WP-Safety

ANAC XML Bandi di Gara Security & Risk Analysis

wordpress.org/plugins/avcp

Software per la gestione dei Bandi di Gara e generazione dataset XML per ANAC (ex AVCP -Legge 190/2012 Art 1.32)

600 active installs v7.7.3 PHP + WP 4.4+ Updated Nov 4, 2025
anacanticorruzioneautoritaavcpvigilanza
95
A · Safe
CVEs total4
Unpatched0
Last CVENov 24, 2025
Plugin page Download
Safety Verdict

Is ANAC XML Bandi di Gara Safe to Use in 2026?

Generally Safe

Score 95/100

ANAC XML Bandi di Gara has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Nov 24, 2025Updated 5mo ago
Risk Assessment

The plugin "avcp" v7.7.3 presents a mixed security posture. While it demonstrates good practices in several areas, such as using prepared statements for all SQL queries and incorporating nonce and capability checks on its entry points, there are significant concerns that warrant attention. The static analysis revealed a notable percentage of output that is not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis identified flows with unsanitized paths, which, while not categorized as critical or high severity in this instance, still represent a risk if they were to interact with sensitive functions or data.

The vulnerability history of this plugin is a major concern. With a total of 4 known CVEs, all of which are classified as medium severity and focused on XSS and CSRF, it suggests a pattern of insecure input handling. Although there are no currently unpatched vulnerabilities, the historical presence of these common vulnerability types indicates a recurring need for careful input validation and output sanitization. The plugin's strengths lie in its robust use of prepared statements and its attempt to secure entry points. However, the recurring XSS and CSRF issues and the identified unsanitized paths in the taint analysis highlight a need for more rigorous security auditing and development practices.

Key Concerns

  • Output escaping is not properly handled for a significant portion
  • Taint analysis shows flows with unsanitized paths
  • History of medium severity CVEs (XSS and CSRF)
Vulnerabilities
4

ANAC XML Bandi di Gara Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-64260medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ANAC XML Bandi di Gara <= 7.7 - Reflected Cross-Site Scripting

Nov 24, 2025 Patched in 7.7.1 (26d)
CVE-2023-47242medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ANAC XML Bandi di Gara <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Nov 7, 2023 Patched in 7.6 (570d)
CVE-2023-47655medium · 4.3Cross-Site Request Forgery (CSRF)

ANAC XML Bandi di Gara <= 7.5 - Cross-Site Request Forgery via settings.php

Nov 7, 2023 Patched in 7.6 (570d)
CVE-2023-47656medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ANAC XML Bandi di Gara <= 7.5 - Authenticated (Editor+) Stored Cross-Site Scripting

Nov 7, 2023 Patched in 7.6 (570d)
Code Analysis
Analyzed Mar 16, 2026

ANAC XML Bandi di Gara Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
95
154 escaped
Nonce Checks
9
Capability Checks
4
File Operations
7
External Requests
1
Bundled Libraries
2

Bundled Libraries

DataTablesSelect2

Output Escaping

62% escaped249 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
anac_import_load (pannelli\import.php:3)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ANAC XML Bandi di Gara Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 3

authwp_ajax_at_delete_filetax-meta-class\Tax-meta-class.php:461
authwp_ajax_at_reorder_imagestax-meta-class\Tax-meta-class.php:462
authwp_ajax_at_delete_muploadtax-meta-class\Tax-meta-class.php:464

Shortcodes 4

[avcp] avcp.php:225
[anac] avcp.php:226
[gare] avcp.php:227
[opengare] opendata\loader.php:29
WordPress Hooks 42
actioninitavcp.php:11
actioninitavcp.php:75
actioninitavcp.php:112
actioninitavcp.php:151
actionsave_postavcp.php:185
filterenter_title_hereavcp.php:206
actioninitavcp.php:234
filtermanage_posts_custom_columnavcp.php:252
filtermanage_posts_custom_columnavcp.php:253
actionadmin_enqueue_scriptsavcp.php:258
actionadmin_noticesavcp.php:273
actionadmin_initavcp.php:289
actionadmin_menuavcp.php:343
actionadmin_head-edit-tags.phpavcp_create_taxonomy.php:71
actionadmin_head-term.phpavcp_create_taxonomy.php:72
filtermanage_edit-ditte_columnsavcp_create_taxonomy.php:77
filtermanage_ditte_custom_columnavcp_create_taxonomy.php:121
actionditte_add_form_fieldsavcp_create_taxonomy.php:139
actionditte_edit_form_fieldsavcp_create_taxonomy.php:158
actionedited_ditteavcp_create_taxonomy.php:175
actioncreate_ditteavcp_create_taxonomy.php:176
actionadmin_menuavcp_metabox_generator.php:3
actionadd_meta_boxesavcp_metabox_generator.php:7
actionsave_postavcp_metabox_generator.php:11
actionadd_meta_boxesavcp_metabox_generator.php:239
actionsave_post_avcpavcp_metabox_generator.php:244
actionadd_meta_boxesavcp_metabox_generator.php:252
actiondbx_post_sidebaravcp_metabox_generator.php:256
filterthe_contentsinglehack.php:355
actionadmin_inittax-meta-class\Tax-meta-class.php:126
actionadmin_print_stylestax-meta-class\Tax-meta-class.php:130
actiondelete_termtax-meta-class\Tax-meta-class.php:135
actionadmin_footertax-meta-class\Tax-meta-class.php:181
filtermedia_upload_gallerytax-meta-class\Tax-meta-class.php:191
filtermedia_upload_librarytax-meta-class\Tax-meta-class.php:192
filtermedia_upload_imagetax-meta-class\Tax-meta-class.php:193
actionadmin_footertax-meta-class\Tax-meta-class.php:476
actionrestrict_manage_poststaxfilteringbackend.php:3
filtermanage_edit-avcp_columnstaxfilteringbackend.php:39
filtermanage_posts_custom_columntaxfilteringbackend.php:83
filtermanage_edit-cake_sortable_columnstaxfilteringbackend.php:91
filtermanage_edit-avcp_sortable_columnstaxfilteringbackend.php:97
Maintenance & Trust

ANAC XML Bandi di Gara Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 4, 2025
PHP min version
Downloads42K

Community Trust

Rating98/100
Number of ratings17
Active installs600
Alternatives

ANAC XML Bandi di Gara Alternatives

ANAC XML Viewer

ANAC XML Viewer

anac-xml-viewer

A
98

Software per la visualizzazione di dataset XML su tracciato ANAC (ex AVCP -Legge 190/2012 Art 1.32).

1K 2 CVEs
BananaCrystal Payment Gateway

BananaCrystal Payment Gateway

bananacrystal-payment-gateway

A
92

BananaCrystal Payment Gateway plugin allows you to accept payments for your store or business almost free on your Wordpress Woocommerce store easily.

0 No CVEs
Connect CRM RealState

Connect CRM RealState

connect-crm-realstate

A
100

Import real estate properties from Inmovilla and Anaconda CRM systems into WordPress as custom post types.

0 No CVEs
Developer Profile

ANAC XML Bandi di Gara Developer Profile

Marco Milesi

13 plugins · 13K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
280 days
View full developer profile
Detection Fingerprints

How We Detect ANAC XML Bandi di Gara

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/avcp/css/font-awesome.min.css/wp-content/plugins/avcp/css/avcp-admin.css/wp-content/plugins/avcp/css/avcp-frontend.css
Script Paths
/wp-content/plugins/avcp/js/avcp-admin.js/wp-content/plugins/avcp/js/avcp-frontend.js
Version Parameters
avcp/style.css?ver=avcp/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
avcp-frontend-wrapperavcp-admin-wrapperavcp-titleavcp-descavcp-dateavcp-authoravcp-meta
Data Attributes
data-avcp-id
JS Globals
avcp_admin_ajax_objectavcp_frontend_ajax_object
Shortcode Output
[avcp_display][avcp_form]
FAQ

Frequently Asked Questions about ANAC XML Bandi di Gara