[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsoY0-J-n4ziYjL5CvAkyS-fEkwl44VdTX6tr3RD8mic":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":139,"fingerprints":319},"easy-classes","Easy Classes","1.2","melinadonati","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelinadonati\u002F","\u003Cp>Easy Classes provide custom post types for teachers and classes, with a lots of custom categories used to automatically\u003Cbr \u002F>\ngenerate a schedule with all the published classes. There can be up to 2 classes present at the same hours on the schedule.\u003Cbr \u002F>\nYou create as you wish the classes, the days, the teachers, the times etc.\u003C\u002Fp>\n\u003Ch4>ABOUT THE AUTOMATICALLY GENERATED SCHEDULE\u003C\u002Fh4>\n\u003Cp>USING IT :\u003C\u002Fp>\n\u003Cp>On the schedule page in the administration, all you have to do is choosing the colours for the different classes and save your changes.\u003Cbr \u002F>\nThen generate the schedule code, copy it, and paste it into a page or post in the “text” editor (not the visual). Save the post\u002Fpage and\u003Cbr \u002F>\ndisplay it : the schedule appears (its look can differ depending on your theme).\u003C\u002Fp>\n\u003Cp>COLOURS :\u003C\u002Fp>\n\u003Cp>Any valid HTML colour will work ! You can now enter values like #FF6857, ‘MediumOrchid’, rgb(255,0,0), they will all work.\u003Cbr \u002F>\nIf you don’t know HTML colours, no problem, 150 colours name are provided with the plugin in order for you to choose one.\u003Cbr \u002F>\nYou can write the colours names provided with or without capital at the beginning. Without capital it will only ask you to confirm, click ok. It works.\u003Cbr \u002F>\nBe careful of mistakes, any name not found in the 150 colours provided is allowed after a confirmation.\u003Cbr \u002F>\nSo if a colour doesn’t appear, enter it again properly, it may be caused by a typo.\u003C\u002Fp>\n\u003Cp>ORDERING NON ENGLISH DAYS :\u003C\u002Fp>\n\u003Cp>Only a french translation for the plugin exists by now, so, if you enter non-english or non-french days, you may notice they don’t appear in the right order in the schedule.\u003Cbr \u002F>\nYou can now order them just as you like under “Days” at the top of the schedule admin panel. Don’t use it if the days are already properly ordered.\u003C\u002Fp>\n\u003Cp>AVOIDING ERRORS \u002F NOT DISPLAYING :\u003C\u002Fp>\n\u003Cp>The schedule will only use what you have created (title,day,hours,teacher,room), but to be correctly generated, your classes need\u003Cbr \u002F>\nto have at least :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>a title (doesn’t cause errors, but without the title the schedule won’t make any sense)\u003C\u002Fli>\n\u003Cli>a starting hour, smaller than the ending hour\u003C\u002Fli>\n\u003Cli>an ending hour, bigger than the starting hour\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If the starting hour is bigger than the ending hour, the class won’t be displayed.\u003C\u002Fp>\n\u003Cp>If the starting hour is equal to the ending hour, the class will display in the box with the starting hour you’ve checked.\u003Cbr \u002F>\nFor e.g. you’ve checked “08:00” for both hours, the schedule will display the class at “08:00 \u002F next hour registered “\u003C\u002Fp>\n\u003Cp>If you’ve checked an ending hour but not a starting one, the class will be displayed all through the day until the ending hour.\u003C\u002Fp>\n\u003Cp>If you’ve checked a starting hour but no ending one, the class won’t be displayed.\u003C\u002Fp>\n\u003Cp>Neither will it be displayed if you have checked no hour at all.\u003C\u002Fp>\n\u003Cp>Thanks for using this plugin, I hope you’ll enjoy it and that it will help you managing better your site.\u003C\u002Fp>\n","This plugin has been made to easily handle classes and teachers informations on a Wordpress website.",10,4670,100,2,"2013-10-25T17:31:00.000Z","3.6.1","3.0.0","",[20,21,22,23],"classes","schedule","school","teacher","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-classes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-classes.1.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,84,"2026-04-04T14:36:35.602Z",[37,62,81,104,120],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":27,"num_ratings":27,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":18,"tags":49,"homepage":59,"download_link":60,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":61},"uors-external-course-list","UORS External Course List","0.1.4","uniwits","https:\u002F\u002Fprofiles.wordpress.org\u002Funiwits\u002F","\u003Cp>This plugin adds a “Quick Reserve” widget to your wordpress weblog sidebar.  With this widget you can display a list of services that you provide on the sidebar, so that your customers can make reservations online.  In development of this plugin, we assume that your service is priced by time length.\u003C\u002Fp>\n\u003Cp>Instructors, counsellors, lawyers, language teachers, etc, as long as you price your service by time length, this plugin gives you a good start point.\u003C\u002Fp>\n\u003Cp>This plugin does NOT put HEAVY burden on your site, rather it uses a dedicated backend site.  This means that you don’t have to be worried about many website settings and scripting work, such as emailing, user account menagement, gathering user information, calculating vacant time, avoid room conflicts, etc.  It also avoids building a large number of database objects on your site, so that you don’t have to be worried about renting for strong enough servers to afford the heavily accessed database.  In short, this plugin simply eliminates the expertise as a requirement of building a reservation site.\u003C\u002Fp>\n\u003Cp>The backend is provided by Uniwits.com’s online reservation service (UORS) at http:\u002F\u002Freserv.uniwits.com .  When using this plugin, you are publishing services that you create on UORS.  Please to go UORS, register an account, and upgrade to business, for free, then follow the wizard to publish a service.\u003C\u002Fp>\n\u003Cp>This plugin is developed under WordPress 3.0.1, but it only uses very basic functions.\u003C\u002Fp>\n","This plugin adds a \"Quick Reserve\" widget to your wordpress weblog sidebar.  With this widget you can display a list of services that you pr &hellip;",2289,"2012-05-30T10:11:00.000Z","3.3.2","3.0.1",[50,51,52,53,54,55,56,57,21,22,23,58],"agenda","class","classroom","counsellor","instructor","office","reservation","reserve","timetable","http:\u002F\u002Fwww.uniwits.com\u002Fdownloads\u002Fplugins\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuors-external-course-list.zip","2026-03-15T14:54:45.397Z",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":13,"downloaded":70,"rating":13,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":79,"download_link":80,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"mb-spirit-for-mindbody","MB Spirit for MINDBODY","1.1.0","yogaboy","https:\u002F\u002Fprofiles.wordpress.org\u002Fyogaboy\u002F","\u003Cp>MB Spirit allows you to easily integrate your MINDBODY information into your web site. Using the MB Spirit Dashboard, you\u003Cbr \u002F>\ncan create any number of custom widgets to display MINDBODY elements including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Class Schedules\u003C\u002Fli>\n\u003Cli>Events, Workshops and Retreats\u003C\u002Fli>\n\u003Cli>Events, Workshops and Retreats – Calendar View\u003C\u002Fli>\n\u003Cli>Staff\u002FInstructor Details\u003C\u002Fli>\n\u003Cli>Class Descriptions\u003C\u002Fli>\n\u003Cli>Session Types\u003C\u002Fli>\n\u003Cli>Products and Service\u003C\u002Fli>\n\u003Cli>Appointments\u003C\u002Fli>\n\u003Cli>Appointments (Advanced)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You use the MB Spirit WordPress plugin to select your MB Spirit widgets and insert them into pages and posts.\u003C\u002Fp>\n\u003Cp>You can also customize your MB Spirit shortcodes to apply data filters, and adjust the layout for individual pages.\u003C\u002Fp>\n\u003Cp>Enable MB Spirit SEO Optimization and allow search engines to index your MINDBODY content, increasing organic traffic to your site.\u003Cbr \u002F>\nOur powerful caching technology ensures your MINDBODY content will load just as fast as the rest of your web content. Eliminating\u003Cbr \u002F>\nslow page loads enhances your SEO activities (Google loves fast loading content).\u003C\u002Fp>\n\u003Cp>Along with your MB Spirit account, this plugin allows you to quickly and flexibly integrate and enhance the\u003Cbr \u002F>\ncontent from your MINDBODY account. Our layouts look awesome out of the box, but if you are a designer, you can apply your own styling to\u003Cbr \u002F>\nMB Spirit widgets.\u003C\u002Fp>\n\u003Cp>Easy to get started, powerful features.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Test mode allows you to try MB Spirit integration without impacting your web site’s content\u003C\u002Fli>\n\u003Cli>Works with all WordPress themes\u003C\u002Fli>\n\u003Cli>Quick setup — specify your schedule, event list, staff list, and class description pages and identify a pre-set widget to use for each.\u003C\u002Fli>\n\u003Cli>Create your MINDBODY widgets using the MB Spirit dashboard widget builder and easily add shortcodes to your WordPress pages and posts\u003Cbr \u002F>\n(you can even override your widgets with new parameters within WordPress)\u003C\u002Fli>\n\u003Cli>Inject shortcodes into any page of your web site and add filters to give finer control of contents\u003C\u002Fli>\n\u003Cli>Schedule widgets let you do custom and dynamic filtering of classes\u003C\u002Fli>\n\u003Cli>Add MB Spirit widgets into your site through the WordPress widgets dashboard under the appearance settings\u003C\u002Fli>\n\u003Cli>WPML ready content lets you present your information in as many languages as you like\u003C\u002Fli>\n\u003Cli>MB Spirit allows you to extend your MINDBODY content to add more images and details, with slicker layouts than are capable with MINDBODY\u003C\u002Fli>\n\u003Cli>Refresh your content from inside WordPress\u003C\u002Fli>\n\u003Cli>Connect to MB Spirit for registration by allowing users to sign in to their MINDBODY studio client account\u003C\u002Fli>\n\u003Cli>Dashboard widget shows you information and tips for getting the most out of your MB Spirit service\u003C\u002Fli>\n\u003C\u002Ful>\n","Connect your MB Spirit account with WordPress for easy integration of your MINDBODY account information and enhance SEO support.",7162,3,"2023-10-18T19:03:00.000Z","6.3.8","6.0.0",[76,20,77,21,78],"api","mindbody","staff","https:\u002F\u002Fmb-spirit.com\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmb-spirit-for-mindbody.1.1.0.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":18,"tags":96,"homepage":102,"download_link":103,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"gym-studio-membership-management","Gym Studio Membership Management","1.2.0","Fitsoft","https:\u002F\u002Fprofiles.wordpress.org\u002Ffitsoft\u002F","\u003Cp>Gym Studio Membership Management creates editor buttons for embedding class calendar, schedule of classes, login area, chat, and membership checkout to a post or a page. From the “Membership Management” page you can also manage classes, instructors, members, and memberships. Now includes an optional floating widget for all pages.\u003C\u002Fp>\n\u003Cp>New Features:\u003Cbr \u002F>\n* Refresh block update when editing\u003Cbr \u002F>\n* Updated Calendar\u003C\u002Fp>\n\u003Cp>Major features in Gym Studio Membership Management include:\u003Cbr \u002F>\n* Add a monthly class calendar along with class details to the frontend.\u003Cbr \u002F>\n* Add a login area with member’s dashboard to your site for updating payment information.\u003Cbr \u002F>\n* Add a schedule of classes to your website.\u003Cbr \u002F>\n* When a member signs up a QR-barcode it is automatically generated for the member.\u003Cbr \u002F>\n* Automatically charge members by a selected timeframe and with a number of recurring payments.\u003Cbr \u002F>\n* Track payments and unpaid members. See who has paid for what and their payment history.\u003Cbr \u002F>\n* New Promocode system set promo start date, end date, number of usage and discounts by percentage, sales price or discounted value.\u003C\u002Fp>\n\u003Cp>PS: You’ll need a \u003Ca href=\"http:\u002F\u002Fnews.fitsoft.com\u002Fwordpress-plugin-setup\" rel=\"nofollow ugc\">Fitsoft Plugin password\u003C\u002Fa> for instruction to create one.  It is free to signup and use; Transaction fee applies on a business or a commercial site.\u003C\u002Fp>\n\u003Cp>Also if you find any bugs or request for us to add new features please email us at support@fitsoft.com. Please check welcome email for instruction and app download links.\u003C\u002Fp>\n","Gym Studio Membership Management adds class calendar, schedule of classes and membership checkout to your posts and pages.",90,21773,78,15,"2025-07-02T23:12:00.000Z","6.8.5","4.2.4",[97,98,99,100,101],"class-calendar","class-schedule","member","membership-management","schedule-of-classes","https:\u002F\u002Fnews.fitsoft.com\u002Fwordpress-plugin-setup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgym-studio-membership-management.1.2.0.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":27,"num_ratings":27,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":18,"download_link":119,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"kenzap-timetable","Kenzap Timetable","1.1.1","WP Asia","https:\u002F\u002Fprofiles.wordpress.org\u002Fkenzap\u002F","\u003Cp>A beautiful and easy customizable set of Gutenberg blocks to create timetable, school calendars, publish lessons online or create timeline or yoga courses.\u003C\u002Fp>\n\u003Cp>Set background color\u003Cbr \u002F>\nChange featured table layout style\u003Cbr \u002F>\nAdjust images, fonts, texts, price and currencies\u003Cbr \u002F>\nWide and narrow layout support\u003Cbr \u002F>\nSupports 5 different design layouts\u003C\u002Fp>\n","A beautiful and easy customizable set of Gutenberg blocks to create timetable, school calendars, publish lessons online or create timeline or yoga cou &hellip;",60,2285,"2020-11-11T07:39:00.000Z","5.5.18","5.1","5.6",[21,22,58],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkenzap-timetable.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":27,"downloaded":128,"rating":27,"num_ratings":27,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":137,"download_link":138,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"automaize-class-schedule","Automaize Class Schedule","1.0.10","automaize","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomaize\u002F","\u003Cp>Automaize Class Schedule is a complete class management and booking solution for WordPress. It is designed for gyms, yoga studios, dance schools, and any business that runs regularly scheduled classes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Visual weekly schedule dashboard for creating and managing classes at a glance\u003C\u002Fli>\n\u003Cli>Create one-time or recurring classes with flexible repetition rules\u003C\u002Fli>\n\u003Cli>“Functions” dropdown with “Save Week as Template” and “Clear Entire Week” actions\u003C\u002Fli>\n\u003Cli>Schedule templates — save any week as a reusable template and apply it to future weeks\u003C\u002Fli>\n\u003Cli>Access Control — restrict individual classes to specific membership plans\u003C\u002Fli>\n\u003Cli>Automatic series management — edit a single class or all future classes in a series\u003C\u002Fli>\n\u003Cli>Member management panel with active\u002Finactive member views\u003C\u002Fli>\n\u003Cli>Credit plan management with automatic weekly credit restock via WP-Cron\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Member Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Interactive public-facing weekly schedule with previous\u002Fnext week navigation\u003C\u002Fli>\n\u003Cli>One-click booking with credit deduction\u003C\u002Fli>\n\u003Cli>Restricted classes are clearly indicated to non-eligible members\u003C\u002Fli>\n\u003Cli>Live booking count and availability display\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Developer \u002F Integration Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Elementor widget for drag-and-drop schedule placement\u003C\u002Fli>\n\u003Cli>\u003Ccode>[acsc_class_schedule]\u003C\u002Fcode> shortcode for any page or theme\u003C\u002Fli>\n\u003Cli>All data stored as WordPress Custom Post Types for full compatibility\u003C\u002Fli>\n\u003C\u002Ful>\n","A powerful and intuitive solution for managing and displaying class schedules with a seamless booking experience for members.",44,"2026-03-14T21:41:00.000Z","6.9.4","5.8","7.4",[134,135,20,136,21],"booking","calendar","elementor","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautomaize-class-schedule\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomaize-class-schedule.1.0.10.zip",{"attackSurface":140,"codeSignals":163,"taintFlows":272,"riskAssessment":311,"analyzedAt":318},{"hooks":141,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":27,"unprotectedCount":27},[142,147,152,155],{"type":143,"name":144,"callback":145,"file":146,"line":33},"action","init","eac_easy_classes_init","easy-classes.php",{"type":148,"name":149,"callback":150,"file":146,"line":151},"filter","the_content","eac_easy_class_the_content",161,{"type":148,"name":149,"callback":153,"file":146,"line":154},"eac_teacher_the_content",186,{"type":143,"name":156,"callback":157,"file":146,"line":158},"admin_menu","eac_register_schedule_page",241,[],[],[],[],{"dangerousFunctions":164,"sqlUsage":173,"outputEscaping":183,"fileOperations":27,"externalRequests":27,"nonceChecks":32,"capabilityChecks":14,"bundledLibraries":271},[165,170],{"fn":166,"file":167,"line":168,"context":169},"unserialize","schedule.php",197,"$search_strings = unserialize($ser_search_strings[0]->meta_value);",{"fn":166,"file":167,"line":171,"context":172},198,"$replace_string = unserialize($ser_replace_string[0]->meta_value);",{"prepared":174,"raw":71,"locations":175},28,[176,179,181],{"file":167,"line":177,"context":178},13,"$wpdb->get_results() with variable interpolation",{"file":180,"line":177,"context":178},"uninstall.php",{"file":180,"line":182,"context":178},22,{"escaped":27,"rawEcho":184,"locations":185},43,[186,189,191,193,195,197,199,200,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269],{"file":167,"line":187,"context":188},47,"raw output",{"file":167,"line":190,"context":188},50,{"file":167,"line":192,"context":188},69,{"file":167,"line":194,"context":188},74,{"file":167,"line":196,"context":188},79,{"file":167,"line":198,"context":188},83,{"file":167,"line":26,"context":188},{"file":167,"line":89,"context":188},{"file":167,"line":202,"context":188},94,{"file":167,"line":204,"context":188},95,{"file":167,"line":206,"context":188},121,{"file":167,"line":208,"context":188},129,{"file":167,"line":210,"context":188},131,{"file":167,"line":212,"context":188},461,{"file":167,"line":214,"context":188},465,{"file":167,"line":216,"context":188},468,{"file":167,"line":218,"context":188},480,{"file":167,"line":220,"context":188},487,{"file":167,"line":222,"context":188},489,{"file":167,"line":224,"context":188},494,{"file":167,"line":226,"context":188},499,{"file":167,"line":228,"context":188},504,{"file":167,"line":230,"context":188},514,{"file":167,"line":232,"context":188},516,{"file":167,"line":234,"context":188},521,{"file":167,"line":236,"context":188},526,{"file":167,"line":238,"context":188},531,{"file":167,"line":240,"context":188},539,{"file":167,"line":242,"context":188},541,{"file":167,"line":244,"context":188},543,{"file":167,"line":246,"context":188},553,{"file":167,"line":248,"context":188},555,{"file":167,"line":250,"context":188},560,{"file":167,"line":252,"context":188},565,{"file":167,"line":254,"context":188},570,{"file":167,"line":256,"context":188},575,{"file":167,"line":258,"context":188},577,{"file":167,"line":260,"context":188},579,{"file":167,"line":262,"context":188},587,{"file":167,"line":264,"context":188},594,{"file":167,"line":266,"context":188},595,{"file":167,"line":268,"context":188},1083,{"file":167,"line":270,"context":188},1096,[],[273,290,300],{"entryPoint":274,"graph":275,"unsanitizedCount":71,"severity":289},"eac_get_classes_colors_list (schedule.php:17)",{"nodes":276,"edges":286},[277,281],{"id":278,"type":279,"label":280,"file":167,"line":190},"n0","source","$_POST[$the_id] (x3)",{"id":282,"type":283,"label":284,"file":167,"line":190,"wp_function":285},"n1","sink","echo() [XSS]","echo",[287],{"from":278,"to":282,"sanitized":288},false,"medium",{"entryPoint":291,"graph":292,"unsanitizedCount":299,"severity":289},"eac_generate_schedule (schedule.php:325)",{"nodes":293,"edges":297},[294,296],{"id":278,"type":279,"label":295,"file":167,"line":222},"$_POST[$the_id] (x6)",{"id":282,"type":283,"label":284,"file":167,"line":222,"wp_function":285},[298],{"from":278,"to":282,"sanitized":288},6,{"entryPoint":301,"graph":302,"unsanitizedCount":27,"severity":310},"\u003Cschedule> (schedule.php:0)",{"nodes":303,"edges":307},[304,306],{"id":278,"type":279,"label":305,"file":167,"line":190},"$_POST[$the_id] (x9)",{"id":282,"type":283,"label":284,"file":167,"line":190,"wp_function":285},[308],{"from":278,"to":282,"sanitized":309},true,"low",{"summary":312,"deductions":313},"The 'easy-classes' plugin v1.2 presents a mixed security posture.  While it boasts a clean attack surface with no apparent entry points like AJAX handlers, REST API routes, or shortcodes, and shows good practices in using prepared statements for SQL queries and implementing nonce and capability checks, there are significant concerns regarding output escaping and the presence of dangerous functions.\n\nThe static analysis reveals that 100% of the outputs are not properly escaped, which is a critical security flaw. This means that any user-supplied data that is outputted by the plugin could potentially be rendered as executable code (e.g., JavaScript) in the user's browser, leading to cross-site scripting (XSS) vulnerabilities. Additionally, the use of the `unserialize` function without adequate sanitization of the input data poses a risk of arbitrary object injection and potential remote code execution if the serialized data can be controlled by an attacker.\n\nThe plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive sign, but it does not negate the risks identified in the static analysis. The lack of historical vulnerabilities might simply mean that these specific types of flaws have not been exploited or discovered in this plugin's past versions, or that the plugin has not been subjected to extensive security auditing until now. The current findings, particularly the output escaping and `unserialize` risks, require immediate attention to secure the plugin effectively.",[314,316],{"reason":315,"points":92},"Unescaped output across all outputs",{"reason":317,"points":11},"Dangerous function: unserialize used","2026-03-17T01:06:30.822Z",{"wat":320,"direct":329},{"assetPaths":321,"generatorPatterns":324,"scriptPaths":325,"versionParams":326},[322,323],"\u002Fwp-content\u002Fplugins\u002Feasy-classes\u002Fcss\u002Feasy-classes.css","\u002Fwp-content\u002Fplugins\u002Feasy-classes\u002Fjs\u002Feasy-classes.js",[],[323],[327,328],"easy-classes\u002Fcss\u002Feasy-classes.css?ver=","easy-classes\u002Fjs\u002Feasy-classes.js?ver=",{"cssClasses":330,"htmlComments":333,"htmlAttributes":334,"restEndpoints":335,"jsGlobals":336,"shortcodeOutput":337},[331,332],"eac-class","eac-teacher",[],[],[],[],[]]