[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAbYlGF49_Eh4_LxzrV2Xsf5q3HY2r6eYL9C4wIynaSQ":3,"$fyvUGNRcY8Y6fAFkP9etJWlWtBxOsaLq2zAOqbjMWwRw":229,"$fB5GeAxifzmAJLHd_aKOHXRqkLTzTrP1xtu4-TYjw4aQ":233},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":49,"crawl_stats":37,"alternatives":52,"analysis":127,"fingerprints":191},"bmlt-tabbed-map","BMLT Tabbed Map","1.2.1","paulnagle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaulnagle\u002F","\u003Cp>This plugin provides a Tabbed Map interface for the Basic Meeting List Toolbox (BMLT).  Simply put the shortcode [bmlt_tabbed_map] into a WordPress page to get your very own tabbed map interface to BMLT. Please visit Settings – BMLT Tabbed Map for more shortcode instructions.\u003C\u002Fp>\n","bmlt_tabbed_map implements a Tabbed Map for BMLT.",30,3033,0,"2024-11-29T17:14:00.000Z","6.7.5","4.0","",[19,20,21,22,23],"bmlt","meeting-finder","meeting-list","na","recovery","https:\u002F\u002Fbmlt.app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.2.1.zip",91,1,"2024-12-02 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":28,"updated_date":44,"references":45,"days_to_patch":27,"patch_diff_files":47,"patch_trac_url":37,"research_status":37,"research_verified":48,"research_rounds_completed":13,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2024-11866","bmlt-tabbed-map-authenticated-contributor-stored-cross-site-scripting","BMLT Tabbed Map \u003C= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting","The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_tabbed_map' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.1.8","1.2.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-03 08:32:28",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F49958e9e-7f9b-48fb-bfe2-5b1b437171d6?source=api-prod",[],false,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":27,"trust_score":50,"computed_at":51},94,"2026-05-20T03:39:12.755Z",[53,71,87,97,114],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":61,"num_ratings":27,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":24,"download_link":68,"security_score":69,"vuln_count":27,"unpatched_count":27,"last_vuln_date":70,"fetched_at":29},"bmlt-wordpress-satellite-plugin","BMLT WordPress Satellite","3.11.6","BMLTGuy","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagblogapi\u002F","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fbmlt.app\" rel=\"nofollow ugc\">Basic Meeting List Toolbox (BMLT)\u003C\u002Fa> is a powerful client\u002Fserver system for locating NA meetings.\u003Cbr \u002F>\nThe “root server” is a standalone Website, but “satellite servers” are set up to point to the “root.” This is a “satellite,” set up as a WordPress plugin.\u003Cbr \u002F>\nIt is very easy to install and use. It has an administration panel that lets you choose a map center, designate the root, set up the map zoom, and whether older browsers are supported.\u003C\u002Fp>\n","This is a \"satellite\" plugin for the Basic Meeting List Toolbox (BMLT).",100,13214,"2026-03-20T21:40:00.000Z","6.9.4","6.2","8.1",[19,20,21,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-wordpress-satellite-plugin.3.11.6.zip",78,"2025-12-11 14:28:25",{"slug":72,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":61,"num_ratings":27,"last_updated":80,"tested_up_to":81,"requires_at_least":16,"requires_php":82,"tags":83,"homepage":85,"download_link":86,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"crouton","4.1.10","radius314","https:\u002F\u002Fprofiles.wordpress.org\u002Fradius314\u002F","\u003Cp>Crouton provides a UI for viewing recovery meetings stored in a Basic Meeting List Toolbox (BMLT) database.  Simply put a shortcode on a WordPress page to get an interactive display list of meetings.\u003Cbr \u002F>\nThis plugin provides shortcodes to view the meetings as a table, a map or insert the number of meetings and groups in specified service bodies.  Configure Crouton from the WordPress backend, using attributes in the shortcode or using query string parameters.  The admin UI contains detailed instructions.\u003C\u002Fp>\n","crouton provides a UI and more for view recovery meetings as stored in a Basic Meeting List Toolbox (BMLT) database.",300,35721,"2026-04-15T11:21:00.000Z","7.0","8.0",[19,21,84,23],"narcotics-anonymous","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcrouton\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrouton.4.1.10.zip",{"slug":88,"name":89,"version":90,"author":74,"author_profile":75,"description":91,"short_description":92,"active_installs":78,"downloaded":93,"rating":13,"num_ratings":13,"last_updated":94,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":95,"homepage":24,"download_link":96,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"bread","Bread","2.9.11","\u003Cp>“bread” is a fork of the BMLT meeting list generator.  It allows for the creation of a meeting schedule from a BMLT server.\u003C\u002Fp>\n","A web-based tool that creates, maintains and generates a PDF meeting list from BMLT.",17565,"2026-02-05T14:01:00.000Z",[19,21,22,84],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbread.2.9.11.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":13,"num_ratings":13,"last_updated":107,"tested_up_to":108,"requires_at_least":17,"requires_php":82,"tags":109,"homepage":112,"download_link":113,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"list-locations-bmlt","List Locations BMLT","2.4.0","pjaudiomv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpjaudiomv\u002F","\u003Cp>List Locations BMLT is a plugin that returns all unique towns or counties from your BMLT server for a given service body on your site.\u003C\u002Fp>\n\u003Cp>SHORTCODE\u003Cbr \u002F>\nBasic: [list_locations]\u003Cbr \u002F>\nAttributes: root_server, services, recursive, state, delimiter, list, state_skip, city_skip\u003C\u002Fp>\n\u003Cp>— Shortcode parameters can be combined\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>A minimum of root_server and services attribute are required, which would return all towns for that service body seperated by a comma.\u003C\u002Fp>\n\u003Cp>Ex. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recursive:\u003C\u002Fstrong> to recurse service bodies add recursive=\"1\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" recursive=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>State:\u003C\u002Fstrong> to remove appending of the state add state=\"0\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"0\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>State Skip:\u003C\u002Fstrong> to skip the inclusion of a state when using state=\"1\" add state_skip=\"NC\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"1\" state_skip=\"NC\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>City Skip\u003C\u002Fstrong> To skip the inclusion of a city add city_skip=\"Indianapolis\". This can be useful when mentioning a city out of order or in a different part of the text.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"1\" city_skip=\"Indianapolis\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Services:\u003C\u002Fstrong> to add multiple service bodies just seperate by a comma.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50,37,26\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Delimiter:\u003C\u002Fstrong> to change the delimiter to something besides a comma I would add delimiter=\" – \" or to create newlines between each I could do this delimiter=\"\u003Cbr>\", or delimiter=\"\u003Cp>\u003C\u002Fp>\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" delimiter=\"\u003Cbr>\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>List:\u003C\u002Fstrong> You can list by the following town, county, borough, neighborhood. The default is town.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" list=\"town\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>custom_query\u003C\u002Fstrong> You can add a custom query from semantic api to filter results, for ex by format \u003Ccode>&formats=54\u003C\u002Fcode>.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" custom_query=\"&formats=54\"]\u003C\u002Fp>\n\u003Ch3>EXAMPLES\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.crna.org\u002Farea-service-committees\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.crna.org\u002Farea-service-committees\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fheartoflongislandna.org\" rel=\"nofollow ugc\">https:\u002F\u002Fheartoflongislandna.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Feanaonline.org\" rel=\"nofollow ugc\">https:\u002F\u002Feanaonline.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>MORE INFORMATION\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Flist-locations-bmlt\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Flist-locations-bmlt\u003C\u002Fa>\u003C\u002Fp>\n","List Locations BMLT is a plugin that returns all unique towns or counties from your BMLT server for a given service body on your site.",70,3189,"2025-09-12T22:24:00.000Z","6.8.5",[110,19,111,98,84],"basic-meeting-list-toolbox","list-locations","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flist-locations-bmlt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flist-locations-bmlt.2.4.0.zip",{"slug":115,"name":116,"version":117,"author":101,"author_profile":102,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":13,"num_ratings":13,"last_updated":122,"tested_up_to":108,"requires_at_least":16,"requires_php":82,"tags":123,"homepage":125,"download_link":126,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"upcoming-meetings-bmlt","Upcoming Meetings BMLT","1.6.0","\u003Cp>Upcoming Meetings BMLT is a plugin that displays the next ‘N’ number of meetings from the current time on your page or in a widget using the upcoming_meetings shortcode.\u003C\u002Fp>\n\u003Cp>SHORTCODE\u003Cbr \u002F>\nBasic: [upcoming_meetings]\u003Cbr \u002F>\nAttributes: root_server, services, recursive, grace_period, num_results, display_type, timezone, location_text, time_format, weekday_language, limit_to_today, custom_query\u003C\u002Fp>\n\u003Cp>Meeting Formats: [meeting_formats]\u003Cbr \u002F>\nAttributes: root_server, display_type, show_description, language\u003C\u002Fp>\n\u003Cp>— Shortcode parameters can be combined\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>A minimum of root_server, and services attributes are required, which would return the next 5 meetings in simple view with a 15minute grace period.\u003C\u002Fp>\n\u003Cp>Ex. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>recursive\u003C\u002Fstrong> to recurse service bodies add recursive=\"1\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" recursive=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>services\u003C\u002Fstrong> to add multiple service bodies just seperate by a comma.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50,37,26\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>grace_period\u003C\u002Fstrong> To add a grace period to meeting lookup add grace_period=\"15\" this would add a 15 minute grace period.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" grace_period=\"15\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>num_results\u003C\u002Fstrong> To limit the number of results add num_results=\"5\" this would limit results to 5.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"1\" num_results=\"5\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>display_type\u003C\u002Fstrong> To change the display type add display_type=\"table\" there are three different types \u003Cstrong>simple\u003C\u002Fstrong>, \u003Cstrong>table\u003C\u002Fstrong>, \u003Cstrong>block\u003C\u002Fstrong>\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" display_type=\"table\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>timezone\u003C\u002Fstrong> By default we use your WordPress sites timezone setting, this will overwrite that. add timezone=\"America\u002FNew_York\" you can set this in the admin setting or short code. A complete list of timezones can be found here http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ftimezones.php\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" timezone=\"America\u002FNew_York\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>location_text\u003C\u002Fstrong> to display the location nam,e using the simple display add location_text=\"1\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" location_text=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>show_header\u003C\u002Fstrong> to display header info for Table\u002FBlock display add show_header=\"1\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" show_header=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>time_format\u003C\u002Fstrong> This allows you to be able to switch between 12 and 24 hour. the default is 12. To switch to 24 hour add time_format=\"24\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" time_format=\"24\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>weekday_language\u003C\u002Fstrong> This allows you to change the language of the weekday names. To change language to danish set weekday_language=\"dk\". Currently supported languages are da,de,en,es,fa,fr,it,pl,pt,ru,sv, the default is English.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" weekday_language=\"dk\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>limit_to_today\u003C\u002Fstrong> To limit results to only today’s meetings (will not show tomorrow’s meetings even if there aren’t enough results) add limit_to_today=\"1\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" limit_to_today=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>custom_query\u003C\u002Fstrong> You can add a custom query from semantic api to filter results, for ex by format \u003Ccode>&formats=54\u003C\u002Fcode>.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=”https:\u002F\u002Fwww.domain.org\u002Fmain_server” custom_query=”&formats=54″]\u003C\u002Fp>\n\u003Ch3>Meeting Formats Shortcode\u003C\u002Fh3>\n\u003Cp>The meeting_formats shortcode displays all available meeting formats from a BMLT root server.\u003C\u002Fp>\n\u003Cp>Basic: [meeting_formats]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>root_server\u003C\u002Fstrong> (optional) The BMLT root server URL. Uses plugin settings if not specified.\u003Cbr \u002F>\nEx. [meeting_formats root_server=”https:\u002F\u002Fbmlt.sezf.org\u002Fmain_server”]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>display_type\u003C\u002Fstrong> (optional, default: “table”) Options: “table” or “list”\u003Cbr \u002F>\nEx. [meeting_formats display_type=”list”]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>show_description\u003C\u002Fstrong> (optional, default: “1”) Show format descriptions. Options: “1” or “0”\u003Cbr \u002F>\nEx. [meeting_formats show_description=”0″]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>language\u003C\u002Fstrong> (optional, default: “en”) Language code for format names (en, es, fr, de, etc.)\u003Cbr \u002F>\nEx. [meeting_formats language=”es”]\u003C\u002Fp>\n\u003Ch3>EXAMPLES\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.southcoastalna.org\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.southcoastalna.org\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>MORE INFORMATION\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Fupcoming-meetings-bmlt\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Fupcoming-meetings-bmlt\u003C\u002Fa>\u003C\u002Fp>\n","Upcoming Meetings BMLT is a plugin that displays the next 'N' number of meetings from the current time on your page or in a widget using the &hellip;",50,3574,"2025-11-23T19:20:00.000Z",[110,19,84,124,115],"upcoming-meetings","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupcoming-meetings-bmlt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupcoming-meetings-bmlt.1.6.0.zip",{"attackSurface":128,"codeSignals":167,"taintFlows":179,"riskAssessment":180,"analyzedAt":190},{"hooks":129,"ajaxHandlers":152,"restRoutes":159,"shortcodes":160,"cronEvents":164,"entryPointCount":165,"unprotectedCount":166},[130,136,139,142,145,147,150],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","plugins_loaded","anonymous","includes\u002Fclass-bmlt-tabbed-map.php",36,{"type":131,"name":137,"callback":133,"file":134,"line":138},"admin_menu",42,{"type":131,"name":140,"callback":133,"file":134,"line":141},"admin_init",43,{"type":131,"name":143,"callback":133,"file":134,"line":144},"admin_enqueue_scripts",45,{"type":131,"name":143,"callback":133,"file":134,"line":146},46,{"type":131,"name":148,"callback":133,"file":134,"line":149},"wp_enqueue_scripts",58,{"type":131,"name":148,"callback":133,"file":134,"line":151},59,[153,156],{"action":154,"nopriv":48,"callback":133,"hasNonce":48,"hasCapCheck":48,"file":134,"line":155},"receive_new_settings",48,{"action":154,"nopriv":157,"callback":133,"hasNonce":48,"hasCapCheck":48,"file":134,"line":158},true,49,[],[161],{"tag":162,"callback":133,"file":134,"line":163},"bmlt_tabbed_map",60,[],3,2,{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":13,"externalRequests":13,"nonceChecks":27,"capabilityChecks":13,"bundledLibraries":174},[],{"prepared":13,"raw":13,"locations":170},[],{"escaped":172,"rawEcho":13,"locations":173},33,[],[175],{"name":176,"version":177,"knownCves":178},"DataTables","1.11.5",[],[],{"summary":181,"deductions":182},"The \"bmlt-tabbed-map\" plugin v1.2.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all output, indicating a strong defense against common injection and XSS vulnerabilities that stem from direct database manipulation or improper output handling. The absence of file operations and external HTTP requests also reduces its attack surface in those areas.\n\nHowever, significant concerns arise from the identified attack surface. The plugin exposes two AJAX handlers without any authentication or capability checks. This is a critical weakness, as any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure. While the static analysis did not reveal any critical or high severity taint flows, the presence of unsanitized entry points for AJAX requests presents a substantial risk that could be exploited if these handlers perform sensitive operations.\n\nThe plugin's vulnerability history reveals one known medium severity CVE related to Cross-Site Scripting, which was recently patched. While the absence of currently unpatched vulnerabilities is a good sign, the past occurrence of an XSS vulnerability, even if medium, highlights a potential area of weakness. The combination of unprotected AJAX endpoints and past XSS issues suggests a need for more robust input validation and authorization mechanisms to secure all entry points.",[183,186,188],{"reason":184,"points":185},"Unprotected AJAX handlers",10,{"reason":187,"points":165},"Bundled outdated library (DataTables v1.11.5)",{"reason":189,"points":185},"Past medium CVE (XSS)","2026-04-16T11:19:04.278Z",{"wat":192,"direct":206},{"assetPaths":193,"generatorPatterns":201,"scriptPaths":202,"versionParams":203},[194,195,196,197,198,199,200],"\u002Fwp-content\u002Fplugins\u002Fbmlt-tabbed-map\u002Fpublic\u002Fcss\u002Fbmlt_tabbed_map.css","\u002Fwp-content\u002Fplugins\u002Fbmlt-tabbed-map\u002Fpublic\u002Fcss\u002Fleaflet.css","\u002Fwp-content\u002Fplugins\u002Fbmlt-tabbed-map\u002Fpublic\u002Fcss\u002FL.Control.Locate.min.css","\u002Fwp-content\u002Fplugins\u002Fbmlt-tabbed-map\u002Fpublic\u002Fcss\u002Ffontawesome-5.6.1.css","\u002Fwp-content\u002Fplugins\u002Fbmlt-tabbed-map\u002Fpublic\u002Fjs\u002Fleaflet.js","\u002Fwp-content\u002Fplugins\u002Fbmlt-tabbed-map\u002Fpublic\u002Fjs\u002FL.Control.Locate.min.js","\u002Fwp-content\u002Fplugins\u002Fbmlt-tabbed-map\u002Fpublic\u002Fjs\u002Fbmlt_tabbed_map-public.js",[],[198,199,200],[204,205],"bmlt_tabbed_map\u002Fpublic\u002Fcss\u002Fbmlt_tabbed_map.css?ver=","bmlt_tabbed_map\u002Fpublic\u002Fjs\u002Fbmlt_tabbed_map-public.js?ver=",{"cssClasses":207,"htmlComments":212,"htmlAttributes":215,"restEndpoints":221,"jsGlobals":222,"shortcodeOutput":224},[208,209,210,211],"bmlt-tabbed-map-wrapper","bmlt-tabs","bmlt-tab","bmlt-tab-content",[213,214],"\u003C!-- BEGIN bmlt_tabbed_map shortcode -->","\u003C!-- END bmlt_tabbed_map shortcode -->",[216,217,218,219,220],"data-bmlt-server","data-bmlt-meeting-id","data-lat","data-lng","data-zoom",[],[223],"js_vars",[225,226,227,228],"\u003Cdiv class=\"bmlt-tabbed-map-wrapper\">","\u003Cdiv class=\"bmlt-tabs\">","\u003Cdiv class=\"bmlt-tab\">","\u003Cdiv class=\"bmlt-tab-content\">",{"error":157,"url":230,"statusCode":231,"statusMessage":232,"message":232},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbmlt-tabbed-map\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":234,"versions":235},15,[236,241,247,255,263,271,279,287,295,303,311,319,327,335,343],{"version":6,"download_url":25,"svn_tag_url":237,"released_at":37,"has_diff":48,"diff_files_changed":238,"diff_lines":37,"trac_diff_url":239,"vulnerabilities":240,"is_current":157},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.2.0&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.2.1",[],{"version":39,"download_url":242,"svn_tag_url":243,"released_at":37,"has_diff":48,"diff_files_changed":244,"diff_lines":37,"trac_diff_url":245,"vulnerabilities":246,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.8&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.2.0",[],{"version":248,"download_url":249,"svn_tag_url":250,"released_at":37,"has_diff":48,"diff_files_changed":251,"diff_lines":37,"trac_diff_url":252,"vulnerabilities":253,"is_current":48},"1.1.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.1.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.1.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.7&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.8",[254],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":256,"download_url":257,"svn_tag_url":258,"released_at":37,"has_diff":48,"diff_files_changed":259,"diff_lines":37,"trac_diff_url":260,"vulnerabilities":261,"is_current":48},"1.1.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.6&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.7",[262],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":264,"download_url":265,"svn_tag_url":266,"released_at":37,"has_diff":48,"diff_files_changed":267,"diff_lines":37,"trac_diff_url":268,"vulnerabilities":269,"is_current":48},"1.1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.1&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.6",[270],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":272,"download_url":273,"svn_tag_url":274,"released_at":37,"has_diff":48,"diff_files_changed":275,"diff_lines":37,"trac_diff_url":276,"vulnerabilities":277,"is_current":48},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.0&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.1",[278],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":280,"download_url":281,"svn_tag_url":282,"released_at":37,"has_diff":48,"diff_files_changed":283,"diff_lines":37,"trac_diff_url":284,"vulnerabilities":285,"is_current":48},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.9&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.1.0",[286],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":288,"download_url":289,"svn_tag_url":290,"released_at":37,"has_diff":48,"diff_files_changed":291,"diff_lines":37,"trac_diff_url":292,"vulnerabilities":293,"is_current":48},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.7&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.9",[294],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":296,"download_url":297,"svn_tag_url":298,"released_at":37,"has_diff":48,"diff_files_changed":299,"diff_lines":37,"trac_diff_url":300,"vulnerabilities":301,"is_current":48},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.6&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.7",[302],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":304,"download_url":305,"svn_tag_url":306,"released_at":37,"has_diff":48,"diff_files_changed":307,"diff_lines":37,"trac_diff_url":308,"vulnerabilities":309,"is_current":48},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.5&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.6",[310],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":312,"download_url":313,"svn_tag_url":314,"released_at":37,"has_diff":48,"diff_files_changed":315,"diff_lines":37,"trac_diff_url":316,"vulnerabilities":317,"is_current":48},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.4&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.5",[318],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":320,"download_url":321,"svn_tag_url":322,"released_at":37,"has_diff":48,"diff_files_changed":323,"diff_lines":37,"trac_diff_url":324,"vulnerabilities":325,"is_current":48},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.3&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.4",[326],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":328,"download_url":329,"svn_tag_url":330,"released_at":37,"has_diff":48,"diff_files_changed":331,"diff_lines":37,"trac_diff_url":332,"vulnerabilities":333,"is_current":48},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.2&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.3",[334],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":336,"download_url":337,"svn_tag_url":338,"released_at":37,"has_diff":48,"diff_files_changed":339,"diff_lines":37,"trac_diff_url":340,"vulnerabilities":341,"is_current":48},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.1&new_path=%2Fbmlt-tabbed-map%2Ftags%2F1.0.2",[342],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":344,"download_url":345,"svn_tag_url":346,"released_at":37,"has_diff":48,"diff_files_changed":347,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":348,"is_current":48},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-tabbed-map\u002Ftags\u002F1.0.1\u002F",[],[349],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39}]