[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fg6Eq3_d50D5SSdUdSJv_vW8qK19TsUZcHlWEnR45Npw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":29,"analysis":30,"fingerprints":88},"woo-tcs-extension","WooTcsShipmentMaker","0.0.0","qasimgulzar","https:\u002F\u002Fprofiles.wordpress.org\u002Fqasimgulzar\u002F","\u003Cp>This plugin is developed to help the ecommerece platform in Pakistan. So they can reduce effort of adding new shipments into tcs and focus into the areas which can really give them benifit in term of revenue.\u003Cbr \u002F>\nWooCommerce Tcs Plugin is using thired party soap api which is exposed by tcs to the developers so they can easily integrate their systems with tcs make workflow more handy.\u003C\u002Fp>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>If you are getting error while intializing SoapClient than please check that if soap client is enabled in your php configurations.\u003C\u002Fp>\n\u003Cp>To enable soap client on ubuntu.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>sudo apt-get install php7.0-soap\nsudo apt-get install php7.0-xml\nphp-config --configure-options --enable-soap\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Stable tag: License: GPLv2 or later License URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html This plugin is develop to integrate WooCommerce store wit …",10,2095,100,1,"2017-10-17T18:52:00.000Z","",[],"http:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fwoocommerce-extension\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-tcs-extension.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},30,84,"2026-04-04T20:35:11.627Z",[],{"attackSurface":31,"codeSignals":73,"taintFlows":80,"riskAssessment":81,"analyzedAt":87},{"hooks":32,"ajaxHandlers":64,"restRoutes":70,"shortcodes":71,"cronEvents":72,"entryPointCount":14,"unprotectedCount":14},[33,39,43,46,51,55,57,61],{"type":34,"name":35,"callback":36,"file":37,"line":38},"filter","woocommerce_settings_tabs_array","anonymous","includes\\WC_TCS_Setting_Tag.php",13,{"type":40,"name":41,"callback":36,"file":37,"line":42},"action","woocommerce_settings_tabs_tcs_settings_tab",14,{"type":40,"name":44,"callback":36,"file":37,"line":45},"woocommerce_update_options_tcs_settings_tab",15,{"type":40,"name":47,"callback":48,"file":49,"line":50},"admin_init","wtcs_ajax_add_actions","index.php",26,{"type":34,"name":52,"callback":53,"file":49,"line":54},"woocommerce_admin_order_actions","woocommerce_admin_order_actions_button",29,{"type":34,"name":52,"callback":56,"file":49,"line":26},"add_order_track_action_button",{"type":40,"name":58,"callback":59,"file":49,"line":60},"admin_head","wtcs_admin_order_actions_button_css",32,{"type":40,"name":58,"callback":62,"file":49,"line":63},"wtcs_add_order_track_action_button_css",33,[65],{"action":66,"nopriv":67,"callback":68,"hasNonce":67,"hasCapCheck":67,"file":49,"line":69},"create_tcs_shipment",false,"wtcs_create_tcs_shipment",31,[],[],[],{"dangerousFunctions":74,"sqlUsage":75,"outputEscaping":77,"fileOperations":21,"externalRequests":21,"nonceChecks":21,"capabilityChecks":21,"bundledLibraries":79},[],{"prepared":21,"raw":21,"locations":76},[],{"escaped":21,"rawEcho":21,"locations":78},[],[],[],{"summary":82,"deductions":83},"The \"woo-tcs-extension\" v0.0.0 plugin exhibits a mixed security posture. On the positive side, the code signals indicate a strong adherence to secure coding practices. There are no dangerous functions, all SQL queries use prepared statements, and all output is properly escaped. Furthermore, there are no file operations, external HTTP requests, or bundled libraries that could introduce vulnerabilities. This suggests that the developers have a good understanding of fundamental WordPress security. \n\nHowever, a significant concern arises from the attack surface analysis. The plugin has one AJAX handler that lacks any authentication checks. This creates a direct entry point for unauthenticated users to interact with the plugin, potentially leading to unintended actions or information disclosure if not handled with extreme care within the AJAX function itself. The absence of any recorded vulnerabilities in its history is a positive indicator, but it doesn't negate the immediate risk posed by the unprotected AJAX endpoint. \n\nIn conclusion, while the plugin demonstrates good internal coding hygiene, the presence of an unprotected AJAX handler represents a critical security weakness. This single vulnerability significantly elevates the risk profile, as it provides a direct avenue for attackers. The lack of vulnerability history is reassuring but should not lead to complacency, especially given this identifiable flaw. The plugin's security can be significantly improved by implementing proper authentication and authorization checks on its AJAX endpoint.",[84],{"reason":85,"points":86},"Unprotected AJAX handler",8,"2026-03-17T00:12:45.053Z",{"wat":89,"direct":96},{"assetPaths":90,"generatorPatterns":93,"scriptPaths":94,"versionParams":95},[91,92],"\u002Fwp-content\u002Fplugins\u002Fwoo-tcs-extension\u002Fincludes\u002Ftcs-soap-driver.php","\u002Fwp-content\u002Fplugins\u002Fwoo-tcs-extension\u002Fincludes\u002FWC_TCS_Setting_Tag.php",[],[],[],{"cssClasses":97,"htmlComments":100,"htmlAttributes":101,"restEndpoints":102,"jsGlobals":103,"shortcodeOutput":104},[98,99],"create_consignment","tracking",[],[],[],[],[]]