[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuKzagJNcqDDDMeZdYN1VHJlaYXcV_uSE8GwJ_dW3hbU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":116,"fingerprints":283},"wc-sofinco-3xcb","Sofinco 3XCB","0.9.9.7","Verifone e-commerce","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaybox\u002F","\u003Cp>This module adds a Sofinco Payment Gateway to your Installation of WooCommerce.\u003C\u002Fp>\n\u003Cp>Sofinco is a Payment Services Provider in Europe, part of the Verifone Group.\u003C\u002Fp>\n\u003Cp>plugin actions in wordpress:\u003C\u002Fp>\n\u003Cp>this plugin offers an admin panel from the order section to the settings of Woocommerce.\u003Cbr \u002F>\nit adds payment information to the orders details and changes the status of orders (upon reception of an IPN, see below.) and adds payment means on the checkout page.\u003C\u002Fp>\n\u003Cp>This plugin takes information from the order and creates a form containing the details of the payment to be made, including parameters configured in the admin panel of the module that identify the mechant.\u003C\u002Fp>\n\u003Cp>The plugin checks for availability of the Sofinco platform, through a call to our servers.\u003Cbr \u002F>\nIt then submits with javascript the form to the first available server.\u003C\u002Fp>\n\u003Cp>the customer is then presented with a payment page, hosted on the Sofinco Platform (urls above).\u003C\u002Fp>\n\u003Cp>The Sofinco Platform sends an Instant Payment Notification (IPN) to the server when the customer actually made the payment, indicating to the merchant the status of the payment.\u003C\u002Fp>\n\u003Cp>the plugin generates a url that can catch the IPN call from Sofinco’s server, filtering incoming calls to the Sofinco IP address.\u003C\u002Fp>\n\u003Cp>if payment is successfull, then the plugin validates the order though woocommerce.\u003C\u002Fp>\n","This plugin is a Sofinco 3x CB payment gateway for WooCommerce",100,6615,0,"2026-01-20T15:04:00.000Z","6.9.4","5.0.0","",[19,20,21,22,23],"e-commerce","orders","payment","payment-gateway","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-sofinco-3xcb.0.9.9.7.zip",null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":11,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"paybox",3,4600,30,94,"2026-04-05T13:52:50.200Z",[36,50,63,80,99],{"slug":37,"name":38,"version":39,"author":7,"author_profile":8,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":16,"requires_php":17,"tags":48,"homepage":17,"download_link":49,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"e-transactions-wc","Up2pay e-Transactions WooCommerce Payment Gateway","3.0.9","\u003Cp>This module adds a Up2pay e-Transactions Payment Gateway to your Installation of WooCommerce.\u003C\u002Fp>\n\u003Cp>Up2pay e-Transactions is a Payment Services Provider in Europe, part of the Crédit Agricole Bank.\u003C\u002Fp>\n\u003Cp>plugin actions in wordpress:\u003C\u002Fp>\n\u003Cp>this plugin offers an admin panel from the order section to the settings of Woocommerce.\u003Cbr \u002F>\nit adds payment information to the orders details and changes the status of orders (upon reception of an IPN, see below.) and adds payment means on the checkout page.\u003C\u002Fp>\n\u003Cp>This plugin takes information from the order and creates a form containing the details of the payment to be made, including parameters configured in the admin panel of the module that identify the mechant.\u003C\u002Fp>\n\u003Cp>The plugin checks for availability of the Up2pay e-Transactions platform, through a call to our servers.\u003Cbr \u002F>\nIt then submits with javascript the form to the first available server.\u003C\u002Fp>\n\u003Cp>the customer is then presented with a payment page, hosted on the Up2pay e-Transactions Platform (urls above).\u003C\u002Fp>\n\u003Cp>The Up2pay e-Transactions Platform sends an Instant Payment Notification (IPN) to the server when the customer actually made the payment, indicating to the merchant the status of the payment.\u003C\u002Fp>\n\u003Cp>the plugin generates a url that can catch the IPN call from Up2pay e-Transactions’s server, filtering incoming calls to the Up2pay e-Transactions IP address.\u003C\u002Fp>\n\u003Cp>if payment is successfull, then the plugin validates the order though woocommerce.\u003C\u002Fp>\n","This plugin is a Up2pay e-Transactions payment gateway for WooCommerce 4.x",4000,76307,46,13,"2025-05-19T13:31:00.000Z","6.8.5",[19,20,21,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fe-transactions-wc.3.0.9.zip",{"slug":51,"name":52,"version":53,"author":7,"author_profile":8,"description":54,"short_description":55,"active_installs":56,"downloaded":57,"rating":58,"num_ratings":59,"last_updated":60,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":61,"homepage":17,"download_link":62,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"paybox-woocommerce-gateway","Paybox WooCommerce Payment Gateway","0.9.9.8","\u003Cp>This module adds a Paybox Payment Gateway to your Installation of WooCommerce.\u003C\u002Fp>\n\u003Cp>Paybox is a Payment Services Provider in Europe, part of the Verifone Group.\u003C\u002Fp>\n\u003Cp>plugin actions in wordpress:\u003C\u002Fp>\n\u003Cp>this plugin offers an admin panel from the order section to the settings of Woocommerce.\u003Cbr \u002F>\nit adds payment information to the orders details and changes the status of orders (upon reception of an IPN, see below.) and adds payment means on the checkout page.\u003C\u002Fp>\n\u003Cp>This plugin takes information from the order and creates a form containing the details of the payment to be made, including parameters configured in the admin panel of the module that identify the mechant.\u003C\u002Fp>\n\u003Cp>The plugin checks for availability of the Paybox platform, through a call to our servers.\u003Cbr \u002F>\nIt then submits with javascript the form to the first available server.\u003C\u002Fp>\n\u003Cp>the customer is then presented with a payment page, hosted on the Paybox Platform (urls above).\u003C\u002Fp>\n\u003Cp>The Paybox Platform sends an Instant Payment Notification (IPN) to the server when the customer actually made the payment, indicating to the merchant the status of the payment.\u003C\u002Fp>\n\u003Cp>the plugin generates a url that can catch the IPN call from Paybox’s server, filtering incoming calls to the Paybox IP address.\u003C\u002Fp>\n\u003Cp>if payment is successfull, then the plugin validates the order though woocommerce.\u003C\u002Fp>\n","This plugin is a Paybox payment gateway for WooCommerce 4.x",500,22232,60,4,"2026-01-20T14:37:00.000Z",[19,20,21,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaybox-woocommerce-gateway.0.9.9.8.zip",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":13,"num_ratings":13,"last_updated":73,"tested_up_to":15,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":17,"download_link":79,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"hyperpay-gateways","HyperPay Payments","6.3.5","HyperPay","https:\u002F\u002Fprofiles.wordpress.org\u002Fhyperpayproducts\u002F","\u003Cp>Payments Gateways provided by Gate2Play, to make you able to add Credit Card, Mada, STCpay and more payments method.\u003Cbr \u002F>\nto be able to use this plugin, you should be one of HyperPay’s customers.\u003Cbr \u002F>\nvisit https:\u002F\u002Fhyperpay.com for more information.\u003C\u002Fp>\n\u003Cp>The data extracted is quite sensitive and contains information that may be used to check the vulnerability of your WordPress site. Be wary of you share this data with.\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>The plugin has been tested with\u003Cbr \u002F>\nWC 8.3.1\u003Cbr \u002F>\nwordpress 6.9\u003Cbr \u002F>\nPHP 7.2\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Hyperpay API to process payments and check transaction status.\u003Cbr \u002F>\n– Data sent: Payment details, order information, and merchant credentials are sent when processing payments.\u003Cbr \u002F>\n– When: Data is sent when a customer initiates a payment or when the plugin checks payment status.\u003Cbr \u002F>\n– Service: Hyperpay https:\u002F\u002Foppwa.com\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fwww.aciworldwide.com\u002Fterms-of-use\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fwww.aciworldwide.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Third Party Libraries\u003C\u002Fh3>\n\u003Cp>This plugin includes or depends on the following third-party libraries via Composer. All libraries are licensed under GPL-compatible licenses:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>symfony\u002Fpolyfill-php80\u003C\u002Fstrong> (MIT License)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fsymfony\u002Fpolyfill-php80\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>psr\u002Flog\u003C\u002Fstrong> (MIT License)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fphp-fig\u002Flog\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>guzzlehttp\u002Fguzzle\u003C\u002Fstrong> (MIT License)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fguzzle\u002Fguzzle\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>twig\u002Ftwig\u003C\u002Fstrong> (BSD-3-Clause License)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Ftwigphp\u002FTwig\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For details, see each library’s LICENSE file in the \u003Ccode>vendor\u002F\u003C\u002Fcode> directory or their respective repositories.\u003C\u002Fp>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>The uncompressed source code for compiled assets (e.g., JavaScript and CSS) is available in the \u003Ccode>\u002Fsrc\u002Fassets\u002F\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Cp>Build tools used:\u003Cbr \u002F>\n– Node.js\u003Cbr \u002F>\n– Webpack\u003C\u002Fp>\n\u003Cp>To build:\u003Cbr \u002F>\n1. Run \u003Ccode>npm install\u003C\u002Fcode>\u003Cbr \u002F>\n2. Run \u003Ccode>npm run build\u003C\u002Fcode>\u003C\u002Fp>\n","Payments Gateways provided by Gate2Play, to make you able to add Credit Card, Mada, STCpay and more payments method.",600,14087,"2026-02-27T18:09:00.000Z","5.3","7.1",[19,77,78,22,23],"gate2play","merchant","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhyperpay-gateways.6.3.6.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":32,"num_ratings":90,"last_updated":91,"tested_up_to":15,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":97,"download_link":98,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"kueskipay-gateway","KueskiPay Gateway","2.4.1","edgarnomesque","https:\u002F\u002Fprofiles.wordpress.org\u002Fedgarnomesque\u002F","\u003Cp>Choose how many fortnights to pay with Kueski Pay\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 6.2 or newer.\u003C\u002Fli>\n\u003Cli>WooCommerce 7.6 or newer.\u003C\u002Fli>\n\u003Cli>PHP 7.4 or newer is recommended.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Notices\u003C\u002Fh3>\n\u003Cp>This plugin connects to a third-party services to perform its functions. Below are the circunstances under wich these connections are made:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>CDN Service for Promotional Widgets\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Name:\u003C\u002Fstrong> KueskiPay CDN\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Description:\u003C\u002Fstrong> This plugin uses the CDN service at https:\u002F\u002Fcdn.kueskipay.com\u002F to display promotional widgets on the product and cart pages in WooCommerce.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> The following data is sent to this service via GET request:\n\u003Cul>\n\u003Cli>\u003Cstrong>Authorization:\u003C\u002Fstrong> The public key provided at the time of integration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration:\u003C\u002Fstrong> The platform being integrated, in this case, WooCommerce.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Version:\u003C\u002Fstrong> The current version of this plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sandbox:\u003C\u002Fstrong> Indicates whether the current environment is sandbox or production.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fcdn.kueskipay.com\u002Fwidgets.js\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Example URL:\u003C\u002Fstrong> https:\u002F\u002Fcdn.kueskipay.com\u002Fwidgets.js?authorization=[public_key]&integration=woocommerce&version=[plugin_version]&sandbox[true\u002Ffalse]\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Files Involved:\u003C\u002Fstrong> public\u002Fclass-wc-kuesku-gategay-public.php (Line 227)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use and Policy:\u003C\u002Fstrong> https:\u002F\u002Fpreguntas.frecuentes.kueski.com\u002Fhc\u002Fes\u002Farticles\u002F12385599806747-PRIVACY-NOTICE-FOR-THIRD-PARTIES-AND-COMMERCIAL-ALLIES-OF-KUESKI-SAPI-DE-CV-SOFOM-ENR\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Payment Order Creation and Management\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Name:\u003C\u002Fstrong> KueskiPay Payment API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Description:\u003C\u002Fstrong> This plugin uses the following services to create and manage payment orders:\n\u003Cul>\n\u003Cli>\u003Cstrong>Sandbox:\u003C\u002Fstrong> https:\u002F\u002Fwoocommerce-middleware-go.staging-pay.kueski.codes\u002Fapi\u002Fv1\u002Forder\u002Fcreate\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Production:\u003C\u002Fstrong> https:\u002F\u002Fwoocommerce-middleware-go.production-pay.kueski.com\u002Fapi\u002Fv1\u002Forder\u002Fcreate\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Usage:\u003C\u002Fstrong> The plugin sends the current cart order details to create an order and then redirects the user to the service site to complete their payment.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> The following data is sent to this service:\n\u003Cul>\n\u003Cli>\u003Cstrong>Order Description\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order Amounts:\u003C\u002Fstrong> total, shipping, discounts and taxes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order Items:\u003C\u002Fstrong> Details of each order item.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shipping Address:\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Billing Address:\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Files Involved:\u003C\u002Fstrong> includes\u002Fclass-wc-kueski-gateway-api.php (Lines 57, 92, 151, 221)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use and Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Fpreguntas.frecuentes.kueski.com\u002Fhc\u002Fes\u002Farticles\u002F12385430001563-Aviso-de-privacidad-integral-para-clientes-y-usuarios-de-Kueski-S-A-P-I-de-C-V-SOFOM-E-N-R\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Add Kueski gateway to buy now and pay later on your store.",200,3906,2,"2026-01-19T17:17:00.000Z","6.2","7.4",[19,95,96,22,23],"ecommerce","kueski","https:\u002F\u002Fwww.kueskipay.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkueskipay-gateway.2.4.1.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":11,"num_ratings":109,"last_updated":110,"tested_up_to":47,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":17,"download_link":115,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"avify","Avify","1.3.8","Alexis Valenciano","https:\u002F\u002Fprofiles.wordpress.org\u002Favify\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Favify.com\u002F?utm_source=WP.PLUGIN.PAGE&utm_medium=LINK.WEB\" rel=\"nofollow ugc\">Avify is a platform that gives you a WhatsApp CRM\u003C\u002Fa>, an online store (or connection to an existing one), and a point of sale system for physical stores, all in one place.\u003C\u002Fp>\n\u003Cp>By using \u003Ca href=\"https:\u002F\u002Favify.com\u002F?utm_source=WP.PLUGIN.PAGE&utm_medium=LINK.WEB\" rel=\"nofollow ugc\">Avify\u003C\u002Fa>, SMBs do not have to worry about maintaining inventory control manually since all sales channels affect a single centralized inventory.\u003C\u002Fp>\n\u003Cp>With our technology you can receive orders and payments coming from WordPress and merge them with any other one coming from social media interaction like Instagram, Facebook or WhatsApp. You can connect your logistics, payment and billing services so that any order that enters the business can process shipping price calculations, payment or transfer receipts, and receipts or invoices automatically.\u003C\u002Fp>\n\u003Cp>With our plugin you will be able to sync orders and online payments in WooCommerce via Avify Integration. Also, you can connect multiple card payment systems and \u003Ca href=\"https:\u002F\u002Favify.com\u002F?utm_source=WP.PLUGIN.PAGE&utm_medium=LINK.WEB\" rel=\"nofollow ugc\">Avify\u003C\u002Fa> displays them at your checkout.\u003C\u002Fp>\n\u003Cp>Contact your dedicated support channel to get your API Key and the ID of your store.\u003C\u002Fp>\n\u003Ch4>Multiple currencies\u003C\u002Fh4>\n\u003Cp>Process payments and display prices in USD, CRC, MXN.\u003C\u002Fp>\n\u003Ch4>Current version features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customer data and card encryption.\u003C\u002Fli>\n\u003Cli>Processing of payments in USD or CRC.\u003C\u002Fli>\n\u003Cli>Sandbox testing.\u003C\u002Fli>\n\u003Cli>Synchronize orders\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Do you want to know more about Avify? Please visit our \u003Ca href=\"https:\u002F\u002Favify.com\u002F?utm_source=WP.PLUGIN.PAGE&utm_medium=LINK.WEB\" rel=\"nofollow ugc\">website\u003C\u002Fa> and find out what we can do.\u003C\u002Fp>\n","Connect your WooCommerce account to Avify and send all your orders to one centralized inventory.",80,5649,1,"2026-02-12T20:13:00.000Z","5.6","7.0",[100,114,20,22,23],"checkout","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Favify.1.3.8.zip",{"attackSurface":117,"codeSignals":158,"taintFlows":239,"riskAssessment":266,"analyzedAt":282},{"hooks":118,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":13,"unprotectedCount":13},[119,125,129,134,138,142,146,150],{"type":120,"name":121,"callback":122,"file":123,"line":124},"action","admin_notices","display_custom_admin_notices","class\\wc-sofinco-abstract-gateway.php",124,{"type":120,"name":126,"callback":127,"file":123,"line":128},"admin_enqueue_scripts","load_custom_admin_assets",125,{"type":130,"name":131,"callback":132,"file":133,"line":11},"filter","woocommerce_payment_gateways","woocommerce_sofinco_register","wc-sofinco-3xcb.php",{"type":120,"name":135,"callback":136,"file":133,"line":137},"woocommerce_admin_order_data_after_billing_address","woocommerce_sofinco_show_details",101,{"type":120,"name":139,"callback":140,"file":133,"line":141},"woocommerce_blocks_payment_method_type_registration","closure",129,{"type":120,"name":143,"callback":144,"file":133,"line":145},"plugins_loaded","woocommerce_sofinco_initialization",139,{"type":120,"name":147,"callback":148,"file":133,"line":149},"init","woocommerce_sofinco_translations",140,{"type":120,"name":151,"callback":152,"file":133,"line":153},"woocommerce_blocks_loaded","woocommerce_sofinco_blocks_support",141,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":165,"outputEscaping":167,"fileOperations":237,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":238},[160],{"fn":161,"file":162,"line":163,"context":164},"unserialize","class\\wc-sofinco-standard-gateway.php",42,"$data = unserialize($payment->data, ['allowed_classes' => false]);",{"prepared":90,"raw":13,"locations":166},[],{"escaped":168,"rawEcho":169,"locations":170},37,35,[171,174,176,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,209,211,212,213,215,216,217,219,221,223,225,227,229,231,233,235],{"file":123,"line":172,"context":173},275,"raw output",{"file":123,"line":175,"context":173},284,{"file":123,"line":177,"context":173},303,{"file":123,"line":179,"context":173},304,{"file":123,"line":181,"context":173},367,{"file":123,"line":183,"context":173},368,{"file":123,"line":185,"context":173},369,{"file":123,"line":187,"context":173},377,{"file":123,"line":189,"context":173},379,{"file":123,"line":191,"context":173},385,{"file":123,"line":193,"context":173},387,{"file":123,"line":195,"context":173},390,{"file":123,"line":197,"context":173},391,{"file":123,"line":199,"context":173},397,{"file":123,"line":201,"context":173},400,{"file":123,"line":203,"context":173},405,{"file":123,"line":205,"context":173},410,{"file":123,"line":207,"context":173},570,{"file":123,"line":207,"context":173},{"file":123,"line":210,"context":173},575,{"file":123,"line":210,"context":173},{"file":123,"line":210,"context":173},{"file":123,"line":214,"context":173},576,{"file":123,"line":214,"context":173},{"file":123,"line":214,"context":173},{"file":123,"line":218,"context":173},577,{"file":123,"line":220,"context":173},724,{"file":123,"line":222,"context":173},725,{"file":123,"line":224,"context":173},791,{"file":123,"line":226,"context":173},795,{"file":123,"line":228,"context":173},803,{"file":123,"line":230,"context":173},810,{"file":123,"line":232,"context":173},812,{"file":162,"line":234,"context":173},61,{"file":162,"line":236,"context":173},62,6,[],[240,258],{"entryPoint":241,"graph":242,"unsanitizedCount":109,"severity":257},"process_admin_options (class\\wc-sofinco-abstract-gateway.php:201)",{"nodes":243,"edges":254},[244,249],{"id":245,"type":246,"label":247,"file":123,"line":248},"n0","source","$_POST[?]",211,{"id":250,"type":251,"label":252,"file":123,"line":248,"wp_function":253},"n1","sink","update_option() [Settings Manipulation]","update_option",[255],{"from":245,"to":250,"sanitized":256},false,"low",{"entryPoint":259,"graph":260,"unsanitizedCount":109,"severity":257},"\u003Cwc-sofinco-abstract-gateway> (class\\wc-sofinco-abstract-gateway.php:0)",{"nodes":261,"edges":264},[262,263],{"id":245,"type":246,"label":247,"file":123,"line":248},{"id":250,"type":251,"label":252,"file":123,"line":248,"wp_function":253},[265],{"from":245,"to":250,"sanitized":256},{"summary":267,"deductions":268},"The wc-sofinco-3xcb plugin v0.9.9.7 presents a mixed security posture. On the positive side, it exhibits no known historical vulnerabilities (CVEs) and utilizes prepared statements for all its SQL queries, which is a strong practice against SQL injection. The absence of external HTTP requests also mitigates risks associated with remote code execution or data exfiltration through third-party services.\n\nHowever, several significant security concerns are evident from the static analysis. The presence of the `unserialize` function without any apparent checks or sanitization for the input it processes is a critical risk. If serialized data originates from user input or an untrusted source, this can lead to arbitrary object injection and potentially remote code execution. Furthermore, the plugin lacks nonce checks and capability checks for its entry points, which are fundamental security mechanisms for preventing cross-site request forgery (CSRF) and unauthorized actions. The analysis also indicates that 49% of output escaping is not properly handled, which could lead to cross-site scripting (XSS) vulnerabilities if the unescaped output contains user-controlled data.\n\nWhile the plugin has a clean vulnerability history, this is overshadowed by the identified weaknesses in the current code. The lack of fundamental security checks like nonces and capability checks, combined with the dangerous use of `unserialize` and insufficient output escaping, creates a substantial risk. The absence of a large attack surface might mask these inherent code vulnerabilities, but they remain potent threats. The plugin would benefit greatly from implementing proper input validation, sanitization, nonce protection, capability checks, and robust output escaping to improve its security.",[269,272,275,277,280],{"reason":270,"points":271},"Unsanitized unserialize function",15,{"reason":273,"points":274},"Missing nonce checks",10,{"reason":276,"points":274},"Missing capability checks",{"reason":278,"points":279},"Insufficient output escaping (49%)",5,{"reason":281,"points":279},"Flows with unsanitized paths","2026-03-16T21:02:58.725Z",{"wat":284,"direct":298},{"assetPaths":285,"generatorPatterns":287,"scriptPaths":288,"versionParams":289},[286],"\u002Fwp-content\u002Fplugins\u002Fwc-sofinco-3xcb\u002Fimages\u002Flogo.png",[],[],[290,291,292,293,294,295,296,297],"\u002Fwc-sofinco-3xcb\u002Fclass\u002Fwc-sofinco.php?ver=","\u002Fwc-sofinco-3xcb\u002Fclass\u002Fwc-sofinco-abstract-gateway.php?ver=","\u002Fwc-sofinco-3xcb\u002Fclass\u002Fwc-sofinco-standard-gateway.php?ver=","\u002Fwc-sofinco-3xcb\u002Fclass\u002Fwc-sofinco-encrypt.php?ver=","\u002Fwc-sofinco-3xcb\u002Fclass\u002Fwc-sofinco-config.php?ver=","\u002Fwc-sofinco-3xcb\u002Fclass\u002Fwc-sofinco-iso4217currency.php?ver=","\u002Fwc-sofinco-3xcb\u002Fclass\u002Fwc-sofinco-isocountry.php?ver=","\u002Fwc-sofinco-3xcb\u002Fclass\u002Fwc-sofinco-gateway-blocks-support.php?ver=",{"cssClasses":299,"htmlComments":300,"htmlAttributes":301,"restEndpoints":303,"jsGlobals":304,"shortcodeOutput":305},[],[],[302],"data-sofinco-payment-data",[],[],[]]