[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYmMzDzgSF2X7YW7RYpl-cQjeRXjZ9crEIVxjYPBzSbQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":54,"analysis":98,"fingerprints":551},"ymm-search","Year Make Model Search for WooCommerce","1.0.12","Pektsekye","https:\u002F\u002Fprofiles.wordpress.org\u002Fpektsekye\u002F","\u003Cp>It has fixed number and the sort order of the drop-down selects:\u003Cbr \u002F>\n— Make —\u003Cbr \u002F>\n— Model —\u003Cbr \u002F>\n— Year —\u003C\u002Fp>\n\u003Cp>Product restrictions are used for searching and for drop-downs options in the search box.\u003Cbr \u002F>\nSo if you set a restriction like:\u003Cbr \u002F>\nAcura, CL, 1997, 1998\u003C\u002Fp>\n\u003Cp>for a product.\u003C\u002Fp>\n\u003Cp>The “Acura CL 1997” will be already selectable in the search box on the front-end.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search for products on the home page\u003C\u002Fli>\n\u003Cli>Filter products on category pages\u003C\u002Fli>\n\u003Cli>List applicable vehicles on the front-end product view page\u003C\u002Fli>\n\u003Cli>CSV import \u002F export for product restrictions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can check the demo website here:\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fdemo\u002Fwp\u002Fymm\u002F\" rel=\"nofollow ugc\">DEMO Website\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can read the installation instructions here:\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fdemo\u002Fwp\u002Fymm\u002FREADME.html\" rel=\"nofollow ugc\">README\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Simple Code Idea:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The idea of this plugin is to keep the base version as simple as possible.\u003Cbr \u002F>\nAnd to add the new features as modifications.\u003C\u002Fp>\n\u003Cp>This plugin has just 28 files to make it easy to use and customize. If you need more features check the modifications page \u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fymm_modifications\" rel=\"nofollow ugc\">hottons.com\u002Fymm_modifications\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Contact me by email \u003Ca href=\"mailto:pektsekye@gmail.com\" rel=\"nofollow ugc\">pektsekye@gmail.com\u003C\u002Fa> if you have questions or need help.\u003C\u002Fp>\n\u003Ch3>Other plugins\u003C\u002Fh3>\n\u003Ch4>If you like this plugin check also:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fwoocommerce\u002Fattribute-search.html\" rel=\"nofollow ugc\">Attribute Search\u003C\u002Fa> (PAID)\u003Cbr \u002F>\nFor tyre and rim search.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexploded-view-filter\u002F\" rel=\"ugc\">Exploded View Filter\u003C\u002Fa>\u003Cbr \u002F>\nDisplays a diagram image with links to filter products.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translators\u003C\u002Fh3>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (Default)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation is available \u003Ca href=\"http:\u002F\u002Fhottons.com\u002Fdemo\u002Fwp\u002Fymm\u002FREADME.html\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","It will find products for selected make and model.",1000,27946,100,34,"2026-02-20T10:02:00.000Z","6.9.4","4.7","",[20,21,22,23],"part-finder","tyre-search","year-make-model-search","ymm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fymm-search.zip",99,1,0,"2025-05-19 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-48265","year-make-model-search-for-woocommerce-cross-site-request-forgery","Year Make Model Search for WooCommerce \u003C= 1.0.11 - Cross-Site Request Forgery","The Year Make Model Search for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the execute() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.11","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-05-28 17:13:54",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdd0a7489-8e67-4bea-8071-c7f6ffa1b7ed?source=api-prod",10,{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"pektsekye",14,6390,98,8,93,"2026-04-05T02:03:40.830Z",[55,79],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":63,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":75,"download_link":76,"security_score":77,"vuln_count":65,"unpatched_count":27,"last_vuln_date":78,"fetched_at":29},"sema-api","SEMA API","6.22","ssema","https:\u002F\u002Fprofiles.wordpress.org\u002Fssema\u002F","\u003Cp>The plugin is built to automatically transfer auto parts data from SEMA Data Coop to WordPress\u002FwooCommerce.  A comprehensive frontend catalog search page offers functions like year make model search, vehicle compatible fitment sheet and parts attributes fitlers.\u003Cbr \u002F>\nJust download the plugin, select the brands and categories of products you want to list, and begin automated imports to your online store, while simultaneously allowing product searches by vehicle, categories, and attribute filters.\u003Cbr \u002F>\nHere’s a link to \u003Ca href=\"http:\u002F\u002Fdemo.semadata.org\u002Fcatalog-search\u002F\" rel=\"nofollow ugc\">Frontend Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FQOiT2Jin_kg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","The plugin is built to automatically transfer auto parts data from SEMA Data Coop to Wordpress\u002FwooCommerce.  A comprehensive frontend catalog search p &hellip;",30,10215,2,"2025-12-05T17:40:00.000Z","6.8.5","6.2","5.2.4",[71,72,73,74,22],"auto-parts-filter","auto-parts-search","sema-product-import","year-make-model-filter","http:\u002F\u002Fdemo.semadata.org\u002Fhow-to-install-and-set-up-the-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsema-api.zip",96,"2025-01-08 22:08:32",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":45,"downloaded":87,"rating":27,"num_ratings":27,"last_updated":88,"tested_up_to":16,"requires_at_least":68,"requires_php":89,"tags":90,"homepage":96,"download_link":97,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"tyresaddict-ymm-product-filter","YMM Product Filter for Woo – Year Make Model search","1.5.2","TyresAddict","https:\u002F\u002Fprofiles.wordpress.org\u002Ftyresaddict\u002F","\u003Cp>Boost your automotive shop with YMM Finder widget and product filter.\u003Cbr \u002F>\nSearching by Make Model Year (or another order: Year Make Model) \u002F Vehicle.\u003Cbr \u002F>\nFor spare parts shops, aftermarket, tuning stores etc. Even for non-auto applications for searching products.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FA7Z0Hzio9CA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Filter’s Sidebar widget\u003C\u002Fstrong> for catalog, category and shop pages of WooCommerce\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Make > Model > Year\u003C\u002Fstrong> Filtration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Year > Make > Model\u003C\u002Fstrong> Filtration\u003C\u002Fli>\n\u003Cli>YMM and MMY \u003Cstrong>Finders\u003C\u002Fstrong> – widgets for any pages. Like external UI for Filter, redirects to category\u003C\u002Fli>\n\u003Cli>Themes for Finder, including Glass theme\u003C\u002Fli>\n\u003Cli>UI features like show \u003Cstrong>selected vehicle on top of search\u003C\u002Fstrong> controls\u003C\u002Fli>\n\u003Cli>Fitments \u003Cstrong>product tab\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Features for working in shops with \u003Cstrong>vehicle categories\u003C\u002Fstrong> structure\u003C\u002Fli>\n\u003Cli>Vehicle search in \u003Cstrong>selected category\u003C\u002Fstrong> only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import \u002F Export\u003C\u002Fstrong> YMM data\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fb2b.tyresaddict.com\u002Fplatforms\u002Fwoocommerce\u002Fauto-parts-ymm-finder\" rel=\"nofollow ugc\">PRO Features\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>More themes\u003C\u002Fstrong> for Finder and Filter, including Glass theme\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Garage\u003C\u002Fstrong> feature\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Metrics\u003C\u002Fstrong> feature\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Categories by YMM data\u003C\u002Fstrong>: create and sync \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Required Plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Plugin documentation is available \u003Ca href=\"https:\u002F\u002Fb2b.tyresaddict.com\u002Fsupport\u002Fplugin-ymm-filter\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Plugin video tutorials: \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fplaylist?list=PLbKFn8mKo1lBny_V30n90x_a5KdVxcM0O\" rel=\"nofollow ugc\">channel\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Other our plugins & solutions for your shop\u003C\u002Fh3>\n\u003Cp>Explore our other WordPress solutions to enhance your website:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftyresaddict-promo\u002F\" rel=\"ugc\">Promotion for Woo\u003C\u002Fa> – Promo manager with Widgets, Badges and Blocks\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fb2b.tyresaddict.com\u002Fplatforms\u002Fwoocommerce\u002Fplugin-brands-elements\" rel=\"nofollow ugc\">Brands.Elements\u003C\u002Fa> – Support brands and Elementor categories blocks for big shops with lot of brands and products\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fb2b.tyresaddict.com\u002Fplatforms\u002Fwoocommerce\u002Ffitment-gallery\" rel=\"nofollow ugc\">Fitment & Showroom Gallery\u003C\u002Fa> – Fitment & Showroom products gallery\u003C\u002Fp>\n\u003Ch4>If you like this plugin or you need other WooCommerce plugins for automotive or other shop, check our page\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fb2b.tyresaddict.com\u002Fplatforms\u002Fwoocommerce\" rel=\"nofollow ugc\">TyresAddict – Free & PAID solutions for WooCommerce\u003C\u002Fa>\u003C\u002Fp>\n","Filter and search products using Year Make Model. Finder widgets for pages with Elementor support, import\u002Fexport YMM data.",403,"2026-03-04T22:49:00.000Z","7.4",[91,92,93,94,95],"auto-parts","automotive","ecommerce","product-filter","ymm-filter","https:\u002F\u002Fb2b.tyresaddict.com\u002Fplatforms\u002Fwoocommerce\u002Fauto-parts-ymm-finder","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftyresaddict-ymm-product-filter.1.5.2.zip",{"attackSurface":99,"codeSignals":200,"taintFlows":410,"riskAssessment":537,"analyzedAt":550},{"hooks":100,"ajaxHandlers":172,"restRoutes":191,"shortcodes":192,"cronEvents":197,"entryPointCount":198,"unprotectedCount":199},[101,107,112,116,121,125,129,133,138,142,146,150,155,159,164,168],{"type":102,"name":103,"callback":104,"priority":25,"file":105,"line":106},"filter","woocommerce_product_data_tabs","add_product_tab","Block\\Adminhtml\\Product\\Edit\\Restriction.php",19,{"type":108,"name":109,"callback":110,"file":105,"line":111},"action","woocommerce_product_data_panels","add_tab_fields",20,{"type":108,"name":113,"callback":114,"file":105,"line":115},"woocommerce_process_product_meta","save_restriction",21,{"type":102,"name":117,"callback":118,"file":119,"line":120},"single_term_title","add_selected_vehicle_to_category_title","Controller\\Product.php",24,{"type":102,"name":122,"callback":123,"file":119,"line":124},"woocommerce_layered_nav_link","add_selected_params_to_layered_nav_link",25,{"type":102,"name":126,"callback":127,"file":119,"line":128},"woocommerce_get_filtered_term_product_counts_query","add_found_product_ids_to_product_counts_query",26,{"type":102,"name":130,"callback":131,"file":119,"line":132},"get_search_query","shop_order_search_label",27,{"type":108,"name":134,"callback":135,"file":136,"line":137},"wp_enqueue_scripts","enqueue_frontend_scripts","ymm-search.php",77,{"type":108,"name":139,"callback":140,"file":136,"line":141},"admin_enqueue_scripts","enqueue_admin_scripts",78,{"type":108,"name":143,"callback":144,"file":136,"line":145},"plugins_loaded","load_textdomain",80,{"type":108,"name":147,"callback":148,"file":136,"line":149},"widgets_init","register_widgets",81,{"type":108,"name":151,"callback":152,"priority":153,"file":136,"line":154},"admin_menu","set_admin_menu",70,82,{"type":102,"name":156,"callback":157,"file":136,"line":158},"woocommerce_product_tabs","add_product_tabs",90,{"type":102,"name":160,"callback":161,"priority":162,"file":136,"line":163},"pre_get_posts","product_query",9,95,{"type":108,"name":165,"callback":166,"file":136,"line":167},"init","execute",101,{"type":108,"name":169,"callback":170,"file":136,"line":171},"before_woocommerce_init","closure",288,[173,178,181,185,187],{"action":174,"nopriv":175,"callback":176,"hasNonce":175,"hasCapCheck":175,"file":136,"line":177},"ymm_selector_fetch",false,"fetch",109,{"action":174,"nopriv":179,"callback":176,"hasNonce":175,"hasCapCheck":175,"file":136,"line":180},true,110,{"action":182,"nopriv":175,"callback":183,"hasNonce":175,"hasCapCheck":175,"file":136,"line":184},"ymm_selector_get_categories","getCategories",115,{"action":182,"nopriv":179,"callback":183,"hasNonce":175,"hasCapCheck":175,"file":136,"line":186},116,{"action":188,"nopriv":175,"callback":189,"hasNonce":175,"hasCapCheck":175,"file":136,"line":190},"ymm_restriction_search","searchRestrictions",121,[],[193],{"tag":194,"callback":195,"file":136,"line":196},"ymm_selector","show_selector_by_shortcode",84,[],6,5,{"dangerousFunctions":201,"sqlUsage":202,"outputEscaping":217,"fileOperations":65,"externalRequests":27,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":409},[],{"prepared":48,"raw":199,"locations":203},[204,208,211,213,215],{"file":205,"line":206,"context":207},"Model\\Db.php",263,"$wpdb->query() with variable interpolation",{"file":205,"line":209,"context":210},295,"$wpdb->get_var() with variable interpolation",{"file":205,"line":212,"context":207},336,{"file":205,"line":214,"context":207},365,{"file":216,"line":48,"context":207},"uninstall.php",{"escaped":218,"rawEcho":219,"locations":220},12,133,[221,223,225,226,228,229,230,232,235,237,239,240,242,244,246,248,249,251,253,254,256,258,260,262,264,266,268,269,270,271,272,274,276,277,279,280,282,284,285,286,287,288,289,291,293,294,296,297,298,299,300,302,303,304,305,307,308,309,310,313,314,315,316,317,318,319,321,323,324,326,328,329,331,332,333,335,336,338,340,342,343,344,346,347,349,350,352,353,354,356,357,358,359,360,361,362,364,365,366,367,368,369,371,372,374,375,377,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,400,401,402,403,404,407],{"file":105,"line":141,"context":222},"raw output",{"file":105,"line":224,"context":222},83,{"file":105,"line":196,"context":222},{"file":105,"line":227,"context":222},86,{"file":105,"line":158,"context":222},{"file":105,"line":180,"context":222},{"file":105,"line":231,"context":222},111,{"file":233,"line":234,"context":222},"Controller\\Adminhtml\\Ymm\\Selector.php",61,{"file":233,"line":236,"context":222},103,{"file":238,"line":132,"context":222},"Controller\\Selector.php",{"file":238,"line":77,"context":222},{"file":241,"line":162,"context":222},"view\\adminhtml\\templates\\ymm\\selector.php",{"file":241,"line":243,"context":222},11,{"file":241,"line":245,"context":222},15,{"file":241,"line":247,"context":222},17,{"file":241,"line":106,"context":222},{"file":241,"line":250,"context":222},22,{"file":241,"line":252,"context":222},28,{"file":241,"line":63,"context":222},{"file":241,"line":255,"context":222},33,{"file":241,"line":257,"context":222},41,{"file":241,"line":259,"context":222},46,{"file":241,"line":261,"context":222},49,{"file":241,"line":263,"context":222},52,{"file":241,"line":265,"context":222},54,{"file":267,"line":198,"context":222},"view\\frontend\\templates\\horizontal_selector.php",{"file":267,"line":162,"context":222},{"file":267,"line":247,"context":222},{"file":267,"line":106,"context":222},{"file":267,"line":106,"context":222},{"file":267,"line":273,"context":222},23,{"file":267,"line":275,"context":222},32,{"file":267,"line":261,"context":222},{"file":267,"line":278,"context":222},59,{"file":267,"line":278,"context":222},{"file":267,"line":281,"context":222},71,{"file":267,"line":283,"context":222},73,{"file":267,"line":283,"context":222},{"file":267,"line":149,"context":222},{"file":267,"line":154,"context":222},{"file":267,"line":224,"context":222},{"file":267,"line":196,"context":222},{"file":267,"line":290,"context":222},85,{"file":267,"line":292,"context":222},92,{"file":267,"line":52,"context":222},{"file":267,"line":295,"context":222},97,{"file":267,"line":50,"context":222},{"file":267,"line":25,"context":222},{"file":267,"line":13,"context":222},{"file":267,"line":167,"context":222},{"file":301,"line":162,"context":222},"view\\frontend\\templates\\product\\view\\tabs\\restriction.php",{"file":301,"line":45,"context":222},{"file":301,"line":243,"context":222},{"file":301,"line":245,"context":222},{"file":301,"line":306,"context":222},16,{"file":301,"line":247,"context":222},{"file":301,"line":250,"context":222},{"file":301,"line":273,"context":222},{"file":311,"line":312,"context":222},"view\\frontend\\templates\\selector.php",7,{"file":311,"line":162,"context":222},{"file":311,"line":48,"context":222},{"file":311,"line":306,"context":222},{"file":311,"line":306,"context":222},{"file":311,"line":115,"context":222},{"file":311,"line":252,"context":222},{"file":311,"line":320,"context":222},43,{"file":311,"line":322,"context":222},53,{"file":311,"line":322,"context":222},{"file":311,"line":325,"context":222},66,{"file":311,"line":327,"context":222},68,{"file":311,"line":327,"context":222},{"file":311,"line":330,"context":222},76,{"file":311,"line":137,"context":222},{"file":311,"line":141,"context":222},{"file":311,"line":334,"context":222},79,{"file":311,"line":145,"context":222},{"file":311,"line":337,"context":222},88,{"file":311,"line":339,"context":222},89,{"file":311,"line":341,"context":222},91,{"file":311,"line":292,"context":222},{"file":311,"line":52,"context":222},{"file":311,"line":345,"context":222},94,{"file":311,"line":163,"context":222},{"file":348,"line":257,"context":222},"Widget\\HorizontalSelector.php",{"file":348,"line":257,"context":222},{"file":348,"line":351,"context":222},42,{"file":348,"line":351,"context":222},{"file":348,"line":351,"context":222},{"file":348,"line":355,"context":222},45,{"file":348,"line":355,"context":222},{"file":348,"line":259,"context":222},{"file":348,"line":259,"context":222},{"file":348,"line":259,"context":222},{"file":348,"line":261,"context":222},{"file":348,"line":261,"context":222},{"file":348,"line":363,"context":222},50,{"file":348,"line":363,"context":222},{"file":348,"line":322,"context":222},{"file":348,"line":322,"context":222},{"file":348,"line":265,"context":222},{"file":348,"line":265,"context":222},{"file":348,"line":370,"context":222},57,{"file":348,"line":370,"context":222},{"file":348,"line":373,"context":222},58,{"file":348,"line":373,"context":222},{"file":348,"line":376,"context":222},102,{"file":378,"line":355,"context":222},"Widget\\Selector.php",{"file":378,"line":355,"context":222},{"file":378,"line":259,"context":222},{"file":378,"line":259,"context":222},{"file":378,"line":259,"context":222},{"file":378,"line":261,"context":222},{"file":378,"line":261,"context":222},{"file":378,"line":363,"context":222},{"file":378,"line":363,"context":222},{"file":378,"line":363,"context":222},{"file":378,"line":322,"context":222},{"file":378,"line":322,"context":222},{"file":378,"line":265,"context":222},{"file":378,"line":265,"context":222},{"file":378,"line":370,"context":222},{"file":378,"line":370,"context":222},{"file":378,"line":373,"context":222},{"file":378,"line":373,"context":222},{"file":378,"line":234,"context":222},{"file":378,"line":234,"context":222},{"file":378,"line":399,"context":222},62,{"file":378,"line":399,"context":222},{"file":378,"line":52,"context":222},{"file":378,"line":13,"context":222},{"file":378,"line":186,"context":222},{"file":405,"line":406,"context":222},"ymm_ajax.php",74,{"file":405,"line":408,"context":222},176,[],[411,433,444,459,469,477,491,505,521],{"entryPoint":412,"graph":413,"unsanitizedCount":26,"severity":38},"execute (Controller\\Adminhtml\\Ymm\\Selector.php:30)",{"nodes":414,"edges":430},[415,420,424],{"id":416,"type":417,"label":418,"file":233,"line":419},"n0","source","$_FILES['import_file']",38,{"id":421,"type":422,"label":423,"file":233,"line":419},"n1","transform","→ importFromCsvFile()",{"id":425,"type":426,"label":427,"file":428,"line":257,"wp_function":429},"n2","sink","fopen() [File Access]","Model\\Db\\CsvImportHandler.php","fopen",[431,432],{"from":416,"to":421,"sanitized":175},{"from":421,"to":425,"sanitized":175},{"entryPoint":434,"graph":435,"unsanitizedCount":26,"severity":38},"searchRestrictions (Controller\\Adminhtml\\Ymm\\Selector.php:93)",{"nodes":436,"edges":442},[437,439],{"id":416,"type":417,"label":438,"file":233,"line":25},"$_GET",{"id":421,"type":426,"label":440,"file":233,"line":236,"wp_function":441},"echo() [XSS]","echo",[443],{"from":416,"to":421,"sanitized":175},{"entryPoint":445,"graph":446,"unsanitizedCount":26,"severity":38},"\u003CSelector> (Controller\\Adminhtml\\Ymm\\Selector.php:0)",{"nodes":447,"edges":455},[448,449,450,451,453],{"id":416,"type":417,"label":438,"file":233,"line":25},{"id":421,"type":426,"label":440,"file":233,"line":236,"wp_function":441},{"id":425,"type":417,"label":418,"file":233,"line":419},{"id":452,"type":422,"label":423,"file":233,"line":419},"n3",{"id":454,"type":426,"label":427,"file":428,"line":257,"wp_function":429},"n4",[456,457,458],{"from":416,"to":421,"sanitized":179},{"from":425,"to":452,"sanitized":175},{"from":452,"to":454,"sanitized":175},{"entryPoint":460,"graph":461,"unsanitizedCount":26,"severity":468},"\u003Chorizontal_selector> (view\\frontend\\templates\\horizontal_selector.php:0)",{"nodes":462,"edges":466},[463,465],{"id":416,"type":417,"label":464,"file":267,"line":283},"$_SERVER['REQUEST_URI']",{"id":421,"type":426,"label":440,"file":267,"line":283,"wp_function":441},[467],{"from":416,"to":421,"sanitized":175},"low",{"entryPoint":470,"graph":471,"unsanitizedCount":26,"severity":468},"\u003Cselector> (view\\frontend\\templates\\selector.php:0)",{"nodes":472,"edges":475},[473,474],{"id":416,"type":417,"label":464,"file":311,"line":327},{"id":421,"type":426,"label":440,"file":311,"line":327,"wp_function":441},[476],{"from":416,"to":421,"sanitized":175},{"entryPoint":478,"graph":479,"unsanitizedCount":26,"severity":490},"fetch (Controller\\Selector.php:20)",{"nodes":480,"edges":487},[481,482,484],{"id":416,"type":417,"label":438,"file":238,"line":124},{"id":421,"type":422,"label":483,"file":238,"line":124},"→ fetchColumnValues()",{"id":425,"type":426,"label":485,"file":205,"line":363,"wp_function":486},"get_results() [SQLi]","get_results",[488,489],{"from":416,"to":421,"sanitized":175},{"from":421,"to":425,"sanitized":175},"high",{"entryPoint":492,"graph":493,"unsanitizedCount":26,"severity":490},"getCategories (Controller\\Selector.php:33)",{"nodes":494,"edges":502},[495,496,498],{"id":416,"type":417,"label":438,"file":238,"line":351},{"id":421,"type":422,"label":497,"file":238,"line":351},"→ getProductIds()",{"id":425,"type":426,"label":499,"file":205,"line":500,"wp_function":501},"get_col() [SQLi]",123,"get_col",[503,504],{"from":416,"to":421,"sanitized":175},{"from":421,"to":425,"sanitized":175},{"entryPoint":506,"graph":507,"unsanitizedCount":65,"severity":490},"\u003CSelector> (Controller\\Selector.php:0)",{"nodes":508,"edges":516},[509,510,511,512,513,514],{"id":416,"type":417,"label":438,"file":238,"line":124},{"id":421,"type":422,"label":483,"file":238,"line":124},{"id":425,"type":426,"label":485,"file":205,"line":363,"wp_function":486},{"id":452,"type":417,"label":438,"file":238,"line":351},{"id":454,"type":422,"label":497,"file":238,"line":351},{"id":515,"type":426,"label":499,"file":205,"line":500,"wp_function":501},"n5",[517,518,519,520],{"from":416,"to":421,"sanitized":175},{"from":421,"to":425,"sanitized":175},{"from":452,"to":454,"sanitized":175},{"from":454,"to":515,"sanitized":175},{"entryPoint":522,"graph":523,"unsanitizedCount":536,"severity":490},"\u003Cymm_ajax> (ymm_ajax.php:0)",{"nodes":524,"edges":532},[525,527,528,529,530,531],{"id":416,"type":417,"label":526,"file":405,"line":48},"$_GET (x2)",{"id":421,"type":426,"label":499,"file":405,"line":320,"wp_function":501},{"id":425,"type":417,"label":438,"file":405,"line":48},{"id":452,"type":426,"label":485,"file":405,"line":259,"wp_function":486},{"id":454,"type":417,"label":438,"file":405,"line":48},{"id":515,"type":426,"label":440,"file":405,"line":406,"wp_function":441},[533,534,535],{"from":416,"to":421,"sanitized":175},{"from":425,"to":452,"sanitized":175},{"from":454,"to":515,"sanitized":175},4,{"summary":538,"deductions":539},"The 'ymm-search' plugin v1.0.12 exhibits a mixed security posture. While it has no known unpatched vulnerabilities, the static analysis reveals several significant concerns. A large portion of its attack surface, specifically 5 out of 6 entry points, lacks proper authentication checks. This is further exacerbated by taint analysis indicating 4 high-severity flows with unsanitized paths, suggesting potential for data manipulation or injection if these paths are reached.\n\nThe plugin's vulnerability history shows a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability, which, while now patched, indicates a potential for such issues. The static analysis also highlights poor output escaping practices, with only 8% of outputs properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of raw SQL queries without prepared statements in 26% of cases (7 out of 19) is also a concern for SQL injection.\n\nOverall, the plugin has strengths in its lack of external HTTP requests and a decent percentage of SQL queries using prepared statements. However, the high number of unprotected entry points, critical taint flows, and insufficient output escaping significantly outweigh these strengths, presenting a notable risk to WordPress installations.",[540,542,544,546,548],{"reason":541,"points":45},"High number of unprotected AJAX handlers",{"reason":543,"points":245},"High severity taint flows with unsanitized paths",{"reason":545,"points":51},"Low percentage of properly escaped output",{"reason":547,"points":312},"SQL queries not using prepared statements",{"reason":549,"points":199},"Past medium severity vulnerability (CSRF)","2026-03-16T18:46:13.494Z",{"wat":552,"direct":569},{"assetPaths":553,"generatorPatterns":560,"scriptPaths":561,"versionParams":562},[554,555,556,557,558,559],"\u002Fwp-content\u002Fplugins\u002Fymm-search\u002Fview\u002Fadminhtml\u002Fweb\u002Fymm\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fymm-search\u002Fview\u002Fadminhtml\u002Fweb\u002Fproduct\u002Fedit\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fymm-search\u002Fview\u002Fadminhtml\u002Fweb\u002Fproduct\u002Fedit\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fymm-search\u002Fview\u002Ffrontend\u002Fweb\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fymm-search\u002Fview\u002Ffrontend\u002Fweb\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fymm-search\u002Fview\u002Ffrontend\u002Fweb\u002Fproduct\u002Frestriction.css",[],[554,555,556,557,558,559],[563,564,565,566,567,568],"ymm-search\u002Fview\u002Fadminhtml\u002Fweb\u002Fymm\u002Fmain.css?ver=","ymm-search\u002Fview\u002Fadminhtml\u002Fweb\u002Fproduct\u002Fedit\u002Fmain.js?ver=","ymm-search\u002Fview\u002Fadminhtml\u002Fweb\u002Fproduct\u002Fedit\u002Fmain.css?ver=","ymm-search\u002Fview\u002Ffrontend\u002Fweb\u002Fmain.js?ver=","ymm-search\u002Fview\u002Ffrontend\u002Fweb\u002Fmain.css?ver=","ymm-search\u002Fview\u002Ffrontend\u002Fweb\u002Fproduct\u002Frestriction.css?ver=",{"cssClasses":570,"htmlComments":575,"htmlAttributes":580,"restEndpoints":586,"jsGlobals":590,"shortcodeOutput":593},[571,572,573,574],"ymm-selector-widget","ymm-horizontal-selector-widget","ymm-product-restriction-tab","ymm-admin-manage-selector",[576,577,578,579],"\u003C!-- YMM SEARCH START -->","\u003C!-- YMM SEARCH END -->","\u003C!-- YMM SEARCH FOR GARAGE START -->","\u003C!-- YMM SEARCH FOR GARAGE END -->",[581,582,583,584,585],"data-ymm-selector-widget-id","data-ymm-garage-enabled","data-ymm-remove-from-garage-enabled","data-ymm-filter-category-page","data-ymm-template",[587,588,589],"\u002Fwp-json\u002Fymm\u002Fv1\u002Fselector\u002Ffetch","\u002Fwp-json\u002Fymm\u002Fv1\u002Fselector\u002Fcategories","\u002Fwp-json\u002Fymm\u002Fv1\u002Frestriction\u002Fsearch",[591,592],"ymm_selector_params","YmmSelector",[594,595],"\u003Cdiv class=\"ymm-selector-widget\"","\u003Cdiv class=\"ymm-horizontal-selector-widget\""]