[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foPHmHQISvbFjM7oBfDC30n1duCI8z4sH7ckYcvDYubw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":74,"crawl_stats":32,"alternatives":79,"analysis":80,"fingerprints":557},"bizcalendar-web","BizCalendar Web","1.1.0.62","setriosoft","https:\u002F\u002Fprofiles.wordpress.org\u002Fsetriosoft\u002F","\u003Ch4>Romana\u003C\u002Fh4>\n\u003Cp>Acest modul permite afisarea in orice site WordPress a unui formular prin care se pot face programari online pentru o clinica medicala care foloseste aplicatia BizMedica (http:\u002F\u002Fwww.setrio.ro\u002Fbizmedica\u002F).\u003C\u002Fp>\n\u003Cp>Pentru ca modulul sa functioneze corect, acesta transfera toate datele introduse in formular catre un serviciu web extern inclus in aplicatia BizMedica, care este gazduit pe serverul clinicii medicale. De asemenea, el preia date despre medici, specialitati medicale, intervale orare disponibile, etc. din acest serviciu. Toata comunicatia intre serverul WordPress si serviciul extern BizMedica se face criptat, prin protocolul HTTPS.\u003C\u002Fp>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>This plugin allows you to display a form on any WordPress site which allows you to make online appointments for any medical clinic using BizMedica software solutions (http:\u002F\u002Fwww.setrio.ro\u002Fbizmedica\u002F).\u003C\u002Fp>\n\u003Cp>In order for the correct function of the plugin, it transfers all the data entered into the form to an external web service included in the BizMedica application, which is hosted on the medical clinic server. It also downloads data about physicians, medical specialties, available time slots, etc. from this external service. All communication between the WordPress server and the BizMedica external service is encrypted through the HTTPS protocol.\u003C\u002Fp>\n","Modul de programări online pentru clinicile medicale care folosesc BizMedica \u002F Online appointments form for medical clinics using BizMedica software",20,6868,0,"","6.8.5","3.3","5.3.0",[19],"setrio-bizmedica-bizcalendar-online-appointments-programari","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsetrio-bizcalendar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbizcalendar-web.1.1.0.62.zip",96,3,"2025-08-14 20:14:14","2026-03-15T10:48:56.248Z",[27,43,59],{"id":28,"url_slug":29,"title":30,"description":31,"plugin_slug":4,"theme_slug":32,"affected_versions":33,"patched_in_version":34,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":24,"updated_date":39,"references":40,"days_to_patch":42},"CVE-2025-7650","bizcalendar-web-authenticated-contributor-local-file-inclusion","BizCalendar Web \u003C= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion","The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",null,"\u003C=1.1.0.53","1.1.0.54","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2025-10-14 19:14:50",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0640538c-b076-453c-a32e-f33b4e1c77ae?source=api-prod",61,{"id":44,"url_slug":45,"title":46,"description":47,"plugin_slug":4,"theme_slug":32,"affected_versions":48,"patched_in_version":49,"severity":50,"cvss_score":51,"cvss_vector":52,"vuln_type":53,"published_date":54,"updated_date":55,"references":56,"days_to_patch":58},"CVE-2025-30843","bizcalendar-web-authenticated-administrator-sql-injection","bizcalendar-web \u003C= 1.1.0.34 - Authenticated (Administrator+) SQL Injection","The bizcalendar-web plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.0.34 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C=1.1.0.34","1.1.0.35","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-03-27 00:00:00","2025-04-03 14:11:34",[57],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9a825b7b-118d-4c34-905b-0cf7cfa00ad7?source=api-prod",8,{"id":60,"url_slug":61,"title":62,"description":63,"plugin_slug":4,"theme_slug":32,"affected_versions":64,"patched_in_version":65,"severity":50,"cvss_score":66,"cvss_vector":67,"vuln_type":68,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73},"CVE-2024-1780","bizcalendar-web-reflected-cross-site-scripting-via-tab","BizCalendar Web \u003C= 1.1.0.25 - Reflected Cross-Site Scripting via 'tab'","The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.0.25","1.1.0.26",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-04-09 00:00:00","2024-08-07 13:21:41",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb76b12ed-1bb4-4aa9-ab9f-06084c667f40?source=api-prod",121,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":75,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":76,"trust_score":77,"computed_at":78},1,63,85,"2026-04-04T21:30:26.595Z",[],{"attackSurface":81,"codeSignals":266,"taintFlows":298,"riskAssessment":543,"analyzedAt":556},{"hooks":82,"ajaxHandlers":151,"restRoutes":237,"shortcodes":238,"cronEvents":263,"entryPointCount":264,"unprotectedCount":265},[83,89,93,97,101,105,110,115,118,122,126,130,134,139,142,146],{"type":84,"name":85,"callback":86,"file":87,"line":88},"action","admin_menu","setrio_bizcal_setup_menu","admin\\bizcalendar-admin.php",10,{"type":84,"name":90,"callback":91,"file":87,"line":92},"plugins_loaded","setrio_bizcal_admin_init",11,{"type":84,"name":94,"callback":95,"file":87,"line":96},"admin_print_scripts","setrio_bizcal_enqueue_admin_scripts",26,{"type":84,"name":98,"callback":99,"file":87,"line":100},"admin_post","save",1892,{"type":84,"name":102,"callback":103,"file":87,"line":104},"save_post","SetrioBizCalAdminPostSelectInstance::do_saves",3416,{"type":106,"name":107,"callback":108,"file":87,"line":109},"filter","posts_where","closure",3456,{"type":84,"name":111,"callback":112,"file":113,"line":114},"init","setrio_bizcal_shortcodes_init","bizcalendar.php",36,{"type":84,"name":90,"callback":116,"file":113,"line":117},"setrio_bizcal_init",37,{"type":84,"name":119,"callback":120,"file":113,"line":121},"wp_footer","setrio_bizcal_ensure_form_is_added",38,{"type":106,"name":123,"callback":124,"file":113,"line":125},"body_class","setrio_bizcal_add_customer_body_class",40,{"type":106,"name":127,"callback":128,"priority":92,"file":113,"line":129},"clean_url","setrio_bizcal_add_async_forrecaptcha",41,{"type":106,"name":131,"callback":132,"priority":88,"file":113,"line":133},"script_loader_tag","setrio_bizcal_script_add_type_attribute",43,{"type":84,"name":135,"callback":136,"priority":137,"file":113,"line":138},"wp_loaded","setrio_bizcal_online_payment_mobilpay_status",999999999999,166,{"type":84,"name":111,"callback":140,"file":113,"line":141},"setrio_bizcal_online_payment_mobilpay_confirm",170,{"type":84,"name":143,"callback":144,"file":113,"line":145},"admin_notices","setrio_bizcal_show_admin_notice",173,{"type":106,"name":147,"callback":148,"file":149,"line":150},"wp_mail_content_type","setrio_bizcal_set_email_content_type","main.php",3698,[152,157,161,165,168,172,174,178,180,184,186,189,191,195,197,201,203,207,209,213,215,219,221,225,227,231,235],{"action":153,"nopriv":154,"callback":155,"hasNonce":154,"hasCapCheck":154,"file":87,"line":156},"setrio_bizcal_post_select_lookup",false,"SetrioBizCalAdminPostSelectInstance::post_lookup",3414,{"action":158,"nopriv":154,"callback":159,"hasNonce":154,"hasCapCheck":154,"file":87,"line":160},"setrio_bizcal_get_post_titles","SetrioBizCalAdminPostSelectInstance::get_post_titles",3415,{"action":162,"nopriv":154,"callback":163,"hasNonce":154,"hasCapCheck":154,"file":113,"line":164},"get_medical_specialities","setrio_bizcal_ajax_get_medical_specialities",49,{"action":162,"nopriv":166,"callback":163,"hasNonce":154,"hasCapCheck":154,"file":113,"line":167},true,50,{"action":169,"nopriv":154,"callback":170,"hasNonce":154,"hasCapCheck":154,"file":113,"line":171},"get_locations","setrio_bizcal_ajax_get_locations",52,{"action":169,"nopriv":166,"callback":170,"hasNonce":154,"hasCapCheck":154,"file":113,"line":173},53,{"action":175,"nopriv":154,"callback":176,"hasNonce":154,"hasCapCheck":154,"file":113,"line":177},"get_medical_services","setrio_bizcal_ajax_get_medical_services",55,{"action":175,"nopriv":166,"callback":176,"hasNonce":154,"hasCapCheck":154,"file":113,"line":179},56,{"action":181,"nopriv":154,"callback":182,"hasNonce":154,"hasCapCheck":154,"file":113,"line":183},"get_physicians","setrio_bizcal_ajax_get_physicians",58,{"action":181,"nopriv":166,"callback":182,"hasNonce":154,"hasCapCheck":154,"file":113,"line":185},59,{"action":187,"nopriv":154,"callback":188,"hasNonce":154,"hasCapCheck":154,"file":113,"line":42},"get_prices","setrio_bizcal_ajax_get_medical_services_with_prices",{"action":187,"nopriv":166,"callback":188,"hasNonce":154,"hasCapCheck":154,"file":113,"line":190},62,{"action":192,"nopriv":154,"callback":193,"hasNonce":154,"hasCapCheck":154,"file":113,"line":194},"get_payment_types","setrio_bizcal_ajax_get_payment_types",64,{"action":192,"nopriv":166,"callback":193,"hasNonce":154,"hasCapCheck":154,"file":113,"line":196},65,{"action":198,"nopriv":154,"callback":199,"hasNonce":154,"hasCapCheck":154,"file":113,"line":200},"get_allowed_payment_types","setrio_bizcal_ajax_get_allowed_payment_types",67,{"action":198,"nopriv":166,"callback":199,"hasNonce":154,"hasCapCheck":154,"file":113,"line":202},68,{"action":204,"nopriv":154,"callback":205,"hasNonce":154,"hasCapCheck":154,"file":113,"line":206},"get_date_availabilities","setrio_bizcal_ajax_get_date_availabilities",70,{"action":204,"nopriv":166,"callback":205,"hasNonce":154,"hasCapCheck":154,"file":113,"line":208},71,{"action":210,"nopriv":154,"callback":211,"hasNonce":154,"hasCapCheck":154,"file":113,"line":212},"get_availability","setrio_bizcal_ajax_get_availability",73,{"action":210,"nopriv":166,"callback":211,"hasNonce":154,"hasCapCheck":154,"file":113,"line":214},74,{"action":216,"nopriv":154,"callback":217,"hasNonce":154,"hasCapCheck":154,"file":113,"line":218},"register_appointment","setrio_bizcal_ajax_register_appointment",76,{"action":216,"nopriv":166,"callback":217,"hasNonce":154,"hasCapCheck":154,"file":113,"line":220},77,{"action":222,"nopriv":154,"callback":223,"hasNonce":154,"hasCapCheck":154,"file":113,"line":224},"get_price_for_service","setrio_bizcal_ajax_get_price_for_service",79,{"action":222,"nopriv":166,"callback":223,"hasNonce":154,"hasCapCheck":154,"file":113,"line":226},80,{"action":228,"nopriv":166,"callback":229,"hasNonce":154,"hasCapCheck":154,"file":113,"line":230},"setrio_testmail","setrio_bizcal_ajax_testmail",81,{"action":232,"nopriv":154,"callback":233,"hasNonce":154,"hasCapCheck":154,"file":113,"line":234},"setrio_date_rel_abs","setrio_bizcal_ajax_dates",83,{"action":232,"nopriv":166,"callback":233,"hasNonce":154,"hasCapCheck":154,"file":113,"line":236},84,[],[239,243,247,250,253,257,260],{"tag":240,"callback":241,"file":149,"line":242},"bizcal_detalii_programare","setrio_bizcal_detalii_programare_shortcode",217,{"tag":244,"callback":245,"file":149,"line":246},"bizcal","anonymous",218,{"tag":248,"callback":245,"file":149,"line":249},"bizcal_popup",219,{"tag":251,"callback":245,"file":149,"line":252},"bizcal_hidden",220,{"tag":254,"callback":255,"file":149,"line":256},"bizcalv","setrio_bizcal_shortcode_vue",221,{"tag":258,"callback":255,"file":149,"line":259},"bizcalv_popup",222,{"tag":261,"callback":255,"file":149,"line":262},"bizcalv_hidden",223,[],34,27,{"dangerousFunctions":267,"sqlUsage":268,"outputEscaping":279,"fileOperations":292,"externalRequests":281,"nonceChecks":293,"capabilityChecks":281,"bundledLibraries":294},[],{"prepared":269,"raw":23,"locations":270},15,[271,274,277],{"file":272,"line":77,"context":273},"localdata.php","$wpdb->get_var() with variable interpolation",{"file":272,"line":275,"context":276},103,"$wpdb->get_results() with variable interpolation",{"file":272,"line":278,"context":273},169,{"escaped":280,"rawEcho":281,"locations":282},736,4,[283,286,288,290],{"file":87,"line":284,"context":285},1795,"raw output",{"file":87,"line":287,"context":285},3485,{"file":87,"line":289,"context":285},3523,{"file":291,"line":265,"context":285},"admin\\vuethemeroller.php",2,12,[295],{"name":296,"version":32,"knownCves":297},"Select2",[],[299,412,497,506,516,525,535],{"entryPoint":300,"graph":301,"unsanitizedCount":88,"severity":50},"save (admin\\bizcalendar-admin.php:1895)",{"nodes":302,"edges":392},[303,308,314,318,322,328,332,334,336,340,342,344,348,350,352,356,358,360,364,366,368,372,374,376,380,382,384,388,390],{"id":304,"type":305,"label":306,"file":87,"line":307},"n0","source","$_POST (x71)",1912,{"id":309,"type":310,"label":311,"file":87,"line":312,"wp_function":313},"n1","sink","update_option() [Settings Manipulation]",1927,"update_option",{"id":315,"type":305,"label":316,"file":87,"line":317},"n2","$_POST (x2)",2011,{"id":319,"type":320,"label":321,"file":87,"line":317},"n3","transform","→ wp_kses_post()",{"id":323,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n4","echo() [XSS]","wp-check-fix.php",5,"echo",{"id":329,"type":305,"label":330,"file":87,"line":331},"n5","$_POST['setrio-bizcal-speciality-order-items']",2097,{"id":333,"type":320,"label":321,"file":87,"line":331},"n6",{"id":335,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n7",{"id":337,"type":305,"label":338,"file":87,"line":339},"n8","$_POST['setrio-bizcal-vue-inline-template']",2227,{"id":341,"type":320,"label":321,"file":87,"line":339},"n9",{"id":343,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n10",{"id":345,"type":305,"label":346,"file":87,"line":347},"n11","$_POST['setrio-bizcal-vue-popup-template']",2230,{"id":349,"type":320,"label":321,"file":87,"line":347},"n12",{"id":351,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n13",{"id":353,"type":305,"label":354,"file":87,"line":355},"n14","$_POST['setrio-bizcal-vue-calendar-type']",2233,{"id":357,"type":320,"label":321,"file":87,"line":355},"n15",{"id":359,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n16",{"id":361,"type":305,"label":362,"file":87,"line":363},"n17","$_POST['setrio-bizcal-vue-button-class']",2236,{"id":365,"type":320,"label":321,"file":87,"line":363},"n18",{"id":367,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n19",{"id":369,"type":305,"label":370,"file":87,"line":371},"n20","$_POST['setrio-bizcal-vue-button-style']",2239,{"id":373,"type":320,"label":321,"file":87,"line":371},"n21",{"id":375,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n22",{"id":377,"type":305,"label":378,"file":87,"line":379},"n23","$_POST['setrio-bizcal-vue-button-type']",2242,{"id":381,"type":320,"label":321,"file":87,"line":379},"n24",{"id":383,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n25",{"id":385,"type":305,"label":386,"file":87,"line":387},"n26","$_POST['setrio-bizcal-vue-params']",2246,{"id":389,"type":320,"label":321,"file":87,"line":387},"n27",{"id":391,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n28",[393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411],{"from":304,"to":309,"sanitized":166},{"from":315,"to":319,"sanitized":154},{"from":319,"to":323,"sanitized":154},{"from":329,"to":333,"sanitized":154},{"from":333,"to":335,"sanitized":154},{"from":337,"to":341,"sanitized":154},{"from":341,"to":343,"sanitized":154},{"from":345,"to":349,"sanitized":154},{"from":349,"to":351,"sanitized":154},{"from":353,"to":357,"sanitized":154},{"from":357,"to":359,"sanitized":154},{"from":361,"to":365,"sanitized":154},{"from":365,"to":367,"sanitized":154},{"from":369,"to":373,"sanitized":154},{"from":373,"to":375,"sanitized":154},{"from":377,"to":381,"sanitized":154},{"from":381,"to":383,"sanitized":154},{"from":385,"to":389,"sanitized":154},{"from":389,"to":391,"sanitized":154},{"entryPoint":413,"graph":414,"unsanitizedCount":88,"severity":50},"\u003Cbizcalendar-admin> (admin\\bizcalendar-admin.php:0)",{"nodes":415,"edges":473},[416,419,421,422,423,426,430,431,435,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,459,461,463,465,467,469,471],{"id":304,"type":305,"label":417,"file":87,"line":418},"$_GET (x2)",291,{"id":309,"type":310,"label":324,"file":87,"line":420,"wp_function":327},314,{"id":315,"type":305,"label":306,"file":87,"line":307},{"id":319,"type":310,"label":311,"file":87,"line":312,"wp_function":313},{"id":323,"type":305,"label":424,"file":87,"line":425},"$_REQUEST",3093,{"id":329,"type":310,"label":427,"file":87,"line":428,"wp_function":429},"get_results() [SQLi]",3107,"get_results",{"id":333,"type":305,"label":424,"file":87,"line":425},{"id":335,"type":310,"label":432,"file":87,"line":433,"wp_function":434},"get_var() [SQLi]",3128,"get_var",{"id":337,"type":305,"label":436,"file":87,"line":425},"$_REQUEST (x2)",{"id":341,"type":310,"label":324,"file":87,"line":287,"wp_function":327},{"id":343,"type":305,"label":316,"file":87,"line":317},{"id":345,"type":320,"label":321,"file":87,"line":317},{"id":349,"type":310,"label":324,"file":325,"line":326,"wp_function":327},{"id":351,"type":305,"label":330,"file":87,"line":331},{"id":353,"type":320,"label":321,"file":87,"line":331},{"id":357,"type":310,"label":324,"file":325,"line":326,"wp_function":327},{"id":359,"type":305,"label":338,"file":87,"line":339},{"id":361,"type":320,"label":321,"file":87,"line":339},{"id":365,"type":310,"label":324,"file":325,"line":326,"wp_function":327},{"id":367,"type":305,"label":346,"file":87,"line":347},{"id":369,"type":320,"label":321,"file":87,"line":347},{"id":373,"type":310,"label":324,"file":325,"line":326,"wp_function":327},{"id":375,"type":305,"label":354,"file":87,"line":355},{"id":377,"type":320,"label":321,"file":87,"line":355},{"id":381,"type":310,"label":324,"file":325,"line":326,"wp_function":327},{"id":383,"type":305,"label":362,"file":87,"line":363},{"id":385,"type":320,"label":321,"file":87,"line":363},{"id":389,"type":310,"label":324,"file":325,"line":326,"wp_function":327},{"id":391,"type":305,"label":370,"file":87,"line":371},{"id":458,"type":320,"label":321,"file":87,"line":371},"n29",{"id":460,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n30",{"id":462,"type":305,"label":378,"file":87,"line":379},"n31",{"id":464,"type":320,"label":321,"file":87,"line":379},"n32",{"id":466,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n33",{"id":468,"type":305,"label":386,"file":87,"line":387},"n34",{"id":470,"type":320,"label":321,"file":87,"line":387},"n35",{"id":472,"type":310,"label":324,"file":325,"line":326,"wp_function":327},"n36",[474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496],{"from":304,"to":309,"sanitized":166},{"from":315,"to":319,"sanitized":166},{"from":323,"to":329,"sanitized":166},{"from":333,"to":335,"sanitized":166},{"from":337,"to":341,"sanitized":166},{"from":343,"to":345,"sanitized":154},{"from":345,"to":349,"sanitized":154},{"from":351,"to":353,"sanitized":154},{"from":353,"to":357,"sanitized":154},{"from":359,"to":361,"sanitized":154},{"from":361,"to":365,"sanitized":154},{"from":367,"to":369,"sanitized":154},{"from":369,"to":373,"sanitized":154},{"from":375,"to":377,"sanitized":154},{"from":377,"to":381,"sanitized":154},{"from":383,"to":385,"sanitized":154},{"from":385,"to":389,"sanitized":154},{"from":391,"to":458,"sanitized":154},{"from":458,"to":460,"sanitized":154},{"from":462,"to":464,"sanitized":154},{"from":464,"to":466,"sanitized":154},{"from":468,"to":470,"sanitized":154},{"from":470,"to":472,"sanitized":154},{"entryPoint":498,"graph":499,"unsanitizedCount":13,"severity":505},"setrio_bizcal_admin_display (admin\\bizcalendar-admin.php:199)",{"nodes":500,"edges":503},[501,502],{"id":304,"type":305,"label":417,"file":87,"line":418},{"id":309,"type":310,"label":324,"file":87,"line":420,"wp_function":327},[504],{"from":304,"to":309,"sanitized":166},"low",{"entryPoint":507,"graph":508,"unsanitizedCount":13,"severity":505},"\u003Cjqueryuithemeroller> (admin\\jqueryuithemeroller.php:0)",{"nodes":509,"edges":514},[510,513],{"id":304,"type":305,"label":511,"file":512,"line":23},"$_SERVER (x2)","admin\\jqueryuithemeroller.php",{"id":309,"type":310,"label":324,"file":512,"line":133,"wp_function":327},[515],{"from":304,"to":309,"sanitized":166},{"entryPoint":517,"graph":518,"unsanitizedCount":75,"severity":505},"\u003Cvuethemeroller> (admin\\vuethemeroller.php:0)",{"nodes":519,"edges":523},[520,522],{"id":304,"type":305,"label":521,"file":291,"line":23},"$_GET",{"id":309,"type":310,"label":324,"file":291,"line":265,"wp_function":327},[524],{"from":304,"to":309,"sanitized":154},{"entryPoint":526,"graph":527,"unsanitizedCount":13,"severity":505},"setrio_bizcal_online_payment_mobilpay_status (main.php:2605)",{"nodes":528,"edges":533},[529,531],{"id":304,"type":305,"label":417,"file":149,"line":530},2607,{"id":309,"type":310,"label":324,"file":149,"line":532,"wp_function":327},2655,[534],{"from":304,"to":309,"sanitized":166},{"entryPoint":536,"graph":537,"unsanitizedCount":13,"severity":505},"\u003Cmain> (main.php:0)",{"nodes":538,"edges":541},[539,540],{"id":304,"type":305,"label":417,"file":149,"line":530},{"id":309,"type":310,"label":324,"file":149,"line":532,"wp_function":327},[542],{"from":304,"to":309,"sanitized":166},{"summary":544,"deductions":545},"The bizcalendar-web plugin, version 1.1.0.62, exhibits a mixed security posture. While it demonstrates good practices in output escaping (99% properly escaped) and a high percentage of SQL queries using prepared statements (83%), significant concerns arise from its attack surface.  A substantial 27 out of 34 identified entry points, primarily AJAX handlers, lack proper authentication checks, leaving them vulnerable to unauthorized access and potential exploitation. The presence of 3 unsanitized taint flows, although not rated as critical or high severity in the static analysis, warrants attention as they could potentially lead to security issues if exploited under specific conditions.  The plugin's vulnerability history is also a notable concern, with 3 known CVEs, including one high-severity vulnerability, indicating a past susceptibility to common attack vectors like Remote File Inclusion, SQL Injection, and Cross-site Scripting. Although currently no unpatched vulnerabilities exist, this history suggests a recurring need for vigilance and prompt patching by users. The plugin's strengths lie in its code hygiene regarding output and prepared SQL statements, but the exposed attack surface and historical vulnerability patterns necessitate a cautious approach.",[546,548,550,552,554],{"reason":547,"points":88},"Significant attack surface without auth checks (AJAX)",{"reason":549,"points":326},"Taint flows with unsanitized paths",{"reason":551,"points":269},"History of 1 high severity CVE",{"reason":553,"points":88},"History of 2 medium severity CVEs",{"reason":555,"points":23},"Bundled library (Select2) - potential for outdatedness","2026-03-16T22:41:48.781Z",{"wat":558,"direct":585},{"assetPaths":559,"generatorPatterns":580,"scriptPaths":581,"versionParams":582},[560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,572],"\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fcss\u002Fbootstrap-datetimepicker.min.css","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fcss\u002Fdaterangepicker.css","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Fmoment.min.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Fbootstrap-datetimepicker.min.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Fdaterangepicker.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Ffullcalendar.min.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Flocale\u002Fes.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Flocale\u002Fpt-br.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Flocale\u002Fro.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Flocale\u002Fen.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Flocale\u002Fde.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Flocale\u002Ffr.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Flocale\u002Fit.js","\u002Fwp-content\u002Fplugins\u002Fbizcalendar-web\u002Fjs\u002Flocale\u002Fpt.js",[],[560,561],[583,584],"bizcalendar-web\u002Fstyle.css?ver=","bizcalendar-web\u002Fjs\u002Fmain.js?ver=",{"cssClasses":586,"htmlComments":589,"htmlAttributes":592,"restEndpoints":595,"jsGlobals":606,"shortcodeOutput":609},[587,588],"setrio-bizcal-booking-form","bizcal-calendar-wrap",[590,591],"\u003C!-- BizCalendar Web Booking Form -->","\u003C!-- BizCalendar Web Calendar -->",[593,594],"data-bizcal-action","data-bizcal-postid",[596,597,598,599,600,601,602,603,604,605],"\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Fspecialities","\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Flocations","\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Fservices","\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Fphysicians","\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Fprices","\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Fpayment-types","\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Fallowed-payment-types","\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Favailability","\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Fregister-appointment","\u002Fwp-json\u002Fbizcalendar-web\u002Fv1\u002Fprice-for-service",[607,608],"bizcal_ajax_object","setrio_bizcal_config",[610,611],"[bizcal_booking_form","[bizcal_calendar"]