[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-LrXoDNo8-H44JuR0UZG_F_ZNqVpCy-giTZONNpEpMs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":139,"fingerprints":224},"wp-company","WP Company","1.1.1","Buooy","https:\u002F\u002Fprofiles.wordpress.org\u002Fbuooy\u002F","\u003Cp>WP Company is built to contain the information of the company that owns this WordPress Site.\u003C\u002Fp>\n\u003Cp>A large majority of WordPress sites are developed for company sites. However, WordPress by its default structure does not provide additional details of the site.\u003C\u002Fp>\n\u003Cp>WP Company was set up to contain these information and to expose them on the website via shortcodes.\u003C\u002Fp>\n\u003Ch4>Company information stored and exposed via shortcodes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Name\u003C\u002Fli>\n\u003Cli>Address 1\u003C\u002Fli>\n\u003Cli>Address 2\u003C\u002Fli>\n\u003Cli>Country\u003C\u002Fli>\n\u003Cli>City\u003C\u002Fli>\n\u003Cli>Postal\u003C\u002Fli>\n\u003Cli>Main Email\u003C\u002Fli>\n\u003Cli>Secondary Email\u003C\u002Fli>\n\u003Cli>Main Phone\u003C\u002Fli>\n\u003Cli>Secondary Phone\u003C\u002Fli>\n\u003Cli>Main Fax \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Company Social Media stored and exposed via shortcodes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Google+\u003C\u002Fli>\n\u003Cli>Linkedin\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>Instagram\u003C\u002Fli>\n\u003Cli>Tumblr\u003C\u002Fli>\n\u003Cli>Vimeo\u003C\u002Fli>\n\u003Cli>YouTube\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Company is built to contain the information of the company that owns this WordPress Site",10,1825,0,"2013-11-26T17:12:00.000Z","3.7.41","3.5.1","",[19,20,21,22],"company","details","information","maintain","http:\u002F\u002Fbuooy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-company.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"buooy",3,60,90,30,87,"2026-04-04T16:09:16.549Z",[38,61,83,103,122],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":13,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"affiliatewp-order-details-for-affiliates","AffiliateWP – Order Details For Affiliates","1.3.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cblockquote>\n\u003Cp>This plugin requires \u003Ca href=\"https:\u002F\u002Faffiliatewp.com\u002F\" title=\"AffiliateWP\" rel=\"nofollow ugc\">AffiliateWP\u003C\u002Fa> 2.6+. \u003Cstrong>It will NOT function without it.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This add-on adds a new area to the affiliate’s dashboard that allows a logged-in affiliate to see specific information about the order that their referral generated. Currently it works with both Easy Digital Downloads and WooCommerce.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Affiliates can see order details for each referral they generated from their affiliate dashboard\u003C\u002Fli>\n\u003Cli>Globally enable access to the order details for all affiliates\u003C\u002Fli>\n\u003Cli>Enable access on a per-affiliate level to the order details\u003C\u002Fli>\n\u003Cli>Send an email to the affiliate with the order details included\u003C\u002Fli>\n\u003Cli>Disable specific information from showing to the affiliate\u003C\u002Fli>\n\u003Cli>A [affiliate_order_details] shortcode for showing the order details on any WordPress page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The following details can be shown an affiliate who has access:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Order Number\u003C\u002Fli>\n\u003Cli>Order Date\u003C\u002Fli>\n\u003Cli>Order Total\u003C\u002Fli>\n\u003Cli>Referral Amount\u003C\u002Fli>\n\u003Cli>Coupon Code Used\u003C\u002Fli>\n\u003Cli>Customer Name\u003C\u002Fli>\n\u003Cli>Customer Email\u003C\u002Fli>\n\u003Cli>Customer Phone (only available in WooCommerce)\u003C\u002Fli>\n\u003Cli>Customer Shipping Address (only available in WooCommerce)\u003C\u002Fli>\n\u003Cli>Customer Billing Address (only available in WooCommerce)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>These can also be easily turned off via a simple filter (see FAQ tab). In addition to disabling the information that is shown, you can customize the layout by editing the \u003Ccode>dashboard-tab-order-details.php\u003C\u002Fcode> template file from your child theme.\u003C\u002Fp>\n\u003Cp>The affiliate will also be emailed these details at the time the referral was created.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What is AffiliateWP?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Faffiliatewp.com\u002F\" title=\"AffiliateWP\" rel=\"nofollow ugc\">AffiliateWP\u003C\u002Fa> provides a complete affiliate management system for your WordPress website that seamlessly integrates with all major WordPress e-commerce and membership platforms. It aims to provide everything you need in a simple, clean, easy to use system that you will love to use.\u003C\u002Fp>\n","Allow affiliates to see order details on referrals they generated",2000,29004,"2025-05-08T20:14:00.000Z","6.8.5","5.2","7.4",[53,54,55,56,57],"affiliate-dashboard","affiliatewp","customer-information","order-details","referral-details","https:\u002F\u002Faffiliatewp.com\u002Faddons\u002Forder-details-affiliates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliatewp-order-details-for-affiliates.1.3.0.zip",100,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":46,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":17,"download_link":81,"security_score":82,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"export-plugin-details","Export Plugin Details","1.1.7","Boopathi Rajan","https:\u002F\u002Fprofiles.wordpress.org\u002Fboopathi0001\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FHnvBqXMcSxA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>This plugin allows you to export your installed plugin list in CSV format. CSV file having the following fields\u003C\u002Fp>\n\u003Col>\n\u003Cli>Plugin Name\u003C\u002Fli>\n\u003Cli>Description\u003C\u002Fli>\n\u003Cli>Author\u003C\u002Fli>\n\u003Cli>Active\u002FInactive\u003C\u002Fli>\n\u003Cli>Current Version\u003C\u002Fli>\n\u003Cli>Update Available(Yes\u002FNo)\u003C\u002Fli>\n\u003Cli>New Version\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Kindly let us know your feedback or comments to add more features in this plugin.\u003C\u002Fp>\n","Simple way to export your installed plugins list in CSV format.",22598,98,18,"2024-07-31T07:27:00.000Z","6.6.5","4.3","5.2.4",[77,78,62,79,80],"csv-export","export-plugin","export-plugin-information","plugin-details","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-plugin-details.1.1.7.zip",92,{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":60,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":51,"tags":97,"homepage":101,"download_link":102,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"atec-system-info","atec System Info","1.2.31","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>This plugin provides detailed system information, such as operating system, server, memory, PHP and database details. It will also show PHPinfo, php.ini and PHP extensions.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Cp>This plugin requests the server geo location (country, city) by sending the server IPinfo, a IP2GEO location service at to https:\u002F\u002Fipinfo.io\u002F.\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\u003Cbr \u002F>\nTerms: https:\u002F\u002Fipinfo.io\u002Fterms-of-service\u003C\u002Fp>\n","atec System Info (Operating system, server, memory, PHP and database details)",200,11491,2,"2025-12-18T09:33:00.000Z","6.9.4","4.9",[98,99,100],"highly-detailed-system-information-system-health-status","memory-db-and-comprehensive-server-and-php-configuration-details","server-info-os","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-system-info.1.2.31.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":11,"downloaded":111,"rating":13,"num_ratings":13,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":120,"download_link":121,"security_score":82,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"company-data-manager","Company Data Manager","1.0.1","webprowp","https:\u002F\u002Fprofiles.wordpress.org\u002Fbaracil\u002F","\u003Cp>Company Data Manager allows users to manage essential company information from a dedicated admin panel in WordPress. It includes fields for contact information such as email, CIF\u002FNIF, TIN\u002FEIN, address, phone, website, and social media profiles. Users can display this information on their site using shortcodes.\u003C\u002Fp>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cp>Use these shortcodes to display specific company data fields on your website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[company_email]\u003C\u002Fcode> – Display the company’s email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[company_nif]\u003C\u002Fcode> – Display the company’s CIF\u002FNIF.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[company_address]\u003C\u002Fcode> – Display the company’s address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[company_phone]\u003C\u002Fcode> – Display the company’s phone number.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[company_website]\u003C\u002Fcode> – Display the company’s website.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[company_x]\u003C\u002Fcode> – Display the company’s X profile.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[company_youtube]\u003C\u002Fcode> – Display the company’s YouTube profile.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[company_instagram]\u003C\u002Fcode> – Display the company’s Instagram profile.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[company_linkedin]\u003C\u002Fcode> – Display the company’s LinkedIn profile.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[company_facebook]\u003C\u002Fcode> – Display the company’s Facebook profile.\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin for managing and displaying essential company information, including contact details and social media links.",566,"2025-02-04T16:35:00.000Z","6.7.5","5.0","7.0",[19,117,118,119],"company-data","contact-information","social-media","https:\u002F\u002Fwebprowp.com\u002Fplugin-datos-de-empresa\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcompany-data-manager.1.0.1.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":11,"downloaded":130,"rating":60,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":17,"tags":135,"homepage":17,"download_link":138,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"country-details","Country Details","1.0","todrsr","https:\u002F\u002Fprofiles.wordpress.org\u002Ftodrsr\u002F","\u003Cp>Get information about any country on mouse move over the country using a simple short code, for ex: [countrydetails country=”India”].\u003C\u002Fp>\n\u003Ch4>Docs & Support\u003C\u002Fh4>\n\u003Cp>As this is our first wordpress plugin we are still in the process of creating all the collaterals of the plugin, we will update all the information once the documents are ready.\u003C\u002Fp>\n","Just another country details plugin. Simple but flexible.",1199,1,"2016-07-28T22:28:00.000Z","4.5.33","4.5",[123,136,137],"country-information","coutry","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcountry-details.zip",{"attackSurface":140,"codeSignals":195,"taintFlows":213,"riskAssessment":214,"analyzedAt":223},{"hooks":141,"ajaxHandlers":181,"restRoutes":188,"shortcodes":189,"cronEvents":194,"entryPointCount":93,"unprotectedCount":13},[142,148,151,155,159,164,168,172,175,180],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_enqueue_scripts","enqueue_admin_styles","admin\\class-wp-company-admin.php",70,{"type":143,"name":144,"callback":149,"file":146,"line":150},"enqueue_admin_scripts",71,{"type":143,"name":152,"callback":153,"file":146,"line":154},"admin_menu","add_plugin_admin_menu",74,{"type":143,"name":156,"callback":157,"file":146,"line":158},"admin_init","init_settings",86,{"type":143,"name":160,"callback":161,"file":162,"line":163},"init","load_plugin_textdomain","public\\class-wp-company.php",59,{"type":143,"name":165,"callback":166,"file":162,"line":167},"wpmu_new_blog","activate_new_site",62,{"type":143,"name":169,"callback":170,"file":162,"line":171},"wp_enqueue_scripts","enqueue_styles",65,{"type":143,"name":169,"callback":173,"file":162,"line":174},"enqueue_scripts",66,{"type":143,"name":176,"callback":177,"file":178,"line":179},"plugins_loaded","get_instance","wp-company.php",45,{"type":143,"name":176,"callback":177,"file":178,"line":147},[182],{"action":183,"nopriv":184,"callback":185,"hasNonce":186,"hasCapCheck":184,"file":146,"line":187},"settings_handling_action",false,"settings_ajax_handling_callback",true,93,[],[190],{"tag":191,"callback":192,"file":162,"line":193},"wp-company-option","wp_company_get_option",69,[],{"dangerousFunctions":196,"sqlUsage":197,"outputEscaping":199,"fileOperations":13,"externalRequests":13,"nonceChecks":131,"capabilityChecks":13,"bundledLibraries":212},[],{"prepared":131,"raw":13,"locations":198},[],{"escaped":13,"rawEcho":200,"locations":201},4,[202,205,207,210],{"file":146,"line":203,"context":204},711,"raw output",{"file":146,"line":206,"context":204},774,{"file":208,"line":209,"context":204},"admin\\views\\admin.php",50,{"file":208,"line":211,"context":204},68,[],[],{"summary":215,"deductions":216},"The \"wp-company\" plugin v1.1.1 exhibits a mixed security posture. On the positive side, the static analysis reveals no known dangerous functions, SQL queries are all prepared, and there are no recorded vulnerabilities in its history. The plugin also demonstrates good practices by implementing a nonce check and having zero unprotected entry points in its attack surface.\n\nHowever, a significant concern arises from the output escaping. With 4 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from user input or other external sources could potentially be manipulated to inject malicious scripts. Additionally, the lack of capability checks on the AJAX handler, while present, means that the functionality exposed through this entry point might be accessible to users who should not have permission to use it, potentially leading to unauthorized actions.\n\nOverall, while the plugin avoids common pitfalls like raw SQL or unpatched CVEs, the severe lack of output escaping presents a critical vulnerability. The absence of vulnerability history could indicate good coding practices so far, but it does not negate the immediate risks identified in the current code. Addressing the unescaped output is paramount to improving the security of this plugin.",[217,220],{"reason":218,"points":219},"Unescaped output for all outputs",16,{"reason":221,"points":222},"Missing capability checks on AJAX handler",8,"2026-03-17T00:48:38.685Z",{"wat":225,"direct":230},{"assetPaths":226,"generatorPatterns":227,"scriptPaths":228,"versionParams":229},[],[],[],[],{"cssClasses":231,"htmlComments":232,"htmlAttributes":233,"restEndpoints":234,"jsGlobals":235,"shortcodeOutput":236},[],[],[],[],[],[]]