[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fd61uZDkURheE_Co1dQYEEBIrKa_Gna9Dlz-GLE6R958":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":32,"analysis":33,"fingerprints":234},"easyverein","easyVerein","2.1.9","SD Software Design GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdsoftwaredesign\u002F","\u003Cp>Das offizielle easyVerein Plugin für WordPress.\u003C\u002Fp>\n\u003Ch3>Beschreibung\u003C\u002Fh3>\n\u003Cp>Mit unserem WordPress-Plugin könnt ihr eure WordPress-Website mit der easyVerein Vereinsverwaltung verbinden, um bestimmte Daten aus easyVerein über die Website zu teilen.\u003C\u002Fp>\n\u003Ch4>Mitgliederliste teilen\u003C\u002Fh4>\n\u003Cp>Ihr könnt eure Mitgliederliste via WordPress-Shortcode auf eurer Website anzeigen lassen. Optische Darstellung und die Auswahl der angezeigten Felder lassen sich individuell einstellen.\u003C\u002Fp>\n\u003Ch4>Vereinskalender teilen\u003C\u002Fh4>\n\u003Cp>Über einen Shortcode lassen sich die Termine eures easyVerein Vereinskalenders auf eure WordPress-Website übertragen. Auch hier kann die optische Darstellung individuell konfiguriert werden.\u003Cbr \u002F>\nSetzt Funktionsumfang Community, Office oder Professional in der easyVerein-Lizenz voraus.\u003C\u002Fp>\n\u003Ch4>Sitzungsprotokolle teilen\u003C\u002Fh4>\n\u003Cp>Wenn ihr bestimmte Sitzungsprotokolle auf eurer Website freigeben möchtet, lässt sich das ebenfalls über einen WordPress-Shortcode einrichten.\u003Cbr \u002F>\nSetzt Funktionsumfang Essentials, Community oder Professional in der easyVerein-Lizenz voraus.\u003C\u002Fp>\n\u003Cp>Um das WordPress-Plugin nutzen können, müsst ihr zunächst in WordPress im Bereich “Plugins” das easyVerein-Plugin installieren. Ihr findet danach in eurem Dashboard eine neue Menüseite “easyVerein”.\u003C\u002Fp>\n\u003Cp>In easyVerein aktiviert ihr unter easyVerein API die API und generiert den API-Schlüssel. Diesen API-Schlüssel fügt ihr nun im WordPress-Dashboard auf der easyVerein-Seite an und könnt dort auch direkt eure Freigabeeinstellungen setzen.\u003C\u002Fp>\n","Das offizielle easyVerein Plugin für WordPress.",300,5115,0,"2025-12-03T11:55:00.000Z","6.9.4","5.2","7.2",[4,19],"vereinsverwaltung","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasyverein","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasyverein.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"sdsoftwaredesign",1,30,94,"2026-04-05T09:22:36.515Z",[],{"attackSurface":34,"codeSignals":128,"taintFlows":155,"riskAssessment":224,"analyzedAt":233},{"hooks":35,"ajaxHandlers":82,"restRoutes":83,"shortcodes":84,"cronEvents":119,"entryPointCount":127,"unprotectedCount":13},[36,42,47,52,58,62,65,67,71,73,75,78,80],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","easyVerein_admin_menu","admin\\easyVereinSettings.php",7,{"type":37,"name":43,"callback":44,"file":45,"line":46},"admin_notices","closure","admin\\includes\\easyVereinDebugMode.php",81,{"type":37,"name":48,"callback":49,"file":50,"line":51},"easyVerein_member_sync_hook","easyVerein_syncAllMembers","easyVerein.php",33,{"type":53,"name":54,"callback":55,"priority":56,"file":50,"line":57},"filter","plugin_row_meta","easyVerein_row_meta",10,36,{"type":37,"name":59,"callback":60,"file":50,"line":61},"show_user_profile","easyVerein_addCustomIdField",85,{"type":37,"name":63,"callback":60,"file":50,"line":64},"edit_user_profile",86,{"type":37,"name":38,"callback":39,"file":66,"line":41},"easyVereinSettings.php",{"type":37,"name":68,"callback":44,"file":69,"line":70},"init","public\\shortcodes\\easyVereinShortcodeClubCalendar.php",6,{"type":37,"name":68,"callback":44,"file":72,"line":70},"public\\shortcodes\\easyVereinShortcodeClubMemberlist.php",{"type":37,"name":68,"callback":44,"file":74,"line":70},"public\\shortcodes\\easyVereinShortcodeInvoices.php",{"type":37,"name":68,"callback":76,"file":77,"line":70},"easyVerein_login","public\\shortcodes\\easyVereinShortcodeLogin.php",{"type":37,"name":68,"callback":44,"file":79,"line":70},"public\\shortcodes\\easyVereinShortcodeProfile.php",{"type":37,"name":68,"callback":44,"file":81,"line":70},"public\\shortcodes\\easyVereinShortcodeResetPassword.php",[],[],[85,89,93,96,99,103,107,110,115],{"tag":86,"callback":87,"file":88,"line":41},"easyverein_calendar","easyVerein_printCalendar","public\\shortcodes\\easyVereinShortcodeCalendar.php",{"tag":90,"callback":91,"file":69,"line":92},"easyverein_club_calendar","easyVerein_printClubCalendar",14,{"tag":94,"callback":95,"file":72,"line":92},"easyverein_club_memberlist","easyVerein_printClubMemberlist",{"tag":97,"callback":98,"file":74,"line":92},"easyverein_invoices","easyVerein_printBilling",{"tag":100,"callback":101,"file":77,"line":102},"easyverein_login","easyVerein_printLogin",44,{"tag":104,"callback":105,"file":106,"line":70},"easyverein_memberlist","easyVerein_create_memberlist","public\\shortcodes\\easyVereinShortcodeMembers.php",{"tag":108,"callback":109,"file":79,"line":92},"easyverein_profile","easyVerein_printProfile",{"tag":111,"callback":112,"file":113,"line":114},"easyverein_protocol","easyVerein_printProtocol","public\\shortcodes\\easyVereinShortcodeProtocol.php",5,{"tag":116,"callback":117,"file":81,"line":118},"easyverein_reset_password","easyVerein_printResetPassword",13,[120,123,125],{"hook":48,"callback":48,"file":121,"line":122},"admin\\includes\\easyVereinMemberSync.php",41,{"hook":48,"callback":48,"file":121,"line":124},67,{"hook":48,"callback":48,"file":50,"line":126},26,9,{"dangerousFunctions":129,"sqlUsage":130,"outputEscaping":145,"fileOperations":13,"externalRequests":41,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":154},[],{"prepared":131,"raw":132,"locations":133},68,4,[134,137,140,142],{"file":45,"line":135,"context":136},39,"$wpdb->get_var() with variable interpolation",{"file":45,"line":138,"context":139},79,"$wpdb->query() with variable interpolation",{"file":45,"line":30,"context":141},"$wpdb->get_results() with variable interpolation",{"file":143,"line":144,"context":136},"helper\\easyVereinApiHelper.php",8,{"escaped":146,"rawEcho":147,"locations":148},128,2,[149,152],{"file":40,"line":150,"context":151},209,"raw output",{"file":45,"line":153,"context":151},82,[],[156,175,183,209],{"entryPoint":157,"graph":158,"unsanitizedCount":28,"severity":174},"easyVerein_sso_redirect (helper\\easyVereinApiHelper.php:173)",{"nodes":159,"edges":171},[160,165],{"id":161,"type":162,"label":163,"file":143,"line":164},"n0","source","$_COOKIE",184,{"id":166,"type":167,"label":168,"file":143,"line":169,"wp_function":170},"n1","sink","wp_remote_get() [SSRF]",187,"wp_remote_get",[172],{"from":161,"to":166,"sanitized":173},false,"medium",{"entryPoint":176,"graph":177,"unsanitizedCount":28,"severity":174},"\u003CeasyVereinApiHelper> (helper\\easyVereinApiHelper.php:0)",{"nodes":178,"edges":181},[179,180],{"id":161,"type":162,"label":163,"file":143,"line":164},{"id":166,"type":167,"label":168,"file":143,"line":169,"wp_function":170},[182],{"from":161,"to":166,"sanitized":173},{"entryPoint":184,"graph":185,"unsanitizedCount":147,"severity":174},"easyVerein_create_memberlist (public\\shortcodes\\easyVereinShortcodeMembers.php:9)",{"nodes":186,"edges":204},[187,190,193,196,200,202],{"id":161,"type":162,"label":188,"file":106,"line":189},"$_POST['easyVerein_memberlist_previous_link']",104,{"id":166,"type":191,"label":192,"file":106,"line":189},"transform","→ easyVereinAPIRequestPlain()",{"id":194,"type":167,"label":168,"file":143,"line":195,"wp_function":170},"n2",113,{"id":197,"type":162,"label":198,"file":106,"line":199},"n3","$_POST['easyVerein_memberlist_next_link']",106,{"id":201,"type":191,"label":192,"file":106,"line":199},"n4",{"id":203,"type":167,"label":168,"file":143,"line":195,"wp_function":170},"n5",[205,206,207,208],{"from":161,"to":166,"sanitized":173},{"from":166,"to":194,"sanitized":173},{"from":197,"to":201,"sanitized":173},{"from":201,"to":203,"sanitized":173},{"entryPoint":210,"graph":211,"unsanitizedCount":147,"severity":174},"\u003CeasyVereinShortcodeMembers> (public\\shortcodes\\easyVereinShortcodeMembers.php:0)",{"nodes":212,"edges":219},[213,214,215,216,217,218],{"id":161,"type":162,"label":188,"file":106,"line":189},{"id":166,"type":191,"label":192,"file":106,"line":189},{"id":194,"type":167,"label":168,"file":143,"line":195,"wp_function":170},{"id":197,"type":162,"label":198,"file":106,"line":199},{"id":201,"type":191,"label":192,"file":106,"line":199},{"id":203,"type":167,"label":168,"file":143,"line":195,"wp_function":170},[220,221,222,223],{"from":161,"to":166,"sanitized":173},{"from":166,"to":194,"sanitized":173},{"from":197,"to":201,"sanitized":173},{"from":201,"to":203,"sanitized":173},{"summary":225,"deductions":226},"The security posture of easyverein v2.1.9 appears to be relatively strong based on the static analysis. The plugin demonstrates good practices in handling SQL queries, with a high percentage utilizing prepared statements. Output escaping is also robust, with a near-perfect implementation. The absence of file operations and external HTTP requests further contributes to a reduced attack surface in these areas.  The vulnerability history is also clean, with no recorded CVEs, suggesting a history of secure development or a lack of prior exploitation.\n\nHowever, the static analysis does reveal some areas of concern. Notably, the taint analysis indicates that all analyzed flows (4 out of 4) have unsanitized paths, though none are classified as critical or high severity. This suggests a potential for vulnerabilities if these paths are exploitable, even if not currently rated as severe. Furthermore, the complete lack of nonce checks and capability checks across all entry points is a significant weakness. While the attack surface of unprotected entry points is reported as zero, the absence of these fundamental security measures on shortcodes, AJAX handlers, and cron events leaves them potentially vulnerable to various attacks if an attacker can trigger them, especially in combination with any unsanitized taint flows.\n\nIn conclusion, easyverein v2.1.9 benefits from strong SQL and output handling and a clean vulnerability history. However, the presence of unsanitized paths in taint flows and, more critically, the complete absence of nonce and capability checks represent significant security weaknesses that could be exploited. Addressing these fundamental security measures should be a priority.",[227,229,231],{"reason":228,"points":144},"Taint flows with unsanitized paths (all)",{"reason":230,"points":56},"No nonce checks on any entry points",{"reason":232,"points":56},"No capability checks on any entry points","2026-03-16T20:04:37.818Z",{"wat":235,"direct":243},{"assetPaths":236,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[237,238,239],"\u002Fwp-content\u002Fplugins\u002Feasyverein\u002Fcss\u002FeasyVereinSettings.css","\u002Fwp-content\u002Fplugins\u002Feasyverein\u002Fjs\u002FeasyVereinSettings.js","\u002Fwp-content\u002Fplugins\u002Feasyverein\u002Fjs\u002FeasyVereinAccordion.js",[],[238,239],[],{"cssClasses":244,"htmlComments":249,"htmlAttributes":250,"restEndpoints":255,"jsGlobals":256,"shortcodeOutput":257},[5,245,246,247,248],"easyVerein_header","easyVerein_content","easyVerein_content_wrapper","bold_text",[],[251,252,253,254],"data-name=\"easyVerein\"","id=\"easyVerein\"","name=\"easyVereinId\"","id=\"easyVereinId\"",[],[],[]]