[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fq0DnrWF1IM4H9FxiOiPucXb-WLW3B75PZ179m4gxfXQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":34,"analysis":35,"fingerprints":123},"whmcs-doali-elementor","Whmcs Doali to Elementor","4.2.2","Yossi Haephrati","https:\u002F\u002Fprofiles.wordpress.org\u002Foyosh\u002F","\u003Cp>This is a WordPress plugin that allow sync Elementor forms with WHMCS Billing and Doali email marketing\u003Cbr \u002F>\nFor more documentation please see https:\u002F\u002Fwww.whmcs.me\u002Fproduct\u002Fwhmcs-doali-to-elementor\u002F and https:\u002F\u002Fwww.doali.co.il\u002Fwordpress\u003Cbr \u002F>\nTo Create a New Doali user: https:\u002F\u002Fwww.doali.co.il\u002Fsignup\u003C\u002Fp>\n\u003Cp>Use Whmcs Doali to Elementor to add a new client to Whmcs and Doali. This Plugin will allow your clients register and get your product from one simple web form you can embedded anywhere you like.\u003Cbr \u002F>\nThis module help you get a more new purchases on WHMCS. Because it simplify the process to few easy clicks and Done.\u003Cbr \u002F>\nThe Basic pack will allow you to add new client to Whmcs billing and to Doali email marketing, easy and safe.\u003Cbr \u002F>\nYou can then create autoresponders, quotes, orders, invoices, tickets and more…\u003C\u002Fp>\n\u003Ch3>Whmcs Doali to Elementor\u003C\u002Fh3>\n\u003Cp>Contributors: emilion – Yossi Haephrati\u003Cbr \u002F>\nDonate link: https:\u002F\u002Fwww.whmcs.me\u002Fproduct\u002Fwhmcs-doali-to-elementor\u002F\u003Cbr \u002F>\nTags: doali, whmcs, elmentor\u003Cbr \u002F>\nLicense: GPLv2 or later\u003Cbr \u002F>\nLicense URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html\u003Cbr \u002F>\nRequires at least: 4.9.8\u003Cbr \u002F>\nTested up to: 6.6.2\u003Cbr \u002F>\nStable tag: 4.2.3\u003Cbr \u002F>\nShort Description: Our Plugin for syncing Elementor forms with WHMCS Billing and Doali email marketing.\u003C\u002Fp>\n","This is a WordPress plugin that allow sync Elementor forms with WHMCS Billing and Doali email marketing",50,5679,100,4,"2024-10-07T22:21:00.000Z","",[],"https:\u002F\u002Fwww.whmcs.me\u002Fproduct\u002Fwhmcs-doali-to-elementor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhmcs-doali-elementor.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":27,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"oyosh","mitcho (Michael Yoshitaka Erlewine)",16,5970,90,30,87,"2026-04-04T18:15:53.362Z",[],{"attackSurface":36,"codeSignals":78,"taintFlows":108,"riskAssessment":109,"analyzedAt":122},{"hooks":37,"ajaxHandlers":74,"restRoutes":75,"shortcodes":76,"cronEvents":77,"entryPointCount":21,"unprotectedCount":21},[38,44,45,47,49,51,56,61,64,68,71],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","elementor_pro\u002Finit","closure","functions.php",8,{"type":39,"name":40,"callback":41,"file":42,"line":28},{"type":39,"name":40,"callback":41,"file":42,"line":46},24,{"type":39,"name":40,"callback":41,"file":42,"line":48},32,{"type":39,"name":40,"callback":41,"file":42,"line":50},40,{"type":39,"name":52,"callback":53,"file":54,"line":55},"elementor\u002Ffrontend\u002Fafter_register_scripts","widget_scripts","plugin.php",93,{"type":39,"name":57,"callback":58,"file":59,"line":60},"init","i18n","whmcs-doali-to-elementor.php",60,{"type":39,"name":62,"callback":57,"file":59,"line":63},"plugins_loaded",63,{"type":39,"name":65,"callback":66,"file":59,"line":67},"admin_notices","admin_notice_missing_main_plugin",95,{"type":39,"name":65,"callback":69,"file":59,"line":70},"admin_notice_minimum_elementor_version",101,{"type":39,"name":65,"callback":72,"file":59,"line":73},"admin_notice_minimum_php_version",107,[],[],[],[],{"dangerousFunctions":79,"sqlUsage":80,"outputEscaping":82,"fileOperations":21,"externalRequests":106,"nonceChecks":21,"capabilityChecks":21,"bundledLibraries":107},[],{"prepared":21,"raw":21,"locations":81},[],{"escaped":83,"rawEcho":84,"locations":85},120,10,[86,90,91,93,94,96,97,100,102,104],{"file":87,"line":88,"context":89},"widgets\\whmcs-addclient.php",135,"raw output",{"file":87,"line":88,"context":89},{"file":87,"line":92,"context":89},136,{"file":87,"line":92,"context":89},{"file":87,"line":95,"context":89},137,{"file":87,"line":95,"context":89},{"file":98,"line":99,"context":89},"widgets\\whmcs-doali.php",183,{"file":98,"line":101,"context":89},187,{"file":98,"line":103,"context":89},191,{"file":98,"line":105,"context":89},195,11,[],[],{"summary":110,"deductions":111},"The \"whmcs-doali-elementor\" plugin, in version 4.2.2, exhibits a generally strong security posture based on the provided static analysis. The absence of any recorded CVEs, coupled with a lack of critical or high-severity findings in the taint analysis, is a positive indicator. The code demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output, which significantly mitigates common web application vulnerabilities like SQL injection and cross-site scripting (XSS).  The plugin also avoids common attack vectors by having no exposed AJAX handlers, REST API routes, shortcodes, or cron events without proper checks, and it doesn't appear to use dangerous functions or perform file operations that could be exploited.\n\nHowever, there are areas that warrant attention. The complete lack of nonce checks and capability checks across all entry points (though the entry point count is zero) is a notable concern. If the attack surface were to increase or be discovered in the future, this would leave the plugin highly vulnerable. Furthermore, the plugin makes 11 external HTTP requests, which, without further inspection of their implementation (e.g., sanitization of URLs, validation of responses), could potentially introduce risks like SSRF (Server-Side Request Forgery) or lead to communication with compromised external services.\n\nIn conclusion, the plugin is well-engineered in terms of core security practices like SQL and output handling, and it has a clean vulnerability history. This suggests a developer conscious of security. The primary weaknesses lie in the complete absence of authorization and security checks for any potential future entry points and the inherent risks associated with numerous external HTTP requests, which are not explicitly detailed for their security controls in this analysis. While the current attack surface appears minimal and protected by obscurity, a more robust implementation would include explicit security checks for all interactions.",[112,114,116,119],{"reason":113,"points":84},"No nonce checks",{"reason":115,"points":84},"No capability checks",{"reason":117,"points":118},"11 external HTTP requests (potential risk)",5,{"reason":120,"points":121},"92% output escaping (some unescaped output)",3,"2026-03-16T21:53:26.841Z",{"wat":124,"direct":129},{"assetPaths":125,"generatorPatterns":126,"scriptPaths":127,"versionParams":128},[],[],[],[],{"cssClasses":130,"htmlComments":131,"htmlAttributes":132,"restEndpoints":133,"jsGlobals":134,"shortcodeOutput":135},[],[],[],[],[],[]]