[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ff2NwQKSlcdWyLlkPkr5ZMUuzBVv_szXDeBf2S3TsM7M":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":47,"crawl_stats":36,"alternatives":51,"analysis":143,"fingerprints":215},"bandsintown","Bandsintown Events","1.3.4","bandsintown_legacy","https:\u002F\u002Fprofiles.wordpress.org\u002Fkwestion505\u002F","\u003Cp>Bandsintown’s Events plugin makes it easy for artists to showcase their upcoming events anywhere on their WordPress-powered blog or website.\u003C\u002Fp>\n\u003Cp>Easily display an automatically updated list of your events to your fans using the widget, shortcode or template tag.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically syncs to Facebook, Tumblr and Twitter.\u003C\u002Fli>\n\u003Cli>Buy tickets and RSVP to your events right from your website.\u003C\u002Fli>\n\u003Cli>Fully customizable CSS (uses theme styles by default).\u003C\u002Fli>\n\u003C\u002Ful>\n","Bandsintown's Events plugin for displaying your upcoming events.",4000,87002,66,8,"2025-03-07T00:11:00.000Z","5.9.13","2.7","",[4,20,21,22],"concerts","events","tour-dates","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbandsintown\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbandsintown.1.3.4.zip",91,1,0,"2025-02-19 21:09:14","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-13802","bandsintown-events-authenticated-contributor-stored-cross-site-scripting","Bandsintown Events \u003C= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Bandsintown Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bandsintown_events' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.3.1","1.3.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-03-10 14:17:43",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbab22f2e-0998-4401-ae9f-45bdce658c4f?source=api-prod",19,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":46,"trust_score":49,"computed_at":50},"kwestion505",88,"2026-04-04T14:13:27.818Z",[52,70,88,107,126],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":27,"num_ratings":27,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":18,"download_link":68,"security_score":69,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"seatgeek-tour-dates","Tour Dates","1.1","SeatGeek","https:\u002F\u002Fprofiles.wordpress.org\u002Fseatgeek\u002F","\u003Cp>SeatGeek’s Tour Dates plugin allows artists and fans to display upcoming tour dates for an artist, theater group (e.g. Book of Mormon), or team. Install as a sidebar widget or as a full-page widget using shortcode.\u003C\u002Fp>\n\u003Cp>The widget is fully customizable so you can have it match the look and feel of your site and ties into SeatGeek’s affiliate program so you can generate revenue off tickets sold.\u003C\u002Fp>\n\u003Cp>Get tour dates on your site in under 5 minutes!\u003C\u002Fp>\n","SeatGeek’s Tour Dates plugin allows artists and fans to display upcoming tour dates for a given performer.",10,2808,"2014-03-20T02:55:00.000Z","3.7.41","3.0.1",[20,21,66,22,67],"seatgeek","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseatgeek-tour-dates.zip",85,{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":27,"num_ratings":27,"last_updated":80,"tested_up_to":81,"requires_at_least":18,"requires_php":18,"tags":82,"homepage":85,"download_link":86,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":87,"fetched_at":29},"songkick-concerts-and-festivals","Songkick Concerts and Festivals","0.10.1","saleandro","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaleandro\u002F","\u003Cp>This plugin lets you display upcoming or past events for a Songkick user, artist, venue, or metro area on your WordPress blog.\u003C\u002Fp>\n\u003Cp>Events can be displayed by adding the Songkick widget to your template, or by adding the shortcode [songkick_concerts_and_festivals] anywhere in your blog.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Upcoming events for an artist\u003C\u002Fli>\n\u003Cli>Past events for an artist\u003C\u002Fli>\n\u003Cli>Upcoming events for a venue\u003C\u002Fli>\n\u003Cli>Upcoming events for a user\u003C\u002Fli>\n\u003Cli>Past events for a user\u003C\u002Fli>\n\u003Cli>Upcoming events for a metro area. A metro area is a city or a collection of cities that Songkick uses to notify users of concerts near them.\u003C\u002Fli>\n\u003Cli>Widget or shortcode format\u003C\u002Fli>\n\u003Cli>Show events for multiple artists, users, venues, or metro areas.\u003C\u002Fli>\n\u003Cli>Paginated list of events\u003C\u002Fli>\n\u003Cli>HTML markup with support for events as defined by \u003Ca href=\"http:\u002F\u002Fwww.schema.org\u002F\" rel=\"nofollow ugc\">Schema.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin uses a non-commercial Songkick API key. If you have a commercial website, you’ll need your own Songkick API key. Please read through \u003Ca href=\"http:\u002F\u002Fwww.songkick.com\u002Fdeveloper\u002Fapi-terms-of-use\" rel=\"nofollow ugc\">Songkick’s API terms of use\u003C\u002Fa>. Apply for a key here: \u003Ca href=\"http:\u002F\u002Fwww.songkick.com\u002Fdeveloper\" rel=\"nofollow ugc\">Songkick API docs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>This plugin requires PHP 5.6.20 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>Go to the Settings page to configure default options for the plugin. You can also specify your settings under Plugins\u002FWidget or via shortcode options.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For a user, simply put your username in the admin interface.\u003C\u002Fli>\n\u003Cli>For an artist, you should use the artist’s Songkick id, as shown in the url for your artist page. For example, the url “http:\u002F\u002Fwww.songkick.com\u002Fartists\u002F123-your-name” has the id “123”.\u003C\u002Fli>\n\u003Cli>The same goes for metro areas: “http:\u002F\u002Fwww.songkick.com\u002Fmetro_areas\u002F123-city-name” has the id “123”.\u003C\u002Fli>\n\u003Cli>And venues: “http:\u002F\u002Fwww.songkick.com\u002Fvenues\u002F123-venue-name” has the id “123”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widget\u003C\u002Fh4>\n\u003Cp>Go to the admin Widgets page and simply drag the widget into a sidebar and configure it.\u003C\u002Fp>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>Add the shortcode [songkick_concerts_and_festivals] in the content of any blog post.\u003C\u002Fp>\n\u003Cp>When using a shortcode, you can set which artist, venue, metro area, or user you want to display events for, allowing you to show events for different entities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Users:   \u003Ccode>[songkick_concerts_and_festivals songkick_id=your_username songkick_id_type=user]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Artists: \u003Ccode>[songkick_concerts_and_festivals songkick_id=your_artist_id songkick_id_type=artist]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Venues: \u003Ccode>[songkick_concerts_and_festivals songkick_id=your_venue_id songkick_id_type=venue]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Metro areas: \u003Ccode>[songkick_concerts_and_festivals songkick_id=your_metro_area_id songkick_id_type=metro_area]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Override shortcode settings:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>gigography=true|false\u003C\u002Fli>\n\u003Cli>number_of_events=integer\u003C\u002Fli>\n\u003Cli>show_pagination=true|false\u003C\u002Fli>\n\u003Cli>no_calendar_style=true|false — removes the calendar style from the event dates\u003C\u002Fli>\n\u003Cli>order=asc|desc – sort order for artist or user events\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PHP code\u003C\u002Fh4>\n\u003Cp>You can call the shortcode method directly in your PHP code:\n    \u003C\u002Fp>\n\u003Ch4>Blogs using this plugin\u003C\u002Fh4>\n\u003Cp>Know any blogs using this plugin? Let me know!\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>This is an open source project that I maintain during my spare time. I welcome contributions!\u003C\u002Fp>\n\u003Cp>The code lives on \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fsaleandro\u002Fsongkick-wp-plugin\" rel=\"nofollow ugc\">Github\u003C\u002Fa>. To send your contribution, fork my project, make your lovely changes, and send me a \u003Ca href=\"http:\u002F\u002Fhelp.github.com\u002Fsend-pull-requests\u002F\" rel=\"nofollow ugc\">pull request\u003C\u002Fa>. Thanks 🙂\u003C\u002Fp>\n","This plugin lets you display events for a Songkick user, artist, venue, or metro area on your WordPress blog, as a widget or shortcode.",500,22959,"2025-03-11T09:50:00.000Z","6.7.5",[20,21,83,84,67],"festivals","songkick","http:\u002F\u002Fgithub.com\u002Fsaleandro\u002Fsongkick-wp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsongkick-concerts-and-festivals.0.10.1.zip","2025-02-03 00:00:00",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":27,"num_ratings":27,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":18,"tags":101,"homepage":105,"download_link":106,"security_score":69,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"better-bandsintown","Better Bandsintown","0.4.2","mrpaplu","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrpaplu\u002F","\u003Cp>Embed Tour Dates from Bandsintown.com without having to deal with CSS (or an ugly widget).\u003C\u002Fp>\n\u003Ch4>Planned features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>More themes\u003C\u002Fli>\n\u003Cli>Customizable widget and shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Know issues\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The widget doesn’t like narrow spaces\u003C\u002Fli>\n\u003C\u002Ful>\n","Embed Tour Dates from Bandsintown.com without having to deal with CSS (or an ugly widget).",100,6258,"2015-02-21T22:30:00.000Z","4.1.42","4.0.0",[102,4,103,22,104],"bands","in","town","http:\u002F\u002Fkayvanbree.nl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-bandsintown.0.4.2.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":60,"downloaded":115,"rating":96,"num_ratings":26,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":18,"tags":119,"homepage":123,"download_link":124,"security_score":69,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":125},"concertpress","ConcertPress","1.1.2","Richard Sweeney","https:\u002F\u002Fprofiles.wordpress.org\u002Ftheorboman\u002F","\u003Cp>ConcertPress is designed from the ground up for classical musicians.\u003C\u002Fp>\n\u003Cp>ConcertPress saves venues and programmes for you so that they can easily be selected again.\u003C\u002Fp>\n\u003Cp>Programmes and venues can be added seperately or as you add an event. Events can also be copied which is handy when you’re adding lots of dates for a tour or a run of performances.\u003C\u002Fp>\n\u003Cp>Past events are stored in an archive.\u003C\u002Fp>\n\u003Cp>If you’re a classical musician, this is the events plugin for you!\u003C\u002Fp>\n","An events management plugin specifically designed for classical musicians.",3501,"2012-10-22T06:18:00.000Z","3.4.2","3.4.1",[120,20,21,121,122],"classical-music","events-diary","music","http:\u002F\u002Frichardsweeney.com\u002Fportfolio-item\u002Fconcertpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconcertpress.zip","2026-03-15T14:54:45.397Z",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":27,"downloaded":134,"rating":27,"num_ratings":27,"last_updated":18,"tested_up_to":81,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":18,"download_link":141,"security_score":96,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":142},"sinqwell-event-post-manager","Sinqwell Event Post Manager","1.0.9","sinqwell","https:\u002F\u002Fprofiles.wordpress.org\u002Fsinqwell\u002F","\u003Cp>Sinqwell Event Post Manager is a lightweight plugin for managing events and concerts. Perfect for musicians, venues, and event organizers.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Custom post type for events\u003Cbr \u002F>\n* REST API support for mobile apps\u003Cbr \u002F>\n* Automatic time calculations\u003Cbr \u002F>\n* Google Maps integration\u003Cbr \u002F>\n* Featured image support\u003Cbr \u002F>\n* Shortcode for displaying events\u003Cbr \u002F>\n* Separate upcoming\u002Fpast events\u003Cbr \u002F>\n* Multi-language support\u003Cbr \u002F>\n* Time To Be Determined (TBD) feature\u003Cbr \u002F>\n* Quick Edit support for event fields\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect any personal data. All information is stored in your WordPress database. We respect your privacy.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by sinqwell\u003Cbr \u002F>\nWebsite: https:\u002F\u002Fsinqwell.net\u002F\u003C\u002Fp>\n","Event and concert management made simple. Mobile app integration supported for iOS and Android.",265,"5.0","7.4",[138,20,21,139,140],"calendar","mobile-app","rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsinqwell-event-post-manager.1.0.9.zip","2026-03-15T10:48:56.248Z",{"attackSurface":144,"codeSignals":171,"taintFlows":201,"riskAssessment":202,"analyzedAt":214},{"hooks":145,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":170,"entryPointCount":26,"unprotectedCount":27},[146,151,155,159],{"type":147,"name":148,"callback":148,"file":149,"line":150},"action","admin_menu","bandsintown.php",15,{"type":147,"name":152,"callback":153,"file":149,"line":154},"admin_init","plugin_admin_init",16,{"type":147,"name":156,"callback":157,"file":149,"line":158},"wp_enqueue_scripts","bandsintown_tour_dates",18,{"type":147,"name":160,"callback":161,"file":149,"line":162},"widgets_init","bandsintown_widget_init",22,[],[],[166],{"tag":167,"callback":168,"file":149,"line":169},"bandsintown_events","shortcode",21,[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":200},[],{"prepared":27,"raw":27,"locations":174},[],{"escaped":162,"rawEcho":176,"locations":177},11,[178,181,183,185,187,189,192,193,194,196,198],{"file":149,"line":179,"context":180},99,"raw output",{"file":149,"line":182,"context":180},318,{"file":149,"line":184,"context":180},338,{"file":149,"line":186,"context":180},340,{"file":149,"line":188,"context":180},348,{"file":190,"line":191,"context":180},"views\\widget-form.php",7,{"file":190,"line":14,"context":180},{"file":190,"line":46,"context":180},{"file":190,"line":195,"context":180},20,{"file":190,"line":197,"context":180},31,{"file":190,"line":199,"context":180},32,[],[],{"summary":203,"deductions":204},"The \"bandsintown\" plugin v1.3.4 exhibits a generally positive security posture based on the static analysis.  The plugin demonstrates good practices by having no identified dangerous functions, using prepared statements for all SQL queries, and performing no file operations or external HTTP requests, which significantly reduces potential attack vectors.  While the static analysis found no critical or high severity taint flows, indicating a good effort in sanitizing inputs, there is a notable concern regarding output escaping, with only 67% of outputs being properly escaped. This leaves room for potential Cross-Site Scripting (XSS) vulnerabilities if unescaped data is rendered in sensitive contexts.  Furthermore, the absence of nonce checks and capability checks on its single shortcode entry point is a significant omission, as it means any authenticated user, regardless of their role, could potentially trigger actions through this shortcode. The vulnerability history reveals one medium severity CVE related to XSS, which, although currently unpatched, aligns with the concern of insufficient output escaping. The presence of a past XSS vulnerability, coupled with less than ideal output escaping and the lack of authorization checks on its entry point, suggests a potential for exploitation if an attacker can influence the data being displayed.",[205,208,210,212],{"reason":206,"points":207},"Unescaped output (33 total, 67% escaped)",6,{"reason":209,"points":191},"Missing nonce checks on entry point (1 shortcode)",{"reason":211,"points":191},"Missing capability checks on entry point (1 shortcode)",{"reason":213,"points":158},"Medium severity CVE in vulnerability history (unpatched)","2026-03-16T18:13:16.956Z",{"wat":216,"direct":224},{"assetPaths":217,"generatorPatterns":220,"scriptPaths":221,"versionParams":223},[218,219],"\u002Fwp-content\u002Fplugins\u002Fbandsintown\u002Fbandsintown-admin.js","\u002Fwp-content\u002Fplugins\u002Fbandsintown\u002Fbandsintown-admin.css",[],[222],"https:\u002F\u002Fwidget.bandsintown.com\u002Fmain.min.js",[],{"cssClasses":225,"htmlComments":229,"htmlAttributes":230,"restEndpoints":241,"jsGlobals":242,"shortcodeOutput":244},[226,227,228],"bit-widget-initializer","wrap","bandsintown_wrap",[],[231,232,233,234,235,236,237,238,239,240],"data-artist-name","data-text-color","data-link-color","data-background-color","data-display-limit","data-link-text-color","data-display-local-dates","data-display-past-dates","data-auto-style","data-popup-background-color",[],[243],"bandsintown_widget",[245],"\u003Cdiv class=\"bandsintown-widget\" data-artist-name=\""]