the plugin is strong in its foundational security practices regarding database interactions and output handling, and its vulnerability history is clean, suggesting diligent maintenance or a short history.  However, the unaddressed unsanitized paths and the complete lack of authorization checks are critical gaps that could be exploited if the attack surface were to expand or if the taint analysis missed a more severe consequence.  While the current version appears relatively safe due to a minimal attack surface, these weaknesses represent potential future risks.",[238,241,244],{"reason":239,"points":240},"Unsanitized paths in taint analysis",8,{"reason":242,"points":243},"Missing nonce checks",7,{"reason":245,"points":243},"Missing capability checks","2026-03-17T06:13:43.048Z",{"wat":248,"direct":257},{"assetPaths":249,"generatorPatterns":252,"scriptPaths":253,"versionParams":254},[250,251],"\u002Fwp-content\u002Fplugins\u002Fwc-remise-gateway\u002Fassets\u002Fcss\u002Fwc-remise-gateway.css","\u002Fwp-content\u002Fplugins\u002Fwc-remise-gateway\u002Fassets\u002Fjs\u002Fwc-remise-gateway.js",[],[251],[255,256],"wc-remise-gateway\u002Fassets\u002Fcss\u002Fwc-remise-gateway.css?ver=","wc-remise-gateway\u002Fassets\u002Fjs\u002Fwc-remise-gateway.js?ver=",{"cssClasses":258,"htmlComments":259,"htmlAttributes":261,"restEndpoints":270,"jsGlobals":272,"shortcodeOutput":274},[],[260],"\u003C!-- In order to use Remise, you have to purchase the authentication key at the following site. -->",[262,263,264,265,266,267,268,269],"data-field-shopco","data-field-hostid","data-field-mode","data-field-authorization","data-field-item","data-field-status","data-field-logging","data-field-authentication_key",[271],"\u002Fwp-json\u002Fwc-remise-gateway\u002Fv1\u002Fpayment",[273],"wc_remise_gateway_ajax_object",[]]