[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHN9MXCXs-WJcNAhXo2lsti0SjgI81sGx2pdoLYwahio":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":49,"analysis":147,"fingerprints":588},"appointment-buddy-online-appointment-booking-by-accrete","Appointment Buddy Widget By Accrete","1.2","accreteinfosolution","https:\u002F\u002Fprofiles.wordpress.org\u002Faccreteinfosolution\u002F","\u003Cp>The \u003Cstrong>Appointment Buddy Widget\u003C\u002Fstrong> is a light weight plugin which integrates with any WordPress website. It is a plugin for \u003Cstrong>accepting online bookings from a set of available time-slots\u003C\u002Fstrong>. Users can choose only one time slot from list of Time slots,loaded by selecting particular date from calendar. Admin can see all booked appointments in Calendar. Admin can \u003Cstrong>view each appoitnment in blue tag in calendar\u003C\u002Fstrong>. \u003Cstrong>By clicking on blue tag\u003C\u002Fstrong>, admin can \u003Cstrong>view details of particular appointment in calendar\u003C\u002Fstrong>. Admin can add holidays. The holidays defined by admin can be seen in calendar at user side. User can able to book appointment till no. of months (e.g. 3 months), set by Admin. It is \u003Cstrong>ideal for businesses and individuals who schedule times with clients\u003C\u002Fstrong>, such as..\u003C\u002Fp>\n\u003Col>\n\u003Cli>Lawyers\u003C\u002Fli>\n\u003Cli>Consultants\u003C\u002Fli>\n\u003Cli>Spa and Hair Salons\u003C\u002Fli>\n\u003Cli>Photographers\u003C\u002Fli>\n\u003Cli>Sales Executives\u003C\u002Fli>\n\u003Cli>Doctors\u003C\u002Fli>\n\u003Cli>Dentist\u003C\u002Fli>\n\u003Cli>Any many more…\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The customer can book an available time slot from a defined set on your site.\u003C\u002Fli>\n\u003Cli>Allows to \u003Cstrong>Book Appointment anytime, anywhere\u003C\u002Fstrong>. \u003C\u002Fli>\n\u003Cli>All appointment details display in \u003Cstrong>Calendar View\u003C\u002Fstrong>. \u003C\u002Fli>\n\u003Cli>View scheduled appointment list in \u003Cstrong>List View\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>View every details of booked appointment in \u003Cstrong>Just One Click Calendar View\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Add general details of service provider (like provider name, address, contact details, website, social media links etc.)\u003C\u002Fli>\n\u003Cli>No. of \u003Cstrong>prior days\u003C\u002Fstrong> must be set from current day,after which appointments can be scheduled.\u003C\u002Fli>\n\u003Cli>No. of \u003Cstrong>months\u003C\u002Fstrong> can be set upto which appointments can be scheduled.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allot time slots and working days with your choice.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allows you to define the maximum number of appointments that can be booked for each time-slot\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Create \u002F Manage unlimited services.\u003C\u002Fli>\n\u003Cli>Add holidays and it will be display in \u003Cstrong>calendar at customer side\u003C\u002Fstrong>. (Black out dates).\u003C\u002Fli>\n\u003Cli>Export appointment data to CSV \u002F Excel files.\u003C\u002Fli>\n\u003Cli>Pretty simple, modern and elegant administration interface.\u003C\u002Fli>\n\u003Cli>Flexible & Scalable.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>You can find this \u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Fappointment-buddy-online-appointment-booking-wp-plugin\u002F22486642\" rel=\"nofollow ugc\">online appointment booking wordpress plugin\u003C\u002Fa> (Pro Version) here.\u003C\u002Fp>\n","Appointment Buddy Widget allows you to book appointment online from a set of available time-slots quickly and easily.",10,4238,100,3,"2018-09-15T12:27:00.000Z","4.7.32","4.4.2","",[20,21,22,23,24],"appointments","book-appointments","doctor-appointment","excerpt","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappointment-buddy-online-appointment-booking-by-accrete.zip",64,1,"2025-02-03 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-25099","appointment-buddy-widget-reflected-cross-site-scripting","Appointment Buddy Widget \u003C= 1.2 - Reflected Cross-Site Scripting","The Appointment Buddy Widget By Accrete plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-02-12 18:13:35",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc463ad1f-5522-41f2-8749-e19fcba46409?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},30,69,"2026-04-05T03:05:17.472Z",[50,69,91,110,128],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":11,"downloaded":58,"rating":59,"num_ratings":59,"last_updated":60,"tested_up_to":61,"requires_at_least":62,"requires_php":18,"tags":63,"homepage":66,"download_link":67,"security_score":68,"vuln_count":59,"unpatched_count":59,"last_vuln_date":36,"fetched_at":29},"book-doctor-appointments-icliniq","Book Doctor Appointments – iCliniq","1.0","iCliniq","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarshalicliniqcom\u002F","\u003Cp>This plugin uses https:\u002F\u002Fwww.icliniq.com ‘s doctor search API to list doctors in your website. Users can book doctor appointments directly from your website. The plugin is very \u003Cstrong>flexible\u003C\u002Fstrong> and you can configure location and speciality for the doctors to be listed on your website.\u003C\u002Fp>\n\u003Cp>To display the doctor listing anywhere in the code, the following method should be used\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php display_search_result_body($page, $results_per_page){ ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>where $page and $results_per_page are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>$page\u003C\u002Fstrong>           – page number of the search result; put 1 for the first page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>$results_per_page\u003C\u002Fstrong> – number of listing per page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>e.g: \u003Ccode>\u003C?php display_search_result_body(1, 10); ?>\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Find out more at http:\u002F\u002Ficliniq.com\u002Fpages\u002Fdisplay\u002Fpage\u002Fwordpress-plugin\u003C\u002Fp>\n","This plugin uses https:\u002F\u002Fwww.icliniq.com 's doctor search API to list doctors in your website. Users can book doctor appointments directly from y &hellip;",2357,0,"2013-06-24T08:13:00.000Z","3.4.2","3.0",[64,65,24],"book-doctor-appointments","sidebar","http:\u002F\u002Ficliniq.com\u002Fpages\u002Fdisplay\u002Fpage\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbook-doctor-appointments-icliniq.zip",85,{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":89,"download_link":90,"security_score":68,"vuln_count":59,"unpatched_count":59,"last_vuln_date":36,"fetched_at":29},"comments-widget-plus","Recent Comments Widget Plus","1.3","Ga Satrya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatrya\u002F","\u003Cp>This plugin will enable a custom and advanced \u003Cstrong>recent comments widget\u003C\u002Fstrong>. Allows you to display a list of the most recent comments with avatar and excerpt, you can also choose which to show newer comments first or older comments first and choose comments from any post type.\u003C\u002Fp>\n\u003Ch4>Support this project\u003C\u002Fh4>\n\u003Cp>If you are enjoying this plugin. I would appreciate a cup of coffee to help me keep coding and supporting the project! \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fsatrya\" rel=\"nofollow ugc\">Support & donate\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display avatar with customizable size.\u003C\u002Fli>\n\u003Cli>Display comment excerpt with customizable length.\u003C\u002Fli>\n\u003Cli>Exclude pingback & trackback\u003C\u002Fli>\n\u003Cli>Post type option.\u003C\u002Fli>\n\u003Cli>Offset option.\u003C\u002Fli>\n\u003Cli>Option to choose the comments order.\u003C\u002Fli>\n\u003Cli>Allows you to set title url.\u003C\u002Fli>\n\u003Cli>Custom CSS class.\u003C\u002Fli>\n\u003Cli>Multiple widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcomments-widget-plus\u002F\" rel=\"nofollow ugc\">Translate to your language\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Contribute or submit issues on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsatrya\u002Fcomments-widget-plus\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides custom recent comments widget with extra features such as display avatar, comment excerpt and much more!",2000,49264,94,20,"2022-10-26T16:06:00.000Z","6.1.10","5.8","7.2",[86,23,87,88,24],"avatar","recent-comments","recent-comments-widget","https:\u002F\u002Fidenovasi.com\u002Fprojects\u002Fcomments-widget-plus\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-widget-plus.1.3.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":13,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":18,"tags":105,"homepage":108,"download_link":109,"security_score":68,"vuln_count":59,"unpatched_count":59,"last_vuln_date":36,"fetched_at":29},"recent-posts-with-excerpts","Recent Posts with Excerpts","2.6.1","Stephanie Leary","https:\u002F\u002Fprofiles.wordpress.org\u002Fsillybean\u002F","\u003Cp>A widget that lists your most recent posts with excerpts, optionally limited to a category. The number of posts and excerpts is configurable; for example, you could show the titles of five posts but include the excerpt for only the two most recent. Supports \u003Ca href=\"http:\u002F\u002Frobsnotebook.com\u002Fthe-excerpt-reloaded\u002F\" rel=\"nofollow ugc\">the_excerpt Reloaded\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fsparepencil.com\u002Fcode\u002Fadvanced-excerpt\u002F\" rel=\"nofollow ugc\">Advanced Excerpt\u003C\u002Fa> for excerpts with HTML formatting.\u003C\u002Fp>\n\u003Cp>New! Supports displaying post thumbnails along with excerpts. Widget options let you place the thumbnails above the title, in between the title and the excerpt, or below the excerpt.\u003C\u002Fp>\n\u003Cp>Now on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsillybean\u002FRecent-Posts-with-Excerpts\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Serbo-Croatian (sr-RS) by \u003Ca href=\"http:\u002F\u002Fwww.webhostinghub.com\" rel=\"nofollow ugc\">Borisa Djuraskovic\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you would like to send me a translation, please write to me through \u003Ca href=\"http:\u002F\u002Fstephanieleary.com\u002Fabout\u002Fcontact\u002F\" rel=\"nofollow ugc\">my contact page\u003C\u002Fa>. Let me know which plugin you’ve translated and how you would like to be credited. I will write you back so you can attach the files in your reply.\u003C\u002Fp>\n","A widget that lists your most recent posts with optional excerpts.",700,52791,5,"2016-06-30T20:09:00.000Z","4.8.28","2.8",[106,107],"excerpts","widgets","http:\u002F\u002Fstephanieleary.com\u002Fcode\u002Fwordpress\u002Frecent-posts-with-excerpts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-with-excerpts.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":13,"num_ratings":27,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":18,"tags":123,"homepage":126,"download_link":127,"security_score":68,"vuln_count":59,"unpatched_count":59,"last_vuln_date":36,"fetched_at":29},"recent-posts-widget-plus","Recent Posts Widget Plus","1.2.1","Johan van der Wijk","https:\u002F\u002Fprofiles.wordpress.org\u002Fvanderwijk\u002F","\u003Cp>The Recent Posts Widget Plus plugin allows you to display a list of the most recent posts from all or a specific category or tag. It not only shows the post title, but also an excerpt of the post.\u003C\u002Fp>\n","This plugin allows you to display the most recent posts with an excerpt in a WordPress sidebar widget area.",600,28667,"2023-10-30T15:07:00.000Z","6.4.8","2.9.3",[23,124,125,65,24],"recent-post","recent-posts","http:\u002F\u002Fvanderwijk.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-widget-plus.1.2.1.zip",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":13,"num_ratings":138,"last_updated":139,"tested_up_to":140,"requires_at_least":104,"requires_php":18,"tags":141,"homepage":145,"download_link":146,"security_score":68,"vuln_count":59,"unpatched_count":59,"last_vuln_date":36,"fetched_at":29},"page-excerpt-widget","Page Excerpt Widget","0.3","JonathanMH","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonathanmh_com\u002F","\u003Cp>I have created a little WordPress plugin in the shape of a widget, which allows the user to display an excerpt of a page in a sidebar area of their choice.\u003Cbr \u002F>\nI wrote this to replace a little theme hack I did for a client, where the front page was supposed to have an excerpt of a page on the front page, of course linking to the full page. Instead of keeping it that way and hard coding the page-id, I wanted something where the end user could change which page was supposed to be linked. I hope it will be of use to someone.\u003C\u002Fp>\n\u003Cp>Right now you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Define the amount of characters to use as an excerpt\u003C\u002Fli>\n\u003Cli>Select the page from all existing pages\u003C\u002Fli>\n\u003Cli>Link the title of the page, to the page\u003C\u002Fli>\n\u003Cli>Append a link to the page\u003C\u002Fli>\n\u003Cli>Decide a custom label for the read more link\u003C\u002Fli>\n\u003Cli>add multiple instances of the widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>I plan to increase the functionality with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>some internationalisation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Suggestions welcome\u003C\u002Fh3>\n\u003Cp>Since this is my first plugin and widget, suggestions, improvements and more are very welcome. I’ve also published the code on github, for easier discussion and improvement. https:\u002F\u002Fgithub.com\u002FJonathanMH\u002Fpage-excerpt-widget\u003C\u002Fp>\n","This plugin allows the user to place a widget with an excerpt of a page in any sidebar. Dropdown menu for page, amount of characters adjustable.",200,12170,6,"2015-01-15T21:31:00.000Z","4.1.42",[142,143,144,24],"page","page-excerpt","read-more-link","http:\u002F\u002Fjonathanmh.com\u002Fwordpress-page-excerpt-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-excerpt-widget.0.4.zip",{"attackSurface":148,"codeSignals":258,"taintFlows":467,"riskAssessment":572,"analyzedAt":587},{"hooks":149,"ajaxHandlers":201,"restRoutes":255,"shortcodes":256,"cronEvents":257,"entryPointCount":80,"unprotectedCount":59},[150,156,160,164,168,172,176,181,186,190,194,197],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","admin_footer","apbud_add_generalProfile_script","admctrlfd\\admin-general-profile.php",111,{"type":151,"name":152,"callback":157,"file":158,"line":159},"apbud_add_holiday_script","admctrlfd\\admin-holiday.php",101,{"type":151,"name":152,"callback":161,"file":162,"line":163},"apbud_list_treatments_script","admctrlfd\\admin-list-treatments.php",82,{"type":151,"name":152,"callback":165,"file":166,"line":167},"apbud_add_time_slot_script","admctrlfd\\admin-time-slot.php",80,{"type":151,"name":152,"callback":169,"file":170,"line":171},"apbud_add_treatments_script","admctrlfd\\admin-treatments.php",36,{"type":151,"name":152,"callback":173,"file":174,"line":175},"apbud_add_workingDays_script","admctrlfd\\admin-working-days.php",167,{"type":151,"name":177,"callback":178,"priority":27,"file":179,"line":180},"admin_menu","apbud_addAppointmentBuddyMainMenu","appointment-buddy.php",47,{"type":151,"name":182,"callback":183,"priority":184,"file":179,"line":185},"plugins_loaded","includes",2,48,{"type":151,"name":187,"callback":188,"file":179,"line":189},"widgets_init","register_widget",49,{"type":151,"name":191,"callback":192,"file":179,"line":193},"admin_enqueue_scripts","apbud_plugin_admin_scripts",50,{"type":151,"name":191,"callback":195,"file":179,"line":196},"apbud_plugin_admin_styles",51,{"type":151,"name":198,"callback":199,"file":200,"line":80},"wp_enqueue_scripts","apbud_plugin_general_scriptsNstyles","includes\\widget.php",[202,208,210,213,215,218,220,223,225,228,230,233,235,238,240,243,245,248,250,253],{"action":203,"nopriv":204,"callback":203,"hasNonce":205,"hasCapCheck":204,"file":206,"line":207},"apbud_add_general_profile",false,true,"admctrlfd\\functions.php",106,{"action":203,"nopriv":205,"callback":203,"hasNonce":205,"hasCapCheck":204,"file":206,"line":209},107,{"action":211,"nopriv":204,"callback":211,"hasNonce":205,"hasCapCheck":204,"file":206,"line":212},"apbud_add_treatments",254,{"action":211,"nopriv":205,"callback":211,"hasNonce":205,"hasCapCheck":204,"file":206,"line":214},255,{"action":216,"nopriv":204,"callback":216,"hasNonce":205,"hasCapCheck":204,"file":206,"line":217},"apbud_get_treatments",377,{"action":216,"nopriv":205,"callback":216,"hasNonce":205,"hasCapCheck":204,"file":206,"line":219},378,{"action":221,"nopriv":204,"callback":221,"hasNonce":205,"hasCapCheck":204,"file":206,"line":222},"apbud_add_holidays",407,{"action":221,"nopriv":205,"callback":221,"hasNonce":205,"hasCapCheck":204,"file":206,"line":224},408,{"action":226,"nopriv":204,"callback":226,"hasNonce":205,"hasCapCheck":204,"file":206,"line":227},"apbud_add_timeSlots",549,{"action":226,"nopriv":205,"callback":226,"hasNonce":205,"hasCapCheck":204,"file":206,"line":229},550,{"action":231,"nopriv":204,"callback":231,"hasNonce":205,"hasCapCheck":204,"file":206,"line":232},"apbud_delete_timeSlot",691,{"action":231,"nopriv":205,"callback":231,"hasNonce":205,"hasCapCheck":204,"file":206,"line":234},692,{"action":236,"nopriv":204,"callback":236,"hasNonce":205,"hasCapCheck":204,"file":206,"line":237},"apbud_admin_add_workingDays1",735,{"action":236,"nopriv":205,"callback":236,"hasNonce":205,"hasCapCheck":204,"file":206,"line":239},736,{"action":241,"nopriv":204,"callback":241,"hasNonce":205,"hasCapCheck":204,"file":206,"line":242},"apbud_getTimeSlot",834,{"action":241,"nopriv":205,"callback":241,"hasNonce":205,"hasCapCheck":204,"file":206,"line":244},835,{"action":246,"nopriv":204,"callback":246,"hasNonce":205,"hasCapCheck":204,"file":206,"line":247},"apbud_add_appointments",904,{"action":246,"nopriv":205,"callback":246,"hasNonce":205,"hasCapCheck":204,"file":206,"line":249},905,{"action":251,"nopriv":204,"callback":251,"hasNonce":205,"hasCapCheck":204,"file":206,"line":252},"apbud_admin_fetch_appointments",1031,{"action":251,"nopriv":205,"callback":251,"hasNonce":205,"hasCapCheck":204,"file":206,"line":254},1032,[],[],[],{"dangerousFunctions":259,"sqlUsage":260,"outputEscaping":334,"fileOperations":59,"externalRequests":59,"nonceChecks":11,"capabilityChecks":59,"bundledLibraries":466},[],{"prepared":261,"raw":262,"locations":263},4,34,[264,268,271,274,276,278,280,281,283,284,286,288,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,328,330,332],{"file":265,"line":266,"context":267},"admctrlfd\\admin-appointment-list.php",90,"$wpdb->query() with variable interpolation",{"file":265,"line":269,"context":270},123,"$wpdb->get_var() with variable interpolation",{"file":265,"line":272,"context":273},135,"$wpdb->get_results() with variable interpolation",{"file":154,"line":275,"context":273},8,{"file":158,"line":277,"context":273},58,{"file":162,"line":279,"context":273},35,{"file":166,"line":275,"context":273},{"file":166,"line":282,"context":270},9,{"file":174,"line":282,"context":273},{"file":174,"line":285,"context":273},31,{"file":174,"line":287,"context":273},33,{"file":174,"line":277,"context":273},{"file":206,"line":290,"context":270},203,{"file":206,"line":292,"context":270},277,{"file":206,"line":294,"context":270},315,{"file":206,"line":296,"context":273},388,{"file":206,"line":298,"context":270},436,{"file":206,"line":300,"context":273},524,{"file":206,"line":302,"context":273},611,{"file":206,"line":304,"context":267},616,{"file":206,"line":306,"context":267},709,{"file":206,"line":308,"context":267},712,{"file":206,"line":310,"context":273},755,{"file":206,"line":312,"context":273},859,{"file":206,"line":314,"context":273},950,{"file":206,"line":316,"context":273},956,{"file":206,"line":318,"context":270},977,{"file":206,"line":320,"context":273},979,{"file":206,"line":322,"context":273},1053,{"file":206,"line":324,"context":273},1057,{"file":326,"line":327,"context":273},"includes\\form.php",7,{"file":326,"line":329,"context":273},24,{"file":326,"line":331,"context":273},39,{"file":326,"line":333,"context":273},78,{"escaped":331,"rawEcho":163,"locations":335},[336,339,341,344,346,347,348,350,351,352,353,354,356,357,359,360,362,364,366,368,370,371,372,373,374,376,378,380,381,382,383,384,385,386,388,390,392,394,396,398,399,400,402,404,406,407,408,409,410,411,413,414,416,417,419,420,422,423,425,426,428,429,430,431,433,435,437,439,441,443,445,447,449,451,453,455,457,458,459,461,463,464],{"file":265,"line":337,"context":338},96,"raw output",{"file":265,"line":340,"context":338},162,{"file":342,"line":343,"context":338},"admctrlfd\\admin-calendar.php",45,{"file":154,"line":345,"context":338},25,{"file":154,"line":46,"context":338},{"file":154,"line":279,"context":338},{"file":154,"line":349,"context":338},40,{"file":154,"line":343,"context":338},{"file":154,"line":196,"context":338},{"file":154,"line":277,"context":338},{"file":154,"line":26,"context":338},{"file":154,"line":355,"context":338},71,{"file":154,"line":167,"context":338},{"file":154,"line":358,"context":338},81,{"file":154,"line":337,"context":338},{"file":154,"line":361,"context":338},102,{"file":154,"line":363,"context":338},179,{"file":154,"line":365,"context":338},188,{"file":158,"line":367,"context":338},65,{"file":158,"line":369,"context":338},68,{"file":158,"line":355,"context":338},{"file":158,"line":68,"context":338},{"file":158,"line":68,"context":338},{"file":158,"line":68,"context":338},{"file":158,"line":375,"context":338},126,{"file":158,"line":377,"context":338},171,{"file":162,"line":379,"context":338},42,{"file":162,"line":343,"context":338},{"file":162,"line":185,"context":338},{"file":162,"line":196,"context":338},{"file":162,"line":367,"context":338},{"file":162,"line":367,"context":338},{"file":162,"line":367,"context":338},{"file":162,"line":387,"context":338},98,{"file":162,"line":389,"context":338},138,{"file":166,"line":391,"context":338},60,{"file":166,"line":393,"context":338},61,{"file":166,"line":395,"context":338},62,{"file":166,"line":397,"context":338},63,{"file":166,"line":26,"context":338},{"file":166,"line":26,"context":338},{"file":166,"line":401,"context":338},139,{"file":166,"line":403,"context":338},181,{"file":170,"line":405,"context":338},59,{"file":170,"line":369,"context":338},{"file":174,"line":393,"context":338},{"file":174,"line":395,"context":338},{"file":174,"line":26,"context":338},{"file":174,"line":26,"context":338},{"file":174,"line":412,"context":338},67,{"file":174,"line":412,"context":338},{"file":174,"line":415,"context":338},79,{"file":174,"line":415,"context":338},{"file":174,"line":418,"context":338},91,{"file":174,"line":418,"context":338},{"file":174,"line":421,"context":338},103,{"file":174,"line":421,"context":338},{"file":174,"line":424,"context":338},115,{"file":174,"line":424,"context":338},{"file":174,"line":427,"context":338},127,{"file":174,"line":427,"context":338},{"file":174,"line":401,"context":338},{"file":174,"line":401,"context":338},{"file":174,"line":432,"context":338},209,{"file":206,"line":434,"context":338},392,{"file":206,"line":436,"context":338},531,{"file":206,"line":438,"context":338},534,{"file":206,"line":440,"context":338},537,{"file":206,"line":442,"context":338},1093,{"file":326,"line":444,"context":338},119,{"file":326,"line":446,"context":338},120,{"file":326,"line":448,"context":338},121,{"file":326,"line":450,"context":338},122,{"file":326,"line":452,"context":338},153,{"file":326,"line":454,"context":338},185,{"file":326,"line":456,"context":338},205,{"file":326,"line":456,"context":338},{"file":326,"line":456,"context":338},{"file":326,"line":460,"context":338},258,{"file":200,"line":462,"context":338},46,{"file":200,"line":185,"context":338},{"file":200,"line":465,"context":338},52,[],[468,492,510,523,532,547,556,564],{"entryPoint":469,"graph":470,"unsanitizedCount":59,"severity":491},"apbud_get_treatments (admctrlfd\\functions.php:380)",{"nodes":471,"edges":488},[472,476,481,484],{"id":473,"type":474,"label":475,"file":206,"line":296},"n0","source","$_POST['editId']",{"id":477,"type":478,"label":479,"file":206,"line":296,"wp_function":480},"n1","sink","get_results() [SQLi]","get_results",{"id":482,"type":474,"label":483,"file":206,"line":296},"n2","$_POST",{"id":485,"type":478,"label":486,"file":206,"line":434,"wp_function":487},"n3","echo() [XSS]","echo",[489,490],{"from":473,"to":477,"sanitized":205},{"from":482,"to":485,"sanitized":205},"low",{"entryPoint":493,"graph":494,"unsanitizedCount":59,"severity":491},"\u003Cfunctions> (admctrlfd\\functions.php:0)",{"nodes":495,"edges":506},[496,497,498,499,500,504],{"id":473,"type":474,"label":475,"file":206,"line":296},{"id":477,"type":478,"label":479,"file":206,"line":296,"wp_function":480},{"id":482,"type":474,"label":483,"file":206,"line":296},{"id":485,"type":478,"label":486,"file":206,"line":434,"wp_function":487},{"id":501,"type":474,"label":502,"file":206,"line":503},"n4","$_GET",522,{"id":505,"type":478,"label":479,"file":206,"line":300,"wp_function":480},"n5",[507,508,509],{"from":473,"to":477,"sanitized":205},{"from":482,"to":485,"sanitized":205},{"from":501,"to":505,"sanitized":205},{"entryPoint":511,"graph":512,"unsanitizedCount":27,"severity":522},"process_bulk_action (admctrlfd\\admin-appointment-list.php:80)",{"nodes":513,"edges":520},[514,517],{"id":473,"type":474,"label":515,"file":265,"line":516},"$_REQUEST",86,{"id":477,"type":478,"label":518,"file":265,"line":266,"wp_function":519},"query() [SQLi]","query",[521],{"from":473,"to":477,"sanitized":204},"high",{"entryPoint":524,"graph":525,"unsanitizedCount":27,"severity":522},"prepare_items (admctrlfd\\admin-appointment-list.php:113)",{"nodes":526,"edges":530},[527,529],{"id":473,"type":474,"label":515,"file":265,"line":528},131,{"id":477,"type":478,"label":479,"file":265,"line":272,"wp_function":480},[531],{"from":473,"to":477,"sanitized":204},{"entryPoint":533,"graph":534,"unsanitizedCount":14,"severity":522},"\u003Cadmin-appointment-list> (admctrlfd\\admin-appointment-list.php:0)",{"nodes":535,"edges":543},[536,537,538,539,540,542],{"id":473,"type":474,"label":515,"file":265,"line":516},{"id":477,"type":478,"label":518,"file":265,"line":266,"wp_function":519},{"id":482,"type":474,"label":515,"file":265,"line":528},{"id":485,"type":478,"label":479,"file":265,"line":272,"wp_function":480},{"id":501,"type":474,"label":541,"file":265,"line":340},"$_REQUEST['page']",{"id":505,"type":478,"label":486,"file":265,"line":340,"wp_function":487},[544,545,546],{"from":473,"to":477,"sanitized":204},{"from":482,"to":485,"sanitized":204},{"from":501,"to":505,"sanitized":204},{"entryPoint":548,"graph":549,"unsanitizedCount":27,"severity":522},"\u003Cadmin-holiday> (admctrlfd\\admin-holiday.php:0)",{"nodes":550,"edges":554},[551,553],{"id":473,"type":474,"label":502,"file":158,"line":552},56,{"id":477,"type":478,"label":479,"file":158,"line":277,"wp_function":480},[555],{"from":473,"to":477,"sanitized":204},{"entryPoint":557,"graph":558,"unsanitizedCount":27,"severity":522},"\u003Cadmin-list-treatments> (admctrlfd\\admin-list-treatments.php:0)",{"nodes":559,"edges":562},[560,561],{"id":473,"type":474,"label":502,"file":162,"line":287},{"id":477,"type":478,"label":479,"file":162,"line":279,"wp_function":480},[563],{"from":473,"to":477,"sanitized":204},{"entryPoint":565,"graph":566,"unsanitizedCount":27,"severity":522},"displayHolidayDetails (admctrlfd\\functions.php:498)",{"nodes":567,"edges":570},[568,569],{"id":473,"type":474,"label":502,"file":206,"line":503},{"id":477,"type":478,"label":479,"file":206,"line":300,"wp_function":480},[571],{"from":473,"to":477,"sanitized":204},{"summary":573,"deductions":574},"The \"appointment-buddy-online-appointment-booking-by-accrete\" plugin version 1.2 presents a mixed security posture. On the positive side, it boasts a substantial attack surface of 20 AJAX handlers, all of which appear to have authentication checks, and no REST API routes, shortcodes, or cron events were identified.  Furthermore, there are no readily apparent dangerous function calls or file operations. This suggests a degree of diligence in implementing core security controls for entry points and sensitive operations.\n\nHowever, several significant concerns emerge from the code analysis. The SQL query usage is worrying, with only 11% of queries using prepared statements, leaving a substantial portion vulnerable to SQL injection. Similarly, only 32% of output escaping is properly handled, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of XSS-related CVEs. The taint analysis revealing 6 high-severity flows with unsanitized paths directly corroborates these concerns, suggesting data passed into the plugin is not adequately validated or escaped before being used in sensitive operations.\n\nThe vulnerability history, while showing only one medium severity CVE, is a significant red flag. The fact that this CVE is still unpatched is critical.  The consistent pattern of XSS vulnerabilities in its history, combined with the current taint analysis results, points to a persistent issue with input validation and output sanitization within the plugin.  While the plugin has strengths in its handling of AJAX authentication, the weaknesses in SQL query preparation and output escaping, coupled with an unpatched vulnerability, create a considerable risk for users.",[575,578,581,583,585],{"reason":576,"points":577},"Unpatched CVE present",18,{"reason":579,"points":580},"High severity taint flows",15,{"reason":582,"points":11},"Low percentage of prepared SQL queries",{"reason":584,"points":275},"Low percentage of properly escaped output",{"reason":586,"points":101},"No capability checks on AJAX handlers","2026-03-16T23:58:57.023Z",{"wat":589,"direct":609},{"assetPaths":590,"generatorPatterns":606,"scriptPaths":607,"versionParams":608},[591,592,593,594,595,596,597,598,599,600,601,602,603,604,605],"\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fadmctrlfd\u002Fjs\u002Fmoment.min.js","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fadmctrlfd\u002Fjs\u002Ffullcalendar.min.js","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fjs\u002Fjquery.validate.min.js","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fjs\u002Fdatetimepicker.full.min.js","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fadmctrlfd\u002Fjs\u002Ftabbed.min.js","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fadmctrlfd\u002Fjs\u002Fsweetalert.min.js","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fjs\u002Fwebui-popover.min.js","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fadmctrlfd\u002Fjs\u002Fcustom.js","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fcss\u002Fdatetimepicker.min.css","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fadmctrlfd\u002Fcss\u002Ffullcalendar.min.css","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fadmctrlfd\u002Fcss\u002Fsweetalert.css","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fadmctrlfd\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fcss\u002Fwebui-popover.min.css","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fjs\u002Fab-script.js","\u002Fwp-content\u002Fplugins\u002Fappointment-buddy-online-appointment-booking-by-accrete\u002Fcss\u002Fab-style.css",[],[591,592,593,594,595,596,597,598,604],[],{"cssClasses":610,"htmlComments":612,"htmlAttributes":613,"restEndpoints":620,"jsGlobals":621,"shortcodeOutput":639},[611],"appointment_buddy_Widget",[],[614,615,616,617,618,619],"id=\"appointment-calendar\"","class=\"dashicons-admin-plugins\"","id=\"appointment_title\"","name=\"appointment_title\"","id=\"widget_appointment_title\"","name=\"widget_appointment_title\"",[],[622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638],"apbud_ROOT_DIR","apbud_ROOT_PAGE","apbud_ROOT_URL","apbud_INC","apbud_LAN","apbud_ADMIN","apbud_CSS","apbud_IMAGES","apbud_JS","apbud_AJAX_URL","apbud_CURRENT_TIMEZONE","apbud_CURRENT_DATE","apbud_CURRENT_TIME","Appointment_buddy_Widget","ab_validate_js","ab_datepicker_js","ab_script_js",[640],"[appointment_buddy_widget]"]