[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJd5tUx4yRuU4r7kFPBlECdhyLvjz2idYsffYL4BUaiE":3,"$fws26DrO8dfIKc-wublLLkJv7w-23a_4MEd-9d9pFFls":146,"$fIp3z5w6h22oITYiak-zm6wpgO8Q5ifX1r21VRdVPiKg":151},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":38,"analysis":39,"fingerprints":127},"calendario-runnerplace","runnerplace-calendar","1.1.2","RotZ","https:\u002F\u002Fprofiles.wordpress.org\u002Frotz\u002F","\u003Cp>Ten el calendario de carreras populares (running, duatlones, triatlones, acuatlones, trails) de España en tu web.\u003C\u002Fp>\n\u003Cp>Utiliza la API de \u003Ca href=\"http:\u002F\u002Fwww.runnerplace.com\" rel=\"nofollow ugc\">RunnerPlace\u003C\u002Fa> para que tus usuarios puedan buscar las carreras populares desde tu propia página web.\u003C\u002Fp>\n\u003Cp>Filtros por Provincia, Tipo de Carrera y Mes.\u003C\u002Fp>\n","Utiliza el calendario de carreras populares de RunnerPlace para tenerlo actualizado en tu web.",10,1767,100,1,"2015-08-20T11:31:00.000Z","4.1.42","4.1.1","",[20,21],"calendario-carreras-populares","runnerplace","http:\u002F\u002Fwww.runnerplace.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalendario-runnerplace.1.1.2.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":32,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":24,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"rotz","julioprotzek",3,60,30,84,"2026-07-15T01:32:27.841Z",[],{"attackSurface":40,"codeSignals":52,"taintFlows":114,"riskAssessment":115,"analyzedAt":126},{"hooks":41,"ajaxHandlers":48,"restRoutes":49,"shortcodes":50,"cronEvents":51,"entryPointCount":25,"unprotectedCount":25},[42],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","widgets_init","RPRC_create_widget","runnerplace-calendar.php",40,[],[],[],[],{"dangerousFunctions":53,"sqlUsage":54,"outputEscaping":56,"fileOperations":25,"externalRequests":14,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":113},[],{"prepared":25,"raw":25,"locations":55},[],{"escaped":14,"rawEcho":57,"locations":58},31,[59,63,65,67,68,70,71,73,75,77,79,81,83,85,86,87,89,91,92,94,95,97,99,100,102,103,105,106,108,110,111],{"file":60,"line":61,"context":62},"includes\\widget.php",89,"raw output",{"file":60,"line":64,"context":62},137,{"file":60,"line":66,"context":62},143,{"file":60,"line":66,"context":62},{"file":60,"line":69,"context":62},168,{"file":60,"line":69,"context":62},{"file":60,"line":72,"context":62},197,{"file":60,"line":74,"context":62},209,{"file":60,"line":76,"context":62},252,{"file":60,"line":78,"context":62},263,{"file":60,"line":80,"context":62},288,{"file":60,"line":82,"context":62},388,{"file":60,"line":84,"context":62},389,{"file":60,"line":84,"context":62},{"file":60,"line":84,"context":62},{"file":60,"line":88,"context":62},392,{"file":60,"line":90,"context":62},393,{"file":60,"line":90,"context":62},{"file":60,"line":93,"context":62},396,{"file":60,"line":93,"context":62},{"file":60,"line":96,"context":62},401,{"file":60,"line":98,"context":62},402,{"file":60,"line":98,"context":62},{"file":60,"line":101,"context":62},405,{"file":60,"line":101,"context":62},{"file":60,"line":104,"context":62},410,{"file":60,"line":104,"context":62},{"file":60,"line":107,"context":62},411,{"file":60,"line":109,"context":62},414,{"file":60,"line":109,"context":62},{"file":60,"line":112,"context":62},415,[],[],{"summary":116,"deductions":117},"The plugin \"calendario-runnerplace\" v1.1.2 exhibits a generally positive security posture based on the provided static analysis. The absence of any identified attack surface entry points, dangerous functions, raw SQL queries, or vulnerabilities in its history is a strong indicator of careful development practices. The plugin also avoids external HTTP requests, which can often be a source of attack vectors. However, a significant concern arises from the extremely low percentage of properly escaped outputs (3%). This suggests a high probability of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data that is not properly escaped can be rendered directly in the browser, allowing attackers to inject malicious scripts.\n\nThe lack of nonce and capability checks, while not directly flagged as an issue in the absence of an attack surface, would become a critical weakness if any entry points were discovered. The plugin's vulnerability history is clean, which is commendable, but this could also be due to the plugin's limited exposure or the thoroughness of the static analysis. Overall, while the plugin demonstrates good fundamental security by avoiding common pitfalls like SQL injection and exposed functionalities, the prevalent issue with output escaping presents a substantial risk that needs immediate attention.",[118,121,124],{"reason":119,"points":120},"Low percentage of properly escaped output",15,{"reason":122,"points":123},"No nonce checks",5,{"reason":125,"points":123},"No capability checks","2026-03-17T00:49:07.837Z",{"wat":128,"direct":137},{"assetPaths":129,"generatorPatterns":132,"scriptPaths":133,"versionParams":134},[130,131],"\u002Fwp-content\u002Fplugins\u002Fcalendario-runnerplace\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fcalendario-runnerplace\u002Fjs\u002Fmain.js",[],[131],[135,136],"calendario-runnerplace\u002Fcss\u002Fstyles.css?ver=","calendario-runnerplace\u002Fjs\u002Fmain.js?ver=",{"cssClasses":138,"htmlComments":140,"htmlAttributes":141,"restEndpoints":142,"jsGlobals":143,"shortcodeOutput":144},[139],"runnerplace_calendar",[],[],[],[],[145],"[runnerplace_calendar]",{"error":147,"url":148,"statusCode":149,"statusMessage":150,"message":150},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcalendario-runnerplace\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":33,"versions":152},[153,159,166],{"version":6,"download_url":23,"svn_tag_url":154,"released_at":26,"has_diff":155,"diff_files_changed":156,"diff_lines":26,"trac_diff_url":157,"vulnerabilities":158,"is_current":147},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcalendario-runnerplace\u002Ftags\u002F1.1.2\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcalendario-runnerplace%2Ftags%2F1.1.1&new_path=%2Fcalendario-runnerplace%2Ftags%2F1.1.2",[],{"version":160,"download_url":161,"svn_tag_url":162,"released_at":26,"has_diff":155,"diff_files_changed":163,"diff_lines":26,"trac_diff_url":164,"vulnerabilities":165,"is_current":155},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalendario-runnerplace.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcalendario-runnerplace\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcalendario-runnerplace%2Ftags%2F1.1&new_path=%2Fcalendario-runnerplace%2Ftags%2F1.1.1",[],{"version":167,"download_url":168,"svn_tag_url":169,"released_at":26,"has_diff":155,"diff_files_changed":170,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":171,"is_current":155},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalendario-runnerplace.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcalendario-runnerplace\u002Ftags\u002F1.1\u002F",[],[]]