[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmoFQSE8S9bVIHh01YdsU2vrFAjYCAyb_Gp9UE18qjpM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":83,"crawl_stats":37,"alternatives":91,"analysis":154,"fingerprints":690},"avcp","ANAC XML Bandi di Gara","7.7.3","Marco Milesi","https:\u002F\u002Fprofiles.wordpress.org\u002Fmilmor\u002F","\u003Cp>ANAC XML BANDI DI GARA è un plugin WordPress per pubblicazione di bandi di gara ai fini della trasparenza delle pubbliche amministrazioni (D.lgs 33\u002F2013) e l’adeguamento normativo richiesto dall’Autorità Nazionale Anticorruzione (specifiche tecniche art. 1 comma 32 Legge n. 190\u002F2012).\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Questo plugin non supporta i raggruppamenti temporanei di impresa\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Flessibilità, **Semplicità\u003C\u002Fstrong> e \u003Cstrong>Intuitività\u003C\u002Fstrong> sono i 3 pilastri con cui è stato pensato questo software per la gestione \u003Cstrong>completa\u003C\u002Fstrong> dei bandi di gara. Sfruttando le potenzialità native di WordPress, questo plugin presenta un’interfaccia integrata adatta a tutti gli utenti, presentandosi come soluzione ideale per i siti della pubblica amministrazione “Powered by WordPress” e per tutti gli enti che desiderano una soluzione gratuita, stabile, aggiornata e supportata.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Più di \u003Cstrong>1200\u003C\u002Fstrong> portali della PA si appoggiano a questo plugin, tra cui USR Lombardia e USR Veneto\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Funzioni\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Creazione e gestione dei bandi di gara tramite Custom Post Type (stessa impostazione di pagine e articoli)\u003C\u002Fli>\n\u003Cli>Creazione e gestione delle ditte tramite Taxonomy (tassonomia, stessa impostazione delle categorie)\u003C\u002Fli>\n\u003Cli>Assegnazione ditte partecipanti e aggiudicatari direttamente nella pagina di creazione del bando\u003C\u002Fli>\n\u003Cli>Generazione di tabelle di riepilogo tramite shortcode [gare] \u002F\u002F [gare anno=”2013″] \u002F\u002F [gare anno=”%%%%”]\u003C\u002Fli>\n\u003Cli>Generazione \u003Cstrong>automatica\u003C\u002Fstrong> o manuale del file indice XML per la trasmissione ad AVCP e delle annualità singole\u003C\u002Fli>\n\u003Cli>Gestione completa dei \u003Cstrong>Centri di Costo\u003C\u002Fstrong> (per scrittura dataset) e dei responsabili (per front-end sito)\u003C\u002Fli>\n\u003Cli>Codice leggero, commentato e facilmente modificabile\u003C\u002Fli>\n\u003Cli>Compatibilità completa per i temi WordPress\u003C\u002Fli>\n\u003Cli>Generazione di dataset .xml vuoti\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Esportazione\u003C\u002Fstrong>, stampa e copia dei dati delle gare per l’utente\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Caratteristiche Salienti\u003C\u002Fh4>\n\u003Cp>Oltre all’adempimento degli obblighi di legge, AVCP XML per WordPress offre alcune funzioni in grado di dare valore aggiunto al vostro operato:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Visualizzazione pubblica dei file .xml in una pagina dedicata: www.example.com\u003Cstrong>\u002Favcp\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Visualizzazione singola delle voci, con possibilità di aggiunta testo a piacere, documenti, link,…\u003C\u002Fli>\n\u003Cli>Visualizzazione \u003Cstrong>archivio\u003C\u002Fstrong> di tutte le gare partecipate da ogni ditta [opzionale]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BACKUP & RIPRISTINO\u003C\u002Fh4>\n\u003Cp>ANAC XML permette il backup e il ripristino nativo delle voci dei bandi (per trasferimento sito WordPress o solo per avere una copia di sicurezza). Accedendo a Strumenti -> Esporta è possibile scaricare il file xml di backup (da non confondere con quello generato per l’avcp, che ha una struttura completamente diversa). Per il ripristino delle voci in un altro sito è sufficiente caricare questo file in un’altra installazione utilizzando il menù Strumenti -> Importa\u003C\u002Fp>\n\u003Ch4>CAMBIAMENTO PATH\u002FURL FILE\u003C\u002Fh4>\n\u003Cp>Il plugin integra un sistema di filtraggio per le variabili path\u002Furl dei file.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'anac_filter_basexmlpath', function( $string ) { \u002F\u002F Base PATH\n    \u002F\u002F $string = ...\n    return $string;\n}, 10, 3 );\n\nadd_filter( 'anac_filter_basexmlurl', function( $string ) { \u002F\u002F Base URL\n    \u002F\u002F $string = ...\n    return $string;\n}, 10, 3 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>CONTATTI & SUPPORTO\u003C\u002Fh4>\n\u003Cp>Per qualsiasi informazione, per segnalare problemi o per suggerire nuove funzioni, è attivo il forum di supporto su \u003Ca href=\"https:\u002F\u002Fwpgov.it\u002Fsupporto\u002F\" rel=\"nofollow ugc\">wpgov.it\u002Fsupporto\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FD_nmx_XXo8o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>ATTENZIONE\u003C\u002Fstrong> | \u003Cstrong>“For each author’s protection [***] we want to make certain that everyone understands that there is no warranty for this free software.\u003C\u002Fstrong> In accordo con la licenza GPL v.2 con cui questo software viene fornito, \u003Cstrong>declino\u003C\u002Fstrong> ogni responsabilità per eventuali inadempimenti legislativi e\u002Fo altri problemi legali e\u002Fo tecnici derivanti, implicitamente o esplicitamente, dall’utilizzo di questo plugin WordPress o da un’affrettata configurazione dello stesso (ivi compresi eventuali aggiornamenti). E’ compito del gestore del sito assicurarsi che il modulo funzioni correttamente e adempia agli obblighi di legge e, al contempo, è obbligo degli operatori\u002Fimpiegati\u002Fdipendenti\u002Ffunzionari preposti alla gestione dell’Amministrazione Trasparente la pubblicazione degli opportuni dati.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>EN\u003C\u002Fstrong> | This plugin is developed for \u003Cstrong>schools, universities, municipalities and local authorities\u003C\u002Fstrong> of \u003Cstrong>ITALY\u003C\u002Fstrong> and respects their legal parameters. The installation of this plugin on amateur websites and\u002For portals not subject to ‘Amministrazione Trasparente’ legislation is a waste of time since the purpose of this software is the posting of data in a legal and validated way.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Software per la gestione dei Bandi di Gara e generazione dataset XML per ANAC (ex AVCP -Legge 190\u002F2012 Art 1.32)",600,42135,98,17,"2025-11-04T14:44:00.000Z","6.9.4","4.4","",[20,21,22,4,23],"anac","anticorruzione","autorita","vigilanza","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Favcp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Favcp.7.7.3.zip",95,4,0,"2025-11-24 00:00:00","2026-03-15T15:16:48.613Z",[32,48,62,73],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-64260","anac-xml-bandi-di-gara-reflected-cross-site-scripting","ANAC XML Bandi di Gara \u003C= 7.7 - Reflected Cross-Site Scripting","The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=7.7","7.7.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-12-19 17:04:34",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff6c7b969-04e4-409a-81e2-823a94701d41?source=api-prod",26,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2023-47242","anac-xml-bandi-di-gara-authenticated-contributor-stored-cross-site-scripting-via-shortcode","ANAC XML Bandi di Gara \u003C= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode","The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=7.5","7.6",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-11-07 00:00:00","2025-05-29 19:29:50",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F101945f6-d709-4c99-8c80-def9dd2fa636?source=api-prod",570,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":67,"cvss_vector":68,"vuln_type":69,"published_date":57,"updated_date":70,"references":71,"days_to_patch":61},"CVE-2023-47655","anac-xml-bandi-di-gara-cross-site-request-forgery-via-settingsphp","ANAC XML Bandi di Gara \u003C= 7.5 - Cross-Site Request Forgery via settings.php","The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5. This is due to missing or incorrect nonce validation on the settings.php file. This makes it possible for unauthenticated attackers to alter the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-05-29 19:29:41",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F36cf102b-bff1-4516-9a76-030ddc98c207?source=api-prod",{"id":74,"url_slug":75,"title":76,"description":77,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":78,"cvss_vector":79,"vuln_type":43,"published_date":57,"updated_date":80,"references":81,"days_to_patch":61},"CVE-2023-47656","anac-xml-bandi-di-gara-authenticated-editor-stored-cross-site-scripting","ANAC XML Bandi di Gara \u003C= 7.5 - Authenticated (Editor+) Stored Cross-Site Scripting","The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-05-29 19:29:32",[82],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcb610baa-093d-4a41-8e28-c65fdb0e32aa?source=api-prod",{"slug":84,"display_name":7,"profile_url":8,"plugin_count":85,"total_installs":86,"avg_security_score":87,"avg_patch_time_days":88,"trust_score":89,"computed_at":90},"milmor",13,12590,97,280,77,"2026-04-04T11:21:30.256Z",[92,113,133],{"slug":93,"name":94,"version":95,"author":7,"author_profile":8,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":16,"requires_at_least":103,"requires_php":18,"tags":104,"homepage":109,"download_link":110,"security_score":13,"vuln_count":111,"unpatched_count":28,"last_vuln_date":112,"fetched_at":30},"anac-xml-viewer","ANAC XML Viewer","1.8.3","\u003Cp>ANAC XML VIEWER è un plugin WordPress pensato per le PA utile alla pubblicazione di bandi di gara ai fini della trasparenza (D.lgs 33\u002F2013) e l’adeguamento normativo richiesto dall’Autorità Nazionale Anticorruzione (specifiche tecniche art. 1 comma 32 Legge n. 190\u002F2012).\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fcdn082kZogk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Caratteristiche\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Visualizzazione tabellare dei bandi di gara a partire da un dataset XML già generato\u003C\u002Fli>\n\u003Cli>Importazione del dataset tramite copia\u002Fincolla del contenuto del file o URL.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>ATTENZIONE\u003C\u002Fstrong> | \u003Cstrong>“For each author’s protection [***] we want to make certain that everyone understands that there is no warranty for this free software.\u003C\u002Fstrong> In accordo con la licenza GPL v.2 con cui questo software viene fornito, \u003Cstrong>declino\u003C\u002Fstrong> ogni responsabilità per eventuali inadempimenti legislativi e\u002Fo altri problemi legali e\u002Fo tecnici derivanti, implicitamente o esplicitamente, dall’utilizzo di questo plugin WordPress o da un’affrettata configurazione dello stesso (ivi compresi eventuali aggiornamenti). E’ compito del gestore del sito assicurarsi che il modulo funzioni correttamente e adempia agli obblighi di legge e, al contempo, è obbligo degli operatori\u002Fimpiegati\u002Fdipendenti\u002Ffunzionari preposti alla gestione dell’Amministrazione Trasparente la pubblicazione degli opportuni dati.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>EN\u003C\u002Fstrong> | This plugin is only intended for \u003Cstrong>schools, universities, municipalities and local authorities\u003C\u002Fstrong> of \u003Cstrong>ITALY\u003C\u002Fstrong> and respects their legal parameters.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Software per la visualizzazione di dataset XML su tracciato ANAC (ex AVCP -Legge 190\u002F2012 Art 1.32).",1000,19077,100,3,"2026-01-19T10:15:00.000Z","4.3",[105,20,106,107,108],"amministrazione","atti","documenti","xml","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanac-xml-viewer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanac-xml-viewer.1.8.3.zip",2,"2025-11-26 00:00:00",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":28,"downloaded":121,"rating":100,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":18,"tags":126,"homepage":18,"download_link":131,"security_score":132,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"bananacrystal-payment-gateway","BananaCrystal Payment Gateway","1.2.6","BananaCrystal","https:\u002F\u002Fprofiles.wordpress.org\u002Fbananacrystal\u002F","\u003Cp>\u003Cstrong>Accept payments for your store or business almost free with \u003Ca href=\"https:\u002F\u002Fwww.bananacrystal.com\" rel=\"nofollow ugc\">BananaCrystal\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Ch3>WHAT’S NEW\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Enhanced Payment Speed: Faster payment reflection for an improved checkout experience.\u003C\u002Fli>\n\u003Cli>Bug Fixes: Resolved various issues to enhance reliability and performance.\u003C\u002Fli>\n\u003Cli>User Interface Overhaul: A streamlined and intuitive interface for smoother navigation and ease of use.\u003C\u002Fli>\n\u003Cli>Improved User Experience: Optimized workflows and enhanced features for better user satisfaction.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>BENEFITS\u003C\u002Fh3>\n\u003Ch3>Benefits for your store or business:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Accept payments for your store or business almost free! \u003C\u002Fli>\n\u003Cli>Payments settle instantly for your store or business with no risk of chargebacks saving you over 20% in fraud and chargeback fees…which you can then pass as savings on to your customers\u003C\u002Fli>\n\u003Cli>Send payments to your local and international vendors for FREE.  This will enable you access to new markets and industry segments at reduced costs and payment settlement times.\u003C\u002Fli>\n\u003Cli>Accept subscription payments and manage subscription plans.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Benefits for your customers:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>BananaCrystal payment system works like PayPal, Stripe or CashApp but much better. This is because you are now able to accept and receive payments with NO FEES from over 150 countries. \u003C\u002Fli>\n\u003Cli>Send and receive secure peer to peer payments to anyone instantly at no cost to you.\u003C\u002Fli>\n\u003Cli>Fast secure, low-cost, borderless, local and international payments in USD powered by blockchain\u002Fcrypto payment rails.\u003C\u002Fli>\n\u003Cli>Customers send and receive secure payments (peer to peer) to your store instantly at no cost to you.\u003C\u002Fli>\n\u003Cli>You and your customers get privacy on all your purchases. Your bank or credit card company does not need to know what you are purchasing…because your purchases are private.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Quick installation and setup, see \u003Ca href=\"https:\u002F\u002Fwww.bananacrystal.com\u002Fdocs\u002Fhow-to-install-the-wordpress-woocommerce-plugin\u002F\" rel=\"nofollow ugc\">guide\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Accept one-time payments or through subscriptions\u003C\u002Fli>\n\u003Cli>Receive Instant Payment Notifications when a customer makes a payment or recurring payment for a subscription.\u003C\u002Fli>\n\u003Cli>Quick configuration with your BananaCrystal store account and your Woocommerce store\u003C\u002Fli>\n\u003C\u002Ful>\n","BananaCrystal Payment Gateway plugin allows you to accept payments for your store or business almost free on your Wordpress Woocommerce store easily.",1097,8,"2024-10-12T12:40:00.000Z","6.6.5","5.0",[127,128,129,130],"bananacrystal","payment-gateway","payments","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbananacrystal-payment-gateway.1.2.6.zip",92,{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":28,"downloaded":141,"rating":28,"num_ratings":28,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":145,"tags":146,"homepage":152,"download_link":153,"security_score":100,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"connect-crm-realstate","Connect CRM RealState","1.2.0","Close·technology","https:\u002F\u002Fprofiles.wordpress.org\u002Fclosetechnology\u002F","\u003Cp>Connect CRM RealState imports properties from popular real estate CRM systems (Inmovilla and Anaconda) into WordPress. Properties are stored as custom post types with full field mapping, photo galleries, and property information displays.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported CRM Systems:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Anaconda\u003C\u002Fstrong> – Full REST API integration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inmovilla Procesos\u003C\u002Fstrong> – REST API v1 integration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inmovilla APIWEB\u003C\u002Fstrong> – Legacy API support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manual property import with progress tracking\u003C\u002Fli>\n\u003Cli>Configurable field mapping between CRM and WordPress custom fields\u003C\u002Fli>\n\u003Cli>Auto-map fields for quick setup\u003C\u002Fli>\n\u003Cli>Property photo gallery with carousel (shortcode and auto-display)\u003C\u002Fli>\n\u003Cli>Property information box with icons (shortcode and auto-display)\u003C\u002Fli>\n\u003Cli>Custom post type registration or use any existing post type\u003C\u002Fli>\n\u003Cli>Filter imports by postal code\u003C\u002Fli>\n\u003Cli>Configure actions for sold\u002Funavailable properties\u003C\u002Fli>\n\u003Cli>Download images locally for better performance\u003C\u002Fli>\n\u003Cli>Import statistics dashboard\u003C\u002Fli>\n\u003Cli>Rate limit detection and automatic retry\u003C\u002Fli>\n\u003Cli>Compatible with Yoast SEO and Rank Math\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Shortcodes:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[ccrmre_property_gallery]\u003C\u002Fcode> – Display property photo gallery\u003C\u002Fli>\n\u003Cli>\u003Ccode>[ccrmre_property_info]\u003C\u002Fcode> – Display property information box with price, bedrooms, bathrooms, area, and location\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>PRO Features (via \u003Ca href=\"https:\u002F\u002Fclose.technology\u002Fwordpress-plugins\u002Fconecta-crm-realstate\u002F\" rel=\"nofollow ugc\">Connect CRM RealState PRO\u003C\u002Fa> add-on):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatic background synchronization via cron\u003C\u002Fli>\n\u003Cli>WPCLI for long-running tasks\u003C\u002Fli>\n\u003Cli>SEO-optimized property content \u003Cem>(coming soon)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>AI-powered property descriptions with LLM \u003Cem>(coming soon)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to third-party real estate CRM APIs to import property data. Connection only occurs when you run an import.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Anaconda (api.anaconda.guru)\u003C\u002Fstrong>\u003Cbr \u002F>\nUsed to fetch property listings and details. The plugin sends your configured API credentials and request parameters (e.g. filters, pagination) when you use the Anaconda CRM type. Data is sent only when importing or syncing. Check your Anaconda provider or contract for \u003Ca href=\"https:\u002F\u002Fwww.anacondasolutions.es\u002Faviso-legal\u002F\" rel=\"nofollow ugc\">terms\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.anacondasolutions.es\u002Fpolitica-de-privacidad\u002F\" rel=\"nofollow ugc\">privacy\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Inmovilla\u003C\u002Fstrong>\u003Cbr \u002F>\nUsed to fetch property data when you use the Inmovilla Procesos CRM type. The plugin sends your API credentials and request parameters only during import or sync. Inmovilla \u003Ca href=\"https:\u002F\u002Finmovilla.com\u002Faviso-legal\u002F\" rel=\"nofollow ugc\">terms\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.inmovilla.com\u002Fpolitica-de-privacidad\u002F\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa>\u003C\u002Fp>\n","Import real estate properties from Inmovilla and Anaconda CRM systems into WordPress as custom post types.",119,"2026-03-10T13:15:00.000Z","7.0","5.8","7.4",[147,148,149,150,151],"anaconda","crm","inmovilla","properties","real-estate","https:\u002F\u002Fclose.technology\u002Fwordpress-plugins\u002Fconecta-crm-realstate\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconnect-crm-realstate.1.2.0.zip",{"attackSurface":155,"codeSignals":332,"taintFlows":539,"riskAssessment":679,"analyzedAt":689},{"hooks":156,"ajaxHandlers":301,"restRoutes":316,"shortcodes":317,"cronEvents":331,"entryPointCount":238,"unprotectedCount":28},[157,163,166,169,172,177,181,184,188,191,194,197,201,204,209,212,215,219,223,227,231,234,236,239,240,243,247,249,253,257,261,265,269,273,277,280,283,286,289,292,294,298],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","init","register_cpt_avcp","avcp.php",11,{"type":158,"name":159,"callback":164,"file":161,"line":165},"register_taxonomy_ditte",75,{"type":158,"name":159,"callback":167,"file":161,"line":168},"register_taxonomy_annirif",112,{"type":158,"name":159,"callback":170,"file":161,"line":171},"closure",151,{"type":158,"name":173,"callback":174,"priority":175,"file":161,"line":176},"save_post","save_at_gara_posts",10,185,{"type":178,"name":179,"callback":170,"file":161,"line":180},"filter","enter_title_here",206,{"type":158,"name":159,"callback":182,"file":161,"line":183},"atg_caricamoduli",234,{"type":178,"name":185,"callback":186,"priority":175,"file":161,"line":187},"manage_posts_custom_column","avcp_modify_post_table_row",252,{"type":178,"name":185,"callback":189,"file":161,"line":190},"avcp_modify_post_table",253,{"type":158,"name":192,"callback":170,"file":161,"line":193},"admin_enqueue_scripts",258,{"type":158,"name":195,"callback":170,"file":161,"line":196},"admin_notices",273,{"type":158,"name":198,"callback":199,"file":161,"line":200},"admin_init","AVCP_ADMIN_LOAD",289,{"type":158,"name":202,"callback":170,"file":161,"line":203},"admin_menu",343,{"type":158,"name":205,"callback":206,"file":207,"line":208},"admin_head-edit-tags.php","avcp_hide_taxonomy_fields","avcp_create_taxonomy.php",71,{"type":158,"name":210,"callback":206,"file":207,"line":211},"admin_head-term.php",72,{"type":178,"name":213,"callback":214,"file":207,"line":89},"manage_edit-ditte_columns","avcp_ditte_theme_columns",{"type":178,"name":216,"callback":217,"priority":175,"file":207,"line":218},"manage_ditte_custom_column","add_ditte_column_content",121,{"type":158,"name":220,"callback":221,"priority":175,"file":207,"line":222},"ditte_add_form_fields","ditte_taxonomy_add_new_meta_field",139,{"type":158,"name":224,"callback":225,"priority":175,"file":207,"line":226},"ditte_edit_form_fields","ditte_taxonomy_edit_meta_field",158,{"type":158,"name":228,"callback":229,"priority":175,"file":207,"line":230},"edited_ditte","save_taxonomy_custom_meta",175,{"type":158,"name":232,"callback":229,"priority":175,"file":207,"line":233},"create_ditte",176,{"type":158,"name":202,"callback":170,"file":235,"line":101},"avcp_metabox_generator.php",{"type":158,"name":237,"callback":170,"file":235,"line":238},"add_meta_boxes",7,{"type":158,"name":173,"callback":170,"file":235,"line":162},{"type":158,"name":237,"callback":241,"file":235,"line":242},"avcp_meta_box_add",239,{"type":158,"name":244,"callback":245,"file":235,"line":246},"save_post_avcp","avcp_custom_save_post",244,{"type":158,"name":237,"callback":248,"priority":175,"file":235,"line":187},"avcp_add_meta_boxes",{"type":158,"name":250,"callback":251,"file":235,"line":252},"dbx_post_sidebar","avcp_dbx_post_sidebar",256,{"type":178,"name":254,"callback":170,"file":255,"line":256},"the_content","singlehack.php",355,{"type":158,"name":198,"callback":258,"file":259,"line":260},"add","tax-meta-class\\Tax-meta-class.php",126,{"type":158,"name":262,"callback":263,"file":259,"line":264},"admin_print_styles","load_scripts_styles",130,{"type":158,"name":266,"callback":267,"priority":175,"file":259,"line":268},"delete_term","delete_taxonomy_metadata",135,{"type":158,"name":270,"callback":271,"file":259,"line":272},"admin_footer","add_enctype",181,{"type":178,"name":274,"callback":275,"file":259,"line":276},"media_upload_gallery","insert_images",191,{"type":178,"name":278,"callback":275,"file":259,"line":279},"media_upload_library",192,{"type":178,"name":281,"callback":275,"file":259,"line":282},"media_upload_image",193,{"type":158,"name":270,"callback":284,"file":259,"line":285},"footer_js",476,{"type":158,"name":287,"callback":170,"file":288,"line":101},"restrict_manage_posts","taxfilteringbackend.php",{"type":178,"name":290,"callback":170,"file":288,"line":291},"manage_edit-avcp_columns",39,{"type":178,"name":185,"callback":186,"priority":175,"file":288,"line":293},83,{"type":178,"name":295,"callback":296,"file":288,"line":297},"manage_edit-cake_sortable_columns","my_sortable_cake_column",91,{"type":178,"name":299,"callback":300,"file":288,"line":87},"manage_edit-avcp_sortable_columns","avcp_date_sort",[302,308,312],{"action":303,"nopriv":304,"callback":305,"hasNonce":306,"hasCapCheck":304,"file":259,"line":307},"at_delete_file",false,"delete_file",true,461,{"action":309,"nopriv":304,"callback":310,"hasNonce":306,"hasCapCheck":304,"file":259,"line":311},"at_reorder_images","reorder_images",462,{"action":313,"nopriv":304,"callback":314,"hasNonce":306,"hasCapCheck":304,"file":259,"line":315},"at_delete_mupload","wp_ajax_delete_image",464,[],[318,321,323,326],{"tag":4,"callback":319,"file":161,"line":320},"avcp_func",225,{"tag":20,"callback":319,"file":161,"line":322},226,{"tag":324,"callback":319,"file":161,"line":325},"gare",227,{"tag":327,"callback":328,"file":329,"line":330},"opengare","opengare_func","opendata\\loader.php",29,[],{"dangerousFunctions":333,"sqlUsage":334,"outputEscaping":336,"fileOperations":238,"externalRequests":530,"nonceChecks":531,"capabilityChecks":27,"bundledLibraries":532},[],{"prepared":28,"raw":28,"locations":335},[],{"escaped":337,"rawEcho":26,"locations":338},154,[339,342,344,346,348,350,352,355,357,360,363,366,368,371,373,375,377,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,473,475,477,479,481,482,484,485,486,488,490,493,495,497,499,500,502,504,505,507,509,511,513,515,517,519,521,523,525,527,528],{"file":235,"line":340,"context":341},124,"raw output",{"file":235,"line":343,"context":341},179,{"file":235,"line":345,"context":341},195,{"file":235,"line":347,"context":341},200,{"file":235,"line":349,"context":341},230,{"file":235,"line":351,"context":341},260,{"file":353,"line":354,"context":341},"opendata\\1.php",53,{"file":353,"line":356,"context":341},60,{"file":358,"line":359,"context":341},"opendata\\3.php",32,{"file":361,"line":362,"context":341},"opendata\\4.php",23,{"file":364,"line":365,"context":341},"settings.php",14,{"file":364,"line":367,"context":341},31,{"file":369,"line":370,"context":341},"tablegen.php",160,{"file":369,"line":372,"context":341},182,{"file":369,"line":374,"context":341},203,{"file":369,"line":376,"context":341},212,{"file":369,"line":378,"context":341},213,{"file":369,"line":380,"context":341},217,{"file":369,"line":382,"context":341},218,{"file":369,"line":384,"context":341},224,{"file":369,"line":386,"context":341},229,{"file":369,"line":388,"context":341},237,{"file":369,"line":390,"context":341},238,{"file":259,"line":392,"context":341},354,{"file":259,"line":394,"context":341},357,{"file":259,"line":396,"context":341},530,{"file":259,"line":398,"context":341},538,{"file":259,"line":400,"context":341},571,{"file":259,"line":402,"context":341},578,{"file":259,"line":404,"context":341},582,{"file":259,"line":406,"context":341},591,{"file":259,"line":408,"context":341},595,{"file":259,"line":410,"context":341},625,{"file":259,"line":412,"context":341},629,{"file":259,"line":414,"context":341},636,{"file":259,"line":416,"context":341},682,{"file":259,"line":418,"context":341},702,{"file":259,"line":420,"context":341},708,{"file":259,"line":422,"context":341},715,{"file":259,"line":424,"context":341},735,{"file":259,"line":426,"context":341},749,{"file":259,"line":428,"context":341},762,{"file":259,"line":430,"context":341},776,{"file":259,"line":432,"context":341},794,{"file":259,"line":434,"context":341},796,{"file":259,"line":436,"context":341},818,{"file":259,"line":438,"context":341},834,{"file":259,"line":440,"context":341},852,{"file":259,"line":442,"context":341},874,{"file":259,"line":444,"context":341},878,{"file":259,"line":446,"context":341},882,{"file":259,"line":448,"context":341},888,{"file":259,"line":450,"context":341},891,{"file":259,"line":452,"context":341},927,{"file":259,"line":454,"context":341},945,{"file":259,"line":456,"context":341},947,{"file":259,"line":458,"context":341},948,{"file":259,"line":460,"context":341},974,{"file":259,"line":462,"context":341},990,{"file":259,"line":464,"context":341},1004,{"file":259,"line":466,"context":341},1027,{"file":259,"line":468,"context":341},1032,{"file":259,"line":470,"context":341},1034,{"file":259,"line":472,"context":341},1063,{"file":259,"line":474,"context":341},1068,{"file":259,"line":476,"context":341},1070,{"file":288,"line":478,"context":341},12,{"file":288,"line":480,"context":341},16,{"file":288,"line":480,"context":341},{"file":288,"line":483,"context":341},28,{"file":288,"line":359,"context":341},{"file":288,"line":359,"context":341},{"file":288,"line":487,"context":341},52,{"file":288,"line":489,"context":341},70,{"file":491,"line":492,"context":341},"valid_page.php",20,{"file":491,"line":494,"context":341},128,{"file":491,"line":496,"context":341},156,{"file":491,"line":498,"context":341},204,{"file":491,"line":180,"context":341},{"file":491,"line":501,"context":341},236,{"file":491,"line":503,"context":341},240,{"file":491,"line":252,"context":341},{"file":491,"line":506,"context":341},290,{"file":491,"line":508,"context":341},292,{"file":491,"line":510,"context":341},297,{"file":491,"line":512,"context":341},299,{"file":491,"line":514,"context":341},304,{"file":491,"line":516,"context":341},306,{"file":491,"line":518,"context":341},324,{"file":491,"line":520,"context":341},326,{"file":491,"line":522,"context":341},331,{"file":491,"line":524,"context":341},337,{"file":491,"line":526,"context":341},341,{"file":491,"line":203,"context":341},{"file":491,"line":529,"context":341},378,1,9,[533,536],{"name":534,"version":37,"knownCves":535},"DataTables",[],{"name":537,"version":37,"knownCves":538},"Select2",[],[540,559,567,596,608,620],{"entryPoint":541,"graph":542,"unsanitizedCount":28,"severity":558},"anac_import_load (pannelli\\import.php:3)",{"nodes":543,"edges":556},[544,550],{"id":545,"type":546,"label":547,"file":548,"line":549},"n0","source","$_POST (x2)","pannelli\\import.php",145,{"id":551,"type":552,"label":553,"file":548,"line":554,"wp_function":555},"n1","sink","echo() [XSS]",196,"echo",[557],{"from":545,"to":551,"sanitized":306},"low",{"entryPoint":560,"graph":561,"unsanitizedCount":28,"severity":558},"\u003Cimport> (pannelli\\import.php:0)",{"nodes":562,"edges":565},[563,564],{"id":545,"type":546,"label":547,"file":548,"line":549},{"id":551,"type":552,"label":553,"file":548,"line":554,"wp_function":555},[566],{"from":545,"to":551,"sanitized":306},{"entryPoint":568,"graph":569,"unsanitizedCount":111,"severity":558},"delete_file (tax-meta-class\\Tax-meta-class.php:291)",{"nodes":570,"edges":591},[571,574,577,582,585,588],{"id":545,"type":546,"label":572,"file":259,"line":573},"$_POST",307,{"id":551,"type":575,"label":576,"file":259,"line":573},"transform","→ update_tax_meta()",{"id":578,"type":552,"label":579,"file":259,"line":580,"wp_function":581},"n2","update_option() [Settings Manipulation]",1999,"update_option",{"id":583,"type":546,"label":572,"file":259,"line":584},"n3",310,{"id":586,"type":575,"label":587,"file":259,"line":584},"n4","→ delete_tax_meta()",{"id":589,"type":552,"label":579,"file":259,"line":590,"wp_function":581},"n5",1990,[592,593,594,595],{"from":545,"to":551,"sanitized":304},{"from":551,"to":578,"sanitized":304},{"from":583,"to":586,"sanitized":304},{"from":586,"to":589,"sanitized":304},{"entryPoint":597,"graph":598,"unsanitizedCount":530,"severity":558},"wp_ajax_delete_image (tax-meta-class\\Tax-meta-class.php:319)",{"nodes":599,"edges":605},[600,603,604],{"id":545,"type":546,"label":601,"file":259,"line":602},"$_GET",328,{"id":551,"type":575,"label":587,"file":259,"line":602},{"id":578,"type":552,"label":579,"file":259,"line":590,"wp_function":581},[606,607],{"from":545,"to":551,"sanitized":304},{"from":551,"to":578,"sanitized":304},{"entryPoint":609,"graph":610,"unsanitizedCount":28,"severity":558},"save (tax-meta-class\\Tax-meta-class.php:1085)",{"nodes":611,"edges":618},[612,614],{"id":545,"type":546,"label":547,"file":259,"line":613},1106,{"id":551,"type":552,"label":615,"file":259,"line":616,"wp_function":617},"call_user_func() [RCE]",1111,"call_user_func",[619],{"from":545,"to":551,"sanitized":306},{"entryPoint":621,"graph":622,"unsanitizedCount":478,"severity":558},"\u003CTax-meta-class> (tax-meta-class\\Tax-meta-class.php:0)",{"nodes":623,"edges":666},[624,627,629,632,633,634,635,637,640,642,644,646,648,650,652,654,656,658,662,664],{"id":545,"type":546,"label":625,"file":259,"line":626},"$_GET (x6)",321,{"id":551,"type":552,"label":615,"file":259,"line":628,"wp_function":617},557,{"id":578,"type":546,"label":630,"file":259,"line":631},"$_GET (x8)",320,{"id":583,"type":552,"label":553,"file":259,"line":434,"wp_function":555},{"id":586,"type":546,"label":547,"file":259,"line":613},{"id":589,"type":552,"label":615,"file":259,"line":616,"wp_function":617},{"id":636,"type":546,"label":630,"file":259,"line":631},"n6",{"id":638,"type":552,"label":579,"file":259,"line":639,"wp_function":581},"n7",1889,{"id":641,"type":546,"label":572,"file":259,"line":573},"n8",{"id":643,"type":575,"label":576,"file":259,"line":573},"n9",{"id":645,"type":552,"label":579,"file":259,"line":580,"wp_function":581},"n10",{"id":647,"type":546,"label":572,"file":259,"line":584},"n11",{"id":649,"type":575,"label":587,"file":259,"line":584},"n12",{"id":651,"type":552,"label":579,"file":259,"line":590,"wp_function":581},"n13",{"id":653,"type":546,"label":625,"file":259,"line":602},"n14",{"id":655,"type":575,"label":587,"file":259,"line":602},"n15",{"id":657,"type":552,"label":579,"file":259,"line":590,"wp_function":581},"n16",{"id":659,"type":546,"label":660,"file":259,"line":661},"n17","$_GET (x4)",1145,{"id":663,"type":575,"label":576,"file":259,"line":661},"n18",{"id":665,"type":552,"label":579,"file":259,"line":580,"wp_function":581},"n19",[667,668,669,670,671,672,673,674,675,676,677,678],{"from":545,"to":551,"sanitized":306},{"from":578,"to":583,"sanitized":306},{"from":586,"to":589,"sanitized":306},{"from":636,"to":638,"sanitized":306},{"from":641,"to":643,"sanitized":304},{"from":643,"to":645,"sanitized":304},{"from":647,"to":649,"sanitized":304},{"from":649,"to":651,"sanitized":304},{"from":653,"to":655,"sanitized":304},{"from":655,"to":657,"sanitized":304},{"from":659,"to":663,"sanitized":304},{"from":663,"to":665,"sanitized":304},{"summary":680,"deductions":681},"The plugin \"avcp\" v7.7.3 presents a mixed security posture. While it demonstrates good practices in several areas, such as using prepared statements for all SQL queries and incorporating nonce and capability checks on its entry points, there are significant concerns that warrant attention. The static analysis revealed a notable percentage of output that is not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis identified flows with unsanitized paths, which, while not categorized as critical or high severity in this instance, still represent a risk if they were to interact with sensitive functions or data.\n\nThe vulnerability history of this plugin is a major concern. With a total of 4 known CVEs, all of which are classified as medium severity and focused on XSS and CSRF, it suggests a pattern of insecure input handling. Although there are no currently unpatched vulnerabilities, the historical presence of these common vulnerability types indicates a recurring need for careful input validation and output sanitization. The plugin's strengths lie in its robust use of prepared statements and its attempt to secure entry points. However, the recurring XSS and CSRF issues and the identified unsanitized paths in the taint analysis highlight a need for more rigorous security auditing and development practices.",[682,685,687],{"reason":683,"points":684},"Output escaping is not properly handled for a significant portion",15,{"reason":686,"points":175},"Taint analysis shows flows with unsanitized paths",{"reason":688,"points":478},"History of medium severity CVEs (XSS and CSRF)","2026-03-16T19:30:39.440Z",{"wat":691,"direct":703},{"assetPaths":692,"generatorPatterns":696,"scriptPaths":697,"versionParams":700},[693,694,695],"\u002Fwp-content\u002Fplugins\u002Favcp\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Favcp\u002Fcss\u002Favcp-admin.css","\u002Fwp-content\u002Fplugins\u002Favcp\u002Fcss\u002Favcp-frontend.css",[],[698,699],"\u002Fwp-content\u002Fplugins\u002Favcp\u002Fjs\u002Favcp-admin.js","\u002Fwp-content\u002Fplugins\u002Favcp\u002Fjs\u002Favcp-frontend.js",[701,702],"avcp\u002Fstyle.css?ver=","avcp\u002Fscript.js?ver=",{"cssClasses":704,"htmlComments":712,"htmlAttributes":713,"restEndpoints":715,"jsGlobals":716,"shortcodeOutput":719},[705,706,707,708,709,710,711],"avcp-frontend-wrapper","avcp-admin-wrapper","avcp-title","avcp-desc","avcp-date","avcp-author","avcp-meta",[],[714],"data-avcp-id",[],[717,718],"avcp_admin_ajax_object","avcp_frontend_ajax_object",[720,721],"[avcp_display]","[avcp_form]"]