[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fL3CrFCpb_AIMaZONQ9BuZ3_9ecfAJenO0KAC088-XVw":3,"$f8GOyGECFxmHvxCvAyVyhuHiCp5FNR-S7d3AcPSyaVxs":323,"$f38B3pGKDFQ_MpK8s-HBqZtomWba-i3No-0OBrIMSB-8":327},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":35,"analysis":36,"fingerprints":293},"willing2buy","Willing2Buy Price Suggestion","1.0","medmatech","https:\u002F\u002Fprofiles.wordpress.org\u002Fmedmatech\u002F","\u003Cp>This WP plugin allows customers to suggest price for products listed on your ecommerce store. The plugin is useful when you want to know at what price the buyers are willing to buy your products? So, the plugin can help you in fixing the price of your products neither too low nor too high and hence can help in matching the expectations of shoppers. Once this plugin is installed, any website visitor can suggest his own price for any product. The plugin displays the average price suggested by all the customers for each product in the Admin area.\u003C\u002Fp>\n","The plugin helps Admin to collect price suggestions from customers for products listed on Wordpress (Woocommerce) store.",0,1021,100,1,"2017-04-28T10:59:00.000Z","4.7.33","4.4","",[20,21,22,23,24],"price-suggestion","product-price-suggestion","suggest-product-price","suggest-your-price-for-product","woocommerce-price-suggestion","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwilling2buy.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,84,"2026-05-20T04:47:16.059Z",[],{"attackSurface":37,"codeSignals":126,"taintFlows":170,"riskAssessment":279,"analyzedAt":292},{"hooks":38,"ajaxHandlers":105,"restRoutes":120,"shortcodes":121,"cronEvents":122,"entryPointCount":125,"unprotectedCount":125},[39,45,48,53,58,62,66,71,75,79,82,85,89,93,97,101,103],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","admin_menu","plugin_admin_menu","class-email-format.php",38,{"type":40,"name":41,"callback":42,"file":46,"line":47},"class-medma-willing-home.php",24,{"type":40,"name":49,"callback":50,"file":51,"line":52},"woocommerce_product_options_general_product_data","woo_add_custom_general_fields","class-suggest-price.php",26,{"type":40,"name":54,"callback":55,"priority":56,"file":51,"line":57},"woocommerce_process_product_meta","woo_add_custom_general_fields_save",20,29,{"type":40,"name":41,"callback":59,"file":60,"line":61},"createMainMenuWilling","index.php",18,{"type":40,"name":63,"callback":64,"file":60,"line":65},"wp","cronstarter_activation",44,{"type":67,"name":68,"callback":69,"file":60,"line":70},"filter","wp_mail_content_type","set_html_content_type",70,{"type":40,"name":72,"callback":73,"file":60,"line":74},"mycronjob","my_repeat_function",83,{"type":67,"name":76,"callback":77,"file":60,"line":78},"cron_schedules","cron_add_weekly",94,{"type":67,"name":76,"callback":80,"file":60,"line":81},"cron_add_minute",106,{"type":67,"name":76,"callback":83,"file":60,"line":84},"cron_add_custom_seconds",120,{"type":40,"name":86,"callback":87,"priority":56,"file":60,"line":88},"woocommerce_single_product_summary","add_custom_field",156,{"type":40,"name":90,"callback":91,"file":60,"line":92},"wp_footer","foot_popup_suggest_price",272,{"type":40,"name":94,"callback":95,"file":60,"line":96},"wp_head","head_popup_suggest_price",273,{"type":40,"name":98,"callback":99,"file":60,"line":100},"plugins_loaded","get_instance",341,{"type":40,"name":98,"callback":99,"file":60,"line":102},350,{"type":40,"name":98,"callback":99,"file":60,"line":104},360,[106,111,114,118],{"action":107,"nopriv":108,"callback":109,"hasNonce":108,"hasCapCheck":108,"file":60,"line":110},"submit_price",false,"submitSuggestedPrice",277,{"action":107,"nopriv":112,"callback":109,"hasNonce":108,"hasCapCheck":108,"file":60,"line":113},true,278,{"action":115,"nopriv":108,"callback":116,"hasNonce":108,"hasCapCheck":108,"file":60,"line":117},"update_user_name_email","updateUserNameEmail",282,{"action":115,"nopriv":108,"callback":116,"hasNonce":108,"hasCapCheck":108,"file":60,"line":119},283,[],[],[123],{"hook":72,"callback":72,"file":60,"line":124},40,4,{"dangerousFunctions":127,"sqlUsage":128,"outputEscaping":142,"fileOperations":11,"externalRequests":11,"nonceChecks":14,"capabilityChecks":143,"bundledLibraries":169},[],{"prepared":129,"raw":130,"locations":131},6,5,[132,135,137,138,140],{"file":51,"line":133,"context":134},58,"$wpdb->get_results() with variable interpolation",{"file":51,"line":136,"context":134},59,{"file":51,"line":74,"context":134},{"file":51,"line":139,"context":134},132,{"file":60,"line":141,"context":134},52,{"escaped":143,"rawEcho":144,"locations":145},2,11,[146,149,151,153,155,157,159,161,163,165,167],{"file":43,"line":147,"context":148},118,"raw output",{"file":43,"line":150,"context":148},137,{"file":46,"line":152,"context":148},454,{"file":51,"line":154,"context":148},49,{"file":51,"line":156,"context":148},62,{"file":51,"line":158,"context":148},67,{"file":51,"line":160,"context":148},99,{"file":60,"line":162,"context":148},168,{"file":60,"line":164,"context":148},178,{"file":60,"line":166,"context":148},216,{"file":60,"line":168,"context":148},251,[],[171,232,258,271],{"entryPoint":172,"graph":173,"unsanitizedCount":11,"severity":231},"suggest_email_format (class-email-format.php:57)",{"nodes":174,"edges":223},[175,180,185,189,191,195,197,200,202,206,208,212,216,219],{"id":176,"type":177,"label":178,"file":43,"line":179},"n0","source","$_POST['suggest_subject']",64,{"id":181,"type":182,"label":183,"file":43,"line":179,"wp_function":184},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":186,"type":177,"label":187,"file":43,"line":188},"n2","$_POST['suggest_message']",71,{"id":190,"type":182,"label":183,"file":43,"line":188,"wp_function":184},"n3",{"id":192,"type":177,"label":193,"file":43,"line":194},"n4","$_POST['suggest_status']",78,{"id":196,"type":182,"label":183,"file":43,"line":194,"wp_function":184},"n5",{"id":198,"type":177,"label":199,"file":43,"line":33},"n6","$_POST['cron_event']",{"id":201,"type":182,"label":183,"file":43,"line":33,"wp_function":184},"n7",{"id":203,"type":177,"label":204,"file":43,"line":205},"n8","$_POST['custom_time']",90,{"id":207,"type":182,"label":183,"file":43,"line":205,"wp_function":184},"n9",{"id":209,"type":177,"label":210,"file":43,"line":211},"n10","$_GET['page']",95,{"id":213,"type":182,"label":214,"file":43,"line":211,"wp_function":215},"n11","wp_redirect() [Open Redirect]","wp_redirect",{"id":217,"type":177,"label":210,"file":43,"line":218},"n12",101,{"id":220,"type":182,"label":221,"file":43,"line":218,"wp_function":222},"n13","echo() [XSS]","echo",[224,225,226,227,228,229,230],{"from":176,"to":181,"sanitized":112},{"from":186,"to":190,"sanitized":112},{"from":192,"to":196,"sanitized":112},{"from":198,"to":201,"sanitized":112},{"from":203,"to":207,"sanitized":112},{"from":209,"to":213,"sanitized":112},{"from":217,"to":220,"sanitized":112},"low",{"entryPoint":233,"graph":234,"unsanitizedCount":11,"severity":231},"\u003Cclass-email-format> (class-email-format.php:0)",{"nodes":235,"edges":250},[236,237,238,239,240,241,242,243,244,245,246,247,248,249],{"id":176,"type":177,"label":178,"file":43,"line":179},{"id":181,"type":182,"label":183,"file":43,"line":179,"wp_function":184},{"id":186,"type":177,"label":187,"file":43,"line":188},{"id":190,"type":182,"label":183,"file":43,"line":188,"wp_function":184},{"id":192,"type":177,"label":193,"file":43,"line":194},{"id":196,"type":182,"label":183,"file":43,"line":194,"wp_function":184},{"id":198,"type":177,"label":199,"file":43,"line":33},{"id":201,"type":182,"label":183,"file":43,"line":33,"wp_function":184},{"id":203,"type":177,"label":204,"file":43,"line":205},{"id":207,"type":182,"label":183,"file":43,"line":205,"wp_function":184},{"id":209,"type":177,"label":210,"file":43,"line":211},{"id":213,"type":182,"label":214,"file":43,"line":211,"wp_function":215},{"id":217,"type":177,"label":210,"file":43,"line":218},{"id":220,"type":182,"label":221,"file":43,"line":218,"wp_function":222},[251,252,253,254,255,256,257],{"from":176,"to":181,"sanitized":112},{"from":186,"to":190,"sanitized":112},{"from":192,"to":196,"sanitized":112},{"from":198,"to":201,"sanitized":112},{"from":203,"to":207,"sanitized":112},{"from":209,"to":213,"sanitized":112},{"from":217,"to":220,"sanitized":112},{"entryPoint":259,"graph":260,"unsanitizedCount":143,"severity":270},"woo_add_custom_general_fields (class-suggest-price.php:47)",{"nodes":261,"edges":268},[262,265],{"id":176,"type":177,"label":263,"file":51,"line":264},"$_GET (x2)",56,{"id":181,"type":182,"label":266,"file":51,"line":133,"wp_function":267},"get_results() [SQLi]","get_results",[269],{"from":176,"to":181,"sanitized":108},"high",{"entryPoint":272,"graph":273,"unsanitizedCount":143,"severity":270},"\u003Cclass-suggest-price> (class-suggest-price.php:0)",{"nodes":274,"edges":277},[275,276],{"id":176,"type":177,"label":263,"file":51,"line":264},{"id":181,"type":182,"label":266,"file":51,"line":133,"wp_function":267},[278],{"from":176,"to":181,"sanitized":108},{"summary":280,"deductions":281},"The \"willing2buy\" v1.0 plugin exhibits a concerning security posture due to a significant number of unprotected entry points. While the absence of dangerous functions, external HTTP requests, and file operations is positive, the presence of four AJAX handlers without authentication checks is a major security flaw.  The taint analysis revealing two flows with unsanitized paths, classified as high severity, further exacerbates this risk, suggesting potential for unauthorized data manipulation or execution.\n\nFurthermore, the low percentage of properly escaped output (15%) indicates a high likelihood of cross-site scripting (XSS) vulnerabilities.  Despite having no recorded CVEs, the inherent weaknesses in input validation and output sanitization create a fertile ground for exploitation.  The plugin's lack of a strong security history, while seemingly good, could simply mean it hasn't been thoroughly analyzed or targeted yet.  The presence of a single nonce check and two capability checks are insufficient to secure the identified unprotected AJAX handlers.\n\nIn conclusion, \"willing2buy\" v1.0 has critical security weaknesses. The unprotected AJAX endpoints combined with unsanitized taint flows and poor output escaping pose a substantial risk to WordPress sites.  Immediate attention is required to implement proper authentication, authorization, and sanitization measures for all AJAX handlers, and to address the output escaping issues.",[282,284,287,290],{"reason":283,"points":56},"4 AJAX handlers without auth checks",{"reason":285,"points":286},"2 flows with unsanitized paths (high severity)",15,{"reason":288,"points":289},"Low output escaping (15%)",10,{"reason":291,"points":130},"1 nonce check is insufficient for 4 AJAX handlers","2026-03-17T06:52:51.948Z",{"wat":294,"direct":303},{"assetPaths":295,"generatorPatterns":300,"scriptPaths":301,"versionParams":302},[296,297,298,299],"\u002Fwp-content\u002Fplugins\u002Fwilling2buy\u002Fcss\u002Fsuggest_mycss.css","\u002Fwp-content\u002Fplugins\u002Fwilling2buy\u002Fcss\u002Fsuggest_custom.css","\u002Fwp-content\u002Fplugins\u002Fwilling2buy\u002Fcss\u002Ffont-awesome_4.1.0\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fwilling2buy\u002Fjs\u002Fsuggest_custom.js",[],[299],[],{"cssClasses":304,"htmlComments":313,"htmlAttributes":314,"restEndpoints":318,"jsGlobals":320,"shortcodeOutput":322},[305,306,307,308,309,310,311,312],"suggestPriceLink","suggest-product-id","fa-comment","suggestPriceForm","suggest-input-type","err-txt","nameEmailForm","notification",[],[315,316,317],"data-suggest-id","data-value","aria-hidden=\"true\"",[319],"\u002Fwp-admin\u002Fadmin-ajax.php",[321],"ajax_url",[],{"error":112,"url":324,"statusCode":325,"statusMessage":326,"message":326},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwilling2buy\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":11,"versions":328},[]]