[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6Lupsk9Q7JcAkeJprOmDhh5jRQWJab-Co-m0q-m9hvI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":57,"fingerprints":207},"zpt-metals","ZPT Metals","1.2.1","Zactonz Technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Fzactonz\u002F","\u003Cp>A solution provided to display precious Metals(Gold, Silver, Platinum and 36+ metals) rates in the desired currencies (USD,GBP, CAD etc).\u003C\u002Fp>\n\u003Cp>Plugin comes up with a comprehensive controls to display desired date metal rates as well as latest, with the help of short codes with custom WP Editor. Now it support woocommerce, user can enable auto pricing for products by connecting metal from the given metals dropdown.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n–   Latest metals rate\u003Cbr \u002F>\n–   Shortcode to display latest\u002Fhistorical rates\u003Cbr \u002F>\n–   Rates in desired currency\u003Cbr \u002F>\n–   Cron job option ( Custom Settings )\u003Cbr \u002F>\n–   Support Woo-commerce\u003Cbr \u002F>\n–   WC Product auto pricing for desired metal\u003C\u002Fp>\n\u003Cp>Supported metals:\u003Cbr \u002F>\n–   Gold\u003Cbr \u002F>\n–   Silver\u003Cbr \u002F>\n–   Platinum\u003Cbr \u002F>\n–   Palladium\u003Cbr \u002F>\n–   Rhodium\u003Cbr \u002F>\n–   Ruthenium\u003Cbr \u002F>\n–   Copper\u003Cbr \u002F>\n–   Aluminum\u003Cbr \u002F>\n–   Nickel\u003Cbr \u002F>\n–   Zinc\u003Cbr \u002F>\n–   Tin\u003Cbr \u002F>\n–   Cobalt\u003Cbr \u002F>\n–   Iridium\u003Cbr \u002F>\n–   Lead\u003Cbr \u002F>\n–   Iron Ore\u003Cbr \u002F>\n–   LBMA GOLD AM\u003Cbr \u002F>\n–   LBMA GOLD PM\u003Cbr \u002F>\n–   LBMA Platinum AM\u003Cbr \u002F>\n–   LBMA Platinum PM\u003Cbr \u002F>\n–   LBMA Palladium AM\u003Cbr \u002F>\n–   LBMA Palladium PM\u003Cbr \u002F>\n–   LME Aluminium\u003Cbr \u002F>\n–   LME Copper\u003Cbr \u002F>\n–   LME Zinc\u003Cbr \u002F>\n–   LME Nickel\u003Cbr \u002F>\n–   LME Lead\u003Cbr \u002F>\n–   LME Tin\u003Cbr \u002F>\n–   Uranium\u003Cbr \u002F>\n–   STEEL-SC\u003Cbr \u002F>\n–   STEEL-RE\u003Cbr \u002F>\n–   STEEL-HR\u003Cbr \u002F>\n–   BRONZE\u003Cbr \u002F>\n–   MG\u003Cbr \u002F>\n–   OSMIUM\u003Cbr \u002F>\n–   RHENIUM\u003Cbr \u002F>\n–   INDIUM\u003Cbr \u002F>\n–   MO\u003Cbr \u002F>\n–   TUNGSTEN\u003C\u002Fp>\n\u003Cp>\u003Cem>Installing and using ZPT Metals Plugin\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmxMidL-b-q0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cem>How to use ZPT Metals with WooCommerce\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FBT_pv0Nj9Uc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Short code details\u003C\u002Fstrong>\u003Cbr \u002F>\nUse shortcode [zpt-metals] to display metal rates on your wp website.\u003C\u002Fp>\n\u003Cp>Following are the params that you can pass to display your desired shortcode output:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>type\u003Cbr \u002F>\n  Its required to display which metal rates you want to display. Possible value can be any of; gold, silver, platinum, palladium, rhodium, ruthenium\u003Cbr \u002F>\n  Example: [zpt-metals type=”gold”]\u003C\u002Fp>\n\u003Cp>date-format\u003Cbr \u002F>\n  Its optional to display desired date format. Possible value can be any of; Y-m-d, m-d-Y etc.\u003Cbr \u002F>\n  Example: [zpt-metals date-format=”Y-m-d”]\u003C\u002Fp>\n\u003Cp>base\u003Cbr \u002F>\n  Its optional to display rates of metal in a specific currency. Possible value can be any of; USD, GBP etc.\u003Cbr \u002F>\n  Example: [zpt-metals price-round=”USD”]\u003C\u002Fp>\n\u003Cp>price-round\u003Cbr \u002F>\n  Its optional to display desired digits after decimal. Possible value can be any of integer.\u003Cbr \u002F>\n  Example: [zpt-metals price-round=”2″]\u003C\u002Fp>\n\u003Cp>date\u003Cbr \u002F>\n  Its optional to display rates for a specific date. Possible value can be a date(YYYY-MM-DD) format.\u003Cbr \u002F>\n  Example: [zpt-metals date=”2022-03-01″]\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>DISCLAIMER:  This plugin is relying on a 3rd party(metals-api.com) as a service. You will need to get an API key from \u003Ca href=\"https:\u002F\u002Fmetals-api.com\" rel=\"nofollow ugc\">https:\u002F\u002Fmetals-api.com\u003C\u002Fa> and use that key to get metals rate. This plugin is just an interface to fetch latest rates from metals-api.com on the behalf of your API key. \u003Ca href=\"https:\u002F\u002Fmetals-api.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Read privacy policies of metals-api\u003C\u002Fa>\u003C\u002Fp>\n","A solution provided to display precious Metals(Gold, Silver, Platinum and 36+ metals) rates in the desired currencies (USD,GBP, CAD etc).",60,3266,0,"2023-01-09T12:53:00.000Z","6.1.10","5.0","",[19,20,21,22,23],"gold-rates","metals-api","metals-rates","silver-rates","zinc","https:\u002F\u002Fdevelopers.zactonz.com\u002Fwp\u002Fplugins\u002Fzpt-metals","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzpt-metals.1.2.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"zactonz",1,30,84,"2026-04-04T11:07:30.661Z",[37],{"slug":38,"name":39,"version":40,"author":38,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":16,"requires_php":17,"tags":50,"homepage":17,"download_link":54,"security_score":55,"vuln_count":32,"unpatched_count":13,"last_vuln_date":56,"fetched_at":28},"metalpriceapi","MetalpriceAPI","1.1.7","https:\u002F\u002Fprofiles.wordpress.org\u002Fmetalpriceapi\u002F","\u003Cp>Display live or historical precious metal prices (Gold, Silver, Platinum, Palladium, …) in over 150+ currencies\u003Cbr \u002F>\nor\u003Cbr \u002F>\nDisplay live or historical foreign exchange (forex) rates in over 150+ currencies\u003C\u002Fp>\n\u003Cp>Use shortcode [metalpriceapi] to display metal rates on your wp website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetalpriceapi.com\u002F\" rel=\"nofollow ugc\">Official Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FykpHERqO_gM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Shortcode Customization:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>{{symbol}}\u003C\u002Fli>\n\u003Cli>{{base}}\u003C\u002Fli>\n\u003Cli>{{price_round}}\u003C\u002Fli>\n\u003Cli>{{date}}\u003C\u002Fli>\n\u003Cli>{{date_format}}\u003C\u002Fli>\n\u003Cli>{{date_timezone}}\u003C\u002Fli>\n\u003Cli>{{unit}}\u003C\u002Fli>\n\u003Cli>{{purity}}\u003C\u002Fli>\n\u003Cli>{{operation}}\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Display Customization:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>{{base}}\u003C\u002Fli>\n\u003Cli>{{timestamp}}\u003C\u002Fli>\n\u003Cli>{{price}}\u003C\u002Fli>\n\u003Cli>{{symbol}}\u003C\u002Fli>\n\u003Cli>{{date}}\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Detailed instructions included upon plugin installation.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to MetalpriceAPI endpoint to obtain real-time metal & foreign exchange rates. It is needed to show the metal & foreign exchange rates in the included widget.\u003C\u002Fp>\n\u003Cp>This service is provided by “MetalpriceAPI”:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fmetalpriceapi.com\u002Fterms\" rel=\"nofollow ugc\">Terms of use\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fmetalpriceapi.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy policy\u003C\u002Fa>\u003C\u002Fp>\n","Display live or historical precious metal prices (Gold, Silver, Platinum, Palladium, ...) in over 150+ currencies",600,21754,86,3,"2026-02-17T00:04:00.000Z","6.9.4",[51,20,21,52,53],"gold","platinum","silver","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetalpriceapi.1.1.7.zip",98,"2025-05-22 00:00:00",{"attackSurface":58,"codeSignals":145,"taintFlows":167,"riskAssessment":195,"analyzedAt":206},{"hooks":59,"ajaxHandlers":99,"restRoutes":100,"shortcodes":101,"cronEvents":104,"entryPointCount":32,"unprotectedCount":13},[60,66,71,75,79,83,87,92,96],{"type":61,"name":62,"callback":63,"file":64,"line":65},"action","admin_menu","zpt_metals_menu_hooker","backend\\__hooks.php",8,{"type":67,"name":68,"callback":69,"file":64,"line":70},"filter","cron_schedules","zpt_metals_cron_custom_schedules",988,{"type":61,"name":72,"callback":73,"file":64,"line":74},"zpt_metals_custom_task_hook","zpt_metals_shortcode_func",1195,{"type":67,"name":76,"callback":77,"file":64,"line":78},"woocommerce_product_data_tabs","zpt_metals_custom_product_data_tab",1202,{"type":61,"name":80,"callback":81,"file":64,"line":82},"woocommerce_product_data_panels","zpt_metals_custom_product_data_fields",1212,{"type":61,"name":84,"callback":85,"file":64,"line":86},"woocommerce_process_product_meta_simple","zpt_metals_save_proddata_custom_fields",1403,{"type":67,"name":88,"callback":89,"priority":90,"file":64,"line":91},"woocommerce_get_price","zpt_metal_return_price",10,1520,{"type":61,"name":93,"callback":94,"file":64,"line":95},"woocommerce_before_calculate_totals","zpt_metal_auto_price",1522,{"type":61,"name":97,"callback":94,"file":64,"line":98},"woocommerce_before_cart",1523,[],[],[102],{"tag":4,"callback":73,"file":64,"line":103},11,[105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143],{"hook":72,"callback":72,"file":64,"line":106},999,{"hook":72,"callback":72,"file":64,"line":108},1009,{"hook":72,"callback":72,"file":64,"line":110},1019,{"hook":72,"callback":72,"file":64,"line":112},1029,{"hook":72,"callback":72,"file":64,"line":114},1039,{"hook":72,"callback":72,"file":64,"line":116},1049,{"hook":72,"callback":72,"file":64,"line":118},1059,{"hook":72,"callback":72,"file":64,"line":120},1069,{"hook":72,"callback":72,"file":64,"line":122},1079,{"hook":72,"callback":72,"file":64,"line":124},1089,{"hook":72,"callback":72,"file":64,"line":126},1099,{"hook":72,"callback":72,"file":64,"line":128},1109,{"hook":72,"callback":72,"file":64,"line":130},1119,{"hook":72,"callback":72,"file":64,"line":132},1129,{"hook":72,"callback":72,"file":64,"line":134},1139,{"hook":72,"callback":72,"file":64,"line":136},1149,{"hook":72,"callback":72,"file":64,"line":138},1159,{"hook":72,"callback":72,"file":64,"line":140},1169,{"hook":72,"callback":72,"file":64,"line":142},1179,{"hook":72,"callback":72,"file":64,"line":144},1189,{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":149,"fileOperations":13,"externalRequests":165,"nonceChecks":32,"capabilityChecks":13,"bundledLibraries":166},[],{"prepared":13,"raw":13,"locations":148},[],{"escaped":65,"rawEcho":150,"locations":151},6,[152,155,157,159,161,163],{"file":64,"line":153,"context":154},532,"raw output",{"file":64,"line":156,"context":154},540,{"file":64,"line":158,"context":154},577,{"file":64,"line":160,"context":154},657,{"file":64,"line":162,"context":154},740,{"file":64,"line":164,"context":154},1362,5,[],[168,187],{"entryPoint":169,"graph":170,"unsanitizedCount":13,"severity":186},"zpt_metals_admin_settings_page (backend\\__hooks.php:382)",{"nodes":171,"edges":183},[172,177],{"id":173,"type":174,"label":175,"file":64,"line":176},"n0","source","$_POST (x6)",397,{"id":178,"type":179,"label":180,"file":64,"line":181,"wp_function":182},"n1","sink","update_option() [Settings Manipulation]",399,"update_option",[184],{"from":173,"to":178,"sanitized":185},true,"low",{"entryPoint":188,"graph":189,"unsanitizedCount":13,"severity":186},"\u003C__hooks> (backend\\__hooks.php:0)",{"nodes":190,"edges":193},[191,192],{"id":173,"type":174,"label":175,"file":64,"line":176},{"id":178,"type":179,"label":180,"file":64,"line":181,"wp_function":182},[194],{"from":173,"to":178,"sanitized":185},{"summary":196,"deductions":197},"The zpt-metals plugin v1.2.1 exhibits a generally good security posture based on the static analysis. It demonstrates excellent practices by having no known critical or high severity taint flows and 100% of its SQL queries utilizing prepared statements, which significantly mitigates the risk of SQL injection vulnerabilities. The absence of known CVEs and a clean vulnerability history further contribute to a positive security outlook, suggesting the developers are either diligent in patching or have not historically introduced significant flaws. However, there are areas that warrant attention. The plugin has a notable percentage of improperly escaped output (43%), which could potentially lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is displayed without proper sanitization. Additionally, the presence of 5 external HTTP requests, while not inherently problematic, could introduce risks if not handled securely, such as validating responses or using robust libraries. The lack of capability checks on any entry points is a concern, meaning any authenticated user could potentially trigger functionality that might have unintended consequences or expose sensitive information if other security measures fail.  While the overall picture is positive due to strong SQL practices and no known exploits, the unescaped output and the absence of capability checks represent potential avenues for attack that should be addressed.",[198,201,203],{"reason":199,"points":200},"Significant portion of output not properly escaped",7,{"reason":202,"points":165},"No capability checks on entry points",{"reason":204,"points":205},"External HTTP requests present",2,"2026-03-16T21:48:04.265Z",{"wat":208,"direct":217},{"assetPaths":209,"generatorPatterns":212,"scriptPaths":213,"versionParams":214},[210,211],"\u002Fwp-content\u002Fplugins\u002Fzpt-metals\u002Fassets\u002Fcss\u002Fzpt-metals-frontend.css","\u002Fwp-content\u002Fplugins\u002Fzpt-metals\u002Fassets\u002Fjs\u002Fzpt-metals-frontend.js",[],[211],[215,216],"zpt-metals\u002Fassets\u002Fcss\u002Fzpt-metals-frontend.css?ver=","zpt-metals\u002Fassets\u002Fjs\u002Fzpt-metals-frontend.js?ver=",{"cssClasses":218,"htmlComments":219,"htmlAttributes":229,"restEndpoints":239,"jsGlobals":240,"shortcodeOutput":241},[],[220,221,222,223,224,225,226,227,228],"Display output of shortcode with provided attributes","atts can be an array with following attributes","Endpoint for get rates in Carat","Respect API request limits. So serve database saved results until database","saved rates are older(set by admin from plugin admin area)","if carat parameter is enable then get reponse for carat","Get data from API if we don't have any data saved in the database or","saved data is older()","save response to DB to make less requests to API",[230,231,232,233,234,235,236,237,238],"type","currency","symbols","base","date-format","price-round","date","carat","woocommerce",[],[],[242],"[zpt-metals]"]