{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "WordPress /wp-admin/admin-ajax.php action=wprp_load_more_revs in genuine WP Review Slider Pro 12.6.7 code, then a line-accurate fixed patch to the same product file",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "mariadb",
    "wordpress",
    "php-built-in-server",
    "wp-review-slider-pro-12.6.7"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/evidence.log",
    "logs/plugin_source_identity.log",
    "logs/real_notinstring_patch.diff",
    "artifacts/reviews_page.html",
    "artifacts/nonce.txt",
    "artifacts/vuln_sleep5_attempt1_response.json",
    "artifacts/vuln_sleep5_attempt2_response.json",
    "artifacts/vuln_data_true_response.json",
    "artifacts/vuln_data_false_response.json",
    "artifacts/fixed_sleep5_warmup_response.json",
    "artifacts/fixed_sleep5_attempt1_response.json",
    "artifacts/fixed_sleep5_attempt2_response.json",
    "artifacts/timing_summary.json",
    "artifacts/real_vulnerable_getreviews_excerpt.txt",
    "artifacts/real_ajax_handler_excerpt.txt"
  ],
  "notes": "Confirmed: real WP Review Slider Pro 12.6.7 admin-ajax.php request executes the vulnerable notinstring SQL path; patched product file removes the timing/data-extraction primitive."
}