[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f69xWGTfOhCZwd5W_a-egohi_WdxyJwFPFuiLOgrRq30":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":292},"wp-commerce7","Commerce7 for WordPress","1.6.3","Michael Bourne","https:\u002F\u002Fprofiles.wordpress.org\u002Fmichaelbourne\u002F","\u003Cp>A free plugin for Commerce7 customers who wish to integrate their javascript widgets into a WordPress site. Commerce7 is a state of the art SaaS platform for breweries and wineries to offer modern DTC ecommerce solutions. It also offers a point of sale software, clubs, CRM, and tasting room reservations. This plugin is being used by hundreds of wineries around the world to easily add Commerce7 to their website.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically create the needed pages and pass-through redirects for proper Commerce7 Integration\u003C\u002Fli>\n\u003Cli>Embed Commerce7 widgets into any page through the use of shortcodes or pagebuilder elements\u003C\u002Fli>\n\u003Cli>Full integration with popular pagebuilders like Cornerstone, Elementor, Beaver Builder, and WPBakery\u003C\u002Fli>\n\u003Cli>Full integration with Gutenberg\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin relies on a third party service for it’s functionality provided by \u003Ca href=\"https:\u002F\u002Fcommerce7.com\u002F\" rel=\"nofollow ugc\">Commerce7\u003C\u002Fa>. As an ecommerce solution, an SSL certificate is required on your website. Your privacy policy should be ammended to include the use of third party software for order processing.\u003C\u002Fp>\n\u003Cp>Read the \u003Ca href=\"https:\u002F\u002Fc7wp.com\" rel=\"nofollow ugc\">Commerce7 for WordPress\u003C\u002Fa> website to get started.\u003C\u002Fp>\n\u003Ch3>Plugin Removal\u003C\u002Fh3>\n\u003Cp>Removing this plugin will render your widgets and\u002For blocks inactive, but will not remove them or the pages created. Be sure to clean out all pages of Commerce7 content if removing.\u003C\u002Fp>\n","Add Commerce7 to your WordPress site easily!",900,15225,100,1,"2026-01-27T21:39:00.000Z","6.9.4","6.0","7.4",[20],"commerce7","https:\u002F\u002Fc7wp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-commerce7.1.6.3.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"michaelbourne",2,10900,95,10,91,"2026-04-04T10:04:19.158Z",[],{"attackSurface":37,"codeSignals":183,"taintFlows":285,"riskAssessment":286,"analyzedAt":291},{"hooks":38,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":180,"entryPointCount":14,"unprotectedCount":23},[39,45,49,52,55,59,62,67,73,75,79,83,86,90,94,98,102,105,109,113,117,121,125,128,131,135,138,143,147,150,153,158,162,165,167,170],{"type":40,"name":41,"callback":42,"priority":32,"file":43,"line":44},"action","upgrader_process_complete","c7wp_upgrade_function","commerce7-for-wordpress.php",139,{"type":40,"name":46,"callback":47,"file":43,"line":48},"admin_notices","c7wp_admin_notice_pages",269,{"type":40,"name":46,"callback":50,"file":43,"line":51},"closure",355,{"type":40,"name":53,"callback":53,"file":43,"line":54},"c7wp_fetch_remote_notices",391,{"type":40,"name":56,"callback":57,"file":43,"line":58},"admin_init","c7wp_display_remote_notices",394,{"type":40,"name":56,"callback":60,"file":43,"line":61},"c7wp_handle_notice_dismissal",412,{"type":63,"name":64,"callback":50,"file":65,"line":66},"filter","aioseo_canonical_url","includes\\aioseo\\load.php",20,{"type":40,"name":68,"callback":69,"priority":70,"file":71,"line":72},"admin_menu","add_admin_menu",99,"includes\\class-c7wp.php",63,{"type":40,"name":56,"callback":56,"file":71,"line":74},66,{"type":40,"name":76,"callback":77,"file":71,"line":78},"init","public_init",69,{"type":63,"name":80,"callback":81,"file":71,"line":82},"query_vars","register_query_vars",72,{"type":40,"name":76,"callback":84,"file":71,"line":85},"load_elements",75,{"type":40,"name":87,"callback":88,"file":71,"line":89},"after_setup_theme","load_cs_elements",76,{"type":40,"name":91,"callback":92,"file":71,"line":93},"elementor\u002Fwidgets\u002Fregister","c7wp_elementor_registered",77,{"type":40,"name":95,"callback":96,"file":71,"line":97},"elementor\u002Felements\u002Fcategories_registered","c7wp_add_elementor_widget_categories",78,{"type":63,"name":99,"callback":100,"priority":32,"file":71,"line":101},"block_categories_all","c7wp_block_categories",79,{"type":40,"name":103,"callback":103,"file":71,"line":104},"admin_enqueue_scripts",82,{"type":40,"name":106,"callback":107,"file":71,"line":108},"elementor\u002Feditor\u002Fbefore_enqueue_scripts","elementor_editor_enqueue_scripts",83,{"type":40,"name":110,"callback":111,"file":71,"line":112},"elementor\u002Ffrontend\u002Fafter_enqueue_scripts","elementor_frontend_assets_fallback",84,{"type":40,"name":87,"callback":114,"priority":115,"file":71,"line":116},"load_c7_css",9,85,{"type":63,"name":118,"callback":119,"file":71,"line":120},"body_class","add_body_class",86,{"type":40,"name":122,"callback":123,"priority":32,"file":71,"line":124},"wp_enqueue_scripts","enqueue_scripts",89,{"type":40,"name":126,"callback":123,"priority":32,"file":71,"line":127},"wp_enqueue_scripts_clean",90,{"type":63,"name":129,"callback":130,"priority":32,"file":71,"line":33},"script_loader_tag","add_data_to_c7_script",{"type":40,"name":132,"callback":133,"file":71,"line":134},"wp_footer","footer_inject",92,{"type":63,"name":136,"callback":137,"priority":32,"file":71,"line":31},"display_post_states","add_display_post_states",{"type":63,"name":139,"callback":140,"file":141,"line":142},"site_status_tests","c7wp_add_health_checks","includes\\health-check.php",19,{"type":63,"name":144,"callback":145,"file":141,"line":146},"debug_information","c7wp_add_debug_info",270,{"type":40,"name":148,"callback":50,"priority":14,"file":149,"line":66},"rank_math\u002Ffrontend\u002Fcanonical","includes\\rankmath\\load.php",{"type":63,"name":151,"callback":50,"priority":66,"file":152,"line":66},"seopress_titles_canonical","includes\\seopress\\load.php",{"type":40,"name":154,"callback":155,"file":156,"line":157},"cornerstone_register_elements","c7wp_element_register_elements","includes\\themeco\\legacy\\load.php",24,{"type":63,"name":159,"callback":160,"file":156,"line":161},"cornerstone_icon_map","c7wp_element_icon_map",36,{"type":40,"name":154,"callback":155,"file":163,"line":164},"includes\\themeco\\load.php",23,{"type":63,"name":159,"callback":160,"file":163,"line":166},35,{"type":63,"name":168,"callback":50,"file":169,"line":66},"get_canonical_url","includes\\wordpress\\load.php",{"type":63,"name":171,"callback":50,"file":172,"line":66},"wpseo_canonical","includes\\yoast\\load.php",[],[],[176],{"tag":177,"callback":178,"file":71,"line":179},"c7wp","c7wp_shortcode",113,[181],{"hook":53,"callback":53,"file":43,"line":182},342,{"dangerousFunctions":184,"sqlUsage":185,"outputEscaping":195,"fileOperations":23,"externalRequests":29,"nonceChecks":14,"capabilityChecks":283,"bundledLibraries":284},[],{"prepared":23,"raw":186,"locations":187},3,[188,191,193],{"file":189,"line":161,"context":190},"uninstall.php","$wpdb->query() with variable interpolation",{"file":189,"line":192,"context":190},37,{"file":189,"line":194,"context":190},40,{"escaped":196,"rawEcho":166,"locations":197},176,[198,202,204,206,208,210,212,214,216,219,221,223,225,227,229,232,235,238,241,243,245,247,250,252,254,257,260,263,265,267,269,272,275,278,281],{"file":199,"line":200,"context":201},"includes\\beaverbuilder\\buy\\includes\\frontend.php",27,"raw output",{"file":203,"line":200,"context":201},"includes\\beaverbuilder\\buyslug\\includes\\frontend.php",{"file":205,"line":200,"context":201},"includes\\beaverbuilder\\collection\\includes\\frontend.php",{"file":207,"line":200,"context":201},"includes\\beaverbuilder\\collectionlist\\includes\\frontend.php",{"file":209,"line":200,"context":201},"includes\\beaverbuilder\\createaccount\\includes\\frontend.php",{"file":211,"line":200,"context":201},"includes\\beaverbuilder\\default\\includes\\frontend.php",{"file":213,"line":200,"context":201},"includes\\beaverbuilder\\form\\includes\\frontend.php",{"file":215,"line":200,"context":201},"includes\\beaverbuilder\\joinnow\\includes\\frontend.php",{"file":217,"line":218,"context":201},"includes\\beaverbuilder\\legacy\\includes\\frontend.php",15,{"file":220,"line":200,"context":201},"includes\\beaverbuilder\\loginform\\includes\\frontend.php",{"file":222,"line":200,"context":201},"includes\\beaverbuilder\\personalization\\includes\\frontend.php",{"file":224,"line":200,"context":201},"includes\\beaverbuilder\\quickshop\\includes\\frontend.php",{"file":226,"line":200,"context":201},"includes\\beaverbuilder\\reservation\\includes\\frontend.php",{"file":228,"line":200,"context":201},"includes\\beaverbuilder\\subscribe\\includes\\frontend.php",{"file":230,"line":231,"context":201},"includes\\elementor\\elementor-buy.php",143,{"file":233,"line":234,"context":201},"includes\\elementor\\elementor-buyslug.php",192,{"file":236,"line":237,"context":201},"includes\\elementor\\elementor-cart.php",118,{"file":239,"line":240,"context":201},"includes\\elementor\\elementor-clubselector.php",479,{"file":239,"line":242,"context":201},482,{"file":239,"line":244,"context":201},484,{"file":246,"line":231,"context":201},"includes\\elementor\\elementor-collection.php",{"file":248,"line":249,"context":201},"includes\\elementor\\elementor-collectionlist.php",120,{"file":251,"line":231,"context":201},"includes\\elementor\\elementor-createaccount.php",{"file":253,"line":249,"context":201},"includes\\elementor\\elementor-default.php",{"file":255,"line":256,"context":201},"includes\\elementor\\elementor-form.php",206,{"file":258,"line":259,"context":201},"includes\\elementor\\elementor-joinnow.php",203,{"file":261,"line":262,"context":201},"includes\\elementor\\elementor-legacy.php",149,{"file":264,"line":237,"context":201},"includes\\elementor\\elementor-login.php",{"file":266,"line":196,"context":201},"includes\\elementor\\elementor-loginform.php",{"file":268,"line":231,"context":201},"includes\\elementor\\elementor-personalization.php",{"file":270,"line":271,"context":201},"includes\\elementor\\elementor-quickshop.php",144,{"file":273,"line":274,"context":201},"includes\\elementor\\elementor-reservation.php",223,{"file":276,"line":277,"context":201},"includes\\elementor\\elementor-subscribe.php",188,{"file":279,"line":280,"context":201},"includes\\themeco\\cornerstone\\shortcode.php",12,{"file":282,"line":280,"context":201},"includes\\themeco\\legacy\\cornerstone\\shortcode.php",4,[],[],{"summary":287,"deductions":288},"The \"wp-commerce7\" v1.6.3 plugin exhibits a generally strong security posture based on the static analysis. The absence of critical or high severity taint flows, dangerous functions, file operations, and external HTTP requests are positive indicators. The plugin also implements a reasonable number of capability checks and nonce checks, suggesting an awareness of security best practices for user authorization and request verification.\n\nHowever, the analysis reveals a significant concern regarding SQL query handling. All three identified SQL queries are executed without prepared statements, presenting a substantial risk of SQL injection vulnerabilities. While no known CVEs exist for this plugin, this practice is a fundamental security flaw that could be easily exploited. The output escaping is good, but the lack of prepared statements is a critical oversight that outweighs the other positive aspects.\n\nIn conclusion, while \"wp-commerce7\" v1.6.3 has a low apparent vulnerability history and good output escaping, the unmitigated SQL queries pose a significant and direct security risk. This needs immediate attention to prevent potential data breaches or system compromise. The plugin has strengths in its limited attack surface and some authorization checks, but the SQL vulnerability is a major weakness.",[289],{"reason":290,"points":218},"SQL queries without prepared statements","2026-03-16T19:14:37.400Z",{"wat":293,"direct":302},{"assetPaths":294,"generatorPatterns":297,"scriptPaths":298,"versionParams":299},[295,296],"\u002Fwp-content\u002Fplugins\u002Fwp-commerce7\u002Fassets\u002Fcss\u002Fc7wp-frontend.css","\u002Fwp-content\u002Fplugins\u002Fwp-commerce7\u002Fassets\u002Fjs\u002Fc7wp-frontend.js",[],[296],[300,301],"wp-commerce7\u002Fassets\u002Fcss\u002Fc7wp-frontend.css?ver=","wp-commerce7\u002Fassets\u002Fjs\u002Fc7wp-frontend.js?ver=",{"cssClasses":303,"htmlComments":305,"htmlAttributes":308,"restEndpoints":309,"jsGlobals":310,"shortcodeOutput":311},[304],"wp-block-c7wp-default",[306,307],"\u003C!-- wp:c7wp\u002Fdefault -->","\u003C!-- \u002Fwp:c7wp\u002Fdefault -->",[],[],[],[]]