[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmKllglmSbXKKBYO7cDhJtjPBBjWVPSPjj56LwvY_e3o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":100,"crawl_stats":35,"alternatives":106,"analysis":107,"fingerprints":724},"ce21-suite","CE21 Suite","2.3.5","CE21","https:\u002F\u002Fprofiles.wordpress.org\u002Fce21com\u002F","\u003Cp>This plugin allows you to add CE21 components to your WordPress site. It includes widgets for displaying classified ads, directory of members, a calendar of programs, and a shortcode for displaying CE21 resources.\u003C\u002Fp>\n","CE21 Suite is a plugin that allow the addition of CE21 components to you WordPress site.",50,3339,0,"2026-02-06T18:31:00.000Z","6.9.4","6.3","7.4",[19,20,21],"education-online-courses","hybrid-conference","virtual-event-services","https:\u002F\u002Fwww.ce21.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fce21-suite.2.3.5.zip",28,6,4,"2025-11-03 15:24:06","2026-03-15T15:16:48.613Z",[30,44,55,68,79,88],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-11008","ce21-suite-unauthenticated-sensitive-information-exposure-to-privilege-escalation","CE21 Suite \u003C= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation","The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custom authentication feature before. This may include administrators, which makes a complete site takeover possible.",null,"\u003C=2.3.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Insertion of Sensitive Information into Log File","2025-11-04 03:26:46",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F91aa86d9-8e42-4deb-b6ca-c3b388fefcb1?source=api-prod",{"id":45,"url_slug":46,"title":47,"description":48,"plugin_slug":4,"theme_slug":35,"affected_versions":49,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":50,"published_date":51,"updated_date":52,"references":53,"days_to_patch":35},"CVE-2025-11007","ce21-suite-missing-authorization-to-unauthenticated-privilege-escalation-via-plugin-settings-update","CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update","The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API settings including a secret key used for authentication. This allows unauthenticated attackers to create new admin accounts on an affected site.",">=2.2.1 \u003C=2.3.1","Missing Authentication for Critical Function","2025-11-03 15:23:39","2025-11-04 03:26:45",[54],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5e24feac-1812-45d7-b3c3-27787eed1cf1?source=api-prod",{"id":56,"url_slug":57,"title":58,"description":59,"plugin_slug":4,"theme_slug":35,"affected_versions":60,"patched_in_version":61,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":62,"published_date":63,"updated_date":64,"references":65,"days_to_patch":67},"CVE-2024-54293","ce21-suite-unauthenticated-privilege-escalation","CE21 Suite \u003C= 2.2.0 - Unauthenticated Privilege Escalation","The CE21 Suite plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to gain elevated access to a site.","\u003C=2.2.0","2.2.1","Improper Privilege Management","2024-12-11 00:00:00","2024-12-19 16:38:50",[66],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdc7f5751-5c95-4105-b2a6-592d11d46ac6?source=api-prod",9,{"id":69,"url_slug":70,"title":71,"description":72,"plugin_slug":4,"theme_slug":35,"affected_versions":60,"patched_in_version":61,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":73,"published_date":74,"updated_date":75,"references":76,"days_to_patch":78},"CVE-2024-10284","ce21-suite-authentication-bypass","CE21 Suite \u003C= 2.2.0 - Authentication Bypass","The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","Authentication Bypass Using an Alternate Path or Channel","2024-11-08 00:00:00","2024-12-10 15:21:12",[77],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F45d66743-300e-480d-98b8-99dc30b6e786?source=api-prod",33,{"id":80,"url_slug":81,"title":82,"description":83,"plugin_slug":4,"theme_slug":35,"affected_versions":60,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":84,"published_date":74,"updated_date":85,"references":86,"days_to_patch":35},"CVE-2024-10285","ce21-suite-jwt-token-disclosure","CE21 Suite \u003C= 2.2.0 - JWT Token Disclosure","The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.","Exposure of Sensitive Information to an Unauthorized Actor","2024-11-09 02:32:01",[87],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=api-prod",{"id":89,"url_slug":90,"title":91,"description":92,"plugin_slug":4,"theme_slug":35,"affected_versions":60,"patched_in_version":35,"severity":93,"cvss_score":94,"cvss_vector":95,"vuln_type":96,"published_date":74,"updated_date":97,"references":98,"days_to_patch":35},"CVE-2024-10294","ce21-suite-missing-authorization-to-unauthenticated-plugin-settings-change","CE21 Suite \u003C= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change","The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:L","Missing Authorization","2024-11-09 02:32:03",[99],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcd6ce97c-fd80-4c43-a4d2-02aa91d11fac?source=api-prod",{"slug":101,"display_name":7,"profile_url":8,"plugin_count":102,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":103,"trust_score":104,"computed_at":105},"ce21com",1,21,44,"2026-04-05T09:51:31.927Z",[],{"attackSurface":108,"codeSignals":375,"taintFlows":480,"riskAssessment":703,"analyzedAt":723},{"hooks":109,"ajaxHandlers":232,"restRoutes":327,"shortcodes":347,"cronEvents":373,"entryPointCount":104,"unprotectedCount":374},[110,116,119,124,130,134,139,142,145,147,150,152,157,160,163,169,173,178,181,185,188,192,195,199,203,206,210,214,217,221,225,228],{"type":111,"name":112,"callback":113,"file":114,"line":115},"action","plugins_loaded","ce21_check_and_create_tables","classified\\ce21-classified-ads-functions.php",395,{"type":111,"name":117,"callback":113,"file":114,"line":118},"admin_init",398,{"type":111,"name":120,"callback":121,"priority":102,"file":122,"line":123},"wp_footer","wp_admin_bar_render","classified\\templates\\classified-ads-template.php",1295,{"type":111,"name":125,"callback":126,"priority":127,"file":128,"line":129},"bulk_edit_custom_box","sso_ce21_on_bulk_edit_custom_box",10,"includes\\ce21-functions.php",87,{"type":111,"name":131,"callback":132,"file":128,"line":133},"wp_head","ce21_my_custom_js",643,{"type":111,"name":135,"callback":136,"file":137,"line":138},"admin_menu","ce21_plugin_menu","includes\\class-single-sign-on-ce21.php",86,{"type":111,"name":112,"callback":140,"file":137,"line":141},"anonymous",149,{"type":111,"name":143,"callback":140,"file":137,"line":144},"admin_enqueue_scripts",164,{"type":111,"name":143,"callback":140,"file":137,"line":146},165,{"type":111,"name":148,"callback":140,"file":137,"line":149},"wp_enqueue_scripts",180,{"type":111,"name":148,"callback":140,"file":137,"line":151},181,{"type":111,"name":153,"callback":154,"priority":127,"file":155,"line":156},"quick_edit_custom_box","display_quick_edit_custom","includes\\quick-edit-functions.php",13,{"type":111,"name":143,"callback":158,"file":155,"line":159},"enqueue_admin_scripts_and_styles",14,{"type":111,"name":161,"callback":161,"priority":127,"file":155,"line":162},"save_post",15,{"type":164,"name":165,"callback":166,"file":167,"line":168},"filter","allowed_redirect_hosts","ce21_allow_sso_redirect_hosts","single-sign-on-ce21.php",96,{"type":111,"name":170,"callback":171,"file":167,"line":172},"rest_api_init","ce21_my_authentication_route",218,{"type":111,"name":174,"callback":175,"priority":176,"file":167,"line":177},"add_meta_boxes","ce21_post_groups_add_custom_metabox",2,507,{"type":111,"name":161,"callback":179,"file":167,"line":180},"ce21_post_authentication_save_post_data",576,{"type":164,"name":182,"callback":183,"file":167,"line":184},"manage_posts_columns","ce21_set_custom_membership_columns",607,{"type":164,"name":186,"callback":183,"file":167,"line":187},"manage_pages_columns",608,{"type":111,"name":189,"callback":190,"priority":127,"file":167,"line":191},"manage_posts_custom_column","ce21_custom_membership_column",628,{"type":111,"name":193,"callback":190,"priority":127,"file":167,"line":194},"manage_pages_custom_column",629,{"type":111,"name":196,"callback":197,"file":167,"line":198},"wp","ce21_single_post_view_function",683,{"type":111,"name":200,"callback":201,"priority":127,"file":167,"line":202},"wp_trash_post","ce21_restrict_post_deletion",889,{"type":111,"name":135,"callback":204,"file":167,"line":205},"ce21_remove_menus",906,{"type":111,"name":207,"callback":208,"file":167,"line":209},"wpmu_new_blog","ce21_on_create_table_when_new_site_created",970,{"type":111,"name":211,"callback":208,"priority":212,"file":167,"line":213},"wp_initialize_site",99,973,{"type":111,"name":215,"callback":208,"file":167,"line":216},"activate_blog",976,{"type":111,"name":218,"callback":219,"file":167,"line":220},"init","ce21_ajax_login_init",1021,{"type":111,"name":222,"callback":223,"priority":127,"file":167,"line":224},"upgrader_process_complete","wp_upe_upgrade_completed",1062,{"type":111,"name":148,"callback":226,"file":167,"line":227},"custom_filter_scripts",1071,{"type":111,"name":120,"callback":229,"priority":230,"file":167,"line":231},"custom_ce21_category_click_script",100,1300,[233,238,240,243,245,248,252,254,256,258,262,266,268,271,273,275,277,280,282,285,287,290,292,295,297,300,302,305,307,310,312,315,318,321,325],{"action":234,"nopriv":235,"callback":234,"hasNonce":236,"hasCapCheck":236,"file":114,"line":237},"ce21_save_classifiedads_list_settings",false,true,37,{"action":234,"nopriv":236,"callback":234,"hasNonce":236,"hasCapCheck":236,"file":114,"line":239},38,{"action":241,"nopriv":235,"callback":241,"hasNonce":236,"hasCapCheck":236,"file":114,"line":242},"ce21_update_classifiedads_list_settings",114,{"action":241,"nopriv":236,"callback":241,"hasNonce":236,"hasCapCheck":236,"file":114,"line":244},115,{"action":246,"nopriv":235,"callback":246,"hasNonce":236,"hasCapCheck":236,"file":114,"line":247},"ce21_delete_classifiedads",196,{"action":249,"nopriv":235,"callback":250,"hasNonce":236,"hasCapCheck":235,"file":114,"line":251},"filter_classified_ads","ce21_filter_classified_ads",380,{"action":249,"nopriv":236,"callback":250,"hasNonce":236,"hasCapCheck":235,"file":114,"line":253},381,{"action":234,"nopriv":235,"callback":234,"hasNonce":236,"hasCapCheck":236,"file":114,"line":255},401,{"action":241,"nopriv":235,"callback":241,"hasNonce":236,"hasCapCheck":236,"file":114,"line":257},402,{"action":259,"nopriv":235,"callback":260,"hasNonce":235,"hasCapCheck":235,"file":128,"line":261},"manage_wp_posts_using_bulk_quick_save_bulk_edit","sso_ce21_manage_wp_posts_using_bulk_quick_save_bulk_edit",130,{"action":263,"nopriv":235,"callback":264,"hasNonce":235,"hasCapCheck":235,"file":128,"line":265},"data_fetch","sso_ce21_data_fetch",177,{"action":263,"nopriv":236,"callback":264,"hasNonce":235,"hasCapCheck":235,"file":128,"line":267},178,{"action":269,"nopriv":235,"callback":269,"hasNonce":235,"hasCapCheck":235,"file":128,"line":270},"ce21_single_sign_on_save_api_settings",367,{"action":269,"nopriv":236,"callback":269,"hasNonce":235,"hasCapCheck":235,"file":128,"line":272},368,{"action":274,"nopriv":235,"callback":274,"hasNonce":235,"hasCapCheck":235,"file":128,"line":177},"get_ce21_single_sign_on_calendar_events",{"action":274,"nopriv":236,"callback":274,"hasNonce":235,"hasCapCheck":235,"file":128,"line":276},508,{"action":278,"nopriv":235,"callback":278,"hasNonce":235,"hasCapCheck":235,"file":128,"line":279},"ce21_ss_add_new_calendar_event",691,{"action":278,"nopriv":236,"callback":278,"hasNonce":235,"hasCapCheck":235,"file":128,"line":281},692,{"action":283,"nopriv":235,"callback":283,"hasNonce":235,"hasCapCheck":235,"file":128,"line":284},"ce21_ss_delete_calendar_event",763,{"action":283,"nopriv":236,"callback":283,"hasNonce":235,"hasCapCheck":235,"file":128,"line":286},764,{"action":288,"nopriv":235,"callback":288,"hasNonce":235,"hasCapCheck":235,"file":128,"line":289},"get_ce21_single_sign_on_calendar_event",803,{"action":288,"nopriv":236,"callback":288,"hasNonce":235,"hasCapCheck":235,"file":128,"line":291},804,{"action":293,"nopriv":235,"callback":293,"hasNonce":235,"hasCapCheck":235,"file":128,"line":294},"ce21_ss_edit_calendar_event",865,{"action":293,"nopriv":236,"callback":293,"hasNonce":235,"hasCapCheck":235,"file":128,"line":296},866,{"action":298,"nopriv":235,"callback":298,"hasNonce":235,"hasCapCheck":235,"file":128,"line":299},"load_ce21_single_sign_on_calendar_events",934,{"action":298,"nopriv":236,"callback":298,"hasNonce":235,"hasCapCheck":235,"file":128,"line":301},935,{"action":303,"nopriv":235,"callback":303,"hasNonce":235,"hasCapCheck":235,"file":128,"line":304},"get_ce21_mini_calendar",1584,{"action":303,"nopriv":236,"callback":303,"hasNonce":235,"hasCapCheck":235,"file":128,"line":306},1585,{"action":308,"nopriv":235,"callback":308,"hasNonce":235,"hasCapCheck":235,"file":309,"line":103},"ce21_save_programs_list_settings","programs\\ce21-programs-functions.php",{"action":308,"nopriv":236,"callback":308,"hasNonce":235,"hasCapCheck":235,"file":309,"line":311},22,{"action":313,"nopriv":235,"callback":313,"hasNonce":235,"hasCapCheck":235,"file":309,"line":314},"update_program_settings",358,{"action":316,"nopriv":235,"callback":316,"hasNonce":235,"hasCapCheck":235,"file":309,"line":317},"ce21_delete_program",457,{"action":319,"nopriv":236,"callback":319,"hasNonce":235,"hasCapCheck":235,"file":167,"line":320},"ce21_sign_in_ajax_api",1016,{"action":322,"nopriv":235,"callback":323,"hasNonce":235,"hasCapCheck":235,"file":167,"line":324},"load_ce21_classified_ads","handle_ce21_ajax",1084,{"action":322,"nopriv":236,"callback":323,"hasNonce":235,"hasCapCheck":235,"file":167,"line":326},1085,[328,336,342],{"namespace":329,"route":330,"methods":331,"callback":333,"permissionCallback":334,"file":167,"line":335},"ce21","authentication",[332],"GET","ce21_authentication_phrase","__return_true",221,{"namespace":329,"route":337,"methods":338,"callback":340,"permissionCallback":334,"file":167,"line":341},"membership\u002Fupdate",[339],"POST","ce21_membership_update",230,{"namespace":329,"route":343,"methods":344,"callback":345,"permissionCallback":334,"file":167,"line":346},"logoff",[332],"ce21_log_off",239,[348,352,356,360,364,369],{"tag":349,"callback":350,"file":114,"line":351},"ce21_classifiedads","ce21_classifiedads_shortcode",300,{"tag":353,"callback":354,"file":128,"line":355},"ce21-sso-sign-in","ce21_sso_sign_in_shortcode",298,{"tag":357,"callback":358,"file":128,"line":359},"ce21-calendar","ce21_single_sign_on_calendar_shortcode",495,{"tag":361,"callback":362,"file":128,"line":363},"ce21-mini-calendar","ce21_mini_calendar_shortcode",1066,{"tag":365,"callback":366,"file":367,"line":368},"ce21_directory","ce21_membership_list_shortcode","membership\\ce21-membership-functions.php",36,{"tag":370,"callback":371,"file":309,"line":372},"ce21_programs_list","ce21_programs_list_shortcode",505,[],29,{"dangerousFunctions":376,"sqlUsage":377,"outputEscaping":433,"fileOperations":13,"externalRequests":162,"nonceChecks":25,"capabilityChecks":475,"bundledLibraries":476},[],{"prepared":311,"raw":378,"locations":379},24,[380,383,386,389,391,393,395,397,399,401,403,406,409,411,414,416,418,420,422,423,425,427,429,431],{"file":114,"line":381,"context":382},232,"$wpdb->get_results() with variable interpolation",{"file":122,"line":384,"context":385},284,"$wpdb->get_row() with variable interpolation",{"file":128,"line":387,"context":388},16,"$wpdb->get_var() with variable interpolation",{"file":128,"line":390,"context":382},98,{"file":128,"line":392,"context":388},317,{"file":128,"line":394,"context":385},359,{"file":128,"line":396,"context":382},599,{"file":128,"line":398,"context":388},656,{"file":128,"line":400,"context":382},953,{"file":128,"line":402,"context":388},1616,{"file":128,"line":404,"context":405},1672,"$wpdb->get_col() with variable interpolation",{"file":128,"line":407,"context":408},1676,"$wpdb->query() with variable interpolation",{"file":128,"line":410,"context":408},1681,{"file":412,"line":413,"context":405},"includes\\class-single-sign-on-ce21-activator.php",56,{"file":412,"line":415,"context":405},81,{"file":137,"line":417,"context":408},338,{"file":137,"line":419,"context":408},405,{"file":137,"line":421,"context":382},544,{"file":155,"line":78,"context":382},{"file":309,"line":424,"context":382},133,{"file":167,"line":426,"context":382},532,{"file":167,"line":428,"context":382},647,{"file":167,"line":430,"context":382},778,{"file":167,"line":432,"context":385},1080,{"escaped":434,"rawEcho":435,"locations":436},448,19,[437,440,442,444,446,447,449,451,453,455,457,459,461,463,465,467,469,471,473],{"file":128,"line":438,"context":439},187,"raw output",{"file":128,"line":441,"context":439},285,{"file":128,"line":443,"context":439},288,{"file":128,"line":445,"context":439},485,{"file":128,"line":194,"context":439},{"file":128,"line":448,"context":439},713,{"file":128,"line":450,"context":439},753,{"file":128,"line":452,"context":439},793,{"file":128,"line":454,"context":439},855,{"file":128,"line":456,"context":439},882,{"file":128,"line":458,"context":439},917,{"file":128,"line":460,"context":439},921,{"file":128,"line":462,"context":439},1029,{"file":128,"line":464,"context":439},1598,{"file":309,"line":466,"context":439},120,{"file":309,"line":468,"context":439},469,{"file":309,"line":470,"context":439},471,{"file":309,"line":472,"context":439},475,{"file":167,"line":474,"context":439},497,3,[477],{"name":478,"version":35,"knownCves":479},"DataTables",[],[481,497,505,523,550,564,574,589,603,626,643,654,663,673,685],{"entryPoint":482,"graph":483,"unsanitizedCount":102,"severity":93},"get_filtered_ads (classified\\templates\\classified-ads-template.php:57)",{"nodes":484,"edges":495},[485,490],{"id":486,"type":487,"label":488,"file":122,"line":489},"n0","source","$_GET",75,{"id":491,"type":492,"label":493,"file":122,"line":244,"wp_function":494},"n1","sink","wp_remote_get() [SSRF]","wp_remote_get",[496],{"from":486,"to":491,"sanitized":235},{"entryPoint":498,"graph":499,"unsanitizedCount":102,"severity":93},"\u003Cclassified-ads-template> (classified\\templates\\classified-ads-template.php:0)",{"nodes":500,"edges":503},[501,502],{"id":486,"type":487,"label":488,"file":122,"line":489},{"id":491,"type":492,"label":493,"file":122,"line":244,"wp_function":494},[504],{"from":486,"to":491,"sanitized":235},{"entryPoint":506,"graph":507,"unsanitizedCount":176,"severity":93},"get_ce21_mini_calendar (includes\\ce21-functions.php:1587)",{"nodes":508,"edges":520},[509,512,515],{"id":486,"type":487,"label":510,"file":128,"line":511},"$_REQUEST (x2)",1595,{"id":491,"type":513,"label":514,"file":128,"line":511},"transform","→ ce21_getMiniCalendarHTML()",{"id":516,"type":492,"label":517,"file":128,"line":518,"wp_function":519},"n2","echo() [XSS]",1562,"echo",[521,522],{"from":486,"to":491,"sanitized":235},{"from":491,"to":516,"sanitized":235},{"entryPoint":524,"graph":525,"unsanitizedCount":176,"severity":93},"\u003Cce21-functions> (includes\\ce21-functions.php:0)",{"nodes":526,"edges":545},[527,530,534,536,539,541,543],{"id":486,"type":487,"label":528,"file":128,"line":529},"$_POST['id']",817,{"id":491,"type":492,"label":531,"file":128,"line":532,"wp_function":533},"get_row() [SQLi]",816,"get_row",{"id":516,"type":487,"label":510,"file":128,"line":535},517,{"id":537,"type":492,"label":517,"file":128,"line":538,"wp_function":519},"n3",1542,{"id":540,"type":487,"label":510,"file":128,"line":511},"n4",{"id":542,"type":513,"label":514,"file":128,"line":511},"n5",{"id":544,"type":492,"label":517,"file":128,"line":518,"wp_function":519},"n6",[546,547,548,549],{"from":486,"to":491,"sanitized":236},{"from":516,"to":537,"sanitized":236},{"from":540,"to":542,"sanitized":235},{"from":542,"to":544,"sanitized":235},{"entryPoint":551,"graph":552,"unsanitizedCount":102,"severity":93},"ce21_plugin_settings_page (includes\\class-single-sign-on-ce21.php:449)",{"nodes":553,"edges":561},[554,557,559],{"id":486,"type":487,"label":555,"file":137,"line":556},"$_POST",458,{"id":491,"type":513,"label":558,"file":137,"line":556},"→ ce21_catalog_data_save()",{"id":516,"type":492,"label":493,"file":137,"line":560,"wp_function":494},304,[562,563],{"from":486,"to":491,"sanitized":235},{"from":491,"to":516,"sanitized":235},{"entryPoint":565,"graph":566,"unsanitizedCount":102,"severity":93},"\u003Cclass-single-sign-on-ce21> (includes\\class-single-sign-on-ce21.php:0)",{"nodes":567,"edges":571},[568,569,570],{"id":486,"type":487,"label":555,"file":137,"line":556},{"id":491,"type":513,"label":558,"file":137,"line":556},{"id":516,"type":492,"label":493,"file":137,"line":560,"wp_function":494},[572,573],{"from":486,"to":491,"sanitized":235},{"from":491,"to":516,"sanitized":235},{"entryPoint":575,"graph":576,"unsanitizedCount":102,"severity":93},"ce21_single_post_view_function (single-sign-on-ce21.php:696)",{"nodes":577,"edges":586},[578,580,582,584],{"id":486,"type":487,"label":488,"file":167,"line":579},832,{"id":491,"type":492,"label":493,"file":167,"line":581,"wp_function":494},844,{"id":516,"type":487,"label":488,"file":167,"line":583},867,{"id":537,"type":492,"label":517,"file":167,"line":585,"wp_function":519},872,[587,588],{"from":486,"to":491,"sanitized":235},{"from":516,"to":537,"sanitized":236},{"entryPoint":590,"graph":591,"unsanitizedCount":176,"severity":93},"handle_ce21_ajax (single-sign-on-ce21.php:1088)",{"nodes":592,"edges":600},[593,596,598],{"id":486,"type":487,"label":594,"file":167,"line":595},"$_POST (x2)",1226,{"id":491,"type":513,"label":597,"file":167,"line":595},"→ render_pagination_withfilter()",{"id":516,"type":492,"label":517,"file":167,"line":599,"wp_function":519},1266,[601,602],{"from":486,"to":491,"sanitized":235},{"from":491,"to":516,"sanitized":235},{"entryPoint":604,"graph":605,"unsanitizedCount":475,"severity":93},"\u003Csingle-sign-on-ce21> (single-sign-on-ce21.php:0)",{"nodes":606,"edges":620},[607,608,609,610,611,613,615,616,618],{"id":486,"type":487,"label":488,"file":167,"line":579},{"id":491,"type":492,"label":493,"file":167,"line":581,"wp_function":494},{"id":516,"type":487,"label":488,"file":167,"line":583},{"id":537,"type":492,"label":517,"file":167,"line":585,"wp_function":519},{"id":540,"type":487,"label":555,"file":167,"line":612},1093,{"id":542,"type":492,"label":517,"file":167,"line":614,"wp_function":519},1250,{"id":544,"type":487,"label":594,"file":167,"line":595},{"id":617,"type":513,"label":597,"file":167,"line":595},"n7",{"id":619,"type":492,"label":517,"file":167,"line":599,"wp_function":519},"n8",[621,622,623,624,625],{"from":486,"to":491,"sanitized":235},{"from":516,"to":537,"sanitized":236},{"from":540,"to":542,"sanitized":236},{"from":544,"to":617,"sanitized":235},{"from":617,"to":619,"sanitized":235},{"entryPoint":627,"graph":628,"unsanitizedCount":13,"severity":642},"ce21_update_classifiedads_list_settings (classified\\ce21-classified-ads-functions.php:117)",{"nodes":629,"edges":639},[630,632,636,637],{"id":486,"type":487,"label":555,"file":114,"line":631},134,{"id":491,"type":492,"label":633,"file":114,"line":634,"wp_function":635},"get_var() [SQLi]",143,"get_var",{"id":516,"type":487,"label":555,"file":114,"line":631},{"id":537,"type":492,"label":531,"file":114,"line":638,"wp_function":533},188,[640,641],{"from":486,"to":491,"sanitized":236},{"from":516,"to":537,"sanitized":236},"low",{"entryPoint":644,"graph":645,"unsanitizedCount":13,"severity":642},"\u003Cce21-classified-ads-functions> (classified\\ce21-classified-ads-functions.php:0)",{"nodes":646,"edges":651},[647,648,649,650],{"id":486,"type":487,"label":555,"file":114,"line":631},{"id":491,"type":492,"label":633,"file":114,"line":634,"wp_function":635},{"id":516,"type":487,"label":555,"file":114,"line":631},{"id":537,"type":492,"label":531,"file":114,"line":638,"wp_function":533},[652,653],{"from":486,"to":491,"sanitized":236},{"from":516,"to":537,"sanitized":236},{"entryPoint":655,"graph":656,"unsanitizedCount":102,"severity":662},"get_ce21_single_sign_on_calendar_event (includes\\ce21-functions.php:807)",{"nodes":657,"edges":660},[658,659],{"id":486,"type":487,"label":528,"file":128,"line":529},{"id":491,"type":492,"label":531,"file":128,"line":532,"wp_function":533},[661],{"from":486,"to":491,"sanitized":235},"high",{"entryPoint":664,"graph":665,"unsanitizedCount":102,"severity":662},"ce21_save_programs_list_settings (programs\\ce21-programs-functions.php:23)",{"nodes":666,"edges":671},[667,669],{"id":486,"type":487,"label":555,"file":309,"line":668},32,{"id":491,"type":492,"label":531,"file":309,"line":670,"wp_function":533},71,[672],{"from":486,"to":491,"sanitized":235},{"entryPoint":674,"graph":675,"unsanitizedCount":102,"severity":662},"update_program_settings (programs\\ce21-programs-functions.php:360)",{"nodes":676,"edges":682},[677,679,681],{"id":486,"type":487,"label":555,"file":309,"line":678},375,{"id":491,"type":513,"label":680,"file":309,"line":678},"→ update_program_settings_in_db()",{"id":516,"type":492,"label":531,"file":309,"line":115,"wp_function":533},[683,684],{"from":486,"to":491,"sanitized":235},{"from":491,"to":516,"sanitized":235},{"entryPoint":686,"graph":687,"unsanitizedCount":475,"severity":662},"\u003Cce21-programs-functions> (programs\\ce21-programs-functions.php:0)",{"nodes":688,"edges":698},[689,690,691,693,695,696,697],{"id":486,"type":487,"label":594,"file":309,"line":668},{"id":491,"type":492,"label":531,"file":309,"line":670,"wp_function":533},{"id":516,"type":487,"label":594,"file":309,"line":692},364,{"id":537,"type":492,"label":517,"file":309,"line":694,"wp_function":519},636,{"id":540,"type":487,"label":555,"file":309,"line":678},{"id":542,"type":513,"label":680,"file":309,"line":678},{"id":544,"type":492,"label":531,"file":309,"line":115,"wp_function":533},[699,700,701,702],{"from":486,"to":491,"sanitized":235},{"from":516,"to":537,"sanitized":236},{"from":540,"to":542,"sanitized":235},{"from":542,"to":544,"sanitized":235},{"summary":704,"deductions":705},"The \"ce21-suite\" plugin v2.3.5 exhibits a concerning security posture, largely due to a significant number of unprotected entry points and a history of severe vulnerabilities. While the code demonstrates good practices in output escaping and uses prepared statements for a majority of its SQL queries, the sheer volume of AJAX handlers and REST API routes lacking proper authentication and authorization checks presents a substantial attack surface.  Furthermore, the taint analysis revealed multiple flows with unsanitized paths, indicating potential for injection vulnerabilities.  The plugin's vulnerability history is particularly alarming, with a high number of critical and unpatched CVEs, including common types like authentication bypass and exposure of sensitive information. This pattern suggests recurring, fundamental security flaws that have not been adequately addressed, increasing the likelihood of exploitation. The presence of bundled libraries without specific version information also introduces a potential unknown risk.",[706,709,711,714,716,718,721],{"reason":707,"points":708},"Unpatched critical vulnerabilities (4)",20,{"reason":710,"points":127},"High number of unprotected AJAX handlers (26)",{"reason":712,"points":713},"Unprotected REST API routes (3)",7,{"reason":715,"points":127},"Taint analysis with unsanitized paths (13)",{"reason":717,"points":162},"Critical severity taint flows (4)",{"reason":719,"points":720},"Missing nonce checks on AJAX handlers (implied by lack of auth)",5,{"reason":722,"points":162},"Vulnerability history pattern (multiple critical\u002Fauthentication issues)","2026-03-16T21:58:45.189Z",{"wat":725,"direct":750},{"assetPaths":726,"generatorPatterns":737,"scriptPaths":738,"versionParams":739},[727,728,729,730,731,732,733,734,735,736],"\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fincludes\u002Fjs\u002Fce21-sso-admin.js","\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fincludes\u002Fjs\u002Fce21-sso-frontend.js","\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fincludes\u002Fcss\u002Fce21-sso-admin.css","\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fincludes\u002Fcss\u002Fce21-sso-frontend.css","\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fprograms\u002Fcss\u002Fce21-programs.css","\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fprograms\u002Fjs\u002Fce21-programs.js","\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fclassified\u002Fcss\u002Fce21-classified-ads.css","\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fclassified\u002Fjs\u002Fce21-classified-ads.js","\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fmembership\u002Fcss\u002Fce21-membership.css","\u002Fwp-content\u002Fplugins\u002Fce21-suite\u002Fmembership\u002Fjs\u002Fce21-membership.js",[],[727,728,732,734,736],[740,741,742,743,744,745,746,747,748,749],"ce21-suite\u002Fincludes\u002Fcss\u002Fce21-sso-admin.css?ver=","ce21-suite\u002Fincludes\u002Fjs\u002Fce21-sso-admin.js?ver=","ce21-suite\u002Fincludes\u002Fcss\u002Fce21-sso-frontend.css?ver=","ce21-suite\u002Fincludes\u002Fjs\u002Fce21-sso-frontend.js?ver=","ce21-suite\u002Fprograms\u002Fcss\u002Fce21-programs.css?ver=","ce21-suite\u002Fprograms\u002Fjs\u002Fce21-programs.js?ver=","ce21-suite\u002Fclassified\u002Fcss\u002Fce21-classified-ads.css?ver=","ce21-suite\u002Fclassified\u002Fjs\u002Fce21-classified-ads.js?ver=","ce21-suite\u002Fmembership\u002Fcss\u002Fce21-membership.css?ver=","ce21-suite\u002Fmembership\u002Fjs\u002Fce21-membership.js?ver=",{"cssClasses":751,"htmlComments":757,"htmlAttributes":771,"restEndpoints":776,"jsGlobals":779,"shortcodeOutput":785},[752,753,754,755,756],"ce21-sso-admin-wrap","ce21-login-form","ce21-programs-list","ce21-classified-ads-widget","ce21-membership-plans",[758,759,760,761,762,763,764,765,766,767,768,769,770],"\u003C!-- Currently plugin version. -->","\u003C!-- The code that runs before plugin activation. -->","\u003C!-- The core plugin class that is used to define internationalization, -->","\u003C!-- admin-specific hooks, and public-facing site hooks. -->","\u003C!-- The code that runs during plugin activation. -->","\u003C!-- The code that runs during plugin deactivation. -->","\u003C!-- JWT library included -->","\u003C!-- Begins execution of the plugin. -->","\u003C!-- WP Error Handling function -->","\u003C!-- General Function to use for Get API -->","\u003C!-- Create End Point for the login api and membership group update api -->","\u003C!-- The code that handle the user authentication from CE21. -->","\u003C!-- Create a user if does not exist and login. -->",[772,773,774,775],"data-ce21-sso-nonce","data-ce21-program-id","data-ce21-classified-id","data-ce21-membership-plan-id",[777,778],"\u002Fwp-json\u002Fce21\u002Fauthentication","\u002Fwp-json\u002Fce21\u002Fmembership\u002Fupdate",[780,781,782,783,784],"ce21_sso_ajax_object","ce21_programs_ajax_object","ce21_classified_ads_ajax_object","ce21_membership_ajax_object","sesionHelper",[786,787,788,789],"[ce21_sso_login_button]","[ce21_programs_list]","[ce21_classified_ads]","[ce21_membership_plans]"]