[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffvyrtWsFvA60gmu1GXpV24Z2Hz9vhJe8R_PA89C-R8o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":37,"fingerprints":101},"wooheat","wooHeat!","1.4","uiux","https:\u002F\u002Fprofiles.wordpress.org\u002Fuiux\u002F","\u003Cp>wooHeat! has been designed to give woocommerce store owners the ability to add heat ratings to their products. Once your products have a heat ratings, customers can sort products by heat rating – hottest to mildest.\u003C\u002Fp>\n\u003Cp>You can choose between using the Scoville heat units or the basic heat rating when users sort by heat.\u003C\u002Fp>\n","A Woocommerce Plugin for adding Heat Ratings to products allowing items to be sorted by their heat rating.",10,1359,0,"2020-10-08T08:46:00.000Z","5.5.18","4.0","",[19,20,21],"chilli","heat-rating","woo-commerce-product-sorting","https:\u002F\u002Fuiux.me\u002Fwooheat","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwooheat.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":29,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"UIUX Lab",14,740,92,32,82,"2026-04-05T01:23:24.164Z",[],{"attackSurface":38,"codeSignals":75,"taintFlows":88,"riskAssessment":89,"analyzedAt":100},{"hooks":39,"ajaxHandlers":68,"restRoutes":69,"shortcodes":70,"cronEvents":73,"entryPointCount":74,"unprotectedCount":13},[40,46,49,54,58,61,65],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","woocommerce_product_options_general_product_data","wc_woo_heat_field","classes\\wooheat.php",9,{"type":41,"name":47,"callback":48,"file":44,"line":11},"save_post","woo_heat_save_product",{"type":50,"name":51,"callback":52,"file":44,"line":53},"filter","woocommerce_get_catalog_ordering_args","woo_heat_add_postmeta_ordering_args",11,{"type":50,"name":55,"callback":56,"file":44,"line":57},"woocommerce_default_catalog_orderby_options","woo_heat_add_new_postmeta_orderby",12,{"type":50,"name":59,"callback":56,"file":44,"line":60},"woocommerce_catalog_orderby",13,{"type":41,"name":62,"callback":63,"file":64,"line":53},"admin_menu","wooheat_plugin_setup","classes\\wooheat_options.php",{"type":41,"name":66,"callback":67,"file":64,"line":57},"admin_init","wooheat_plugin_register_settings",[],[],[71],{"tag":4,"callback":72,"file":44,"line":30},"woo_heat_shortcodes",[],1,{"dangerousFunctions":76,"sqlUsage":77,"outputEscaping":79,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":87},[],{"prepared":13,"raw":13,"locations":78},[],{"escaped":13,"rawEcho":80,"locations":81},2,[82,85],{"file":64,"line":83,"context":84},74,"raw output",{"file":64,"line":86,"context":84},75,[],[],{"summary":90,"deductions":91},"The \"wooheat\" v1.4 plugin exhibits a generally good security posture based on the provided static analysis and vulnerability history.  The plugin demonstrates no known critical or high-severity vulnerabilities, and a clean record of past security issues. The attack surface is minimal, with only one shortcode identified and no AJAX handlers or REST API routes lacking proper authentication or permission checks. Furthermore, all SQL queries are reported to use prepared statements, and there are no identified file operations or external HTTP requests, which are common vectors for exploitation. The absence of dangerous functions and taint analysis results also suggests a well-written codebase in these regards.\n\nHowever, the static analysis does highlight a significant concern regarding output escaping. With two total outputs and 0% properly escaped, there is a high risk of cross-site scripting (XSS) vulnerabilities. Any data outputted by the plugin that is not properly escaped can be exploited by attackers to inject malicious scripts into web pages viewed by other users. The complete absence of nonce checks and capability checks, while not immediately indicative of a vulnerability given the limited attack surface, removes crucial layers of defense that are standard practice for securing plugin functionality, especially if the attack surface were to expand in future versions or if the existing shortcode interacts with user-supplied data in sensitive ways.",[92,95,98],{"reason":93,"points":94},"No output escaping detected",6,{"reason":96,"points":97},"No nonce checks",3,{"reason":99,"points":97},"No capability checks","2026-03-17T00:43:31.246Z",{"wat":102,"direct":107},{"assetPaths":103,"generatorPatterns":104,"scriptPaths":105,"versionParams":106},[],[],[],[],{"cssClasses":108,"htmlComments":109,"htmlAttributes":110,"restEndpoints":114,"jsGlobals":115,"shortcodeOutput":116},[],[],[111,112,113],"woo_heat","woo_heat_scoville","woo_heat_orderby",[],[],[117,118],"[wooheat rating]","[wooheat scoville]"]