[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCOTcgqtcjt6HCbKJg6TxjzI4hEWRWgp34vE-4Rjqg80":3,"$f2w-ejJXJDEAoPNZ_mk65VP4LzXnvF2KcOxwDSCCN7VM":248,"$fv2GU4pngp4FbAolokP2DJOCBv4WQpEDIkRPIkFlvapE":253},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":32,"analysis":33,"fingerprints":215},"dash-webhotelier-integrator","The Webhotelier Integrator","1.0","webcreativemaster","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebcreativemaster\u002F","\u003Cp>Plugin to integrate with Webhotelier API with options to display MULTIPLE promotions, booking engines and many more! Cut down on development effort and use this plugin.\u003Cbr \u002F>\nUsing a simple shortcodes allows you to display your promotions taken directly from WebHotelier.\u003C\u002Fp>\n\u003Cp>It also comes with an built-in popup banner that you can utilise to promote offers.  The popup banner is coded in Scalable Vector Graphics, hence you can change the text. But you cannot change the image at the moment. The banner is responsive, hence you do not need to worry about the display on mobile. It is coded to allowed only 2 popup per sessions so that it won’t annoy your visitors.\u003C\u002Fp>\n\u003Cp>Example: [display_promotion apiuser=” apipass=” product_code=”]\u003C\u002Fp>\n\u003Cp>By \u003Ca href=\"https:\u002F\u002Fdashdeveloper.com\" rel=\"nofollow ugc\">Dash Web Development\u003C\u002Fa>\u003Cbr \u002F>\nContributor: Halim\u003C\u002Fp>\n","Plugin to integrate with Webhotelier API",10,1167,0,"2019-01-18T02:07:00.000Z","4.9.29","4.9","5.0",[19],"web-hotelier","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwebhotelier-integrator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdash-webhotelier-integrator.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":22,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},4,30,84,"2026-05-20T09:03:48.635Z",[],{"attackSurface":34,"codeSignals":87,"taintFlows":167,"riskAssessment":202,"analyzedAt":214},{"hooks":35,"ajaxHandlers":70,"restRoutes":71,"shortcodes":72,"cronEvents":85,"entryPointCount":86,"unprotectedCount":13},[36,42,47,52,57,62,66],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_init","registerSettings","HalimWebhotelier_OptionsManager.php",270,{"type":37,"name":43,"callback":44,"file":45,"line":46},"admin_menu","addSettingsSubMenuPage","HalimWebhotelier_Plugin.php",290,{"type":48,"name":49,"callback":50,"file":45,"line":51},"filter","body_class","promote_membership",298,{"type":37,"name":53,"callback":54,"file":55,"line":56},"wp_footer","addScriptWrapper","HalimWebhotelier_ShortCodeScriptLoader.php",22,{"type":37,"name":58,"callback":59,"file":60,"line":61},"admin_notices","HalimWebhotelier_noticePhpVersionWrong","halim-webhotelier.php",52,{"type":37,"name":63,"callback":64,"file":60,"line":65},"plugins_loadedi","HalimWebhotelier_i18n_init",77,{"type":37,"name":67,"callback":68,"file":60,"line":69},"admin_enqueue_scripts","HalimWebhotelier_add_color_picker",79,[],[],[73,77,81],{"tag":74,"callback":75,"file":45,"line":76},"display_searchengine","display_se",294,{"tag":78,"callback":79,"file":45,"line":80},"display_promotion","display_promo",295,{"tag":82,"callback":83,"file":45,"line":84},"booknow","display_booknow",297,[],3,{"dangerousFunctions":88,"sqlUsage":89,"outputEscaping":92,"fileOperations":90,"externalRequests":90,"nonceChecks":13,"capabilityChecks":165,"bundledLibraries":166},[],{"prepared":90,"raw":13,"locations":91},1,[],{"escaped":93,"rawEcho":94,"locations":95},74,42,[96,99,101,103,105,107,108,110,111,113,114,116,117,119,120,122,123,125,126,128,129,131,132,134,135,137,138,140,141,142,144,145,147,149,151,153,154,156,157,159,161,163],{"file":40,"line":97,"context":98},354,"raw output",{"file":40,"line":100,"context":98},356,{"file":40,"line":102,"context":98},367,{"file":40,"line":104,"context":98},379,{"file":40,"line":106,"context":98},409,{"file":40,"line":106,"context":98},{"file":40,"line":109,"context":98},460,{"file":40,"line":109,"context":98},{"file":40,"line":112,"context":98},516,{"file":40,"line":112,"context":98},{"file":40,"line":115,"context":98},555,{"file":40,"line":115,"context":98},{"file":40,"line":118,"context":98},562,{"file":40,"line":118,"context":98},{"file":40,"line":121,"context":98},569,{"file":40,"line":121,"context":98},{"file":40,"line":124,"context":98},576,{"file":40,"line":124,"context":98},{"file":40,"line":127,"context":98},587,{"file":40,"line":127,"context":98},{"file":40,"line":130,"context":98},594,{"file":40,"line":130,"context":98},{"file":40,"line":133,"context":98},600,{"file":40,"line":133,"context":98},{"file":40,"line":136,"context":98},616,{"file":40,"line":136,"context":98},{"file":40,"line":139,"context":98},621,{"file":40,"line":139,"context":98},{"file":40,"line":139,"context":98},{"file":40,"line":143,"context":98},631,{"file":40,"line":143,"context":98},{"file":45,"line":146,"context":98},1412,{"file":45,"line":148,"context":98},1413,{"file":45,"line":150,"context":98},1415,{"file":45,"line":152,"context":98},1416,{"file":45,"line":152,"context":98},{"file":45,"line":155,"context":98},1418,{"file":45,"line":155,"context":98},{"file":45,"line":158,"context":98},1421,{"file":45,"line":160,"context":98},1424,{"file":45,"line":162,"context":98},1506,{"file":60,"line":164,"context":98},41,2,[],[168,192],{"entryPoint":169,"graph":170,"unsanitizedCount":28,"severity":191},"settingsPage (HalimWebhotelier_OptionsManager.php:294)",{"nodes":171,"edges":187},[172,177,181],{"id":173,"type":174,"label":175,"file":40,"line":176},"n0","source","$_POST[$aOptionKey] (x4)",307,{"id":178,"type":179,"label":180,"file":40,"line":176},"n1","transform","→ updateOption()",{"id":182,"type":183,"label":184,"file":40,"line":185,"wp_function":186},"n2","sink","update_option() [Settings Manipulation]",184,"update_option",[188,190],{"from":173,"to":178,"sanitized":189},false,{"from":178,"to":182,"sanitized":189},"low",{"entryPoint":193,"graph":194,"unsanitizedCount":28,"severity":191},"\u003CHalimWebhotelier_OptionsManager> (HalimWebhotelier_OptionsManager.php:0)",{"nodes":195,"edges":199},[196,197,198],{"id":173,"type":174,"label":175,"file":40,"line":176},{"id":178,"type":179,"label":180,"file":40,"line":176},{"id":182,"type":183,"label":184,"file":40,"line":185,"wp_function":186},[200,201],{"from":173,"to":178,"sanitized":189},{"from":178,"to":182,"sanitized":189},{"summary":203,"deductions":204},"The \"dash-webhotelier-integrator\" v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any known vulnerabilities in its history is a significant positive indicator.  Furthermore, the code demonstrates good practices by using prepared statements for all SQL queries and implementing capability checks.  The limited attack surface with no unprotected AJAX handlers or REST API routes also contributes to its security.\n\nHowever, there are areas that warrant attention. The low percentage of properly escaped output (64%) suggests a moderate risk of Cross-Site Scripting (XSS) vulnerabilities, especially with 116 total outputs analyzed.  While the taint analysis did not reveal critical or high-severity flows, it did identify two flows with unsanitized paths. This, combined with the lack of nonce checks, raises concerns about potential Cross-Site Request Forgery (CSRF) or other injection-based attacks if these unsanitized paths are not adequately protected by other means (e.g., within file operations or external requests).  The single file operation and single external HTTP request are also potential entry points if not handled with extreme care.\n\nIn conclusion, while the plugin has a solid foundation with no known vulnerabilities and good practices in SQL handling, the significant number of unescaped outputs and the presence of unsanitized paths in taint flows present potential weaknesses.  These areas should be thoroughly reviewed and mitigated to further enhance the plugin's security.",[205,208,211],{"reason":206,"points":207},"Low percentage of properly escaped output",7,{"reason":209,"points":210},"Unsanitized paths in taint flows",12,{"reason":212,"points":213},"No nonce checks",8,"2026-04-16T12:24:03.991Z",{"wat":216,"direct":223},{"assetPaths":217,"generatorPatterns":219,"scriptPaths":220,"versionParams":222},[218],"\u002Fwp-content\u002Fplugins\u002Fdash-webhotelier-integrator\u002Fjs\u002Fgrabmix-script.js",[],[221],"js\u002Fgrabmix-script.js",[],{"cssClasses":224,"htmlComments":227,"htmlAttributes":228,"restEndpoints":241,"jsGlobals":242,"shortcodeOutput":244},[225,226],"webhotelier-integrator-plugin","dash-webhotelier-integrator-plugin",[],[229,230,231,232,233,234,235,236,237,238,239,240],"data-site-id","data-engine-color","data-engine-bgcolor","data-engine-txtcolor","data-api-user","data-api-pw","data-prod-code","data-promo-img","data-promo-btncolor","data-promo-txtcolor","data-promo-txt","data-css",[],[243],"window.WebHotelier",[245,246,247],"[webhotelier_integrator]","[webhotelier_booking_engine]","[webhotelier_promotions]",{"error":249,"url":250,"statusCode":251,"statusMessage":252,"message":252},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdash-webhotelier-integrator\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":254},[]]