[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2Y2xLoPH70ouIVIrdwTuJ71FctC_9_lW206vRJDbpU0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":119,"fingerprints":211},"eduadmin-analytics","EduAdmin – Google Analytics \u002F Tag Manager","1.1.2","Chris Gardenberg","https:\u002F\u002Fprofiles.wordpress.org\u002Fmnchga\u002F","\u003Cp>EduAdmin – Google Analytics \u002F Tag Manager WordPress\u003C\u002Fp>\n\u003Cp>This plugin adds support for Google Analytics \u002F Tag Manager to your \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMultinetInteractive\u002FEduAdmin-WordPress\" rel=\"nofollow ugc\">EduAdmin-Wordpress plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The plugin will add javascript to your website that will send events to Google Analytics \u002F Tag Manager when a user interacts with the booking form.\u003C\u002Fp>\n\u003Cp>The domain of the javascript will be from https:\u002F\u002Fwww.googletagmanager.com, and you can find their terms of service here:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.google.com\u002Fanalytics\u002Fterms\u002Ftag-manager\u002F\u003C\u002Fp>\n\u003Cp>This plugin requires that you’re using the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking\u002F\" rel=\"ugc\">EduAdmin-Wordpress plugin\u003C\u002Fa>\u003C\u002Fp>\n","This plugin adds support for Google Analytics \u002F Tag Manager to your EduAdmin plugin (WordPress only, not the course portal).",0,1981,"2024-01-18T10:43:00.000Z","6.4.8","5.8","7.0",[18,19,20,21,22],"booking","courses","eduadmin","events","participants","https:\u002F\u002Fwww.eduadmin.se","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feduadmin-analytics.1.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"mnchga",5,50,92,9,88,"2026-04-04T13:51:07.516Z",[38,54,67,82,98],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":32,"downloaded":44,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":23,"download_link":50,"security_score":51,"vuln_count":52,"unpatched_count":11,"last_vuln_date":53,"fetched_at":27},"eduadmin-booking","EduAdmin Booking","5.4.0","\u003Cp>Plugin that you connect to \u003Ca href=\"https:\u002F\u002Fwww.eduadmin.se\" rel=\"nofollow ugc\">EduAdmin\u003C\u002Fa> to enable bookings of both courses and programmes through your website.\u003C\u002Fp>\n\u003Cp>Requires the following PHP-modules\u003C\u002Fp>\n\u003Cul>\n\u003Cli>php-curl\u003C\u002Fli>\n\u003Cli>php-mbstring\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>How can I report security bugs?\u003C\u002Fp>\n\u003Cp>You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Feduadmin-booking\" rel=\"nofollow ugc\">Report a security vulnerability.\u003C\u002Fa>\u003C\u002Fp>\n","EduAdmin plugin to allow visitors to book courses at your website. Requires EduAdmin-account.",13016,"2025-02-25T14:33:00.000Z","6.6.5","6.0","8.1",[18,19,20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feduadmin-booking.5.4.0.zip",90,1,"2024-12-11 00:00:00",{"slug":55,"name":56,"version":57,"author":7,"author_profile":8,"description":58,"short_description":59,"active_installs":11,"downloaded":60,"rating":11,"num_ratings":11,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":23,"download_link":66,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"eduadmin-booking-klarna-checkout","EduAdmin – Klarna Checkout WordPress-plugin","1.4.0","\u003Cp>EduAdmin – Klarna Checkout WordPress-plugin\u003C\u002Fp>\n\u003Cp>Plugin to enable payment via Klarna Checkout in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMultinetInteractive\u002FEduAdmin-WordPress\" rel=\"nofollow ugc\">EduAdmin-Wordpress plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking-klarna-checkout\u002F\" rel=\"ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking-klarna-checkout\u002F\" rel=\"ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking-klarna-checkout\u002F\" rel=\"ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking-klarna-checkout\u002F\" rel=\"ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Stats\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fscrutinizer-ci.com\u002Fg\u002FMultinetInteractive\u002Feduadmin-wp-klarna-checkout\u002Fbuild-status\u002Fmaster\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fscrutinizer-ci.com\u002Fg\u002FMultinetInteractive\u002Feduadmin-wp-klarna-checkout\u002F?branch=master\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","EduAdmin - Klarna Checkout WordPress-plugin",1772,"2020-03-04T10:23:00.000Z","5.3.21","4.7","5.2",[18,19,20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feduadmin-booking-klarna-checkout.1.4.0.zip",{"slug":68,"name":69,"version":70,"author":7,"author_profile":8,"description":71,"short_description":72,"active_installs":11,"downloaded":73,"rating":11,"num_ratings":11,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":64,"tags":77,"homepage":78,"download_link":79,"security_score":80,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":81},"eduadmin-sveawebpay","EduAdmin – SveaWebPay WordPress-plugin","3.0.1","\u003Cp>EduAdmin – SveaWebPay WordPress-plugin\u003C\u002Fp>\n\u003Cp>Plugin to enable payment via Svea WebPay in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMultinetInteractive\u002FEduAdmin-WordPress\" rel=\"nofollow ugc\">EduAdmin-Wordpress plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Stats\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fscrutinizer-ci.com\u002Fg\u002FMultinetInteractive\u002FEduAdmin-WordPress-SveaWebPay\u002Fbuild-status\u002Fmaster\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fscrutinizer-ci.com\u002Fg\u002FMultinetInteractive\u002FEduAdmin-WordPress-SveaWebPay\u002F?branch=master\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","EduAdmin - SveaWebPay WordPress-plugin",1150,"","5.8.13","5.0",[18,19,20,21,22],"http:\u002F\u002Fwww.eduadmin.se","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feduadmin-sveawebpay.3.0.1.zip",100,"2026-03-15T10:48:56.248Z",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":11,"downloaded":90,"rating":11,"num_ratings":11,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":48,"tags":94,"homepage":96,"download_link":97,"security_score":33,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"casa-courses","CASA Courses","1.0.3","foretagsakademincasa","https:\u002F\u002Fprofiles.wordpress.org\u002Fforetagsakademincasa\u002F","\u003Cp>The Casa Courses plugin is used to connect your Casa installation with your WordPress homepage.\u003C\u002Fp>\n\u003Cp>With the plugin installed, you will be able to list all templates and events from Casa on your WordPress site. Depending on the number of available seats on each event, you can allow visitors book seats on your events and the booked participants will be added to your Casa event. They can also be added to a waiting list if you allow that.\u003C\u002Fp>\n\u003Cp>The plugin automatically updates all pages generated by the plugin every hour. This is to refresh the number of available seats and also update course descriptions and so on. To make sure this works as intended, it is recommended that you disable caching on the automatically generated pages or make sure that caching is only enabled for an hour.\u003C\u002Fp>\n\u003Cp>The source code for the minified javascript and CSS files (present in directories admin\u002F and public\u002F) are located in the resources\u002F folder. They are then compiled to the admin\u002F and public\u002F directories.\u003C\u002Fp>\n\u003Cp>The CSS for the Casa Courses plugin is built on version v5.3.2 of Bootstrap (see https:\u002F\u002Fgetbootstrap.com\u002F). The Casa Courses plugin contains a compiled version of bootstrap without any changes.\u003C\u002Fp>\n\u003Cp>You can also (optionally) use google fonts, which then will download the fonts from https:\u002F\u002Ffonts.googleapis.com and https:\u002F\u002Ffonts.gstatic.com. Setting the font variable to “Inherit” will however not download anything from google fonts. Terms and conditions can be found \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Ffonts\u002Fterms\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin uses Google captcha which connects to the following endpoint: https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js when verifying captcha requirements. Terms and conditions can be found \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms?hl=en\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The plugin is dependent on you having an account and subscription to the \u003Ca href=\"https:\u002F\u002Fwww.foretagsakademin.se\u002Fcasa\" rel=\"nofollow ugc\">Casa administration platform\u003C\u002Fa>. Without a subscription and an API key to Casa administration platform, the plugin will not work. For terms of subscription please contact \u003Ca href=\"https:\u002F\u002Fwww.foretagsakademin.se\u002Fcasa\" rel=\"nofollow ugc\">Företagsakademin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Dependencies\u003C\u002Fh3>\n\u003Cp>The plugin depends on the following PHP libraries:\u003Cbr \u002F>\n* nesbot\u002Fcarbon – A library used for handling datetimes. You can find more about the library \u003Ca href=\"https:\u002F\u002Fcarbon.nesbot.com\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The plugin also includes the following dependencies:\u003Cbr \u002F>\n* Bootstrap v5.3.2 (see https:\u002F\u002Fgetbootstrap.com\u002F). The plugin uses a compiled version of the bootstrap css without any changes.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Google fonts (optional) – You can choose to use certain google fonts on your page. These will then be downloaded from\u003Cbr \u002F>\nhttps:\u002F\u002Ffonts.googleapis.com and https:\u002F\u002Ffonts.gstatic.com.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Google captcha (optional) – You can choose to use google captcha when submitting your booking form. The plugin will\u003Cbr \u002F>\nconnect to the following endpoint: https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js when verifying captcha requirements. Terms\u003Cbr \u002F>\nand conditions can be found \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms?hl=en\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Connect your Casa installation to your WordPress installation.",1075,"2025-03-18T08:38:00.000Z","6.7.5","6.4",[95,18,19,21,22],"administration","https:\u002F\u002Fgithub.com\u002FForetagsakademin\u002Fcasa-wordpress-plugin.git","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcasa-courses.1.0.3.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":80,"num_ratings":52,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":16,"tags":111,"homepage":115,"download_link":116,"security_score":117,"vuln_count":52,"unpatched_count":52,"last_vuln_date":118,"fetched_at":27},"easyme-connect","EasyMe Connect","3.0.3","easymebiz","https:\u002F\u002Fprofiles.wordpress.org\u002Feasymebiz\u002F","\u003Cp>Connects your EasyMe account and automatically embeds your custom javascript client code in your Web site.\u003C\u002Fp>\n\u003Cp>Grab and insert “Magic” EasyMe links from the links tab of any product and your booking modal will open as a layer on top of your own design.\u003C\u002Fp>\n\u003Cp>The plugin will automatically update your embedded code, so once connected, you can forget about it.\u003C\u002Fp>\n","Connects your EasyMe account to Wordpress.",500,12205,"2025-11-28T07:59:00.000Z","6.9.4","5.3",[18,112,21,113,114],"easyme","online-courses","subscriptions","https:\u002F\u002Feasyme.dk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasyme-connect.3.0.3.zip",78,"2025-05-07 00:00:00",{"attackSurface":120,"codeSignals":178,"taintFlows":201,"riskAssessment":202,"analyzedAt":210},{"hooks":121,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":177,"entryPointCount":52,"unprotectedCount":11},[122,128,132,136,140,144,148,152,157,161,165],{"type":123,"name":124,"callback":125,"file":126,"line":127},"action","eduadmin-list-course-view","track_list_course_view","class\\class-edu-google.php",20,{"type":123,"name":129,"callback":130,"file":126,"line":131},"eduadmin-list-event-view","track_list_event_view",21,{"type":123,"name":133,"callback":134,"file":126,"line":135},"eduadmin-detail-view","track_detail_view",22,{"type":123,"name":137,"callback":138,"file":126,"line":139},"eduadmin-programme-detail-view","track_programme_detail_view",23,{"type":123,"name":141,"callback":142,"file":126,"line":143},"eduadmin-bookingform-view","track_booking_view",24,{"type":123,"name":145,"callback":146,"file":126,"line":147},"eduadmin-programme-bookingform-view","track_programme_booking_view",25,{"type":123,"name":149,"callback":150,"file":126,"line":151},"eduadmin-booking-completed","track_booking_completed",26,{"type":123,"name":153,"callback":154,"file":155,"line":156},"admin_init","EDUGTAG_checkForEduAdminPlugin","eduadmin-analytics.php",39,{"type":123,"name":158,"callback":159,"file":155,"line":160},"admin_notices","closure",42,{"type":123,"name":162,"callback":163,"file":155,"line":164},"plugins_loaded","init",61,{"type":166,"name":167,"callback":168,"file":155,"line":169},"filter","edu_integrations","add_integration",68,[],[],[173],{"tag":174,"callback":175,"file":126,"line":176},"eduadmin-analytics-testpage","test_page",28,[],{"dangerousFunctions":179,"sqlUsage":180,"outputEscaping":182,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":52,"bundledLibraries":200},[],{"prepared":11,"raw":11,"locations":181},[],{"escaped":183,"rawEcho":184,"locations":185},16,7,[186,188,190,192,194,196,198],{"file":126,"line":25,"context":187},"raw output",{"file":126,"line":189,"context":187},120,{"file":126,"line":191,"context":187},155,{"file":126,"line":193,"context":187},186,{"file":126,"line":195,"context":187},221,{"file":126,"line":197,"context":187},252,{"file":126,"line":199,"context":187},295,[],[],{"summary":203,"deductions":204},"The eduadmin-analytics plugin, version 1.1.2, exhibits a generally positive security posture based on the provided static analysis. The plugin does not utilize dangerous functions, all SQL queries are properly prepared, and there are no indications of file operations or external HTTP requests, which are common attack vectors. The presence of capability checks and a relatively small attack surface with no immediate unprotected entry points are also strong security indicators. However, the analysis does reveal some areas for improvement. A significant portion of output is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered directly to the browser without sufficient sanitization. Furthermore, the absence of nonce checks on the identified entry point, even though it's a shortcode and the capability check is present, introduces a potential for CSRF attacks if the shortcode's functionality is sensitive.\n\nThe plugin has no recorded vulnerability history, which is a positive sign indicating a lack of previously exploited flaws. This could suggest diligent development practices or a limited history of security audits. The absence of critical or high severity taint flows further reinforces the idea that the code, as analyzed, does not immediately present obvious vulnerabilities to common attack patterns like remote code execution or SQL injection stemming from unsanitized data inputs. Nevertheless, the unescaped output and potential for CSRF remain the primary concerns that users and developers should be aware of. While the plugin appears secure in many respects, these specific weaknesses could be exploited under certain conditions.",[205,208],{"reason":206,"points":207},"Significant percentage of output unescaped",6,{"reason":209,"points":31},"Lack of nonce checks on entry points","2026-03-17T07:34:51.762Z",{"wat":212,"direct":218},{"assetPaths":213,"generatorPatterns":215,"scriptPaths":216,"versionParams":217},[214],"\u002Fwp-content\u002Fplugins\u002Feduadmin-analytics\u002Fclass\u002Fclass-edu-google.php",[],[],[],{"cssClasses":219,"htmlComments":221,"htmlAttributes":222,"restEndpoints":223,"jsGlobals":224,"shortcodeOutput":226},[220],"error",[],[],[],[225],"gtag",[227],"[eduadmin-analytics-testpage]"]