[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faQHwlx7-Le_qgUnFmDp9y7GQTP8VsJk64HzDN4OQa3o":3,"$fMfFPEowBcVcQi4oH577EybUPAXL63lrJUG_fEopklV8":253,"$fVdrigSX7GB4iO6Fd0oUJ6IibQ72S9D_RA_AbiUR43iA":258},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":31,"analysis":32,"fingerprints":234},"xtoool-product-feed","xtoool Product Feed","1.0.0","xtoool","https:\u002F\u002Fprofiles.wordpress.org\u002Fxtoool\u002F","\u003Cp>Xtoool Product Feed Plugin makes it easy to insert product feed ads on your WordPress pages and manage them in bulk.\u003C\u002Fp>\n\u003Cp>Full documentation can be found at [https:\u002F\u002Fwww.xtoool.com\u002Fwordpress\u002Fproduct-feed\u002F]\u003C\u002Fp>\n\u003Cp>Are you still worried that the conversion rate of Woocommerce website is too low? This plugin provides a solution that allows you to quickly add and manage product display ad placements on your WordPress website pages to increase product exposure and increase sales.\u003C\u002Fp>\n\u003Cp>User’s guidance\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install Xtoool Product Feed Plugin\u003C\u002Fli>\n\u003Cli>Add the products you want to display in “Add products”\u003C\u002Fli>\n\u003Cli>Add advertising space in “Add products list”\u003C\u002Fli>\n\u003Cli>Copy the shortcode of the ad slot to the target WordPress page\u003C\u002Fli>\n\u003C\u002Fol>\n","Xtoool Product Feed Plugin makes it easy to insert product feed ads on your WordPress pages and manage them in bulk.",0,682,"2022-03-25T01:34:00.000Z","5.9.13","4.4","",[18],"xtoool-product-feed-plugin","https:\u002F\u002Fwww.xtoool.com\u002Fwordpress\u002Fproduct-feed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxtoool-product-feed.1.0.0.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},3,30,84,"2026-05-20T03:58:27.866Z",[],{"attackSurface":33,"codeSignals":58,"taintFlows":72,"riskAssessment":220,"analyzedAt":233},{"hooks":34,"ajaxHandlers":40,"restRoutes":54,"shortcodes":55,"cronEvents":56,"entryPointCount":57,"unprotectedCount":57},[35],{"type":36,"name":37,"callback":37,"file":38,"line":39},"action","admin_menu","index.php",34,[41,45,48,51],{"action":42,"nopriv":43,"callback":42,"hasNonce":43,"hasCapCheck":43,"file":38,"line":44},"getProductData",false,35,{"action":46,"nopriv":43,"callback":46,"hasNonce":43,"hasCapCheck":43,"file":38,"line":47},"deleteProduct",36,{"action":49,"nopriv":43,"callback":49,"hasNonce":43,"hasCapCheck":43,"file":38,"line":50},"getProductListData",37,{"action":52,"nopriv":43,"callback":52,"hasNonce":43,"hasCapCheck":43,"file":38,"line":53},"deleteProductList",38,[],[],[],4,{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":63,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":71},[],{"prepared":61,"raw":11,"locations":62},20,[],{"escaped":64,"rawEcho":65,"locations":66},45,1,[67],{"file":68,"line":69,"context":70},"tpl\\add_products_list.php",59,"raw output",[],[73,91,119,137,155,165,175],{"entryPoint":74,"graph":75,"unsanitizedCount":65,"severity":90},"addProduct (index.php:91)",{"nodes":76,"edges":88},[77,82],{"id":78,"type":79,"label":80,"file":38,"line":81},"n0","source","$_REQUEST",99,{"id":83,"type":84,"label":85,"file":38,"line":86,"wp_function":87},"n1","sink","query() [SQLi]",101,"query",[89],{"from":78,"to":83,"sanitized":43},"high",{"entryPoint":92,"graph":93,"unsanitizedCount":118,"severity":90},"getProductListData (index.php:121)",{"nodes":94,"edges":114},[95,98,102,105,109],{"id":78,"type":79,"label":96,"file":38,"line":97},"$_POST",128,{"id":83,"type":84,"label":99,"file":38,"line":100,"wp_function":101},"get_var() [SQLi]",138,"get_var",{"id":103,"type":79,"label":96,"file":38,"line":104},"n2",136,{"id":106,"type":107,"label":108,"file":38,"line":104},"n3","transform","→ getListData()",{"id":110,"type":84,"label":111,"file":38,"line":112,"wp_function":113},"n4","get_results() [SQLi]",251,"get_results",[115,116,117],{"from":78,"to":83,"sanitized":43},{"from":103,"to":106,"sanitized":43},{"from":106,"to":110,"sanitized":43},2,{"entryPoint":120,"graph":121,"unsanitizedCount":136,"severity":90},"addProductsList (index.php:146)",{"nodes":122,"edges":133},[123,126,128,131],{"id":78,"type":79,"label":124,"file":38,"line":125},"$_REQUEST (x4)",151,{"id":83,"type":84,"label":85,"file":38,"line":127,"wp_function":87},152,{"id":103,"type":79,"label":129,"file":38,"line":130},"$_REQUEST (x2)",192,{"id":106,"type":84,"label":111,"file":38,"line":132,"wp_function":113},193,[134,135],{"from":78,"to":83,"sanitized":43},{"from":103,"to":106,"sanitized":43},6,{"entryPoint":138,"graph":139,"unsanitizedCount":118,"severity":90},"getProductData (index.php:206)",{"nodes":140,"edges":151},[141,143,145,147,149],{"id":78,"type":79,"label":96,"file":38,"line":142},213,{"id":83,"type":84,"label":99,"file":38,"line":144,"wp_function":101},223,{"id":103,"type":79,"label":96,"file":38,"line":146},221,{"id":106,"type":107,"label":148,"file":38,"line":146},"→ getData()",{"id":110,"type":84,"label":111,"file":38,"line":150,"wp_function":113},239,[152,153,154],{"from":78,"to":83,"sanitized":43},{"from":103,"to":106,"sanitized":43},{"from":106,"to":110,"sanitized":43},{"entryPoint":156,"graph":157,"unsanitizedCount":65,"severity":90},"deleteProduct (index.php:255)",{"nodes":158,"edges":163},[159,161],{"id":78,"type":79,"label":96,"file":38,"line":160},256,{"id":83,"type":84,"label":85,"file":38,"line":162,"wp_function":87},262,[164],{"from":78,"to":83,"sanitized":43},{"entryPoint":166,"graph":167,"unsanitizedCount":65,"severity":90},"deleteProductList (index.php:271)",{"nodes":168,"edges":173},[169,171],{"id":78,"type":79,"label":96,"file":38,"line":170},272,{"id":83,"type":84,"label":85,"file":38,"line":172,"wp_function":87},278,[174],{"from":78,"to":83,"sanitized":43},{"entryPoint":176,"graph":177,"unsanitizedCount":219,"severity":90},"\u003Cindex> (index.php:0)",{"nodes":178,"edges":209},[179,181,182,184,185,186,188,191,193,195,197,199,201,203,205,207],{"id":78,"type":79,"label":180,"file":38,"line":81},"$_REQUEST (x5)",{"id":83,"type":84,"label":85,"file":38,"line":86,"wp_function":87},{"id":103,"type":79,"label":183,"file":38,"line":97},"$_POST (x2)",{"id":106,"type":84,"label":99,"file":38,"line":100,"wp_function":101},{"id":110,"type":79,"label":129,"file":38,"line":130},{"id":187,"type":84,"label":111,"file":38,"line":132,"wp_function":113},"n5",{"id":189,"type":79,"label":183,"file":38,"line":190},"n6",217,{"id":192,"type":84,"label":111,"file":38,"line":150,"wp_function":113},"n7",{"id":194,"type":79,"label":183,"file":38,"line":160},"n8",{"id":196,"type":84,"label":85,"file":38,"line":162,"wp_function":87},"n9",{"id":198,"type":79,"label":96,"file":38,"line":104},"n10",{"id":200,"type":107,"label":108,"file":38,"line":104},"n11",{"id":202,"type":84,"label":111,"file":38,"line":112,"wp_function":113},"n12",{"id":204,"type":79,"label":96,"file":38,"line":146},"n13",{"id":206,"type":107,"label":148,"file":38,"line":146},"n14",{"id":208,"type":84,"label":111,"file":38,"line":150,"wp_function":113},"n15",[210,211,212,213,214,215,216,217,218],{"from":78,"to":83,"sanitized":43},{"from":103,"to":106,"sanitized":43},{"from":110,"to":187,"sanitized":43},{"from":189,"to":192,"sanitized":43},{"from":194,"to":196,"sanitized":43},{"from":198,"to":200,"sanitized":43},{"from":200,"to":202,"sanitized":43},{"from":204,"to":206,"sanitized":43},{"from":206,"to":208,"sanitized":43},15,{"summary":221,"deductions":222},"The \"xtoool-product-feed\" v1.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding database interaction, utilizing prepared statements for all SQL queries and having a high percentage of properly escaped output. The absence of file operations and external HTTP requests further reduces potential attack vectors.  However, a significant concern lies in its attack surface. All four identified AJAX handlers lack authentication checks, making them directly accessible to any user, including unauthenticated ones.\n\nTaint analysis reveals seven flows with unsanitized paths, all classified as high severity. While no critical vulnerabilities or known CVEs are recorded, these high-severity taint flows, combined with the unprotected AJAX endpoints, present a substantial risk. This indicates that data processed by these AJAX handlers might be susceptible to manipulation or injection attacks. The lack of vulnerability history is a neutral observation, but it doesn't negate the risks identified in the current code analysis.  Overall, while the plugin has some strengths in data handling, the numerous unprotected AJAX endpoints and high-severity unsanitized flows are critical weaknesses that require immediate attention.",[223,226,228,230],{"reason":224,"points":225},"AJAX handlers without auth checks",10,{"reason":227,"points":219},"High severity unsanitized taint flows",{"reason":229,"points":225},"No nonce checks on AJAX handlers",{"reason":231,"points":232},"No capability checks on AJAX handlers",5,"2026-03-17T06:07:37.150Z",{"wat":235,"direct":244},{"assetPaths":236,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[237,238],"\u002Fwp-content\u002Fplugins\u002Fxtoool-product-feed\u002Fassets\u002Flib\u002Flayui\u002Fcss\u002Flayui.css","\u002Fwp-content\u002Fplugins\u002Fxtoool-product-feed\u002Fassets\u002Flib\u002Flayui\u002Flayui.js",[],[238],[242,243],"xtoool-product-feed\u002Fassets\u002Flib\u002Flayui\u002Fcss\u002Flayui.css?ver=","xtoool-product-feed\u002Fassets\u002Flib\u002Flayui\u002Flayui.js?ver=",{"cssClasses":245,"htmlComments":246,"htmlAttributes":247,"restEndpoints":248,"jsGlobals":250,"shortcodeOutput":252},[],[],[],[249],"\u002Fwp-json\u002FxtooolProductListForBlog\u002Fv1\u002F...",[251],"window.xtooolProductListForBlog",[],{"error":254,"url":255,"statusCode":256,"statusMessage":257,"message":257},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fxtoool-product-feed\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":65,"versions":259},[260],{"version":6,"download_url":20,"svn_tag_url":261,"released_at":22,"has_diff":43,"diff_files_changed":262,"diff_lines":22,"trac_diff_url":22,"vulnerabilities":263,"is_current":254},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fxtoool-product-feed\u002Ftags\u002F1.0.0\u002F",[],[]]