[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fs4Q9yR_88D4LawFnGCa5Lno65MGUkvTmOWkhKXM8jpc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":38,"fingerprints":284},"zipmoney-payments-woocommerce","zipMoney(Zip Co) Payments Plugin for WooCommerce","2.3.30","Zip Co Limited","https:\u002F\u002Fprofiles.wordpress.org\u002Fzipmoney\u002F","\u003Cp>Sell more online & in-store with Zip.\u003Cbr \u002F>\nGive your customers the power to pay later, interest free and watch your sales grow.\u003Cbr \u002F>\nTake advantage of our fast-growing customer base, proven revenue uplift, fast and simple integration.\u003C\u002Fp>\n","Sell more online & in-store with Zip.",2000,137344,60,7,"2025-10-24T08:31:00.000Z","6.8.5","6.5","",[20,21,22,4,23],"zipmoney-for-woocommerce","zipmoney-payment-gateway-for-woocommerce","zipmoney-payments-module-for-woocommerce","zipmoney-woocommerce-addon","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fzipmoney-woocommerce-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzipmoney-payments-woocommerce.2.3.30.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"zipmoney",1,30,94,"2026-04-04T05:42:13.233Z",[],{"attackSurface":39,"codeSignals":172,"taintFlows":225,"riskAssessment":265,"analyzedAt":283},{"hooks":40,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":27,"unprotectedCount":27},[41,47,53,57,61,65,69,73,77,81,85,90,94,99,103,106,109,112,117,120,124,128,132,135,138,142,146,151,154,157,161,165],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","wp_footer","render_root_el","includes\\class-wc-zipmoney-payment-gateway-widget.php",11,{"type":48,"name":49,"callback":50,"priority":51,"file":45,"line":52},"filter","woocommerce_gateway_description","updateMethodDescription",10,13,{"type":48,"name":54,"callback":55,"priority":51,"file":45,"line":56},"woocommerce_order_button_html","order_button",19,{"type":42,"name":58,"callback":59,"file":45,"line":60},"woocommerce_checkout_update_order_review","update_customer_details",23,{"type":42,"name":62,"callback":63,"file":45,"line":64},"admin_enqueue_scripts","backend_scripts",36,{"type":42,"name":66,"callback":67,"file":45,"line":68},"wp_enqueue_scripts","frontend_scripts",37,{"type":42,"name":70,"callback":71,"file":45,"line":72},"woocommerce_order_item_add_action_buttons","action_add_charge_buttons",40,{"type":48,"name":74,"callback":75,"file":45,"line":76},"woocommerce_valid_order_statuses_for_payment_complete","filter_add_authorize_order_status_for_payment_complete",43,{"type":48,"name":78,"callback":79,"file":45,"line":80},"woocommerce_available_payment_gateways","process_available_payment_gateways_with_order_threshold",46,{"type":42,"name":82,"callback":83,"file":45,"line":84},"woocommerce_before_checkout_form","add_zip_notification_section_on_checkout",49,{"type":48,"name":86,"callback":87,"priority":88,"file":45,"line":89},"script_loader_tag","add_async_to_script",799,52,{"type":42,"name":91,"callback":92,"file":45,"line":93},"woocommerce_single_product_summary","render_widget_product",115,{"type":42,"name":95,"callback":96,"priority":97,"file":45,"line":98},"woocommerce_proceed_to_checkout","render_widget_cart",20,120,{"type":42,"name":100,"callback":101,"file":45,"line":102},"woocommerce_before_main_content","render_banner_shop",182,{"type":42,"name":100,"callback":104,"file":45,"line":105},"render_banner_product_page",186,{"type":42,"name":100,"callback":107,"file":45,"line":108},"render_banner_category",190,{"type":42,"name":100,"callback":110,"file":45,"line":111},"render_banner_cart",194,{"type":42,"name":113,"callback":114,"file":115,"line":116},"init","add_rewrite_rules","includes\\class-wc-zipmoney-payment-gateway.php",58,{"type":42,"name":113,"callback":118,"file":115,"line":119},"register_zip_order_statuses",59,{"type":48,"name":121,"callback":122,"file":115,"line":123},"wc_order_statuses","add_zipmoney_to_order_statuses",61,{"type":42,"name":125,"callback":126,"file":115,"line":127},"parse_request","process_zipmoney_actions",63,{"type":42,"name":129,"callback":130,"file":115,"line":131},"admin_notices","check_requirement",66,{"type":42,"name":129,"callback":133,"file":115,"line":134},"invalid_key_error_notice",71,{"type":42,"name":129,"callback":136,"file":115,"line":137},"show_notices",72,{"type":48,"name":139,"callback":140,"priority":51,"file":115,"line":141},"woocommerce_order_get_payment_method_title","zip_order_payment_title",73,{"type":42,"name":43,"callback":143,"priority":144,"file":115,"line":145},"update_zip_session",99,75,{"type":48,"name":147,"callback":148,"file":149,"line":150},"woocommerce_payment_gateways","add_zipmoney_gateway_class","zipmoney-payment-gateway.php",89,{"type":42,"name":152,"callback":153,"file":149,"line":93},"plugins_loaded","run_zipmoney_payment_gateway",{"type":42,"name":152,"callback":155,"file":149,"line":156},"load_language",116,{"type":42,"name":158,"callback":159,"file":149,"line":160},"woocommerce_blocks_loaded","woocommerce_gateway_zipmoney_woocommerce_block_support",119,{"type":42,"name":162,"callback":163,"file":149,"line":164},"woocommerce_blocks_payment_method_type_registration","closure",124,{"type":42,"name":166,"callback":163,"file":149,"line":167},"before_woocommerce_init",133,[],[],[],[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":185,"fileOperations":27,"externalRequests":33,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":224},[],{"prepared":27,"raw":175,"locations":176},3,[177,181,183],{"file":178,"line":179,"context":180},"includes\\api\\class-wc-zipmoney-payment-gateway-api-charge.php",441,"$wpdb->get_results() with variable interpolation",{"file":115,"line":182,"context":180},537,{"file":149,"line":119,"context":184},"$wpdb->get_var() with variable interpolation",{"escaped":186,"rawEcho":187,"locations":188},45,17,[189,192,194,196,198,200,202,204,206,208,211,213,215,218,220,221,223],{"file":45,"line":190,"context":191},169,"raw output",{"file":45,"line":193,"context":191},279,{"file":45,"line":195,"context":191},291,{"file":45,"line":197,"context":191},362,{"file":45,"line":199,"context":191},373,{"file":115,"line":201,"context":191},81,{"file":115,"line":203,"context":191},307,{"file":115,"line":205,"context":191},310,{"file":207,"line":14,"context":191},"includes\\view\\backend\\admin_options.php",{"file":209,"line":210,"context":191},"includes\\view\\backend\\charge_buttons.php",6,{"file":209,"line":212,"context":191},22,{"file":209,"line":214,"context":191},32,{"file":216,"line":217,"context":191},"includes\\view\\frontend\\order_button.php",24,{"file":216,"line":219,"context":191},25,{"file":216,"line":214,"context":191},{"file":216,"line":222,"context":191},82,{"file":216,"line":150,"context":191},[],[226,254],{"entryPoint":227,"graph":228,"unsanitizedCount":252,"severity":253},"_handle_charge_request (includes\\class-wc-zipmoney-payment-gateway.php:453)",{"nodes":229,"edges":248},[230,235,241,245],{"id":231,"type":232,"label":233,"file":115,"line":234},"n0","source","$_GET (x2)",476,{"id":236,"type":237,"label":238,"file":115,"line":239,"wp_function":240},"n1","sink","wp_redirect() [Open Redirect]",481,"wp_redirect",{"id":242,"type":232,"label":243,"file":115,"line":244},"n2","$_SERVER (x2)",460,{"id":246,"type":237,"label":238,"file":115,"line":247,"wp_function":240},"n3",496,[249,251],{"from":231,"to":236,"sanitized":250},false,{"from":242,"to":246,"sanitized":250},4,"medium",{"entryPoint":255,"graph":256,"unsanitizedCount":252,"severity":253},"\u003Cclass-wc-zipmoney-payment-gateway> (includes\\class-wc-zipmoney-payment-gateway.php:0)",{"nodes":257,"edges":262},[258,259,260,261],{"id":231,"type":232,"label":233,"file":115,"line":234},{"id":236,"type":237,"label":238,"file":115,"line":239,"wp_function":240},{"id":242,"type":232,"label":243,"file":115,"line":244},{"id":246,"type":237,"label":238,"file":115,"line":247,"wp_function":240},[263,264],{"from":231,"to":236,"sanitized":250},{"from":242,"to":246,"sanitized":250},{"summary":266,"deductions":267},"The zipmoney-payments-woocommerce plugin, version 2.3.30, exhibits a generally strong security posture regarding its attack surface. The analysis shows zero entry points such as AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without proper authentication or permission checks. This significantly limits the potential for unauthorized access or manipulation through common WordPress vectors.\n\nHowever, the static analysis reveals several areas for concern. Notably, all three detected SQL queries are not using prepared statements, indicating a significant risk of SQL injection vulnerabilities. Additionally, while a majority of output is properly escaped, 27% of outputs are not, potentially exposing the site to cross-site scripting (XSS) attacks. The presence of unsanitized paths in taint analysis flows, although not flagged as critical or high severity, warrants attention as it suggests potential for path traversal or file inclusion issues. The plugin also makes an external HTTP request without explicit details on its security implications.\n\nFortunately, the plugin has no recorded vulnerability history, with zero known CVEs. This suggests a history of responsible development or a lack of past security flaws being publicly disclosed. Despite the positive history, the identified code signals, particularly the raw SQL queries and unescaped outputs, present immediate risks that should be addressed to maintain a secure environment.",[268,271,274,276,279,281],{"reason":269,"points":270},"Raw SQL queries detected",15,{"reason":272,"points":273},"Unescaped output detected",9,{"reason":275,"points":51},"Taint flows with unsanitized paths",{"reason":277,"points":278},"External HTTP request",5,{"reason":280,"points":14},"Missing Nonce checks",{"reason":282,"points":14},"Missing Capability checks","2026-03-16T18:27:22.199Z",{"wat":285,"direct":300},{"assetPaths":286,"generatorPatterns":292,"scriptPaths":293,"versionParams":294},[287,288,289,290,291],"\u002Fwp-content\u002Fplugins\u002Fzipmoney-payments-woocommerce\u002Fassets\u002Fcss\u002Fzipmoney.css","\u002Fwp-content\u002Fplugins\u002Fzipmoney-payments-woocommerce\u002Fassets\u002Fjs\u002Fzipmoney.js","\u002Fwp-content\u002Fplugins\u002Fzipmoney-payments-woocommerce\u002Fassets\u002Fjs\u002Fzipmoney-widget.js","\u002Fwp-content\u002Fplugins\u002Fzipmoney-payments-woocommerce\u002Fassets\u002Fjs\u002Fzipmoney-checkout.js","\u002Fwp-content\u002Fplugins\u002Fzipmoney-payments-woocommerce\u002Fassets\u002Fjs\u002Fzipmoney-express.js",[],[288,289,290,291],[295,296,297,298,299],"zipmoney-payments-woocommerce\u002Fassets\u002Fcss\u002Fzipmoney.css?ver=","zipmoney-payments-woocommerce\u002Fassets\u002Fjs\u002Fzipmoney.js?ver=","zipmoney-payments-woocommerce\u002Fassets\u002Fjs\u002Fzipmoney-widget.js?ver=","zipmoney-payments-woocommerce\u002Fassets\u002Fjs\u002Fzipmoney-checkout.js?ver=","zipmoney-payments-woocommerce\u002Fassets\u002Fjs\u002Fzipmoney-express.js?ver=",{"cssClasses":301,"htmlComments":306,"htmlAttributes":312,"restEndpoints":318,"jsGlobals":322,"shortcodeOutput":326},[302,303,304,305],"zipmoney-widget","zip-widget","zipmoney-express-checkout-button","zip-express-checkout-button",[307,308,309,310,311],"\u003C!-- Zip money Widget -->","\u003C!-- Zipmoney Payment Gateway Widget -->","\u003C!-- Zip money notification section on checkout page -->","\u003C!-- Zipmoney Payment Gateway Widget Footer -->","\u003C!-- Zip Money Express Checkout -->",[313,314,315,316,317],"data-zipmoney-order-id","data-zipmoney-payment-url","data-zipmoney-public-key","data-zipmoney-is-iframe-flow","data-zipmoney-merchant-id",[319,320,321],"\u002Fwp-json\u002Fzipmoney\u002Fv1\u002Fpayment\u002Fcreate","\u002Fwp-json\u002Fzipmoney\u002Fv1\u002Fpayment\u002Fupdate","\u002Fwp-json\u002Fzipmoney\u002Fv1\u002Fpayment\u002Fcancel",[323,324,325],"zipmoneyConfig","zipWidget","zipmoney_express_checkout",[]]