[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftPU6ksgsqEy_2-ZZGuqWmBzwHrlxYuwSpxlUHDvfAR8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":82,"fingerprints":189},"wepay-wordpress-plugin","WePay WordPress Plugin","1.5","apinnt","https:\u002F\u002Fprofiles.wordpress.org\u002Fapinnt\u002F","\u003Cp>You can easily create wepay buttons with simple short codes.\u003C\u002Fp>\n\u003Cp>What you can do with this version\u003Cbr \u002F>\n  –  See you account balance\u003Cbr \u002F>\n  –  Create buttons for your users to make payments on using shortcodes. (Totally customizable, make the button any type.)\u003Cbr \u002F>\n  –  Settings Menu to control API information\u003C\u002Fp>\n","Allows you to use a Wepay account to accept payments easily online thru your wordpress installation. Easy install, drag and drop.",10,6166,0,"2013-01-31T01:00:00.000Z","3.4.2","2.0.2","",[19,20],"wepay","wepay-plugin","http:\u002F\u002Fwww.alanpinnt.com\u002Fwordpress-wepay-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwepay-wordpress-plugin.1.5.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},2,20,30,84,"2026-04-05T08:45:16.183Z",[34,45,64],{"slug":35,"name":36,"version":37,"author":7,"author_profile":8,"description":38,"short_description":39,"active_installs":11,"downloaded":40,"rating":13,"num_ratings":13,"last_updated":41,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":42,"homepage":43,"download_link":44,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wp-thumbs","WP Thumbs Plugin","1.1","\u003Cp>WP Thumbs is a voting plugin that allows users to like or dislike posts and pages.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cp>*Thumbs up or down mode\u003Cbr \u002F>\n*Like button only mode\u003Cbr \u002F>\n*Like\u002FDislike button mode\u003Cbr \u002F>\n*Graph of clicks\u003Cbr \u002F>\n*Customizable via CSS\u003Cbr \u002F>\n*WPMU Compatible\u003Cbr \u002F>\n*User only or cookie based security.\u003Cbr \u002F>\n*Placement of buttons\u003Cbr \u002F>\n*Page or Post Placement\u003C\u002Fp>\n\u003Cp>Future:\u003C\u002Fp>\n\u003Cp>*IP based security\u003Cbr \u002F>\n*Reset likes\u002Fdislikes from wp-admin editor\u003C\u002Fp>\n","WP Thumbs is a voting plugin that allows users to like or dislike posts and pages. There are many customization options.",4271,"2012-11-27T02:18:00.000Z",[19,20],"http:\u002F\u002Fwww.alanpinnt.com\u002Fwp-thumbs\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-thumbs.1.1.zip",{"slug":46,"name":47,"version":48,"author":49,"author_profile":50,"description":51,"short_description":52,"active_installs":30,"downloaded":53,"rating":13,"num_ratings":13,"last_updated":54,"tested_up_to":55,"requires_at_least":56,"requires_php":17,"tags":57,"homepage":62,"download_link":63,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"woo-payment-addon","WePay Woocommerce addon","3.0.0","Yogesh Pawar","https:\u002F\u002Fprofiles.wordpress.org\u002Fpawaryogesh1989\u002F","\u003Cp>This plugin is an addon for WooCommerce to implement a payment gateway method for accepting \u003Cstrong>Credit Cards Payments\u003C\u002Fstrong> By merchants via \u003Cstrong>WePay Payment\u003C\u002Fstrong> Gateway\u003C\u002Fp>\n\u003Cp>To generate client ID, client secret, Access Token, and Account ID please visit https:\u002F\u002Fdeveloper.wepay.com\u002Fapi\u002F and create a new account and register a new APP.\u003C\u002Fp>\n","This plugin is an addon for WooCommerce to implement a payment gateway method for accepting Credit Cards Payments By merchants via WePay Payment Gatew …",4181,"2021-01-05T11:30:00.000Z","5.6.17","5.0",[19,58,59,60,61],"wepay-woocommerce","wepay-woocommerce-addon","woocomerce-wepay","wordpress-wepay-integration","http:\u002F\u002Fclariontechnologies.co.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-payment-addon.zip",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":11,"downloaded":72,"rating":13,"num_ratings":13,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":17,"tags":76,"homepage":80,"download_link":81,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"edd-wepay-oauth2","Crowdfunding WePay oAuth 2.0 by Astoundify","0.4","Adam Pickering","https:\u002F\u002Fprofiles.wordpress.org\u002Fadampickering\u002F","\u003Cp>Add WePay oAuth2 support for Easy Digital Downloads WePay and Crowdfunding by Astoundify.\u003C\u002Fp>\n\u003Ch4>Where can I use this?\u003C\u002Fh4>\n\u003Cp>We currently have two compatible themes that have been released:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The first theme released is called \u003Ca href=\"http:\u002F\u002Fthemeforest.net\u002Fitem\u002Ffundify-crowd-funding-wordpress-theme\u002F4257622?ref=Astoundify\" rel=\"nofollow ugc\">“Fundify”\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002FAstoundify.com\u002Ffundify.html\" rel=\"nofollow ugc\">Astoundify\u003C\u002Fa> A large community crowdfunding theme, like Kickstarter or Indiegogo.\u003C\u002Fli>\n\u003Cli>The second theme released is called \u003Ca href=\"http:\u002F\u002Fthemeforest.net\u002Fitem\u002Fcampaignify-multipurpose-crowdfunding-theme\u002F4725411?ref=Astoundify\" rel=\"nofollow ugc\">“Campaignify”\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002FAstoundify.com\u002F\" rel=\"nofollow ugc\">Astoundify\u003C\u002Fa> A multi-purpose crowdfunding theme, great for single project crowdfunding.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add WePay oAuth2 support for Easy Digital Downloads WePay and Crowdfunding by Astoundify.",3880,"2014-06-25T20:53:00.000Z","3.9.40","3.5",[77,78,79,19],"downloads","easy-digital-downloads","gateway","https:\u002F\u002Fgithub.com\u002Fastoundify","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fedd-wepay-oauth2.0.4.zip",{"attackSurface":83,"codeSignals":114,"taintFlows":172,"riskAssessment":173,"analyzedAt":188},{"hooks":84,"ajaxHandlers":107,"restRoutes":108,"shortcodes":109,"cronEvents":113,"entryPointCount":97,"unprotectedCount":13},[85,91,95,99,103],{"type":86,"name":87,"callback":88,"file":89,"line":90},"action","admin_init","register_wepaysettings","wepay.php",45,{"type":86,"name":92,"callback":93,"file":89,"line":94},"admin_notices","wepay_admin_notices",56,{"type":86,"name":87,"callback":96,"priority":97,"file":89,"line":98},"restrict_admin",1,59,{"type":86,"name":100,"callback":101,"file":89,"line":102},"admin_menu","wepay_menu",65,{"type":86,"name":104,"callback":105,"file":89,"line":106},"widgets_init","anonymous",323,[],[],[110],{"tag":19,"callback":111,"file":89,"line":112},"wepay_shortcode",228,[],{"dangerousFunctions":115,"sqlUsage":119,"outputEscaping":121,"fileOperations":13,"externalRequests":28,"nonceChecks":13,"capabilityChecks":97,"bundledLibraries":171},[116],{"fn":117,"file":89,"line":106,"context":118},"create_function","add_action( 'widgets_init', create_function('', 'return register_widget(\"WepayWidget\");') );",{"prepared":13,"raw":13,"locations":120},[],{"escaped":13,"rawEcho":30,"locations":122},[123,126,128,129,131,133,135,137,139,141,142,143,144,146,147,148,149,151,152,153,154,156,157,158,159,161,163,165,167,169],{"file":89,"line":124,"context":125},88,"raw output",{"file":89,"line":127,"context":125},142,{"file":89,"line":127,"context":125},{"file":89,"line":130,"context":125},147,{"file":89,"line":132,"context":125},152,{"file":89,"line":134,"context":125},157,{"file":89,"line":136,"context":125},162,{"file":89,"line":138,"context":125},167,{"file":89,"line":140,"context":125},250,{"file":89,"line":140,"context":125},{"file":89,"line":140,"context":125},{"file":89,"line":140,"context":125},{"file":89,"line":145,"context":125},251,{"file":89,"line":145,"context":125},{"file":89,"line":145,"context":125},{"file":89,"line":145,"context":125},{"file":89,"line":150,"context":125},252,{"file":89,"line":150,"context":125},{"file":89,"line":150,"context":125},{"file":89,"line":150,"context":125},{"file":89,"line":155,"context":125},253,{"file":89,"line":155,"context":125},{"file":89,"line":155,"context":125},{"file":89,"line":155,"context":125},{"file":89,"line":160,"context":125},291,{"file":89,"line":162,"context":125},294,{"file":89,"line":164,"context":125},314,{"file":89,"line":166,"context":125},315,{"file":89,"line":168,"context":125},316,{"file":89,"line":170,"context":125},319,[],[],{"summary":174,"deductions":175},"The \"wepay-wordpress-plugin\" v1.5 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode and no AJAX handlers or REST API routes. Furthermore, all SQL queries are properly prepared, and there are no known CVEs or historical vulnerabilities, suggesting a generally stable and well-maintained codebase. This history of no reported issues is a strong indicator of good security practices in the past.\n\nHowever, there are significant concerns identified in the static analysis. The presence of the `create_function` is a dangerous function that can lead to remote code execution if not handled with extreme care and proper sanitization, which is notably absent for outputs. A critical finding is that 0% of the 30 output points are properly escaped, posing a high risk of cross-site scripting (XSS) vulnerabilities. The lack of nonce checks on the single shortcode, combined with unescaped output, presents a direct path for malicious actors to inject harmful scripts and potentially exploit the `create_function` if user input can be directed to it.\n\nIn conclusion, while the plugin benefits from a limited attack surface and a clean vulnerability history, the critical findings regarding unescaped output and the use of a dangerous function without apparent safeguards create a substantial security risk. The lack of nonce checks further exacerbates these issues, making it susceptible to XSS attacks. The plugin requires immediate attention to address these critical code-level weaknesses.",[176,179,182,185],{"reason":177,"points":178},"Dangerous function (create_function) used",15,{"reason":180,"points":181},"0% of outputs properly escaped (XSS risk)",18,{"reason":183,"points":184},"No nonce checks on shortcode entry point",8,{"reason":186,"points":187},"External HTTP requests without explicit checks",3,"2026-03-17T00:44:35.857Z",{"wat":190,"direct":200},{"assetPaths":191,"generatorPatterns":194,"scriptPaths":195,"versionParams":197},[192,193],"\u002Fwp-content\u002Fplugins\u002Fwepay-wordpress-plugin\u002Fwepaysdk.php","\u002Fwp-content\u002Fplugins\u002Fwepay-wordpress-plugin\u002Fwepay-assets\u002Fwepay.css",[],[196],"\u002Fwp-content\u002Fplugins\u002Fwepay-wordpress-plugin\u002Fwepay-assets\u002Fwepay.js",[198,199],"wepay-wordpress-plugin\u002Fwepay-assets\u002Fwepay.css?ver=","wepay-wordpress-plugin\u002Fwepay-assets\u002Fwepay.js?ver=",{"cssClasses":201,"htmlComments":203,"htmlAttributes":205,"restEndpoints":216,"jsGlobals":217,"shortcodeOutput":219},[202],"wepay-button",[204],"\u003C!-- Wepay Plugin: You have not set your client ID, client secret and access token yet. Please do so now, click here. -->",[206,207,208,209,210,211,212,213,214,215],"data-wepay-account-id","data-wepay-access-token","data-wepay-client-id","data-wepay-amount","data-wepay-description","data-wepay-fee-payer","data-wepay-type","data-wepay-redirect-uri","data-wepay-email-message","data-wepay-tax",[],[218],"Wepay",[220],"[wepay text=\"Buy Now\" amount=\"1.00\" sdesc=\"testing\" css=\"buttoncss\" feepayer=\"Payee\"]"]