[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZJB7ux2QfU0FR0NudF7KgAINHbLcvhaRkJSyvhid-F8":3,"$fRYRkj9JfycWPfyHpDsrHLrysJstOReLlclp-L5VcviA":248,"$fv3JTZpKOA2Xc_KrRTs2y_nlv_1kbvSV5p9x0EKCDHUY":252},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":48,"crawl_stats":36,"alternatives":56,"analysis":130,"fingerprints":225},"bmlt-wordpress-satellite-plugin","BMLT WordPress Satellite","3.11.6","BMLTGuy","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagblogapi\u002F","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fbmlt.app\" rel=\"nofollow ugc\">Basic Meeting List Toolbox (BMLT)\u003C\u002Fa> is a powerful client\u002Fserver system for locating NA meetings.\u003Cbr \u002F>\nThe “root server” is a standalone Website, but “satellite servers” are set up to point to the “root.” This is a “satellite,” set up as a WordPress plugin.\u003Cbr \u002F>\nIt is very easy to install and use. It has an administration panel that lets you choose a map center, designate the root, set up the map zoom, and whether older browsers are supported.\u003C\u002Fp>\n","This is a \"satellite\" plugin for the Basic Meeting List Toolbox (BMLT).",100,13214,1,"2026-03-20T21:40:00.000Z","6.9.4","6.2","8.1",[19,20,21,22,23],"bmlt","meeting-finder","meeting-list","na","recovery","https:\u002F\u002Fbmlt.app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-wordpress-satellite-plugin.3.11.6.zip",78,"2025-12-11 14:28:25","2026-04-16T10:56:18.058Z","no_bundle",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":36,"patch_diff_files":45,"patch_trac_url":36,"research_status":36,"research_verified":46,"research_rounds_completed":47,"research_plan":36,"research_summary":36,"research_vulnerable_code":36,"research_fix_diff":36,"research_exploit_outline":36,"research_model_used":36,"research_started_at":36,"research_completed_at":36,"research_error":36,"poc_status":36,"poc_video_id":36,"poc_summary":36,"poc_steps":36,"poc_tested_at":36,"poc_wp_version":36,"poc_php_version":36,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":46,"poc_model_used":36,"poc_verification_depth":36},"CVE-2025-14162","bmlt-wordpress-plugin-cross-site-request-forgery-to-settings-creation-and-deletion","BMLT WordPress Plugin \u003C= 3.11.4 - Cross-Site Request Forgery to Settings Creation and Deletion","The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugin_create_option' and 'BMLTPlugin_delete_option ' action. This makes it possible for unauthenticated attackers to create new plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=3.11.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-04-15 16:31:02",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0344f49b-f5f9-4729-ade0-cba6289406de?source=api-prod",[],false,0,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"magblogapi",3,230,87,4,91,"2026-05-20T05:18:11.608Z",[57,74,90,100,117],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":47,"num_ratings":47,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":24,"download_link":72,"security_score":54,"vuln_count":13,"unpatched_count":47,"last_vuln_date":73,"fetched_at":28},"bmlt-tabbed-map","BMLT Tabbed Map","1.2.1","paulnagle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaulnagle\u002F","\u003Cp>This plugin provides a Tabbed Map interface for the Basic Meeting List Toolbox (BMLT).  Simply put the shortcode [bmlt_tabbed_map] into a WordPress page to get your very own tabbed map interface to BMLT. Please visit Settings – BMLT Tabbed Map for more shortcode instructions.\u003C\u002Fp>\n","bmlt_tabbed_map implements a Tabbed Map for BMLT.",30,3033,"2024-11-29T17:14:00.000Z","6.7.5","4.0","",[19,20,21,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-tabbed-map.1.2.1.zip","2024-12-02 00:00:00",{"slug":75,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":11,"num_ratings":13,"last_updated":83,"tested_up_to":84,"requires_at_least":69,"requires_php":85,"tags":86,"homepage":88,"download_link":89,"security_score":11,"vuln_count":47,"unpatched_count":47,"last_vuln_date":36,"fetched_at":28},"crouton","4.1.10","radius314","https:\u002F\u002Fprofiles.wordpress.org\u002Fradius314\u002F","\u003Cp>Crouton provides a UI for viewing recovery meetings stored in a Basic Meeting List Toolbox (BMLT) database.  Simply put a shortcode on a WordPress page to get an interactive display list of meetings.\u003Cbr \u002F>\nThis plugin provides shortcodes to view the meetings as a table, a map or insert the number of meetings and groups in specified service bodies.  Configure Crouton from the WordPress backend, using attributes in the shortcode or using query string parameters.  The admin UI contains detailed instructions.\u003C\u002Fp>\n","crouton provides a UI and more for view recovery meetings as stored in a Basic Meeting List Toolbox (BMLT) database.",300,35721,"2026-04-15T11:21:00.000Z","7.0","8.0",[19,21,87,23],"narcotics-anonymous","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcrouton\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrouton.4.1.10.zip",{"slug":91,"name":92,"version":93,"author":77,"author_profile":78,"description":94,"short_description":95,"active_installs":81,"downloaded":96,"rating":47,"num_ratings":47,"last_updated":97,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":98,"homepage":24,"download_link":99,"security_score":11,"vuln_count":47,"unpatched_count":47,"last_vuln_date":36,"fetched_at":28},"bread","Bread","2.9.11","\u003Cp>“bread” is a fork of the BMLT meeting list generator.  It allows for the creation of a meeting schedule from a BMLT server.\u003C\u002Fp>\n","A web-based tool that creates, maintains and generates a PDF meeting list from BMLT.",17565,"2026-02-05T14:01:00.000Z",[19,21,22,87],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbread.2.9.11.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":47,"num_ratings":47,"last_updated":110,"tested_up_to":111,"requires_at_least":70,"requires_php":85,"tags":112,"homepage":115,"download_link":116,"security_score":11,"vuln_count":47,"unpatched_count":47,"last_vuln_date":36,"fetched_at":28},"list-locations-bmlt","List Locations BMLT","2.4.0","pjaudiomv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpjaudiomv\u002F","\u003Cp>List Locations BMLT is a plugin that returns all unique towns or counties from your BMLT server for a given service body on your site.\u003C\u002Fp>\n\u003Cp>SHORTCODE\u003Cbr \u002F>\nBasic: [list_locations]\u003Cbr \u002F>\nAttributes: root_server, services, recursive, state, delimiter, list, state_skip, city_skip\u003C\u002Fp>\n\u003Cp>— Shortcode parameters can be combined\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>A minimum of root_server and services attribute are required, which would return all towns for that service body seperated by a comma.\u003C\u002Fp>\n\u003Cp>Ex. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recursive:\u003C\u002Fstrong> to recurse service bodies add recursive=\"1\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" recursive=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>State:\u003C\u002Fstrong> to remove appending of the state add state=\"0\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"0\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>State Skip:\u003C\u002Fstrong> to skip the inclusion of a state when using state=\"1\" add state_skip=\"NC\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"1\" state_skip=\"NC\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>City Skip\u003C\u002Fstrong> To skip the inclusion of a city add city_skip=\"Indianapolis\". This can be useful when mentioning a city out of order or in a different part of the text.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"1\" city_skip=\"Indianapolis\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Services:\u003C\u002Fstrong> to add multiple service bodies just seperate by a comma.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50,37,26\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Delimiter:\u003C\u002Fstrong> to change the delimiter to something besides a comma I would add delimiter=\" – \" or to create newlines between each I could do this delimiter=\"\u003Cbr>\", or delimiter=\"\u003Cp>\u003C\u002Fp>\"\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" delimiter=\"\u003Cbr>\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>List:\u003C\u002Fstrong> You can list by the following town, county, borough, neighborhood. The default is town.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" list=\"town\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>custom_query\u003C\u002Fstrong> You can add a custom query from semantic api to filter results, for ex by format \u003Ccode>&formats=54\u003C\u002Fcode>.\u003Cbr \u002F>\nEx. [list_locations root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" custom_query=\"&formats=54\"]\u003C\u002Fp>\n\u003Ch3>EXAMPLES\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.crna.org\u002Farea-service-committees\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.crna.org\u002Farea-service-committees\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fheartoflongislandna.org\" rel=\"nofollow ugc\">https:\u002F\u002Fheartoflongislandna.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Feanaonline.org\" rel=\"nofollow ugc\">https:\u002F\u002Feanaonline.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>MORE INFORMATION\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Flist-locations-bmlt\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Flist-locations-bmlt\u003C\u002Fa>\u003C\u002Fp>\n","List Locations BMLT is a plugin that returns all unique towns or counties from your BMLT server for a given service body on your site.",70,3189,"2025-09-12T22:24:00.000Z","6.8.5",[113,19,114,101,87],"basic-meeting-list-toolbox","list-locations","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flist-locations-bmlt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flist-locations-bmlt.2.4.0.zip",{"slug":118,"name":119,"version":120,"author":104,"author_profile":105,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":47,"num_ratings":47,"last_updated":125,"tested_up_to":111,"requires_at_least":69,"requires_php":85,"tags":126,"homepage":128,"download_link":129,"security_score":11,"vuln_count":47,"unpatched_count":47,"last_vuln_date":36,"fetched_at":28},"upcoming-meetings-bmlt","Upcoming Meetings BMLT","1.6.0","\u003Cp>Upcoming Meetings BMLT is a plugin that displays the next ‘N’ number of meetings from the current time on your page or in a widget using the upcoming_meetings shortcode.\u003C\u002Fp>\n\u003Cp>SHORTCODE\u003Cbr \u002F>\nBasic: [upcoming_meetings]\u003Cbr \u002F>\nAttributes: root_server, services, recursive, grace_period, num_results, display_type, timezone, location_text, time_format, weekday_language, limit_to_today, custom_query\u003C\u002Fp>\n\u003Cp>Meeting Formats: [meeting_formats]\u003Cbr \u002F>\nAttributes: root_server, display_type, show_description, language\u003C\u002Fp>\n\u003Cp>— Shortcode parameters can be combined\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>A minimum of root_server, and services attributes are required, which would return the next 5 meetings in simple view with a 15minute grace period.\u003C\u002Fp>\n\u003Cp>Ex. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>recursive\u003C\u002Fstrong> to recurse service bodies add recursive=\"1\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" recursive=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>services\u003C\u002Fstrong> to add multiple service bodies just seperate by a comma.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50,37,26\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>grace_period\u003C\u002Fstrong> To add a grace period to meeting lookup add grace_period=\"15\" this would add a 15 minute grace period.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" grace_period=\"15\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>num_results\u003C\u002Fstrong> To limit the number of results add num_results=\"5\" this would limit results to 5.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" state=\"1\" num_results=\"5\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>display_type\u003C\u002Fstrong> To change the display type add display_type=\"table\" there are three different types \u003Cstrong>simple\u003C\u002Fstrong>, \u003Cstrong>table\u003C\u002Fstrong>, \u003Cstrong>block\u003C\u002Fstrong>\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" display_type=\"table\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>timezone\u003C\u002Fstrong> By default we use your WordPress sites timezone setting, this will overwrite that. add timezone=\"America\u002FNew_York\" you can set this in the admin setting or short code. A complete list of timezones can be found here http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ftimezones.php\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" timezone=\"America\u002FNew_York\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>location_text\u003C\u002Fstrong> to display the location nam,e using the simple display add location_text=\"1\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" location_text=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>show_header\u003C\u002Fstrong> to display header info for Table\u002FBlock display add show_header=\"1\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" show_header=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>time_format\u003C\u002Fstrong> This allows you to be able to switch between 12 and 24 hour. the default is 12. To switch to 24 hour add time_format=\"24\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" time_format=\"24\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>weekday_language\u003C\u002Fstrong> This allows you to change the language of the weekday names. To change language to danish set weekday_language=\"dk\". Currently supported languages are da,de,en,es,fa,fr,it,pl,pt,ru,sv, the default is English.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" weekday_language=\"dk\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>limit_to_today\u003C\u002Fstrong> To limit results to only today’s meetings (will not show tomorrow’s meetings even if there aren’t enough results) add limit_to_today=\"1\"\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=\"https:\u002F\u002Fwww.domain.org\u002Fmain_server\" services=\"50\" limit_to_today=\"1\"]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>custom_query\u003C\u002Fstrong> You can add a custom query from semantic api to filter results, for ex by format \u003Ccode>&formats=54\u003C\u002Fcode>.\u003Cbr \u002F>\nEx. [upcoming_meetings root_server=”https:\u002F\u002Fwww.domain.org\u002Fmain_server” custom_query=”&formats=54″]\u003C\u002Fp>\n\u003Ch3>Meeting Formats Shortcode\u003C\u002Fh3>\n\u003Cp>The meeting_formats shortcode displays all available meeting formats from a BMLT root server.\u003C\u002Fp>\n\u003Cp>Basic: [meeting_formats]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>root_server\u003C\u002Fstrong> (optional) The BMLT root server URL. Uses plugin settings if not specified.\u003Cbr \u002F>\nEx. [meeting_formats root_server=”https:\u002F\u002Fbmlt.sezf.org\u002Fmain_server”]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>display_type\u003C\u002Fstrong> (optional, default: “table”) Options: “table” or “list”\u003Cbr \u002F>\nEx. [meeting_formats display_type=”list”]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>show_description\u003C\u002Fstrong> (optional, default: “1”) Show format descriptions. Options: “1” or “0”\u003Cbr \u002F>\nEx. [meeting_formats show_description=”0″]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>language\u003C\u002Fstrong> (optional, default: “en”) Language code for format names (en, es, fr, de, etc.)\u003Cbr \u002F>\nEx. [meeting_formats language=”es”]\u003C\u002Fp>\n\u003Ch3>EXAMPLES\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.southcoastalna.org\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.southcoastalna.org\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>MORE INFORMATION\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Fupcoming-meetings-bmlt\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbmlt-enabled\u002Fupcoming-meetings-bmlt\u003C\u002Fa>\u003C\u002Fp>\n","Upcoming Meetings BMLT is a plugin that displays the next 'N' number of meetings from the current time on your page or in a widget using the &hellip;",50,3574,"2025-11-23T19:20:00.000Z",[113,19,87,127,118],"upcoming-meetings","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupcoming-meetings-bmlt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupcoming-meetings-bmlt.1.6.0.zip",{"attackSurface":131,"codeSignals":180,"taintFlows":195,"riskAssessment":215,"analyzedAt":224},{"hooks":132,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":47,"unprotectedCount":47},[133,139,144,148,151,156,160,164,168,172],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","wp_enqueue_scripts","enqueueFrontendFilesBmlt","bmlt-wordpress-satellite-plugin.php",77,{"type":140,"name":141,"callback":142,"file":137,"line":143},"filter","the_content","content_filter",646,{"type":140,"name":145,"callback":146,"file":137,"line":147},"wp_head","standard_head",647,{"type":140,"name":149,"callback":149,"file":137,"line":150},"admin_head",648,{"type":140,"name":152,"callback":153,"priority":154,"file":137,"line":155},"plugin_action_links","filter_plugin_actions",10,649,{"type":134,"name":157,"callback":158,"file":137,"line":159},"pre_get_posts","stop_filter_if_not_main",655,{"type":134,"name":161,"callback":162,"file":137,"line":163},"admin_init","admin_ajax_handler",656,{"type":134,"name":165,"callback":166,"file":137,"line":167},"admin_menu","option_menu",657,{"type":134,"name":169,"callback":170,"file":137,"line":171},"admin_enqueue_scripts","enqueueAdminFilesBmlt",658,{"type":134,"name":173,"callback":174,"file":137,"line":175},"init","filter_init",659,[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":184,"fileOperations":47,"externalRequests":47,"nonceChecks":13,"capabilityChecks":47,"bundledLibraries":194},[],{"prepared":47,"raw":47,"locations":183},[],{"escaped":185,"rawEcho":50,"locations":186},9,[187,190,192],{"file":137,"line":188,"context":189},222,"raw output",{"file":137,"line":191,"context":189},539,{"file":137,"line":193,"context":189},557,[],[196],{"entryPoint":197,"graph":198,"unsanitizedCount":47,"severity":214},"\u003Cbmlt-wordpress-satellite-plugin> (bmlt-wordpress-satellite-plugin.php:0)",{"nodes":199,"edges":211},[200,205],{"id":201,"type":202,"label":203,"file":137,"line":204},"n0","source","$_COOKIE",24,{"id":206,"type":207,"label":208,"file":137,"line":209,"wp_function":210},"n1","sink","update_option() [Settings Manipulation]",44,"update_option",[212],{"from":201,"to":206,"sanitized":213},true,"low",{"summary":216,"deductions":217},"The bmlt-wordpress-satellite-plugin v3.11.6 exhibits a mixed security posture. On the positive side, static analysis reveals a lack of direct attack surface through AJAX handlers, REST API routes, shortcodes, or cron events.  The plugin also demonstrates good practices regarding SQL queries, exclusively using prepared statements, and the presence of a nonce check. Furthermore, the taint analysis indicates no critical or high severity unsanitized flows, suggesting that user-supplied data is generally handled safely.\n\nHowever, the plugin has a significant concern: a known, currently unpatched medium severity CVE. The historical vulnerability pattern, with a recent medium severity CSRF vulnerability, indicates a recurring issue that warrants attention. The fact that it remains unpatched is the most critical indicator of risk for this version. While the code appears to have good internal security practices like prepared statements and nonce checks, the existence of an unpatched CVE significantly elevates the overall risk profile.\n\nIn conclusion, while the plugin has strengths in its internal code security and limited attack surface, the presence of an unpatched medium severity CVE is a critical weakness. Users of this version are exposed to potential exploitation of this known vulnerability. Therefore, immediate attention should be paid to addressing this outstanding security issue.",[218,221],{"reason":219,"points":220},"Unpatched Medium Severity CVE",15,{"reason":222,"points":223},"Output escaping below 100%",5,"2026-04-16T11:03:20.779Z",{"wat":226,"direct":239},{"assetPaths":227,"generatorPatterns":231,"scriptPaths":232,"versionParams":234},[228,229,230],"\u002Fwp-content\u002Fplugins\u002Fbmlt-wordpress-satellite-plugin\u002Fvendor\u002Fbmlt\u002Fbmlt-satellite-base-class\u002Ftable_display.js","\u002Fwp-content\u002Fplugins\u002Fbmlt-wordpress-satellite-plugin\u002Fadmin_styles.css","\u002Fwp-content\u002Fplugins\u002Fbmlt-wordpress-satellite-plugin\u002Fadmin_javascript.js",[],[233],"https:\u002F\u002Fmaps.google.com\u002Fmaps\u002Fapi\u002Fjs?key=",[235,236,237,238],"bmlt-wordpress-satellite-plugin\u002Fbmlt-wordpress-satellite-plugin.php","bmlt-wordpress-satellite-plugin\u002Ftable_display.js","bmlt-wordpress-satellite-plugin\u002Fadmin_styles.css","bmlt-wordpress-satellite-plugin\u002Fadmin_javascript.js",{"cssClasses":240,"htmlComments":241,"htmlAttributes":243,"restEndpoints":244,"jsGlobals":245,"shortcodeOutput":247},[],[242],"\u003C!-- BMLTPlugin ERROR (cms_get_post_meta)! No get_post_meta()! -->",[],[],[246],"window.google",[],{"error":213,"url":249,"statusCode":250,"statusMessage":251,"message":251},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbmlt-wordpress-satellite-plugin\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":253,"versions":254},8,[255,261,269,277,285,293,301,309],{"version":6,"download_url":25,"svn_tag_url":256,"released_at":36,"has_diff":46,"diff_files_changed":257,"diff_lines":36,"trac_diff_url":258,"vulnerabilities":259,"is_current":213},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-wordpress-satellite-plugin\u002Ftags\u002F3.11.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.4&new_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.6",[260],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":262,"download_url":263,"svn_tag_url":264,"released_at":36,"has_diff":46,"diff_files_changed":265,"diff_lines":36,"trac_diff_url":266,"vulnerabilities":267,"is_current":46},"3.11.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-wordpress-satellite-plugin.3.11.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-wordpress-satellite-plugin\u002Ftags\u002F3.11.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.3&new_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.4",[268],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":270,"download_url":271,"svn_tag_url":272,"released_at":36,"has_diff":46,"diff_files_changed":273,"diff_lines":36,"trac_diff_url":274,"vulnerabilities":275,"is_current":46},"3.11.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-wordpress-satellite-plugin.3.11.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-wordpress-satellite-plugin\u002Ftags\u002F3.11.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.2&new_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.3",[276],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":278,"download_url":279,"svn_tag_url":280,"released_at":36,"has_diff":46,"diff_files_changed":281,"diff_lines":36,"trac_diff_url":282,"vulnerabilities":283,"is_current":46},"3.11.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-wordpress-satellite-plugin.3.11.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-wordpress-satellite-plugin\u002Ftags\u002F3.11.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.1&new_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.2",[284],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":286,"download_url":287,"svn_tag_url":288,"released_at":36,"has_diff":46,"diff_files_changed":289,"diff_lines":36,"trac_diff_url":290,"vulnerabilities":291,"is_current":46},"3.11.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-wordpress-satellite-plugin.3.11.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-wordpress-satellite-plugin\u002Ftags\u002F3.11.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.0&new_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.1",[292],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":294,"download_url":295,"svn_tag_url":296,"released_at":36,"has_diff":46,"diff_files_changed":297,"diff_lines":36,"trac_diff_url":298,"vulnerabilities":299,"is_current":46},"3.11.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-wordpress-satellite-plugin.3.11.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-wordpress-satellite-plugin\u002Ftags\u002F3.11.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.10.0&new_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.11.0",[300],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":302,"download_url":303,"svn_tag_url":304,"released_at":36,"has_diff":46,"diff_files_changed":305,"diff_lines":36,"trac_diff_url":306,"vulnerabilities":307,"is_current":46},"3.10.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-wordpress-satellite-plugin.3.10.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-wordpress-satellite-plugin\u002Ftags\u002F3.10.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.9.0&new_path=%2Fbmlt-wordpress-satellite-plugin%2Ftags%2F3.10.0",[308],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":310,"download_url":311,"svn_tag_url":312,"released_at":36,"has_diff":46,"diff_files_changed":313,"diff_lines":36,"trac_diff_url":36,"vulnerabilities":314,"is_current":46},"3.9.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbmlt-wordpress-satellite-plugin.3.9.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbmlt-wordpress-satellite-plugin\u002Ftags\u002F3.9.0\u002F",[],[315],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36}]