[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjQbPesJxxYUGihTx9Ue_lqhCIdbU6Ru_1a2B84_jKBE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":82,"fingerprints":221},"wp-thumbs","WP Thumbs Plugin","1.1","apinnt","https:\u002F\u002Fprofiles.wordpress.org\u002Fapinnt\u002F","\u003Cp>WP Thumbs is a voting plugin that allows users to like or dislike posts and pages.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cp>*Thumbs up or down mode\u003Cbr \u002F>\n*Like button only mode\u003Cbr \u002F>\n*Like\u002FDislike button mode\u003Cbr \u002F>\n*Graph of clicks\u003Cbr \u002F>\n*Customizable via CSS\u003Cbr \u002F>\n*WPMU Compatible\u003Cbr \u002F>\n*User only or cookie based security.\u003Cbr \u002F>\n*Placement of buttons\u003Cbr \u002F>\n*Page or Post Placement\u003C\u002Fp>\n\u003Cp>Future:\u003C\u002Fp>\n\u003Cp>*IP based security\u003Cbr \u002F>\n*Reset likes\u002Fdislikes from wp-admin editor\u003C\u002Fp>\n","WP Thumbs is a voting plugin that allows users to like or dislike posts and pages. There are many customization options.",10,4271,0,"2012-11-27T02:18:00.000Z","3.4.2","2.0.2","",[19,20],"wepay","wepay-plugin","http:\u002F\u002Fwww.alanpinnt.com\u002Fwp-thumbs\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-thumbs.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},2,20,30,84,"2026-04-05T01:51:48.398Z",[34,45,64],{"slug":35,"name":36,"version":37,"author":7,"author_profile":8,"description":38,"short_description":39,"active_installs":11,"downloaded":40,"rating":13,"num_ratings":13,"last_updated":41,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":42,"homepage":43,"download_link":44,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wepay-wordpress-plugin","WePay WordPress Plugin","1.5","\u003Cp>You can easily create wepay buttons with simple short codes.\u003C\u002Fp>\n\u003Cp>What you can do with this version\u003Cbr \u002F>\n  –  See you account balance\u003Cbr \u002F>\n  –  Create buttons for your users to make payments on using shortcodes. (Totally customizable, make the button any type.)\u003Cbr \u002F>\n  –  Settings Menu to control API information\u003C\u002Fp>\n","Allows you to use a Wepay account to accept payments easily online thru your wordpress installation. Easy install, drag and drop.",6166,"2013-01-31T01:00:00.000Z",[19,20],"http:\u002F\u002Fwww.alanpinnt.com\u002Fwordpress-wepay-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwepay-wordpress-plugin.1.5.zip",{"slug":46,"name":47,"version":48,"author":49,"author_profile":50,"description":51,"short_description":52,"active_installs":30,"downloaded":53,"rating":13,"num_ratings":13,"last_updated":54,"tested_up_to":55,"requires_at_least":56,"requires_php":17,"tags":57,"homepage":62,"download_link":63,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"woo-payment-addon","WePay Woocommerce addon","3.0.0","Yogesh Pawar","https:\u002F\u002Fprofiles.wordpress.org\u002Fpawaryogesh1989\u002F","\u003Cp>This plugin is an addon for WooCommerce to implement a payment gateway method for accepting \u003Cstrong>Credit Cards Payments\u003C\u002Fstrong> By merchants via \u003Cstrong>WePay Payment\u003C\u002Fstrong> Gateway\u003C\u002Fp>\n\u003Cp>To generate client ID, client secret, Access Token, and Account ID please visit https:\u002F\u002Fdeveloper.wepay.com\u002Fapi\u002F and create a new account and register a new APP.\u003C\u002Fp>\n","This plugin is an addon for WooCommerce to implement a payment gateway method for accepting Credit Cards Payments By merchants via WePay Payment Gatew …",4181,"2021-01-05T11:30:00.000Z","5.6.17","5.0",[19,58,59,60,61],"wepay-woocommerce","wepay-woocommerce-addon","woocomerce-wepay","wordpress-wepay-integration","http:\u002F\u002Fclariontechnologies.co.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-payment-addon.zip",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":11,"downloaded":72,"rating":13,"num_ratings":13,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":17,"tags":76,"homepage":80,"download_link":81,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"edd-wepay-oauth2","Crowdfunding WePay oAuth 2.0 by Astoundify","0.4","Adam Pickering","https:\u002F\u002Fprofiles.wordpress.org\u002Fadampickering\u002F","\u003Cp>Add WePay oAuth2 support for Easy Digital Downloads WePay and Crowdfunding by Astoundify.\u003C\u002Fp>\n\u003Ch4>Where can I use this?\u003C\u002Fh4>\n\u003Cp>We currently have two compatible themes that have been released:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The first theme released is called \u003Ca href=\"http:\u002F\u002Fthemeforest.net\u002Fitem\u002Ffundify-crowd-funding-wordpress-theme\u002F4257622?ref=Astoundify\" rel=\"nofollow ugc\">“Fundify”\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002FAstoundify.com\u002Ffundify.html\" rel=\"nofollow ugc\">Astoundify\u003C\u002Fa> A large community crowdfunding theme, like Kickstarter or Indiegogo.\u003C\u002Fli>\n\u003Cli>The second theme released is called \u003Ca href=\"http:\u002F\u002Fthemeforest.net\u002Fitem\u002Fcampaignify-multipurpose-crowdfunding-theme\u002F4725411?ref=Astoundify\" rel=\"nofollow ugc\">“Campaignify”\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002FAstoundify.com\u002F\" rel=\"nofollow ugc\">Astoundify\u003C\u002Fa> A multi-purpose crowdfunding theme, great for single project crowdfunding.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add WePay oAuth2 support for Easy Digital Downloads WePay and Crowdfunding by Astoundify.",3880,"2014-06-25T20:53:00.000Z","3.9.40","3.5",[77,78,79,19],"downloads","easy-digital-downloads","gateway","https:\u002F\u002Fgithub.com\u002Fastoundify","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fedd-wepay-oauth2.0.4.zip",{"attackSurface":83,"codeSignals":120,"taintFlows":171,"riskAssessment":204,"analyzedAt":220},{"hooks":84,"ajaxHandlers":116,"restRoutes":117,"shortcodes":118,"cronEvents":119,"entryPointCount":13,"unprotectedCount":13},[85,91,96,100,104,107,112],{"type":86,"name":87,"callback":88,"file":89,"line":90},"action","admin_menu","wp_thumbs_menu","settings.php",75,{"type":86,"name":92,"callback":93,"file":94,"line":95},"admin_init","wp_thumbs_settings_reg","thumbs.php",49,{"type":86,"name":97,"callback":98,"file":94,"line":99},"plugins_loaded","wp_thumbs_db_check",96,{"type":86,"name":101,"callback":102,"file":94,"line":103},"init","wp_thumbs_javascript",137,{"type":86,"name":101,"callback":105,"file":94,"line":106},"wp_thumbs_css",141,{"type":108,"name":109,"callback":110,"file":94,"line":111},"filter","the_content","wp_thumbs_display_div",152,{"type":86,"name":113,"callback":114,"file":94,"line":115},"template_redirect","wp_thumbs_display_check",156,[],[],[],[],{"dangerousFunctions":121,"sqlUsage":122,"outputEscaping":140,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":170},[],{"prepared":13,"raw":123,"locations":124},6,[125,129,131,134,136,138],{"file":126,"line":127,"context":128},"register.php",37,"$wpdb->query() with variable interpolation",{"file":126,"line":130,"context":128},62,{"file":94,"line":132,"context":133},106,"$wpdb->get_var() with variable interpolation",{"file":94,"line":135,"context":133},118,{"file":94,"line":137,"context":133},119,{"file":94,"line":139,"context":128},127,{"escaped":13,"rawEcho":141,"locations":142},13,[143,147,149,151,153,155,157,159,160,162,164,166,168],{"file":144,"line":145,"context":146},"ajax.php",12,"raw output",{"file":89,"line":148,"context":146},15,{"file":89,"line":150,"context":146},23,{"file":89,"line":152,"context":146},42,{"file":89,"line":154,"context":146},46,{"file":89,"line":156,"context":146},47,{"file":89,"line":158,"context":146},48,{"file":89,"line":95,"context":146},{"file":89,"line":161,"context":146},51,{"file":89,"line":163,"context":146},52,{"file":89,"line":165,"context":146},56,{"file":89,"line":167,"context":146},57,{"file":89,"line":169,"context":146},67,[],[172,191],{"entryPoint":173,"graph":174,"unsanitizedCount":189,"severity":190},"\u003Cajax> (ajax.php:0)",{"nodes":175,"edges":186},[176,181],{"id":177,"type":178,"label":179,"file":144,"line":180},"n0","source","$_POST",11,{"id":182,"type":183,"label":184,"file":144,"line":145,"wp_function":185},"n1","sink","echo() [XSS]","echo",[187],{"from":177,"to":182,"sanitized":188},false,1,"low",{"entryPoint":192,"graph":193,"unsanitizedCount":28,"severity":203},"\u003Cregister> (register.php:0)",{"nodes":194,"edges":201},[195,198],{"id":177,"type":178,"label":196,"file":126,"line":197},"$_POST (x2)",19,{"id":182,"type":183,"label":199,"file":126,"line":127,"wp_function":200},"query() [SQLi]","query",[202],{"from":177,"to":182,"sanitized":188},"high",{"summary":205,"deductions":206},"The static analysis of wp-thumbs v1.1 reveals a mixed security posture. While the plugin exhibits a notably small attack surface with no reported AJAX handlers, REST API routes, shortcodes, or cron events, and zero unprotected entry points, significant concerns arise from its code signals. The complete absence of prepared statements for its SQL queries, coupled with 100% of its output functions lacking proper escaping, presents a substantial risk of SQL injection and cross-site scripting (XSS) vulnerabilities.\n\nThe taint analysis further highlights these risks, with two flows analyzed and both involving unsanitized paths, one resulting in a high severity issue. This suggests that data processed by the plugin is not being adequately validated or neutralized before being used in sensitive operations. The lack of any recorded vulnerability history, while seemingly positive, could also indicate a lack of thorough security auditing or that past vulnerabilities, if any, were not publicly disclosed or patched.\n\nIn conclusion, while wp-thumbs v1.1 has a limited attack surface, the critical deficiencies in secure coding practices, specifically regarding SQL query preparation and output escaping, combined with high-severity taint flows, make it a risky plugin to use without further mitigation. The absence of known CVEs is a positive, but it does not negate the inherent risks identified within the code's construction. The plugin's strengths lie in its minimal interaction points, but its weaknesses in data handling are severe.",[207,209,211,213,216,218],{"reason":208,"points":148},"Raw SQL queries, 0% prepared",{"reason":210,"points":11},"Output escaping, 0% properly escaped",{"reason":212,"points":11},"High severity taint flow",{"reason":214,"points":215},"Flows with unsanitized paths",5,{"reason":217,"points":215},"No nonce checks",{"reason":219,"points":215},"No capability checks","2026-03-17T00:20:20.398Z",{"wat":222,"direct":231},{"assetPaths":223,"generatorPatterns":226,"scriptPaths":227,"versionParams":228},[224,225],"\u002Fwp-content\u002Fplugins\u002Fwp-thumbs\u002Fjs\u002Fthumbs.js","\u002Fwp-content\u002Fplugins\u002Fwp-thumbs\u002Fcss\u002Fthumbs.css",[],[224],[229,230],"wp-thumbs\u002Fjs\u002Fthumbs.js?ver=","wp-thumbs\u002Fcss\u002Fthumbs.css?ver=",{"cssClasses":232,"htmlComments":239,"htmlAttributes":240,"restEndpoints":252,"jsGlobals":253,"shortcodeOutput":256},[233,234,235,236,237,238],"wp-thumbs-graph-main","wp-thumbs-graph-likes","wp-thumbs-graph-dislikes","wp-thumbs-graph-clicks","wp-thumbs-counter-like","wp-thumbs-counter-dislike",[],[241,242,243,244,245,246,247,248,249,250,251],"wp_thumbs_db_version","wp_thumbs_table_name","wp_thumbs_domain","wp_thumbs_show_locations","wp_thumbs_display_mode","wp_thumbs_display_location","wp_thumbs_show_users","wp_thumbs_show_graph","wp_thumbs_show_graph_clicks","wp_thumbs_show_clicks","wp_thumbs_show_thankyou",[],[254,255],"wp_thumbs_plugin_url","wp_thumbs_path",[]]