[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_jKjcdg9_KM4aRL-gmaC36uKDVtvoRzf6TlRAdbkkPE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":74,"crawl_stats":34,"alternatives":79,"analysis":80,"fingerprints":611},"wp-ticketbai","TicketBAI Facturas para WooCommerce","3.45","facturaone","https:\u002F\u002Fprofiles.wordpress.org\u002Ffacturaone\u002F","\u003Cp>Con el plugin WP TicketBAI, podrás cumplir con todas las obligaciones que impone TicketBAI para los autónomos y empresas con domicilio fiscal en el País Vasco.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Emite Facturas con código TBAI y código QR de TicketBAI\u003C\u002Fli>\n\u003Cli>Envía, de forma automática, e inmediata, las facturas a Hacienda Foral\u003C\u002Fli>\n\u003Cli>Permite la Anulación de Facturas\u003C\u002Fli>\n\u003Cli>Genera Facturas Rectificativas\u003C\u002Fli>\n\u003Cli>Comprobación del NIF\u002FCIF\u002FNIE del destinatario de la factura\u003C\u002Fli>\n\u003Cli>Resúmenes mensuales, trimestrales y anuales de facturas\u003C\u002Fli>\n\u003Cli>Descarga de datos para las declaraciones de IVA\u003Cbr \u002F>\nMás información en \u003Ca href=\"https:\u002F\u002Fwp-tbai.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwp-tbai.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Y todo ello sin necesidad de instalar certificados digitales, ya que utiliza la modalidad de “Emisión por Terceros” autorizada por TicketBAI.\u003C\u002Fp>\n\u003Cp>Desde el momento de instalar el plugin, ya podrás generar Facturas con código TBAI y código QR, de forma gratuita, en entorno de pruebas.\u003C\u002Fp>\n\u003Cp>Estas facturas se enviarán al entorno de pruebas de Hacienda Foral para que puedan ser comprobadas escaneando su código QR.\u003Cbr \u002F>\nPuede leer nuestras politicas de servicio y terminos en \u003Ca href=\"https:\u002F\u002Fwp-tbai.com\u002Fpolitica-privacidad\" rel=\"nofollow ugc\">https:\u002F\u002Fwp-tbai.com\u002Fpolitica-privacidad\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Instalación\u003C\u002Fh3>\n\u003Ch4>Guía de instalación\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Instala el Plugin y actívalo.\u003C\u002Fli>\n\u003Cli>Ya puedes probar el ENTORNO DE PRUEBAS y ver cómo funciona el plugin.\u003C\u002Fli>\n\u003Cli>Si te gusta, puedes registrarte y te informaremos de nuestros servicios y tarifas.\u003C\u002Fli>\n\u003Cli>Felicidades!!! Una vez registrado, te damos el APIkey que te permitirá emitir facturas en entorno real TicketBai con tus datos.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requerimiento Minimo\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.7 o superior\u003C\u002Fli>\n\u003Cli>PHP version 5.4 o superior\u003C\u002Fli>\n\u003Cli>MySQL version 5.0 o superior\u003C\u002Fli>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Recomendamos que tu host soporte:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP version 7.0 o superior\u003C\u002Fli>\n\u003Cli>MySQL version 5.6 o superior\u003C\u002Fli>\n\u003Cli>WordPress Memory limit of 64 MB o superior (128 MB o superior)\u003C\u002Fli>\n\u003C\u002Ful>\n","Emite Facturas desde tu WooCommerce a TicketBAI con el código QR desde WordPress, gestiona fácilmente Anulaciones, Rectificatvas, Facturas PDF.",70,7551,100,2,"2026-02-24T13:33:00.000Z","6.9.4","4.7","7.4",[20],"ticketbai-tbai-batuz-facturas-invoice-pdf-erp-dni-woocommerce","https:\u002F\u002Fwp-tbai.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-ticketbai.zip",66,3,1,"2025-06-09 00:00:00","2026-03-15T15:16:48.613Z",[29,45,59],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":36,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":26,"updated_date":41,"references":42,"days_to_patch":44},"CVE-2025-24767","ticketbai-facturas-para-woocommerce-unauthenticated-sql-injection","TicketBAI Facturas para WooCommerce \u003C= 3.19 - Unauthenticated SQL Injection","The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=3.19","3.21","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-06-18 15:08:18",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fecd28218-6b43-4f61-bcca-117c353e79be?source=api-prod",10,{"id":46,"url_slug":47,"title":48,"description":49,"plugin_slug":4,"theme_slug":34,"affected_versions":50,"patched_in_version":34,"severity":51,"cvss_score":52,"cvss_vector":53,"vuln_type":54,"published_date":55,"updated_date":56,"references":57,"days_to_patch":34},"CVE-2025-24762","ticketbai-facturas-para-woocommerce-missing-authorization","TicketBAI Facturas para WooCommerce \u003C= 3.21 - Missing Authorization","The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.21. This makes it possible for unauthenticated attackers to perform an unauthorized action.","\u003C=3.21","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-06-05 00:00:00","2025-06-17 14:09:19",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2498c73f-b45d-44db-a67e-d325b758096f?source=api-prod",{"id":60,"url_slug":61,"title":62,"description":63,"plugin_slug":4,"theme_slug":34,"affected_versions":64,"patched_in_version":65,"severity":66,"cvss_score":67,"cvss_vector":68,"vuln_type":69,"published_date":70,"updated_date":71,"references":72,"days_to_patch":25},"CVE-2025-4564","ticketbai-facturas-para-woocommerce-unauthenticated-arbitrary-file-deletion","TicketBAI Facturas para WooCommerce \u003C= 3.18 - Unauthenticated Arbitrary File Deletion","The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","\u003C=3.18","3.19","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2025-05-14 00:00:00","2025-05-15 11:13:16",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2927aa13-b012-41eb-93bd-38a4e5fc5455?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":13,"avg_security_score":75,"avg_patch_time_days":76,"trust_score":77,"computed_at":78},83,6,88,"2026-04-05T02:28:53.698Z",[],{"attackSurface":81,"codeSignals":238,"taintFlows":381,"riskAssessment":591,"analyzedAt":610},{"hooks":82,"ajaxHandlers":233,"restRoutes":234,"shortcodes":235,"cronEvents":236,"entryPointCount":237,"unprotectedCount":237},[83,90,95,99,103,106,110,115,119,123,127,131,134,138,142,146,150,155,160,165,169,173,177,181,185,189,193,197,200,204,208,212,215,218,222,224,227,231],{"type":84,"name":85,"callback":86,"priority":87,"file":88,"line":89},"action","woocommerce_thankyou","FTBAI_verfactura_page",20,"FTBAI_custom_order.php",7,{"type":91,"name":92,"callback":93,"file":88,"line":94},"filter","manage_edit-shop_order_columns","FTBAI_edit_shop_order_columns",19,{"type":84,"name":96,"callback":97,"file":88,"line":98},"manage_shop_order_posts_custom_column","FTBAI_order_items_column_cnt",24,{"type":91,"name":100,"callback":101,"priority":44,"file":88,"line":102},"woocommerce_account_orders_columns","FTBAI_add_account_orders_column",60,{"type":84,"name":104,"callback":105,"file":88,"line":23},"woocommerce_my_account_my_orders_column_custom-column","FTBAI_add_account_orders_column_rows",{"type":84,"name":107,"callback":108,"file":88,"line":109},"woocommerce_my_account_my_orders_column_custom-column-estado","FTBAI_estado_add_account_orders_column_rows",92,{"type":91,"name":111,"callback":112,"priority":113,"file":88,"line":114},"woocommerce_account_menu_items","closure",99,105,{"type":84,"name":116,"callback":117,"priority":44,"file":88,"line":118},"woocommerce_checkout_update_order_meta","FTBAI_save_checkout_vat_number",112,{"type":91,"name":120,"callback":121,"file":122,"line":89},"manage_users_columns","FTBAI_modify_user_table","FTBAI_custom_users.php",{"type":91,"name":124,"callback":125,"priority":44,"file":122,"line":126},"manage_users_custom_column","FTBAI_modify_user_table_row",16,{"type":91,"name":128,"callback":129,"file":122,"line":130},"woocommerce_checkout_fields","FTBAI_claserama_rearrange_checkout_fields",67,{"type":84,"name":116,"callback":132,"file":122,"line":133},"FTBAI_woocommerce_checkout_vat_number_update_order_meta",94,{"type":84,"name":135,"callback":136,"file":122,"line":137},"woocommerce_checkout_process","FTBAI_checkout_field_process",96,{"type":84,"name":139,"callback":140,"priority":44,"file":122,"line":141},"woocommerce_admin_order_data_after_billing_address","FTBAI_woocommerce_vat_number_display_admin_order_meta",170,{"type":84,"name":143,"callback":144,"priority":44,"file":122,"line":145},"woocommerce_process_shop_order_meta","FTBAI_woocommerce_save_vat_number_admin_order_meta",173,{"type":84,"name":147,"callback":148,"file":122,"line":149},"woocommerce_edit_account_form","FTBAI_vatnumber",182,{"type":84,"name":151,"callback":152,"priority":153,"file":122,"line":154},"woocommerce_save_account_details","FTBAI_save_vatnumber",12,201,{"type":84,"name":156,"callback":157,"file":158,"line":159},"admin_head","FTBAI_admin_header","FTBAI_facturas.php",470,{"type":91,"name":161,"callback":162,"file":163,"line":164},"wpo_wcpdf_external_invoice_number_enabled","__return_true","FTBAI_wcpdf.php",4,{"type":91,"name":166,"callback":167,"priority":44,"file":163,"line":168},"wpo_wcpdf_external_invoice_number","FTBAI_wpo_wcpdf_ticketbai_invoice_number",5,{"type":91,"name":170,"callback":171,"priority":44,"file":163,"line":172},"wpo_wcpdf_billing_address","FTBAI_custom_wpo_wcpdf_billing_custom_field",48,{"type":91,"name":174,"callback":175,"priority":44,"file":163,"line":176},"wpo_wcpdf_invoice_title","FTBAI_custom_invoice_title",63,{"type":91,"name":178,"callback":179,"priority":44,"file":163,"line":180},"wpo_wcpdf_get_html","FTBAI_custom_pdf_html",65,{"type":84,"name":182,"callback":183,"priority":44,"file":163,"line":184},"wpo_wcpdf_after_order_details","FTBAI_wpo_wcpdf_ticketbai_details",93,{"type":84,"name":186,"callback":187,"priority":44,"file":163,"line":188},"wpo_wcpdf_after_footer","FTBAI_custom_after_footer",95,{"type":84,"name":190,"callback":191,"priority":13,"file":163,"line":192},"admin_enqueue_scripts","FTBAI_shapeSpace_disable_scripts_styles_admin_area",147,{"type":91,"name":194,"callback":195,"priority":44,"file":163,"line":196},"wpo_wcpdf_document_is_allowed","FTBAI_wpo_wcpdf_invoice_attachment_condition",149,{"type":84,"name":198,"callback":112,"file":199,"line":87},"admin_notices","wp-ticketbai.php",{"type":84,"name":201,"callback":202,"file":199,"line":203},"admin_init","FTBAI_get_version",32,{"type":84,"name":205,"callback":206,"file":199,"line":207},"init","FTBAI_variables_generales",36,{"type":84,"name":209,"callback":210,"file":199,"line":211},"plugins_loaded","FTBAI_plugin_load_textdomain",54,{"type":84,"name":190,"callback":213,"file":199,"line":214},"FTBAI_add_plugin_stylesheet",72,{"type":84,"name":216,"callback":213,"file":199,"line":217},"wp_enqueue_scripts",73,{"type":84,"name":219,"callback":220,"file":199,"line":221},"admin_menu","FTBAI_register_my_custom_submenu_page",76,{"type":84,"name":143,"callback":112,"file":199,"line":223},156,{"type":84,"name":225,"callback":112,"file":199,"line":226},"save_post",159,{"type":84,"name":228,"callback":229,"priority":113,"file":199,"line":230},"woocommerce_order_status_changed","FTBAI_order_status_changed",208,{"type":84,"name":205,"callback":112,"file":199,"line":232},310,[],[],[],[],0,{"dangerousFunctions":239,"sqlUsage":240,"outputEscaping":246,"fileOperations":379,"externalRequests":14,"nonceChecks":14,"capabilityChecks":25,"bundledLibraries":380},[],{"prepared":241,"raw":25,"locations":242},21,[243],{"file":199,"line":244,"context":245},791,"$wpdb->get_var() with variable interpolation",{"escaped":247,"rawEcho":248,"locations":249},91,64,[250,253,255,257,259,261,263,264,266,268,269,271,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,335,337,339,341,343,345,347,349,351,353,355,357,359,361,363,365,367,369,371,373,375,377],{"file":88,"line":251,"context":252},13,"raw output",{"file":88,"line":254,"context":252},46,{"file":88,"line":256,"context":252},49,{"file":88,"line":258,"context":252},53,{"file":88,"line":260,"context":252},55,{"file":88,"line":262,"context":252},85,{"file":88,"line":77,"context":252},{"file":122,"line":265,"context":252},160,{"file":122,"line":267,"context":252},168,{"file":158,"line":154,"context":252},{"file":158,"line":270,"context":252},204,{"file":272,"line":273,"context":252},"FTBAI_index.php",188,{"file":272,"line":275,"context":252},229,{"file":272,"line":277,"context":252},239,{"file":272,"line":279,"context":252},260,{"file":272,"line":281,"context":252},262,{"file":272,"line":283,"context":252},264,{"file":272,"line":285,"context":252},266,{"file":272,"line":287,"context":252},268,{"file":272,"line":289,"context":252},387,{"file":272,"line":291,"context":252},391,{"file":272,"line":293,"context":252},396,{"file":272,"line":295,"context":252},401,{"file":272,"line":297,"context":252},417,{"file":272,"line":299,"context":252},422,{"file":272,"line":301,"context":252},431,{"file":272,"line":303,"context":252},455,{"file":272,"line":305,"context":252},457,{"file":272,"line":307,"context":252},473,{"file":272,"line":309,"context":252},475,{"file":272,"line":311,"context":252},577,{"file":272,"line":313,"context":252},579,{"file":272,"line":315,"context":252},634,{"file":272,"line":317,"context":252},699,{"file":272,"line":319,"context":252},704,{"file":272,"line":321,"context":252},709,{"file":272,"line":323,"context":252},714,{"file":272,"line":325,"context":252},733,{"file":272,"line":327,"context":252},736,{"file":272,"line":329,"context":252},753,{"file":272,"line":331,"context":252},803,{"file":333,"line":334,"context":252},"FTBAI_procesos.php",1025,{"file":333,"line":336,"context":252},1030,{"file":333,"line":338,"context":252},1033,{"file":163,"line":340,"context":252},106,{"file":163,"line":342,"context":252},124,{"file":199,"line":344,"context":252},320,{"file":199,"line":346,"context":252},329,{"file":199,"line":348,"context":252},350,{"file":199,"line":350,"context":252},358,{"file":199,"line":352,"context":252},364,{"file":199,"line":354,"context":252},370,{"file":199,"line":356,"context":252},375,{"file":199,"line":358,"context":252},377,{"file":199,"line":360,"context":252},385,{"file":199,"line":362,"context":252},388,{"file":199,"line":364,"context":252},404,{"file":199,"line":366,"context":252},484,{"file":199,"line":368,"context":252},543,{"file":199,"line":370,"context":252},547,{"file":199,"line":372,"context":252},552,{"file":199,"line":374,"context":252},604,{"file":199,"line":376,"context":252},608,{"file":199,"line":378,"context":252},611,15,[],[382,487,498,582],{"entryPoint":383,"graph":384,"unsanitizedCount":24,"severity":51},"\u003Cwp-ticketbai> (wp-ticketbai.php:0)",{"nodes":385,"edges":469},[386,391,396,399,404,407,412,415,419,424,427,430,433,436,439,442,445,448,451,454,457,460,463,466],{"id":387,"type":388,"label":389,"file":199,"line":390},"n0","source","$_POST (x2)",313,{"id":392,"type":393,"label":394,"file":199,"line":350,"wp_function":395},"n1","sink","echo() [XSS]","echo",{"id":397,"type":388,"label":398,"file":199,"line":390},"n2","$_POST (x4)",{"id":400,"type":393,"label":401,"file":199,"line":402,"wp_function":403},"n3","query() [SQLi]",536,"query",{"id":405,"type":388,"label":406,"file":199,"line":390},"n4","$_POST",{"id":408,"type":393,"label":409,"file":199,"line":410,"wp_function":411},"n5","get_results() [SQLi]",871,"get_results",{"id":413,"type":388,"label":406,"file":199,"line":414},"n6",315,{"id":416,"type":417,"label":418,"file":199,"line":414},"n7","transform","→ FTBAI_verpdf()",{"id":420,"type":393,"label":421,"file":333,"line":422,"wp_function":423},"n8","file_put_contents() [File Write]",281,"file_put_contents",{"id":425,"type":388,"label":406,"file":199,"line":426},"n9",324,{"id":428,"type":417,"label":429,"file":199,"line":426},"n10","→ FTBAI_verxml()",{"id":431,"type":393,"label":421,"file":333,"line":432,"wp_function":423},"n11",297,{"id":434,"type":388,"label":406,"file":199,"line":435},"n12",352,{"id":437,"type":417,"label":438,"file":199,"line":435},"n13","→ FTBAI_emitirfactura()",{"id":440,"type":393,"label":401,"file":333,"line":441,"wp_function":403},"n14",867,{"id":443,"type":388,"label":406,"file":199,"line":444},"n15",373,{"id":446,"type":417,"label":447,"file":199,"line":444},"n16","→ FONE_enviaremail()",{"id":449,"type":393,"label":421,"file":333,"line":450,"wp_function":423},"n17",959,{"id":452,"type":388,"label":406,"file":199,"line":453},"n18",541,{"id":455,"type":417,"label":456,"file":199,"line":453},"n19","→ FTBAI_registrarectificativa()",{"id":458,"type":393,"label":401,"file":333,"line":459,"wp_function":403},"n20",1095,{"id":461,"type":388,"label":406,"file":199,"line":462},"n21",602,{"id":464,"type":417,"label":465,"file":199,"line":462},"n22","→ FTBAI_creafacmanual()",{"id":467,"type":393,"label":401,"file":333,"line":468,"wp_function":403},"n23",462,[470,472,473,474,476,477,478,479,480,481,482,483,484,485,486],{"from":387,"to":392,"sanitized":471},true,{"from":397,"to":400,"sanitized":471},{"from":405,"to":408,"sanitized":471},{"from":413,"to":416,"sanitized":475},false,{"from":416,"to":420,"sanitized":475},{"from":425,"to":428,"sanitized":475},{"from":428,"to":431,"sanitized":475},{"from":434,"to":437,"sanitized":475},{"from":437,"to":440,"sanitized":471},{"from":443,"to":446,"sanitized":475},{"from":446,"to":449,"sanitized":475},{"from":452,"to":455,"sanitized":475},{"from":455,"to":458,"sanitized":471},{"from":461,"to":464,"sanitized":475},{"from":464,"to":467,"sanitized":471},{"entryPoint":488,"graph":489,"unsanitizedCount":237,"severity":497},"\u003CFTBAI_custom_users> (FTBAI_custom_users.php:0)",{"nodes":490,"edges":495},[491,493],{"id":387,"type":388,"label":406,"file":122,"line":492},176,{"id":392,"type":393,"label":394,"file":122,"line":494,"wp_function":395},189,[496],{"from":387,"to":392,"sanitized":471},"low",{"entryPoint":499,"graph":500,"unsanitizedCount":237,"severity":497},"\u003CFTBAI_index> (FTBAI_index.php:0)",{"nodes":501,"edges":566},[502,504,508,510,511,514,515,518,519,522,523,526,527,529,530,533,534,536,537,540,541,544,545,548,549,553,555,559,561,564],{"id":387,"type":388,"label":503,"file":272,"line":188},"$_POST (x7)",{"id":392,"type":393,"label":505,"file":272,"line":506,"wp_function":507},"update_option() [Settings Manipulation]",98,"update_option",{"id":397,"type":388,"label":509,"file":272,"line":342},"$_POST['FTBAI_emitefactautomatica']",{"id":400,"type":393,"label":505,"file":272,"line":342,"wp_function":507},{"id":405,"type":388,"label":512,"file":272,"line":513},"$_POST['FTBAI_sendfactautomatica']",129,{"id":408,"type":393,"label":505,"file":272,"line":513,"wp_function":507},{"id":413,"type":388,"label":516,"file":272,"line":517},"$_POST['FTBAI_copyemail']",134,{"id":416,"type":393,"label":505,"file":272,"line":517,"wp_function":507},{"id":420,"type":388,"label":520,"file":272,"line":521},"$_POST['FTBAI_maxsimplificada']",139,{"id":425,"type":393,"label":505,"file":272,"line":521,"wp_function":507},{"id":428,"type":388,"label":524,"file":272,"line":525},"$_POST['FTBAI_apartirnumeropedido']",144,{"id":431,"type":393,"label":505,"file":272,"line":525,"wp_function":507},{"id":434,"type":388,"label":528,"file":272,"line":196},"$_POST['FTBAI_shownif']",{"id":437,"type":393,"label":505,"file":272,"line":196,"wp_function":507},{"id":440,"type":388,"label":531,"file":272,"line":532},"$_POST['FTBAI_clientesRE']",154,{"id":443,"type":393,"label":505,"file":272,"line":532,"wp_function":507},{"id":446,"type":388,"label":535,"file":272,"line":226},"$_POST['FTBAI_posicionQR']",{"id":449,"type":393,"label":505,"file":272,"line":226,"wp_function":507},{"id":452,"type":388,"label":538,"file":272,"line":539},"$_POST['FTBAI_operacionextranjero']",164,{"id":455,"type":393,"label":505,"file":272,"line":539,"wp_function":507},{"id":458,"type":388,"label":542,"file":272,"line":543},"$_POST['FTBAI_causaexentaiva']",169,{"id":461,"type":393,"label":505,"file":272,"line":543,"wp_function":507},{"id":464,"type":388,"label":546,"file":272,"line":547},"$_POST['FTBAI_canariasnoexentoiva']",174,{"id":467,"type":393,"label":505,"file":272,"line":547,"wp_function":507},{"id":550,"type":388,"label":551,"file":272,"line":552},"n24","$_POST['FTBAI_permitefueraUE']",179,{"id":554,"type":393,"label":505,"file":272,"line":552,"wp_function":507},"n25",{"id":556,"type":388,"label":557,"file":272,"line":558},"n26","$_POST['FTBAI_empresaroi']",184,{"id":560,"type":393,"label":505,"file":272,"line":558,"wp_function":507},"n27",{"id":562,"type":388,"label":406,"file":272,"line":563},"n28",104,{"id":565,"type":393,"label":394,"file":272,"line":331,"wp_function":395},"n29",[567,568,569,570,571,572,573,574,575,576,577,578,579,580,581],{"from":387,"to":392,"sanitized":471},{"from":397,"to":400,"sanitized":471},{"from":405,"to":408,"sanitized":471},{"from":413,"to":416,"sanitized":471},{"from":420,"to":425,"sanitized":471},{"from":428,"to":431,"sanitized":471},{"from":434,"to":437,"sanitized":471},{"from":440,"to":443,"sanitized":471},{"from":446,"to":449,"sanitized":471},{"from":452,"to":455,"sanitized":471},{"from":458,"to":461,"sanitized":471},{"from":464,"to":467,"sanitized":471},{"from":550,"to":554,"sanitized":471},{"from":556,"to":560,"sanitized":471},{"from":562,"to":565,"sanitized":471},{"entryPoint":583,"graph":584,"unsanitizedCount":237,"severity":497},"\u003CFTBAI_procesos> (FTBAI_procesos.php:0)",{"nodes":585,"edges":589},[586,588],{"id":387,"type":388,"label":406,"file":333,"line":587},334,{"id":392,"type":393,"label":401,"file":333,"line":459,"wp_function":403},[590],{"from":387,"to":392,"sanitized":471},{"summary":592,"deductions":593},"The wp-ticketbai plugin v3.45 exhibits a mixed security posture. While static analysis shows a zero attack surface from common entry points like AJAX handlers, REST API routes, shortcodes, and cron events, and a high percentage of SQL queries using prepared statements, there are significant concerns regarding output escaping and vulnerability history.  The 59% proper output escaping rate is a red flag, suggesting a substantial risk of Cross-Site Scripting (XSS) vulnerabilities in the remaining 41% of outputs. Taint analysis, though limited in scope, did identify one flow with unsanitized paths, which could potentially lead to path traversal issues if not handled carefully, although it was not classified as critical or high severity.  The plugin's history of 3 known CVEs, with one still unpatched and including a critical severity vulnerability, is a major indicator of past security weaknesses. The types of past vulnerabilities, including SQL Injection, Missing Authorization, and Path Traversal, align with potential weaknesses hinted at by the taint analysis and output escaping concerns.  Therefore, despite some good practices in SQL handling and a seemingly limited direct attack surface, the plugin's vulnerability history and output escaping issues present a notable risk.",[594,596,598,600,602,604,606,608],{"reason":595,"points":87},"Unpatched Critical Vulnerability",{"reason":597,"points":379},"Unpatched High Vulnerability",{"reason":599,"points":44},"Unpatched Medium Vulnerability",{"reason":601,"points":379},"Significant portion of outputs unescaped",{"reason":603,"points":44},"Taint flow with unsanitized paths",{"reason":605,"points":44},"Past vulnerability: Missing Authorization",{"reason":607,"points":44},"Past vulnerability: Path Traversal",{"reason":609,"points":44},"Past vulnerability: SQL Injection","2026-03-16T21:33:10.861Z",{"wat":612,"direct":627},{"assetPaths":613,"generatorPatterns":619,"scriptPaths":620,"versionParams":621},[614,615,616,617,618],"\u002Fwp-content\u002Fplugins\u002Fwp-ticketbai\u002Fassets\u002FFTBAI_main.css","\u002Fwp-content\u002Fplugins\u002Fwp-ticketbai\u002Fassets\u002Fsweetalert\u002Fsweetalert2.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-ticketbai\u002Fassets\u002Fsweetalert\u002Fsweetalert2.all.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-ticketbai\u002Fjs\u002FFTBAI_procesos.js","\u002Fwp-content\u002Fplugins\u002Fwp-ticketbai\u002Fjs\u002FFTBAI_verpdf.js",[],[614,615,616,617,618],[622,623,624,625,626],"FTBAI_style","FTBAI_sweetalert-css","FTBAI_sweetalert-js","FTBAI_procesos-js","FTBAI_verpdf-js",{"cssClasses":628,"htmlComments":629,"htmlAttributes":630,"restEndpoints":631,"jsGlobals":632,"shortcodeOutput":634},[],[],[],[],[633],"ftba_vars",[]]