[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIzA5nADurMRvnIDymMZQZ1lUoCdPzF6jQfTT_RmD-Do":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":118,"fingerprints":247},"wc-zeus-gateway","Payment Gateway Zeus for WooCommerce","0.3.1","Hiroaki Miyashita","https:\u002F\u002Fprofiles.wordpress.org\u002Fhiroaki-miyashita\u002F","\u003Cp>The Payment Gateway Zeus for WooCommerce plugin adds the functionality to take Zeus payments on your store using Zeus for WooCommerce.\u003C\u002Fp>\n\u003Ch4>About Zeus\u003C\u002Fh4>\n\u003Cp>Zeus is a comprehensive payment platform that offers various online payment methods, such as credit card payment and convenience store payment in Japan.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cardservice.co.jp\u002F\" rel=\"nofollow ugc\">Zeus\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In order to use Zeus, you have to purchase the authentication key at the following site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpmarket.jp\u002F\" rel=\"nofollow ugc\">WordPress Market\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Known Issues \u002F Bugs\u003C\u002Fh3>\n\u003Cp>Nothing.\u003C\u002Fp>\n\u003Ch3>Uninstall\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate the plugin\u003C\u002Fli>\n\u003Cli>That’s it! 🙂\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin adds the functionality to take various online payments on your store using Zeus for WooCommerce.",10,1518,0,"2024-12-03T00:38:00.000Z","6.7.5","4.4","7.0",[19,20,21,22,23],"checkout","ec","ecommerce","payments","woocommerce","https:\u002F\u002Fwww.wpmarket.jp\u002Fproduct\u002Fwc_zeus_gateway\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-zeus-gateway.0.3.1.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"hiroaki-miyashita",12,42660,88,223,71,"2026-04-04T14:20:24.318Z",[39,52,67,84,102],{"slug":40,"name":41,"version":42,"author":7,"author_profile":8,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":48,"homepage":50,"download_link":51,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wc-paypay-gateway","Payment Gateway PayPay for WooCommerce","0.8","\u003Cp>The Payment Gateway PayPay for WooCommerce plugin adds the functionality to take PayPay payments on your store of WooCommerce.\u003C\u002Fp>\n\u003Ch4>About PayPay\u003C\u002Fh4>\n\u003Cp>PayPay is barcode based payment services in Japan. In order to start PayPay payments, you need to create a PayPay developer account.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.paypay.ne.jp\u002F\" rel=\"nofollow ugc\">PayPay for Developers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In order to make the mode Real, you have to purchase the authentication key at the following site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpmarket.jp\u002F\" rel=\"nofollow ugc\">WordPress Market\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Known Issues \u002F Bugs\u003C\u002Fh3>\n\u003Cp>Nothing.\u003C\u002Fp>\n\u003Ch3>Uninstall\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate the plugin\u003C\u002Fli>\n\u003Cli>That’s it! 🙂\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin adds the functionality to take PayPay payments on your store of WooCommerce.",100,4227,"2024-12-03T00:30:00.000Z",[19,21,22,49,23],"paypay","https:\u002F\u002Fwww.wpmarket.jp\u002Fproduct\u002Fwc_paypay_gateway\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-paypay-gateway.0.8.zip",{"slug":53,"name":54,"version":55,"author":54,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":13,"num_ratings":13,"last_updated":61,"tested_up_to":15,"requires_at_least":62,"requires_php":63,"tags":64,"homepage":65,"download_link":66,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"freedompay-payment-gateway","FreedomPay","1.10.0","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreedompay\u002F","\u003Cp>It’s pretty easy to receive payments with FreedomPay Payments Provider.\u003C\u002Fp>\n\u003Ch3>International payment service for online business\u003C\u002Fh3>\n\u003Cp>Increase your profits with high-conversion payments. We will set up a convenient payment acceptance for your customers, and you can focus on developing your business!\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an API to create payment requests. It’s necessary for the payment system to work.\u003C\u002Fp>\n\u003Cp>It sends the payment request information, such as the cart data, payment amount, user’s IP every time the payment is created\u003Cbr \u002F>\n(when user clicks on “Pay” button), if the user’s IP is not available, sends empty string.\u003Cbr \u002F>\nThis service is provided by “Freedom Pay LLP”: \u003Ca href=\"https:\u002F\u002Ffreedompay.kz\u002Fen\u002Frules\" rel=\"nofollow ugc\">terms of use\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ffreedompay.kz\u002Fen\u002Fprivacy_policy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa>.\u003C\u002Fp>\n","It's pretty easy to receive payments with FreedomPay Payments Provider.",90,2873,"2025-03-12T04:44:00.000Z","5.0","7.4",[19,21,22,23],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreedompay-payment-gateway.1.10.0.zip",{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":13,"num_ratings":13,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":63,"tags":80,"homepage":82,"download_link":83,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"paypercut-payments-for-woocommerce","Paypercut Payments for WooCommerce","0.1.4","Paypercut Dev","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaypercutdev\u002F","\u003Cp>Make it easy for customers to pay — and easier for you to manage — with Paypercut for WooCommerce.\u003Cbr \u002F>\nThis plugin brings fast, secure, and intuitive checkout to your online shop,\u003Cbr \u002F>\nhelping you boost conversions and streamline operations.\u003C\u002Fp>\n\u003Cp>Paypercut enables a range of trusted payment methods while giving you a single,\u003Cbr \u002F>\nunified view of all your transactions — whether online or in person.\u003C\u002Fp>\n\u003Cp>Whether you’re selling physical products or digital downloads, Paypercut for WooCommerce\u003Cbr \u002F>\nmakes taking payments effortless — so you can focus on growing your online business.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Paypercut Payments API (api.paypercut.io) to process payments and manage checkout sessions for your WooCommerce store. This connection is required for the plugin to function, as all payment processing is handled through Paypercut’s secure infrastructure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What the service is used for:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Creating and managing payment checkout sessions\u003Cbr \u002F>\n* Processing customer payments securely\u003Cbr \u002F>\n* Verifying payment status and updating order status\u003Cbr \u002F>\n* Managing refunds for completed orders\u003Cbr \u002F>\n* Setting up and managing webhooks for payment notifications\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent and when:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin sends data to Paypercut’s API (https:\u002F\u002Fapi.paypercut.io\u002F) in the following scenarios:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>During checkout session creation\u003C\u002Fstrong> (when a customer initiates checkout):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Store information (store name, store URL, WooCommerce order identifiers)\u003C\u002Fli>\n\u003Cli>Order details (order total, currency, line items, shipping costs, tax amounts)\u003C\u002Fli>\n\u003Cli>Customer billing information (name, billing address, email address)\u003C\u002Fli>\n\u003Cli>Customer shipping information (if applicable: shipping name and address)\u003C\u002Fli>\n\u003Cli>Technical metadata (session identifiers, return URLs, webhook URLs)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During payment verification\u003C\u002Fstrong> (when verifying payment status):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout session identifiers\u003C\u002Fli>\n\u003Cli>Order identifiers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During refund processing\u003C\u002Fstrong> (when a store administrator issues a refund):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Payment intent identifiers\u003C\u002Fli>\n\u003Cli>Refund amount and currency\u003C\u002Fli>\n\u003Cli>Refund reason (if provided)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During webhook setup\u003C\u002Fstrong> (when configuring the plugin):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Webhook URL for payment notifications\u003C\u002Fli>\n\u003Cli>Webhook event types to subscribe to\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During API credential validation\u003C\u002Fstrong> (when testing connection in settings):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>API credentials for authentication purposes only\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> Payment card data (credit card numbers, CVV codes, etc.) is collected and processed directly by Paypercut via their hosted checkout interface. This sensitive payment information never passes through or gets stored by this plugin or your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis service is provided by Paypercut. For more information about how Paypercut handles data, please refer to:\u003Cbr \u002F>\n* Privacy policy: https:\u002F\u002Fpaypercut.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin uses npm and @wordpress\u002Fscripts (which uses webpack) to build the Blocks checkout integration.\u003C\u002Fp>\n\u003Ch3>Source Code Location\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>IMPORTANT:\u003C\u002Fstrong> The human-readable source code for all compiled JavaScript is included in this plugin.\u003C\u002Fp>\n\u003Cp>The minified\u002Fcompiled file \u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode> is generated from the following source file:\u003Cbr \u002F>\n* \u003Cstrong>Source file:\u003C\u002Fstrong> \u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode> – This is the human-readable, unminified source code for the Blocks checkout integration\u003C\u002Fp>\n\u003Cp>All source code is included in the published plugin. The source file (\u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode>) contains the original, readable JavaScript code with ES6 modules, comments, and proper formatting. The compiled version (\u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode>) is generated from this source using the build process described below.\u003C\u002Fp>\n\u003Ch3>Building assets\u003C\u002Fh3>\n\u003Cp>To rebuild the compiled assets from source:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Install dependencies:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm install\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Build production assets:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm run build\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This will compile \u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode> into the minified \u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode> using @wordpress\u002Fscripts.\u003C\u002Fp>\n","Paypercut Payments enables WooCommerce merchants to accept online payments using Paypercut's checkout experience.",20,249,"2026-03-14T18:18:00.000Z","6.9.4","6.6",[19,21,81,22,23],"payment-gateway","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpaypercut-payments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaypercut-payments-for-woocommerce.0.1.4.zip",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":75,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":79,"requires_php":97,"tags":98,"homepage":100,"download_link":101,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"precisionpay-payments-for-woocommerce","PrecisionPay Payments for WooCommerce","4.0.3","daveprecisionpay","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaveprecisionpay\u002F","\u003Cp>PrecisionPay is \u003Cem>the\u003C\u002Fem> payment solution for the firearms industry. We are a staunch supporter of the 2nd Amendment and will never cancel you for exercising your constitutional rights. Download and install our plugin and then visit our website to complete your application. Soon after that, you’ll be able to process payments for guns and ammunition without having to pay the exorbitant fees associated with “high risk” e-commerce categories.\u003C\u002Fp>\n\u003Cp>This plugin uses Plaid (\u003Ca href=\"https:\u002F\u002Fplaid.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fplaid.com\u002F\u003C\u002Fa>) along with the PrecisionPay checkout portal to allow your customers to pay with PrecisionPay as a guest (using Plaid) or as a PrecisionPay user (if they already have an account at \u003Ca href=\"myprecisionpay.com\" rel=\"nofollow ugc\">myprecisionpay.com\u003C\u002Fa>). View the PrecisionPay privacy policy \u003Ca href=\"https:\u002F\u002Fwww.myprecisionpay.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">here\u003C\u002Fa>. View Plaid’s privacy policy \u003Ca href=\"https:\u002F\u002Fplaid.com\u002Flegal\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>The benefits of using PrecisionPay\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>It’s easy for your customers\u003C\u002Fstrong>: There is a built in, fast, and easy to use guest checkout if the user isn’t already using PrecisionPay\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2nd Amendment Friendly\u003C\u002Fstrong>: PrecisionPay is \u003Cem>the\u003C\u002Fem> WooCommerce solution entirely dedicated to supporting the sale of firearms and firearm related products.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Private\u003C\u002Fstrong>: We care about privacy as much as you do. We are transparent about what we store and we don’t sell personal user data. Ever.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure\u003C\u002Fstrong>: We use industry standards, and even go beyond industry standards where possible to keep all your payment processing secure.\u003C\u002Fli>\n\u003C\u002Ful>\n","Accept online bank payments in your WooCommerce store using PrecisionPay - the firearms friendly payments processor.",2007,74,3,"2025-09-09T18:59:00.000Z","6.8.5","7.2",[19,21,22,99,23],"precisionpay","https:\u002F\u002Fgithub.com\u002FMakeCents-NYC\u002Fwoocommerce-gateway-precisionpay","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprecisionpay-payments-for-woocommerce.4.0.3.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":11,"downloaded":110,"rating":13,"num_ratings":13,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":65,"download_link":116,"security_score":117,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"omipay","Omipay for WooCommerce","1.0.3","hpay","https:\u002F\u002Fprofiles.wordpress.org\u002Fomipay\u002F","\u003Cp>This is the official Omipay payment gateway plugin for WooCommerce.\u003Cbr \u002F>\nContact Omipay’s customer care system for connection support.\u003C\u002Fp>\n\u003Ch3>Dependencies\u003C\u002Fh3>\n\u003Col>\n\u003Cli>WordPress v4.3 and later\u003C\u002Fli>\n\u003Cli>Woocommerce v7.0.0 and later\u003C\u002Fli>\n\u003Cli>PHP v5.6.0 and later\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit the WooCommerce settings page, and click on the Checkout\u002FPayment Gateways tab.\u003C\u002Fli>\n\u003Cli>Click on Omipay to edit the settings. If you do not see Omipay in the list at the top of the screen make sure you have activated the plugin in the WordPress Plugin Manager.\u003C\u002Fli>\n\u003Cli>Enable the Payment Method, add in your email, merchant id and secure_pass.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fcheckout.omipay.vn\" rel=\"nofollow ugc\">Omipay.vn\u003C\u002Fa> for support requests.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>The Omipay WooCommerce plugin is released under the GPLv2 license, same as that\u003Cbr \u002F>\nof WordPress. See the LICENSE file for the complete LICENSE text.\u003C\u002Fp>\n","Allows you to use Omipay payment gateway with the WooCommerce plugin.",5252,"2022-11-11T05:01:00.000Z","6.1.10","4.7","5.6",[19,21,103,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fomipay.zip",85,{"attackSurface":119,"codeSignals":151,"taintFlows":180,"riskAssessment":231,"analyzedAt":246},{"hooks":120,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":150,"entryPointCount":13,"unprotectedCount":13},[121,127,131,136,140,143],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","before_woocommerce_init","closure","wc-zeus-gateway.php",22,{"type":122,"name":128,"callback":129,"file":125,"line":130},"plugins_loaded","wc_zeus_gateway_plugins_loaded",36,{"type":132,"name":133,"callback":134,"file":125,"line":135},"filter","woocommerce_payment_gateways","wc_zeus_gateway_woocommerce_payment_gateways",37,{"type":122,"name":137,"callback":138,"file":125,"line":139},"admin_notices","wc_zeus_gateway_missing_admin_notices",43,{"type":122,"name":137,"callback":141,"file":125,"line":142},"wc_zeus_gateway_mode_admin_notices",49,{"type":122,"name":144,"callback":145,"file":125,"line":146},"woocommerce_api_wc_zeus","check_for_webhook",83,[],[],[],[],{"dangerousFunctions":152,"sqlUsage":153,"outputEscaping":155,"fileOperations":13,"externalRequests":178,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":179},[],{"prepared":13,"raw":13,"locations":154},[],{"escaped":36,"rawEcho":11,"locations":156},[157,160,162,164,166,168,170,172,174,176],{"file":125,"line":158,"context":159},29,"raw output",{"file":125,"line":161,"context":159},33,{"file":125,"line":163,"context":159},220,{"file":125,"line":165,"context":159},441,{"file":125,"line":167,"context":159},553,{"file":125,"line":169,"context":159},665,{"file":125,"line":171,"context":159},773,{"file":125,"line":173,"context":159},882,{"file":125,"line":175,"context":159},995,{"file":125,"line":177,"context":159},1104,1,[],[181,198,209,217],{"entryPoint":182,"graph":183,"unsanitizedCount":178,"severity":197},"wc_zeus_gateway_mode_admin_notices (wc-zeus-gateway.php:32)",{"nodes":184,"edges":194},[185,189],{"id":186,"type":187,"label":188,"file":125,"line":161},"n0","source","$_SERVER['HTTP_HOST']",{"id":190,"type":191,"label":192,"file":125,"line":161,"wp_function":193},"n1","sink","echo() [XSS]","echo",[195],{"from":186,"to":190,"sanitized":196},false,"medium",{"entryPoint":199,"graph":200,"unsanitizedCount":178,"severity":197},"wc_zeus_gateway_plugins_loaded (wc-zeus-gateway.php:39)",{"nodes":201,"edges":207},[202,204],{"id":186,"type":187,"label":188,"file":125,"line":203},190,{"id":190,"type":191,"label":205,"file":125,"line":203,"wp_function":206},"wp_remote_get() [SSRF]","wp_remote_get",[208],{"from":186,"to":190,"sanitized":196},{"entryPoint":210,"graph":211,"unsanitizedCount":178,"severity":197},"wc_zeus_gateway_check_authentication_key (wc-zeus-gateway.php:189)",{"nodes":212,"edges":215},[213,214],{"id":186,"type":187,"label":188,"file":125,"line":203},{"id":190,"type":191,"label":205,"file":125,"line":203,"wp_function":206},[216],{"from":186,"to":190,"sanitized":196},{"entryPoint":218,"graph":219,"unsanitizedCount":230,"severity":197},"\u003Cwc-zeus-gateway> (wc-zeus-gateway.php:0)",{"nodes":220,"edges":227},[221,222,223,225],{"id":186,"type":187,"label":188,"file":125,"line":161},{"id":190,"type":191,"label":192,"file":125,"line":161,"wp_function":193},{"id":224,"type":187,"label":188,"file":125,"line":203},"n2",{"id":226,"type":191,"label":205,"file":125,"line":203,"wp_function":206},"n3",[228,229],{"from":186,"to":190,"sanitized":196},{"from":224,"to":226,"sanitized":196},2,{"summary":232,"deductions":233},"The wc-zeus-gateway plugin v0.3.1 exhibits a mixed security posture. On the positive side, static analysis reveals no known vulnerabilities in its history, suggesting a historically stable plugin. The code also shows a strong adherence to secure coding practices regarding SQL queries, with 100% using prepared statements, and a high percentage of output escaping (88%), which significantly reduces the risk of cross-site scripting (XSS) vulnerabilities.  The absence of file operations and bundled libraries further simplifies the attack surface and potential for outdated dependencies.\n\nHowever, significant concerns arise from the taint analysis and the complete lack of authorization checks on entry points.  While no critical or high-severity taint flows were detected, the presence of 4 flows with unsanitized paths is a notable weakness. This indicates that user-supplied data might be processed in a way that could lead to unexpected or malicious behavior, even if not immediately exploitable as a critical vulnerability.  More importantly, the plugin has zero AJAX handlers, REST API routes, shortcodes, or cron events with any form of authentication or capability checks. This means any potential entry point, however small, is fully exposed, drastically increasing the risk of unauthorized access or actions if a vulnerability were to be discovered or introduced.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and good SQL\u002Foutput sanitization, the complete absence of authorization checks on all potential entry points and the presence of unsanitized taint flows represent serious security risks. These issues, coupled with the small but present attack surface, warrant careful consideration. The plugin needs immediate attention to implement robust authorization mechanisms to mitigate the risk of exploitation.",[234,236,238,240,243],{"reason":235,"points":32},"Unsanitized paths in taint analysis",{"reason":237,"points":11},"0 capability checks on entry points",{"reason":239,"points":11},"0 nonce checks on entry points",{"reason":241,"points":242},"Unescaped output (12% unescaped)",4,{"reason":244,"points":245},"External HTTP requests without auth checks",5,"2026-03-17T01:09:28.167Z",{"wat":248,"direct":257},{"assetPaths":249,"generatorPatterns":252,"scriptPaths":253,"versionParams":254},[250,251],"\u002Fwp-content\u002Fplugins\u002Fwc-zeus-gateway\u002Fassets\u002Fcss\u002Fzeus-credit.css","\u002Fwp-content\u002Fplugins\u002Fwc-zeus-gateway\u002Fassets\u002Fjs\u002Fzeus-credit.js",[],[251],[255,256],"wc-zeus-gateway\u002Fassets\u002Fcss\u002Fzeus-credit.css?ver=","wc-zeus-gateway\u002Fassets\u002Fjs\u002Fzeus-credit.js?ver=",{"cssClasses":258,"htmlComments":259,"htmlAttributes":260,"restEndpoints":261,"jsGlobals":263,"shortcodeOutput":265},[],[],[],[262],"\u002Fwp-json\u002Fwc-zeus-gateway\u002Fv1\u002Fwebhook",[264],"zeus_credit_params",[]]