[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMvcYUN_EyF9UPaSE72Uj7qjhZc6aHrV62daibKO2VJM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":13,"requires_php":13,"tags":15,"homepage":20,"download_link":21,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":51,"fingerprints":107},"wooproduct-discount-period","WooProduct Discount period","1.0","saiful.total","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaifultotal\u002F","\u003Cp>If you went to create a price schedule product addon like special product sale service offer which is certain time period.\u003Cbr \u002F>\nMajor features in WooProduct Discount Period:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Shortcode options with custom query.\u003C\u002Fli>\n\u003Cli>Easy edit your title and contents and images.\u003C\u002Fli>\n\u003Cli>unlimited image and gallery.\u003C\u002Fli>\n\u003Cli>and finally view a nice modern design..\u003C\u002Fli>\n\u003Cli>It’s totally bug free and check to wp debug true.\u003C\u002Fli>\n\u003C\u002Ful>\n","Contributors: saiful.total Tags: woocommerce sale price, sales price with time, woocommerce price addon, woocommerce price schedule etc; Requires at &hellip;",0,955,"","5.2.24",[16,17,18,19],"sales-price-with-time","woocommerce-price-addon","woocommerce-price-schedule-etc","woocommerce-sale-price","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwooproduct-discount-period","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwooproduct-discount-period.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"saifultotal",3,80,92,30,88,"2026-04-04T18:16:00.841Z",[35],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":11,"downloaded":43,"rating":22,"num_ratings":44,"last_updated":13,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":49,"download_link":50,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"smntcs-show-sale-price-date-for-woocommerce","SMNTCS Show Sale Price Date for WooCommerce","1.8","Niels Lange","https:\u002F\u002Fprofiles.wordpress.org\u002Fnielslange\u002F","\u003Cp>Show WooCommerce sale prices date on shopping page.\u003C\u002Fp>\n\u003Ch3>Filter\u003C\u002Fh3>\n\u003Ch3>Adjust date format:\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>add_filter( 'sale_date_format', 'my_custom_sale_date_format' );\nfunction my_custom_sale_date_format() {\n    return 'r';\n}\u003Ch3>Adjust label:\u003C\u002Fh3>\nadd_filter( 'sale_date_label', 'my_custom_sale_date_label' );\nfunction my_custom_sale_date_label() {\n    return 'Valid until';\n}\u003Ch3>Contribute\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Contributions are always welcome. Simply head over to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-show-sale-price-date-for-woocommerce\" rel=\"nofollow ugc\">Github\u003C\u002Fa> and create an issue or open a pull request.\u003C\u002Fp>\n","Show WooCommerce sale prices date on shopping page.",2110,1,"6.7.5","5.3","5.6",[19],"https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-show-sale-price-date-for-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmntcs-show-sale-price-date-for-woocommerce.1.8.zip",{"attackSurface":52,"codeSignals":76,"taintFlows":94,"riskAssessment":95,"analyzedAt":106},{"hooks":53,"ajaxHandlers":68,"restRoutes":69,"shortcodes":70,"cronEvents":75,"entryPointCount":44,"unprotectedCount":11},[54,60,64],{"type":55,"name":56,"callback":57,"file":58,"line":59},"action","admin_menu","nss_addmin_meue","nss_wooprice_discount.php",15,{"type":55,"name":61,"callback":62,"file":58,"line":63},"admin_init","nss_page_init",16,{"type":55,"name":65,"callback":66,"file":67,"line":31},"wp_enqueue_scripts","closure","nss_woo_sales.php",[],[],[71],{"tag":72,"callback":73,"file":58,"line":74},"nss_showing_discount_product","nss_discountproduct_items",13,[],{"dangerousFunctions":77,"sqlUsage":78,"outputEscaping":80,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":93},[],{"prepared":11,"raw":11,"locations":79},[],{"escaped":81,"rawEcho":82,"locations":83},2,4,[84,87,89,91],{"file":58,"line":85,"context":86},35,"raw output",{"file":58,"line":88,"context":86},145,{"file":58,"line":90,"context":86},156,{"file":58,"line":92,"context":86},164,[],[],{"summary":96,"deductions":97},"The \"wooproduct-discount-period\" plugin v1.0 presents a mixed security posture.  On the positive side, it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no known vulnerabilities or CVEs.  Furthermore, the static analysis reveals no external HTTP requests or file operations, and zero taint flows, indicating a limited potential for certain classes of attacks.  However, significant concerns exist regarding output escaping and the lack of explicit capability checks or nonce verification on its single shortcode entry point.\n\nDespite a clean vulnerability history, the insufficient output escaping is a notable weakness.  With only 33% of outputs properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered without proper sanitization.  The absence of nonce checks and capability checks on the shortcode, while not directly indicative of a vulnerability without further context on what the shortcode does, represents a missed opportunity to enforce authorization and prevent unintended actions, especially if the shortcode interacts with sensitive data or functionality.\n\nIn conclusion, while the plugin appears to have a low attack surface and a clean track record, the lack of robust output escaping and authorization checks on its entry point are critical areas of concern that could be exploited.  A thorough review of the shortcode's implementation is recommended to identify and mitigate potential XSS and authorization bypass vulnerabilities.",[98,101,104],{"reason":99,"points":100},"Unescaped output",8,{"reason":102,"points":103},"Missing capability checks",5,{"reason":105,"points":103},"Missing nonce checks","2026-03-17T05:58:01.747Z",{"wat":108,"direct":114},{"assetPaths":109,"generatorPatterns":111,"scriptPaths":112,"versionParams":113},[110],"\u002Fwp-content\u002Fplugins\u002Fwooproduct-discount-period\u002Fcss\u002Fnss_woo_style.css",[],[],[],{"cssClasses":115,"htmlComments":118,"htmlAttributes":119,"restEndpoints":121,"jsGlobals":122,"shortcodeOutput":123},[116,117],"nss_woo_product_main","nss_price_cart",[],[120],"name=\"nss_option_page_item[nss_number_of_page]\"",[],[],[124,125],"[nss_showing_discount_product]","[add_to_cart"]