[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8lZBhmizbfJH6KXJlR7n1-oc-Z9QylOhWBNNCYNBUWE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":47,"crawl_stats":38,"alternatives":52,"analysis":146,"fingerprints":194},"divelogs-widget","Divelogs Widget","1.6","klemmkeil","https:\u002F\u002Fprofiles.wordpress.org\u002Fklemmkeil\u002F","\u003Cp>Displays your latest dive from divelogs.de \u002F divelogs.org in a widget.\u003Cbr \u002F>\nCurrently german, english, french, dutch, spanish, italian and hebrew are supported.\u003Cbr \u002F>\nYou can choose if you also want to display your dive’s profile graph.\u003Cbr \u002F>\nAlso provides a shortcode to display your latest dive or any specific dive in a page\u003C\u002Fp>\n","Displays your latest dive from divelogs.de in a widget",20,2883,66,3,"2025-12-10T20:33:00.000Z","6.9.4","5.0","7.4",[20,21,22,23,24],"divelogs","diving","latest-dive","logbook","scuba","https:\u002F\u002Fdivelogs.de\u002Fwordpress_plugin.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdivelogs-widget.zip",99,1,0,"2025-12-11 14:46:32","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":28},"CVE-2025-13962","divelogs-widget-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes","Divelogs Widget \u003C= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes","The Divelogs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'latestdive' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.5","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-12-12 03:20:57",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcbb3378a-d3e8-4a31-9ed2-f580960878cf?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":28,"trust_score":50,"computed_at":51},2,30,100,"2026-04-05T14:56:00.708Z",[53,76,93,111,129],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":29,"num_ratings":29,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":73,"download_link":74,"security_score":75,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"nautilus-trips","Nautilus Trips","1.0.9","nautilusadam","https:\u002F\u002Fprofiles.wordpress.org\u002Fnautilusadam\u002F","\u003Cp>The Nautilus Trips plugin shows available trips aboard the Nautilus Liveaboards vessels and allows people to book a trip\u003Cbr \u002F>\nright on your website.\u003C\u002Fp>\n\u003Cp>*An approved Nautilus Dealers account and API Key are required for proper operation of this plugin!\u003Cbr \u002F>\nIf you are not already a Nautilus Dealer you can apply on the Nautilus Dealers contact form https:\u002F\u002Fnautilusdealers.com\u002Fcontact.\u003C\u002Fp>\n\u003Cp>Choose a subset of trips, destinations, vessels, or allow all available trips to be displayed on your website.\u003Cbr \u002F>\nGuests can see details of destinations and book a trip right into Nautilus Liveaboards systems under your Dealer Account.\u003C\u002Fp>\n\u003Cp>This plugin accesses an external API from Nautilus Liveaboards to obtain real-time trip availability data. To do so, the\u003Cbr \u002F>\nwebsite must be able to perform server-to-server communication. A valid Dealer API key is required for these API requests.\u003C\u002Fp>\n","List, Display, and Book Nautilus Liveaboards scuba diving trips directly on your website. Nautilus Dealer account required.",10,2764,"2023-09-07T07:04:00.000Z","5.6.17","4.6","5.2.4",[68,69,70,71,72],"dive-travel","liveaboard","nautilus-liveaboards","scuba-diving","travel","https:\u002F\u002Fnautilusdealers.com\u002Fmarketing\u002Fnautilus_trips_plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnautilus-trips.1.0.9.zip",85,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":29,"downloaded":84,"rating":50,"num_ratings":28,"last_updated":85,"tested_up_to":16,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":91,"download_link":92,"security_score":50,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"dive-admin","Dive Admin","1.0.8","awcode","https:\u002F\u002Fprofiles.wordpress.org\u002Fawcode\u002F","\u003Cp>DiveAdmin is an online software solution for dive schools and dive centers.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customer and diver management\u003C\u002Fli>\n\u003Cli>Lead & booking management\u003C\u002Fli>\n\u003Cli>Daily trip planning and organisation\u003C\u002Fli>\n\u003Cli>Digital & printable boat lists\u003C\u002Fli>\n\u003Cli>Digital forms for liability, medical etc. E-signed forms, no more paperwork!\u003C\u002Fli>\n\u003Cli>Agent booking platform\u003C\u002Fli>\n\u003Cli>Billing & POS System\u003C\u002Fli>\n\u003Cli>Equipment management\u003C\u002Fli>\n\u003Cli>Supports PADI, SSI and other dive certification organisations\u003C\u002Fli>\n\u003Cli>and lots more….\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin lets you connect your DiveAdmin account with your WordPress website.\u003C\u002Fp>\n\u003Cp>Once connected you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sync woocommerce sales into DiveAdmin Leads\u003C\u002Fli>\n\u003Cli>Add a DiveAdmin lead form to your website\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please note:\u003Cbr \u002F>\nUse of this plugin requires an active account with \u003Ca href=\"https:\u002F\u002Fdiveadmin.com\" rel=\"nofollow ugc\">diveadmin.com\u003C\u002Fa>\u003Cbr \u002F>\nThe plugin will send data about new leads to your diveadmin account.\u003Cbr \u002F>\nDiveadmin accounts are subject to their \u003Ca href=\"https:\u002F\u002Fdiveadmin.com\u002Fterms\" rel=\"nofollow ugc\">terms\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fdiveadmin.com\u002Fprivacy\" rel=\"nofollow ugc\">privacy policies\u003C\u002Fa>.\u003C\u002Fp>\n","DiveAdmin.com is a software solution for dive schools and diving centers.",589,"2026-01-07T05:43:00.000Z","6.0","",[89,21,90,24,72],"business","management","https:\u002F\u002Fdiveadmin.com\u002Fresources\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdive-admin.1.0.8.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":29,"downloaded":101,"rating":29,"num_ratings":29,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":18,"tags":105,"homepage":108,"download_link":109,"security_score":110,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"diving-calculators","Diving Calculators","1.1.0","Choni","https:\u002F\u002Fprofiles.wordpress.org\u002Fchonicodefish\u002F","\u003Cp>Add Scuba Diving calculators to your website with this widget. It includes the following calculators:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Maximum Operation Depth\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Best Nitrox Mix\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Equivalent Air Depth\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Equivalent Narcotic Depth\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Surface Air Consumption Rate\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Altitude Diving\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Lift Bag Volume\u003C\u002Fstrong>\u003C\u002Fp>\n","Widget for scuba diving calculators",1449,"2024-10-21T13:20:00.000Z","6.6.5","5.8",[106,21,24,107],"calculators","widget","https:\u002F\u002Fcode-fish.eu\u002Fdiving-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdiving-calculators.zip",92,{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":61,"downloaded":119,"rating":50,"num_ratings":28,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":87,"tags":123,"homepage":87,"download_link":128,"security_score":50,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"office-visits-logbook","Visitor Check-In\u002FCheck-Out Logbook – WordPress Visitor Management","1.1.3","v20202020","https:\u002F\u002Fprofiles.wordpress.org\u002Fv20202020\u002F","\u003Cp>Your company is still using paper log sheets for office visitors? Everything is digital and paperless now. Being paperless can also save trees and protect the environment. We provide you an efficient plugin for your company office visitors to sign in and sign out. Data is saved in the same MySQL database for your WordPress website.\u003C\u002Fp>\n\u003Cp>You do not need paper office visit logbook any more! And you can search office visit history easily. So efficient and easy to use.\u003C\u002Fp>\n\u003Cp>This office visits logbook plugin is for the sign-in and sign-out of office interview, business, meeting, etc. You can add any new visit type categories and new visit types if you want. For example, for hospitals and clinics, you can add new visit types such as surgery, emergency, ICU. For dental offices, you can add new visit types such as wash teeth, root canal, dental implants, wisdom tooth extraction, reconstructive surgery, and cosmetic surgery.\u003C\u002Fp>\n\u003Cp>By default, this plugin uses Bootstrap (https:\u002F\u002Fgetbootstrap.com\u002F) for the formatting. But sometimes you already have your own formatting css files. So you may need to remove these Bootstrap css and javascript files when you use this plugin. If this is the case, you can choose not to use Bootstrap’s css and javascript files by changing the values of USE_BOOTSTRAP_JS and USE_BOOTSTRAP_CSS to no (0) in the constant table.\u003C\u002Fp>\n\u003Cp>If you did not find USE_BOOTSTRAP_JS and USE_BOOTSTRAP_CSS in your constant table, please deactivate this plugin and activate it again. Then USE_BOOTSTRAP_JS and USE_BOOTSTRAP_CSS will be automatically added to your constant table.\u003C\u002Fp>\n\u003Cp>If you find out that the search result is not showing all the fields’ data, you can try to re-create stored procedures in the admin plugin page. Go to admin page, click “Settings”, and then click “Office Visits Logbook”. Then click tab “Re-create stored procedures”, and press the button to re-create all the stored procedures again.\u003C\u002Fp>\n\u003Cp>This plugin has the web accessibility feature for the disabled people to listen to the screen reader. The disabled people just need to press the tab key to access the elements on the page. Then use keyboard to input. Then press enter key for submit, reset and cancel. To use this feature, you can download and use any screen reader software such as NVDA (for Windows), VoiceOver (for Apple), etc. Most of this kind of software is free to download and use.\u003C\u002Fp>\n\u003Cp>By default, the landing page shows all the visits. But sometimes you want to protect other visitors’ privacy and hide other visits’ details when a new visitor is using this landing page. To do this, just set the value of SHOW_ALL_VISITS_WHEN_NOT_SEARCH in your constant table to no (0).\u003C\u002Fp>\n\u003Cp>If you did not find SHOW_ALL_VISITS_WHEN_NOT_SEARCH in your constant table, please deactivate this plugin and activate it again. Then SHOW_ALL_VISITS_WHEN_NOT_SEARCH will be automatically added to your constant table.\u003C\u002Fp>\n\u003Cp>A visit record can be updated only when it is active and timeout is empty. Deleted visits and finished visits are not available for editing.\u003C\u002Fp>\n\u003Cp>This plugin has an access restriction feature. You can give a user access to the visit landing page by adding the user to the wp_dragonvisitzyx987_users table.\u003C\u002Fp>\n\u003Cp>After you are added to the wp_dragonvisitzyx987_users table, you must log in WordPress website to access this plugin’s landing page. On the admin setting page, admin and assigned users can access admin setting page to see table lists.\u003C\u002Fp>\n\u003Cp>This plugin uses a responsive design. You can use it from your cellphone, tablet, laptop, and PC. The layout will change accordingly.\u003C\u002Fp>\n\u003Cp>For the best user experience, we recommend you to use this plugin in a desktop computer with three monitors. Two monitors share the same content. The visitor uses one monitor, keyboard and mouse. The receptionist uses another monitor to watch the visitor’s input and behavior. The receptionist also uses a third monitor showing the dashboard’s plugin setting page. The third monitor is for the receptionist to verify visitor’s input after visitor finishes input.\u003C\u002Fp>\n\u003Cp>For this plugin to get your company’s current local date, you must set the timezone value correctly. You can edit the timezone at Dashboard -> Settings -> General -> Timezone -> check if the value has been set correctly.\u003C\u002Fp>\n\u003Cp>After plugin activation, go to the “Settings” menu to find the plugin admin page. By default, when you activate this plugin, it will automatically create a visit landing page for you. For some themes, if it does not automatically create a visit landing page for you, add this plugin root folder template-officevisitslogbook.php file to your template folder. For example, if you are using theme twentytwenty, then add the template-officevisitslogbook.php file to this folder: wordpress\\wp-content\\themes\\twentytwenty\\templates. Then you can create a new page (not a new post) using this template.\u003C\u002Fp>\n\u003Cp>When you use the template method to create a new visit page, do not set the page title to “officevisitslogbook”. If you set the page title to “officevisitslogbook”, it could conflict with the page automatically created when you activate this plugin.\u003C\u002Fp>\n\u003Cp>Documentation file is in the root folder with the name documentation_officevisitslogbook.pdf. Please follow the instructions in the file to install this plugin.\u003C\u002Fp>\n\u003Cp>Donate URL link:\u003Cbr \u002F>\nhttps:\u002F\u002Fpaypal.me\u002Fmingsitservices?country.x=CA&locale.x=en_US\u003C\u002Fp>\n\u003Cp>demo website:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.mingsitservices.ca\u002Fofficevisitslogbook\u003C\u002Fp>\n\u003Cp>Log in WordPress admin page using\u003C\u002Fp>\n\u003Cp>username:\u003C\u002Fp>\n\u003Cp>user1\u003C\u002Fp>\n\u003Cp>password:\u003C\u002Fp>\n\u003Cp>user1\u003C\u002Fp>\n\u003Cp>This user can not access the plugin setting page to change settings.\u003C\u002Fp>\n\u003Cp>Documentation:\u003C\u002Fp>\n\u003Cp>\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mingsitservices.ca\u002Fwp-content\u002Fplugins\u002Fofficevisitslogbookfree\u002Fdocumentation_officevisitslogbook.pdf\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">Click to access documentation_officevisitslogbook.pdf\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Cp>Platform and Database:\u003C\u002Fp>\n\u003Cp>You can run it on any platform: Windows, Mac, Linux.\u003C\u002Fp>\n\u003Cp>Database is MySQL. It’s free.\u003C\u002Fp>\n\u003Cp>PHP version: PHP >= 5.4\u003C\u002Fp>\n\u003Cp>Attention: PHP version and WordPress version may have compatibility issues. For example, WordPress 5.4 may not match PHP 8. Check this website for details:\u003Cbr \u002F>\nhttps:\u002F\u002Fmake.wordpress.org\u002Fcore\u002Fhandbook\u002Freferences\u002Fphp-compatibility-and-wordpress-versions\u002F\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>PHP has support for the mysqli extension (to used for prepared statement)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Must use HTTPS, not http. If website use HTTP, tell the website admin – can not use the dragon ecommerce plugin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Since PHP 5.4 there are constants which can be used by json_encode() to format the json reponse how you want. To remove backslashes use: JSON_UNESCAPED_SLASHES. Like so: json_encode($response, JSON_UNESCAPED_SLASHES);\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>There is an advanced version on sale here:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.codester.com\u002Fitems\u002F39162\u002Foffice-visits-logbook-plugin-for-wordpress\u003Cbr \u002F>\nIt can export visit records into an Excel file for download. It can also backup your database. The advanced version and this free version have the same database tables and stored procedures. It’s easy to migrate from this free version to the advanced version. Remember to backup your free version database before migration.\u003C\u002Fp>\n\u003Cp>The visitor management system market is increasing fast. According to this website https:\u002F\u002Fwww.globenewswire.com\u002Fnews-release\u002F2023\u002F06\u002F27\u002F2695465\u002F0\u002Fen\u002FGlobal-Visitor-Management-System-Market-Size-To-Grow-USD-2-7-Billion-By-2032-CAGR-of-18-4.html,\u003Cbr \u002F>\nSpherical Insights & Consulting published a report saying the global visitor management system market size was valued at USD 1.5 billion in 2022 and the worldwide visitor management system market size is expected to reach USD 2.7 billion by 2032.\u003C\u002Fp>\n\u003Cp>This plugin is very popular. It has been downloaded over 1000 times in several months:\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fplugins\u002Foffice-visits-logbook\u002Fadvanced\u002F\u003C\u002Fp>\n","Your company is still using paper log sheets for office visitors? Everything is digital and paperless now. Being paperless can also save trees and pro &hellip;",4100,"2026-01-14T02:37:00.000Z","6.8.5","5.4",[124,23,125,126,127],"log","office","visit","visitor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foffice-visits-logbook.1.1.3.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":61,"downloaded":137,"rating":138,"num_ratings":28,"last_updated":87,"tested_up_to":139,"requires_at_least":140,"requires_php":87,"tags":141,"homepage":143,"download_link":144,"security_score":50,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":145},"scuba-logger","Scuba Logger","0.1.8","wp_aengus","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp_aengus\u002F","\u003Cp>The Scuba Logger plugin extends the functionality of wordpress so that it becomes an online interactive dive log. From the admin section, details of scuba dives can be entered. Once they have been entered, dive summaries can be easily included in blog posts using shortcodes (e.g. [scubalogger type=”dive” divenum=”1″]). In addition, a shortcode can be used to generate a ‘Query Page’ from which the dive log can be searched. You can search for ‘all dives greater than 30 metres on a wreck’ for example. Finally, shortcodes can be used to include statistics of your dive log in blog posts. For example, you can include the total number of minutes spent underwater using [scubalogger type=”logstat” detail=”timeunderwater”].\u003C\u002Fp>\n","This plugin turns a wordpress blog into an interactive online scuba dive log.",1660,80,"3.9.40","3.0.1",[142,124,24],"dive","http:\u002F\u002Fwww.am-process.org\u002Fscuba\u002F?page_id=974","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscuba-logger.0.1.8.zip","2026-03-15T10:48:56.248Z",{"attackSurface":147,"codeSignals":163,"taintFlows":183,"riskAssessment":184,"analyzedAt":193},{"hooks":148,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":162,"entryPointCount":28,"unprotectedCount":29},[149],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","widgets_init","divelogs_load_widgets","divelogs-widget.php",19,[],[],[158],{"tag":159,"callback":160,"file":153,"line":161},"latestdive","latestdive_func",71,[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":167,"fileOperations":29,"externalRequests":28,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":182},[],{"prepared":29,"raw":29,"locations":166},[],{"escaped":168,"rawEcho":169,"locations":170},52,5,[171,174,176,178,180],{"file":153,"line":172,"context":173},103,"raw output",{"file":153,"line":175,"context":173},106,{"file":153,"line":177,"context":173},149,{"file":153,"line":179,"context":173},160,{"file":153,"line":181,"context":173},163,[],[],{"summary":185,"deductions":186},"The divelogs-widget plugin, version 1.6, presents a mixed security posture. On the positive side, the code analysis reveals a lack of dangerous functions, no raw SQL queries, and a high percentage of properly escaped output. The absence of file operations and external HTTP requests, along with a limited attack surface comprised solely of one shortcode with no explicit authentication checks indicated, are also good signs. Taint analysis shows no identified vulnerabilities, suggesting that data flows within the plugin are handled cautiously.\n\nHowever, several areas raise concerns. The presence of a medium severity Cross-Site Scripting (XSS) vulnerability in its history, even though currently patched, is a significant flag. The lack of nonce checks and capability checks on any identified entry points, particularly the shortcode, creates a potential weakness. This means that even if the output is generally escaped, the plugin doesn't actively verify if the user interacting with the shortcode is authorized or if the request is legitimate, leaving it susceptible to specific types of attacks if an input vector exists.\n\nIn conclusion, while divelogs-widget has adopted some good security practices like prepared statements and output escaping, the historical XSS vulnerability and the absence of crucial security checks like nonces and capability checks on its attack surface represent notable risks that warrant attention for a more robust security posture.",[187,189,191],{"reason":188,"points":61},"Medium severity XSS vulnerability in history",{"reason":190,"points":169},"No nonce checks on entry points",{"reason":192,"points":169},"No capability checks on entry points","2026-03-16T22:56:40.019Z",{"wat":195,"direct":201},{"assetPaths":196,"generatorPatterns":197,"scriptPaths":198,"versionParams":200},[],[],[199],"\u002Fwp-content\u002Fplugins\u002Fdivelogs-widget\u002Fdivelogs-widget.php",[],{"cssClasses":202,"htmlComments":203,"htmlAttributes":204,"restEndpoints":206,"jsGlobals":207,"shortcodeOutput":208},[4],[],[205],"id=\"divelogs_widget\"",[],[],[209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225],"\u003Cscript src=\"https:\u002F\u002Fdivelogs.org\u002Fmylatestdivebig.php","\u003Cscript src=\"https:\u002F\u002Fwww.divelogs.de\u002Fmylatestdivebig.php","\u003Cscript src=\"https:\u002F\u002Ffr.divelogs.de\u002Fmylatestdivebig.php","\u003Cscript src=\"https:\u002F\u002Fnl.divelogs.de\u002Fmylatestdivebig.php","\u003Cscript src=\"https:\u002F\u002Fes.divelogs.de\u002Fmylatestdivebig.php","\u003Cscript src=\"https:\u002F\u002Fit.divelogs.de\u002Fmylatestdivebig.php","\u003Cscript src=\"https:\u002F\u002Fil.divelogs.de\u002Fmylatestdivebig.php","\u003Cscript src=\"https:\u002F\u002Fdivelogs.org\u002Fmylatestdive.php","\u003Cscript src=\"https:\u002F\u002Fdivelogs.de\u002Fmylatestdive.php","\u003Cscript src=\"https:\u002F\u002Ffr.divelogs.de\u002Fmylatestdive.php","\u003Cscript src=\"https:\u002F\u002Fnl.divelogs.de\u002Fmylatestdive.php","\u003Cscript src=\"https:\u002F\u002Fes.divelogs.de\u002Fmylatestdive.php","\u003Cscript src=\"https:\u002F\u002Fit.divelogs.de\u002Fmylatestdive.php","\u003Cscript src=\"https:\u002F\u002Fil.divelogs.de\u002Fmylatestdive.php","\u003Cdiv style=\"text-align:center;\">\u003Ca href=\"https:\u002F\u002Fdivelogs.de\">divelogs.de\u003C\u002Fa>\u003C\u002Fdiv>","Please provide attribute user=\"USERNAME\" or dive=\"DIVEID\" in the shortcode","No username in settings"]