[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsOSTEjRS_UhE1-oy121WwJ7OXYm9a2brt6skIh09MTY":3,"$fcFbSTsiUpr-dhnAGSqTaJQ2t8iuaKJ9jTOCOmU4bWIE":317,"$fGKKQCsWCYizvCGTxmEiDM9oYngd2yPGEjC-h5h2q1iI":321},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":51,"crawl_stats":39,"alternatives":54,"analysis":160,"fingerprints":297},"wp-ecards-invites","WP eCards – Branded Digital Greeting Cards","1.4.12","Tim from eCardWidget","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimsayshey\u002F","\u003Cp>Add a branded eCard form or eCard gallery directly to your WordPress site with just a few clicks. Visitors can browse your collection of digital greeting cards, personalize a message, and send it instantly via email or social media — no coding required.\u003C\u002Fp>\n\u003Cp>Perfect for organizations, nonprofits, churches, and businesses looking to engage their community, show appreciation, or run creative campaigns with custom-designed cards.\u003C\u002Fp>\n\u003Cp>This plugin is powered by \u003Ca href=\"https:\u002F\u002Fecardwidget.com\u002F\" rel=\"nofollow ugc\">eCardWidget\u003C\u002Fa> — the leading platform for customizable digital greeting card forms used by top brands and mission-driven organizations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Add Digital Greeting Cards?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Boost engagement. Encourage sharing. Celebrate people. Whether it’s for volunteer appreciation, donor thank-yous, team recognition, or holiday outreach — eCards help you connect in a meaningful way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Popular Use Cases\u003C\u002Fstrong>\u003Cbr \u002F>\nExplore how businesses, nonprofits, and churches are using eCards to boost engagement and grow impact: \u003Ca href=\"https:\u002F\u002Fecardwidget.com\u002Fexamples\u002F\" rel=\"nofollow ugc\">See real examples\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 New: Built-in WooCommerce Integration!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily sell digital eCards as WooCommerce products and let customers send cards right after checkout. No extra plugin required—it’s all built-in! Perfect for organizations, nonprofits, churches, and businesses who want to offer eCards with full e-commerce power.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Embed branded eCard galleries or individual cards anywhere using a simple shortcode\u003C\u002Fli>\n\u003Cli>Fully customizable card designs, branding, and messaging\u003C\u002Fli>\n\u003Cli>Add your logo, links, and custom background\u003C\u002Fli>\n\u003Cli>Choose from a professional template library or upload your own artwork\u003C\u002Fli>\n\u003Cli>Track sent cards and export sender\u002Frecipient emails (CSV)\u003C\u002Fli>\n\u003Cli>Reliable email delivery with spam protection\u003C\u002Fli>\n\u003Cli>Emoji and animated GIF support\u003C\u002Fli>\n\u003Cli>Responsive design, mobile-friendly\u003C\u002Fli>\n\u003Cli>BCC all outgoing eCards for recordkeeping\u003C\u002Fli>\n\u003Cli>Change layouts, fonts, and colors to match your site\u003C\u002Fli>\n\u003Cli>Custom CSS support\u003C\u002Fli>\n\u003Cli>Send eCards to Facebook friends\u003C\u002Fli>\n\u003Cli>Built-in analytics to track card engagement\u003C\u002Fli>\n\u003Cli>Multilingual support (French, German, Dutch, Spanish, Hebrew, Polish, and more)\u003C\u002Fli>\n\u003Cli>And many more features!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Live Examples\u003C\u002Fh3>\n\u003Cp>See how others are using WP eCards:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Business \u002F Marketing\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fecardwidget.com\u002Fex\u002Fraising_canes.html\" rel=\"nofollow ugc\">Raising Cane’s\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fecardwidget.com\u002Fex\u002Fmanagrams.html\" rel=\"nofollow ugc\">Teremana Tequila\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Nonprofits & Fundraising\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fecardwidget.com\u002Fex\u002Fhabitforhumanity.html\" rel=\"nofollow ugc\">Habitat for Humanity\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fecardwidget.com\u002Fex\u002Fmdfoodbank.html\" rel=\"nofollow ugc\">Maryland Food Bank\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Churches\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fecardwidget.com\u002Fex\u002Fvineyardnorthphoenix.html\" rel=\"nofollow ugc\">Vineyard North Phoenix\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Employee Recognition\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fapp.ecardwidget.com\u002Fwidget\u002F5095\" rel=\"nofollow ugc\">Modivcare\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fecardwidget.com\u002Fex\u002Fcircalogica.html\" rel=\"nofollow ugc\">Circalogica\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>View more at \u003Ca href=\"https:\u002F\u002Fecardwidget.com\u002Fexamples\u002F\" rel=\"nofollow ugc\">ecardwidget.com\u002Fexamples\u003C\u002Fa>\u003C\u002Fp>\n","Add interactive digital greeting cards to your WordPress site — fully branded, customizable, and shareable by visitors through email or social media.",400,12073,88,26,"2025-12-06T14:57:00.000Z","6.9.4","3.0.1","",[20,21,22,23,24],"ecards","evites","invitations","invites","recognition","http:\u002F\u002Fecardwidget.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-ecards-invites.zip",99,1,0,"2024-12-03 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":28,"patch_diff_files":49,"patch_trac_url":39,"research_status":39,"research_verified":50,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-11903","wp-ecards-authenticated-contributor-stored-cross-site-scripting","WP eCards \u003C= 1.3.904 - Authenticated (Contributor+) Stored Cross-Site Scripting","The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.3.904","1.3.905","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-04 07:32:27",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffa8e1df5-2e8a-4c84-83f8-6f6d53d00356?source=api-prod",[],false,{"slug":52,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":28,"trust_score":27,"computed_at":53},"timsayshey","2026-05-20T07:43:05.786Z",[55,77,96,119,140],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":74,"download_link":75,"security_score":76,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"invitations-for-slack","Invitations for Slack","1.0.2","rheinardkorf","https:\u002F\u002Fprofiles.wordpress.org\u002Frheinardkorf\u002F","\u003Cp>Invitations for Slack lets you use convenient shortcodes to show “Join us on Slack.” buttons or Slack badges. Just add\u003Cbr \u002F>\nyour Slack token and use the shortcodes wherever you want your visitors to be able to invite themselves from.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy to use:\n\u003Cul>\n\u003Cli>Visit \u003Ca href=\"https:\u002F\u002Fapi.slack.com\u002Fweb\" rel=\"nofollow ugc\">https:\u002F\u002Fapi.slack.com\u002Fweb\u003C\u002Fa> to generate your Slack token.\u003C\u002Fli>\n\u003Cli>Add the token to the plugin settings.\u003C\u002Fli>\n\u003Cli>Use the [invitations_for_slack] or [invitations_for_slack_badge] shortcodes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Invitations are performed using the WP REST API which in turn communicates with the Slack API. No page reloads.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A Slack team and the team’s access token.\u003C\u002Fli>\n\u003Cli>A self-hosted WordPress website (Not a WordPress.com website.)\u003C\u002Fli>\n\u003C\u002Ful>\n","Build a Slack community by allowing your visitors (or registered users) to invite themselves to your Slack team.",30,5795,76,6,"2016-01-29T01:14:00.000Z","4.4.34","4.4",[71,22,23,72,73],"community","join","slack","http:\u002F\u002Frheinard.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvitations-for-slack.zip",85,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":29,"num_ratings":29,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":94,"download_link":95,"security_score":76,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"wp-social-invites","WP Social Invites","1.0.0","manishbhojwani3","https:\u002F\u002Fprofiles.wordpress.org\u002Fmanishbhojwani3\u002F","\u003Cp>WP Social Invites allow your visitors to invite their social network friends directly into your WordPress site. This plugin has no conflict with any Plugin.\u003C\u002Fp>\n\u003Cp>Demo link:\u003Cbr \u002F>\nhttp:\u002F\u002Fwebtanner.com\u002Fprojects\u002Fdemos\u002Fwp-social-invites\u002F\u003C\u002Fp>\n\u003Cp>Key Feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Send invitation personally in form of personalized text.\u003C\u002Fli>\n\u003Cli>Page and Popup supportive.\u003C\u002Fli>\n\u003Cli>Supports widgets.\u003C\u002Fli>\n\u003Cli>Supports shortcode.\u003C\u002Fli>\n\u003Cli>Default slider layout.\u003C\u002Fli>\n\u003Cli>Responsive popups.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Social Invites allows your visitors to invite their social friends on your website.",10,1626,"2017-03-21T17:11:00.000Z","4.8.28","3.4",[22,23,91,92,93],"social-invitation","wordpress-social-invitation","wordpress-social-invites","http:\u002F\u002Fwebtanner.com\u002Fprojects\u002Fweb-slider\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-social-invites.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":14,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":115,"download_link":116,"security_score":117,"vuln_count":66,"unpatched_count":29,"last_vuln_date":118,"fetched_at":31},"invite-anyone","Invite Anyone","1.4.10","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>Invite Anyone has two components:\u003C\u002Fp>\n\u003Cp>1) The ability to invite members to the site by email. The plugin creates a tab on each member’s Profile page called “Send Invites”, which contains a form where users can invite outsiders to join the site. There is a field for a custom message. Also, inviters can optionally select any number of their groups, and when the invitee accepts the invitation he or she automatically receive invitations to join those groups.\u003C\u002Fp>\n\u003Cp>The email invitation part of the plugin is customizable by the BP administrator, via Dashboard > BuddyPress > Invite Anyone.\u003C\u002Fp>\n\u003Cp>2) By default, BuddyPress only allows group admins to invite their friends to groups. In some communities, you might want members to be able to invite non-friends to groups as well. This plugin allows you to do so, by populating the invitation checklist with the entire membership of the site, rather than just a friend list.\u003C\u002Fp>\n\u003Cp>Because member lists can get very long and hard to navigate, this plugin adds a autosuggest search box to the Send Invites screen – the same one that appears on the Compose Message screen – which allows inviters to navigate directly to the members they want to invite.\u003C\u002Fp>\n\u003Cp>Invite Anyone features optional integration with CloudSponge http:\u002F\u002Fcloudsponge.com, a premium address book service, that allows your users to invite their friends to the site in a way that’s easy and fun. Enable it at Dashboard > BuddyPress > Invite Anyone.\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Belarussian: Alexander Ovsov (\u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002Fscience\" rel=\"nofollow ugc\">Web Geek Science\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Brazilian Portuguese: Celso Bessa\u003C\u002Fli>\n\u003Cli>Catalan: Mònica Grau and Toni Ginard\u003C\u002Fli>\n\u003Cli>Danish: Mort3n\u003C\u002Fli>\n\u003Cli>Dutch: Jesper Popma, Tim de Hoog\u003C\u002Fli>\n\u003Cli>French: Guillaume Coulon, Nicolas Mollet\u003C\u002Fli>\n\u003Cli>German: Lars Berning, Thorsten Wollenhöfer, Matthias Lunz\u003C\u002Fli>\n\u003Cli>Greek: Lena Stergatou\u003C\u002Fli>\n\u003Cli>Italian: Luca Camellini\u003C\u002Fli>\n\u003Cli>Norwegian: Stig Ulfsby\u003C\u002Fli>\n\u003Cli>Russian: Jettochkin, Roman Leonov\u003C\u002Fli>\n\u003Cli>Serbo-Croatian: Anja Skrba\u003C\u002Fli>\n\u003Cli>Spanish: Mauricio Camayo, Gregor Gimmy\u003C\u002Fli>\n\u003Cli>Swedish: Alexander Berthelsen, Jan Anderson\u003C\u002Fli>\n\u003Cli>Ukrainian: \u003Ca href=\"http:\u002F\u002Fwww.coupofy.com\u002F\" rel=\"nofollow ugc\">Ivanka\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional details about the plugin can be found in the following languages:\u003Cbr \u002F>\n* Serbo-Croatian: \u003Ca href=\"http:\u002F\u002Fscience.webhostinggeeks.com\u002Fteleogistic\" rel=\"nofollow ugc\">http:\u002F\u002Fscience.webhostinggeeks.com\u002Fteleogistic\u003C\u002Fa>\u003C\u002Fp>\n","Makes BuddyPress's invitation features more powerful.",1000,262222,86,"2024-08-19T17:09:00.000Z","6.6.5","3.2",[111,112,113,22,114],"buddypress","friends","group","invite","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Finvite-anyone\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvite-anyone.1.4.10.zip",83,"2024-08-16 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":65,"num_ratings":85,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":137,"download_link":138,"security_score":139,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"voice-search","Voice Search","1.4.2","Pascal Birchler","https:\u002F\u002Fprofiles.wordpress.org\u002Fswissspidy\u002F","\u003Cp>Allows visitors to search the site using their voice. Currently only supported by Chrome on both desktop and mobile. See \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FAPI\u002FWeb_Speech_API\" rel=\"nofollow ugc\">this technical reference\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fspinpress.com\u002Fwordpress-web-speech-api\u002F\" title=\"Enabling Voice Search in WordPress Using The Web Speech API\" rel=\"nofollow ugc\">this blog post\u003C\u002Fa> for further information about the plugin.\u003C\u002Fp>\n","Allows visitors to search the site using their voice.",600,18146,"2025-05-16T18:10:00.000Z","6.8.5","5.0","7.4",[24,134,135,136],"search","speech","voice","https:\u002F\u002Fgithub.com\u002Fswissspidy\u002Fvoice-search","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvoice-search.1.4.2.zip",92,{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":148,"downloaded":149,"rating":106,"num_ratings":66,"last_updated":150,"tested_up_to":16,"requires_at_least":151,"requires_php":152,"tags":153,"homepage":158,"download_link":159,"security_score":148,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"ecards-lite","eCards Lite","4.3.2","Ciprian Popescu","https:\u002F\u002Fprofiles.wordpress.org\u002Fbutterflymedia\u002F","\u003Cp>eCards is a WordPress plugin used to send electronic cards to friends. It can be implemented in a page, a post, or the sidebar.\u003C\u002Fp>\n\u003Cp>There are two ways you can use this plugin:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add the \u003Ccode>[ecard]\u003C\u002Fcode> shortcode to a post or a page.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Call the function from a template file:\u003C\u002Fp>\n\u003Cp>\u003Ccode>if ( function_exists( 'display_ecardMe' ) ) {\u003Cbr \u002F>\necho display_ecardMe();\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If your images are already uploaded, and they are present in your \u003Cstrong>Media Library\u003C\u002Fstrong>, use their IDs to display them:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[ecard id=\"1, 2, 3, 4, 78\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The IDs correspond to images in your \u003Cstrong>Media Library\u003C\u002Fstrong>. This feature eliminates the need to manually attach images and also eliminates the need to upload the same image multiple times, just to have it attached to different posts or pages.\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>Check out the \u003Ca href=\"https:\u002F\u002Fgetbutterfly.com\u002Fsupport\u002Fdocumentation\u002Fecards\u002F\" title=\"eCards Documentation\" rel=\"nofollow ugc\">eCards Documentation\u003C\u002Fa> for advanced installation, usage, and setup instructions.\u003C\u002Fp>\n\u003Ch4>Premium Features\u003C\u002Fh4>\n\u003Cp>Just in case you want some advanced features, you can \u003Ca href=\"https:\u002F\u002Fgetbutterfly.com\u002Fwordpress-plugins\u002Fwordpress-ecards-plugin\u002F\" title=\"eCards PRO version\" rel=\"nofollow ugc\">purchase the \u003Cstrong>PRO\u003C\u002Fstrong> version\u003C\u002Fa> to get access to additional features for your eCards.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>1 year support\u003C\u002Fli>\n\u003Cli>User uploads\u003C\u002Fli>\n\u003Cli>eCard designer\u003C\u002Fli>\n\u003Cli>Redirection (send users to a special “Thank You” page after sending an eCard)\u003C\u002Fli>\n\u003Cli>eCard Collections (design and organize your eCards and re-order your images)\u003C\u002Fli>\n\u003Cli>Include post\u002Fpage content (useful if you have a certain eCard “story” or message you want to convey)\u003C\u002Fli>\n\u003Cli>Allow the sender to CC self\u003C\u002Fli>\n\u003Cli>eCard scheduling\u003C\u002Fli>\n\u003Cli>eCard CPT (developers only)\u003C\u002Fli>\n\u003C\u002Ful>\n","eCards is a WordPress plugin used to send electronic cards (eCards) to friends.",100,10733,"2025-12-17T12:56:00.000Z","5.3","7.1",[154,20,155,156,157],"ecard","electronic-card","greeting-card","postcard","https:\u002F\u002Fgetbutterfly.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fecards-lite.zip",{"attackSurface":161,"codeSignals":247,"taintFlows":268,"riskAssessment":288,"analyzedAt":296},{"hooks":162,"ajaxHandlers":236,"restRoutes":237,"shortcodes":238,"cronEvents":246,"entryPointCount":235,"unprotectedCount":29},[163,169,173,176,181,186,189,192,194,197,199,203,206,209,212,215,218,220,223,225,227,230,232],{"type":164,"name":165,"callback":166,"priority":27,"file":167,"line":168},"filter","woocommerce_product_data_tabs","closure","admin\\wp-ecards-product-fields.php",9,{"type":170,"name":171,"callback":166,"file":167,"line":172},"action","woocommerce_product_data_panels",32,{"type":170,"name":174,"callback":166,"file":167,"line":175},"woocommerce_process_product_meta",241,{"type":170,"name":177,"callback":166,"priority":178,"file":179,"line":180},"save_post_product",20,"admin\\wp-ecards-product-stock.php",7,{"type":170,"name":182,"callback":183,"file":184,"line":185},"plugins_loaded","anonymous","includes\\class-wp-ecards.php",139,{"type":170,"name":187,"callback":183,"file":184,"line":188},"admin_menu",153,{"type":170,"name":190,"callback":183,"file":184,"line":191},"admin_enqueue_scripts",154,{"type":170,"name":190,"callback":183,"file":184,"line":193},155,{"type":170,"name":195,"callback":183,"file":184,"line":196},"wp_enqueue_scripts",170,{"type":170,"name":195,"callback":183,"file":184,"line":198},171,{"type":170,"name":200,"callback":166,"priority":28,"file":201,"line":202},"woocommerce_single_product_summary","public\\woocommerce\\wp-ecards-hide-add-to-cart.php",8,{"type":170,"name":204,"callback":166,"priority":28,"file":201,"line":205},"woocommerce_after_shop_loop_item",18,{"type":164,"name":207,"callback":166,"priority":85,"file":201,"line":208},"woocommerce_product_get_stock_status",28,{"type":164,"name":210,"callback":166,"priority":85,"file":201,"line":211},"woocommerce_product_is_in_stock",37,{"type":164,"name":213,"callback":166,"priority":85,"file":201,"line":214},"woocommerce_add_to_cart_validation",47,{"type":164,"name":216,"callback":166,"priority":85,"file":217,"line":180},"woocommerce_add_to_cart_quantity","public\\woocommerce\\wp-ecards-limit-qty.php",{"type":164,"name":213,"callback":166,"priority":85,"file":217,"line":219},15,{"type":170,"name":221,"callback":166,"file":217,"line":222},"woocommerce_before_calculate_totals",34,{"type":170,"name":195,"callback":166,"file":224,"line":180},"public\\woocommerce\\wp-ecards-modal-assets.php",{"type":170,"name":195,"callback":166,"file":226,"line":180},"public\\woocommerce\\wp-ecards-product-button.php",{"type":170,"name":200,"callback":166,"priority":228,"file":226,"line":229},35,16,{"type":170,"name":231,"callback":166,"file":226,"line":63},"wp_footer",{"type":170,"name":233,"callback":166,"file":234,"line":235},"woocommerce_before_thankyou","public\\woocommerce\\wp-ecards-thankyou-content.php",2,[],[],[239,243],{"tag":154,"callback":240,"file":241,"line":242},"ecardtag_func","public\\class-wp-ecards-public.php",58,{"tag":20,"callback":244,"file":241,"line":245},"ecardstag_func",82,[],{"dangerousFunctions":248,"sqlUsage":249,"outputEscaping":251,"fileOperations":29,"externalRequests":28,"nonceChecks":235,"capabilityChecks":235,"bundledLibraries":267},[],{"prepared":29,"raw":29,"locations":250},[],{"escaped":229,"rawEcho":66,"locations":252},[253,257,260,262,264,265],{"file":254,"line":255,"context":256},"admin\\class-wp-ecards-admin.php",115,"raw output",{"file":258,"line":259,"context":256},"admin\\partials\\wp-ecards-list.php",71,{"file":258,"line":261,"context":256},218,{"file":226,"line":263,"context":256},42,{"file":234,"line":85,"context":256},{"file":234,"line":266,"context":256},25,[],[269],{"entryPoint":270,"graph":271,"unsanitizedCount":29,"severity":287},"\u003Cwp-ecards-list> (admin\\partials\\wp-ecards-list.php:0)",{"nodes":272,"edges":284},[273,278],{"id":274,"type":275,"label":276,"file":258,"line":277},"n0","source","$_POST (x2)",135,{"id":279,"type":280,"label":281,"file":258,"line":282,"wp_function":283},"n1","sink","update_option() [Settings Manipulation]",136,"update_option",[285],{"from":274,"to":279,"sanitized":286},true,"low",{"summary":289,"deductions":290},"The wp-ecards-invites plugin, version 1.4.12, exhibits a generally positive security posture based on the static analysis. The absence of direct AJAX handlers and REST API routes without authentication, coupled with 100% prepared SQL statements and presence of nonce and capability checks, indicates good development practices in these areas. Furthermore, the lack of critical or high severity taint flows and dangerous function usage suggests a low risk of code injection or execution vulnerabilities originating from the analyzed code paths.\n\nHowever, a significant concern arises from the output escaping, where 27% of outputs are not properly escaped. This leaves the plugin susceptible to Cross-Site Scripting (XSS) vulnerabilities, especially given that the plugin has a history of XSS vulnerabilities. The presence of one known CVE, although currently unpatched, and specifically a medium severity XSS vulnerability in the past, reinforces this concern. While the current static analysis doesn't reveal an active XSS flaw, the historical pattern and the unescaped output percentage warrant caution.\n\nIn conclusion, the plugin has strengths in its secure handling of database queries and user authentication for entry points. The primary weakness lies in insufficient output sanitization, which, combined with past XSS vulnerabilities, presents a notable risk. Addressing the unescaped output is crucial for improving the plugin's overall security and preventing potential XSS attacks.",[291,293],{"reason":292,"points":202},"High percentage of unescaped output",{"reason":294,"points":295},"Past medium severity XSS vulnerability",5,"2026-03-16T19:51:09.202Z",{"wat":298,"direct":306},{"assetPaths":299,"generatorPatterns":301,"scriptPaths":302,"versionParams":304},[300],"\u002Fwp-content\u002Fplugins\u002Fwp-ecards-invites\u002Fadmin\u002Fcss\u002Fwp-ecards-admin.css",[],[303],"https:\u002F\u002Fwp.ecardwidget.com\u002Fassets\u002Fapp\u002Fvendor\u002FresizerLatest\u002FiframeResizer.min.js",[305],"wp-ecards-invites\u002Fadmin\u002Fcss\u002Fwp-ecards-admin.css?ver=",{"cssClasses":307,"htmlComments":309,"htmlAttributes":310,"restEndpoints":312,"jsGlobals":313,"shortcodeOutput":315},[308],"ecardwidget-main",[],[311],"data-ecardwidget-url",[],[314],"ecardwidget_vars",[316],"[ecardwidget]",{"error":286,"url":318,"statusCode":319,"statusMessage":320,"message":320},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-ecards-invites\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":29,"versions":322},[]]