[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGT0m5isg-vYFRUEEUS_eHLY93V-riNMfBn7yBNeR4j0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":119,"fingerprints":189},"eduadmin-sveawebpay","EduAdmin – SveaWebPay WordPress-plugin","3.0.1","Chris Gardenberg","https:\u002F\u002Fprofiles.wordpress.org\u002Fmnchga\u002F","\u003Cp>EduAdmin – SveaWebPay WordPress-plugin\u003C\u002Fp>\n\u003Cp>Plugin to enable payment via Svea WebPay in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMultinetInteractive\u002FEduAdmin-WordPress\" rel=\"nofollow ugc\">EduAdmin-Wordpress plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Stats\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fscrutinizer-ci.com\u002Fg\u002FMultinetInteractive\u002FEduAdmin-WordPress-SveaWebPay\u002Fbuild-status\u002Fmaster\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fscrutinizer-ci.com\u002Fg\u002FMultinetInteractive\u002FEduAdmin-WordPress-SveaWebPay\u002F?branch=master\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","EduAdmin - SveaWebPay WordPress-plugin",0,1150,"","5.8.13","5.0","5.2",[18,19,20,21,22],"booking","courses","eduadmin","events","participants","http:\u002F\u002Fwww.eduadmin.se","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feduadmin-sveawebpay.3.0.1.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"mnchga",5,50,92,9,88,"2026-04-04T02:43:51.555Z",[38,56,70,82,98],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":32,"downloaded":44,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":50,"download_link":51,"security_score":52,"vuln_count":53,"unpatched_count":11,"last_vuln_date":54,"fetched_at":55},"eduadmin-booking","EduAdmin Booking","5.4.0","\u003Cp>Plugin that you connect to \u003Ca href=\"https:\u002F\u002Fwww.eduadmin.se\" rel=\"nofollow ugc\">EduAdmin\u003C\u002Fa> to enable bookings of both courses and programmes through your website.\u003C\u002Fp>\n\u003Cp>Requires the following PHP-modules\u003C\u002Fp>\n\u003Cul>\n\u003Cli>php-curl\u003C\u002Fli>\n\u003Cli>php-mbstring\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>How can I report security bugs?\u003C\u002Fp>\n\u003Cp>You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Feduadmin-booking\" rel=\"nofollow ugc\">Report a security vulnerability.\u003C\u002Fa>\u003C\u002Fp>\n","EduAdmin plugin to allow visitors to book courses at your website. Requires EduAdmin-account.",13016,"2025-02-25T14:33:00.000Z","6.6.5","6.0","8.1",[18,19,20,21,22],"https:\u002F\u002Fwww.eduadmin.se","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feduadmin-booking.5.4.0.zip",90,1,"2024-12-11 00:00:00","2026-03-15T15:16:48.613Z",{"slug":57,"name":58,"version":59,"author":7,"author_profile":8,"description":60,"short_description":61,"active_installs":11,"downloaded":62,"rating":11,"num_ratings":11,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":50,"download_link":68,"security_score":69,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":55},"eduadmin-analytics","EduAdmin – Google Analytics \u002F Tag Manager","1.1.2","\u003Cp>EduAdmin – Google Analytics \u002F Tag Manager WordPress\u003C\u002Fp>\n\u003Cp>This plugin adds support for Google Analytics \u002F Tag Manager to your \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMultinetInteractive\u002FEduAdmin-WordPress\" rel=\"nofollow ugc\">EduAdmin-Wordpress plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The plugin will add javascript to your website that will send events to Google Analytics \u002F Tag Manager when a user interacts with the booking form.\u003C\u002Fp>\n\u003Cp>The domain of the javascript will be from https:\u002F\u002Fwww.googletagmanager.com, and you can find their terms of service here:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.google.com\u002Fanalytics\u002Fterms\u002Ftag-manager\u002F\u003C\u002Fp>\n\u003Cp>This plugin requires that you’re using the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking\u002F\" rel=\"ugc\">EduAdmin-Wordpress plugin\u003C\u002Fa>\u003C\u002Fp>\n","This plugin adds support for Google Analytics \u002F Tag Manager to your EduAdmin plugin (WordPress only, not the course portal).",1981,"2024-01-18T10:43:00.000Z","6.4.8","5.8","7.0",[18,19,20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feduadmin-analytics.1.1.2.zip",85,{"slug":71,"name":72,"version":73,"author":7,"author_profile":8,"description":74,"short_description":75,"active_installs":11,"downloaded":76,"rating":11,"num_ratings":11,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":16,"tags":80,"homepage":50,"download_link":81,"security_score":69,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":55},"eduadmin-booking-klarna-checkout","EduAdmin – Klarna Checkout WordPress-plugin","1.4.0","\u003Cp>EduAdmin – Klarna Checkout WordPress-plugin\u003C\u002Fp>\n\u003Cp>Plugin to enable payment via Klarna Checkout in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMultinetInteractive\u002FEduAdmin-WordPress\" rel=\"nofollow ugc\">EduAdmin-Wordpress plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking-klarna-checkout\u002F\" rel=\"ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking-klarna-checkout\u002F\" rel=\"ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking-klarna-checkout\u002F\" rel=\"ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feduadmin-booking-klarna-checkout\u002F\" rel=\"ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Stats\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fscrutinizer-ci.com\u002Fg\u002FMultinetInteractive\u002Feduadmin-wp-klarna-checkout\u002Fbuild-status\u002Fmaster\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fscrutinizer-ci.com\u002Fg\u002FMultinetInteractive\u002Feduadmin-wp-klarna-checkout\u002F?branch=master\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","EduAdmin - Klarna Checkout WordPress-plugin",1772,"2020-03-04T10:23:00.000Z","5.3.21","4.7",[18,19,20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feduadmin-booking-klarna-checkout.1.4.0.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":11,"downloaded":90,"rating":11,"num_ratings":11,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":48,"tags":94,"homepage":96,"download_link":97,"security_score":33,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":55},"casa-courses","CASA Courses","1.0.3","foretagsakademincasa","https:\u002F\u002Fprofiles.wordpress.org\u002Fforetagsakademincasa\u002F","\u003Cp>The Casa Courses plugin is used to connect your Casa installation with your WordPress homepage.\u003C\u002Fp>\n\u003Cp>With the plugin installed, you will be able to list all templates and events from Casa on your WordPress site. Depending on the number of available seats on each event, you can allow visitors book seats on your events and the booked participants will be added to your Casa event. They can also be added to a waiting list if you allow that.\u003C\u002Fp>\n\u003Cp>The plugin automatically updates all pages generated by the plugin every hour. This is to refresh the number of available seats and also update course descriptions and so on. To make sure this works as intended, it is recommended that you disable caching on the automatically generated pages or make sure that caching is only enabled for an hour.\u003C\u002Fp>\n\u003Cp>The source code for the minified javascript and CSS files (present in directories admin\u002F and public\u002F) are located in the resources\u002F folder. They are then compiled to the admin\u002F and public\u002F directories.\u003C\u002Fp>\n\u003Cp>The CSS for the Casa Courses plugin is built on version v5.3.2 of Bootstrap (see https:\u002F\u002Fgetbootstrap.com\u002F). The Casa Courses plugin contains a compiled version of bootstrap without any changes.\u003C\u002Fp>\n\u003Cp>You can also (optionally) use google fonts, which then will download the fonts from https:\u002F\u002Ffonts.googleapis.com and https:\u002F\u002Ffonts.gstatic.com. Setting the font variable to “Inherit” will however not download anything from google fonts. Terms and conditions can be found \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Ffonts\u002Fterms\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin uses Google captcha which connects to the following endpoint: https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js when verifying captcha requirements. Terms and conditions can be found \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms?hl=en\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The plugin is dependent on you having an account and subscription to the \u003Ca href=\"https:\u002F\u002Fwww.foretagsakademin.se\u002Fcasa\" rel=\"nofollow ugc\">Casa administration platform\u003C\u002Fa>. Without a subscription and an API key to Casa administration platform, the plugin will not work. For terms of subscription please contact \u003Ca href=\"https:\u002F\u002Fwww.foretagsakademin.se\u002Fcasa\" rel=\"nofollow ugc\">Företagsakademin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Dependencies\u003C\u002Fh3>\n\u003Cp>The plugin depends on the following PHP libraries:\u003Cbr \u002F>\n* nesbot\u002Fcarbon – A library used for handling datetimes. You can find more about the library \u003Ca href=\"https:\u002F\u002Fcarbon.nesbot.com\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The plugin also includes the following dependencies:\u003Cbr \u002F>\n* Bootstrap v5.3.2 (see https:\u002F\u002Fgetbootstrap.com\u002F). The plugin uses a compiled version of the bootstrap css without any changes.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Google fonts (optional) – You can choose to use certain google fonts on your page. These will then be downloaded from\u003Cbr \u002F>\nhttps:\u002F\u002Ffonts.googleapis.com and https:\u002F\u002Ffonts.gstatic.com.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Google captcha (optional) – You can choose to use google captcha when submitting your booking form. The plugin will\u003Cbr \u002F>\nconnect to the following endpoint: https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js when verifying captcha requirements. Terms\u003Cbr \u002F>\nand conditions can be found \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms?hl=en\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Connect your Casa installation to your WordPress installation.",1075,"2025-03-18T08:38:00.000Z","6.7.5","6.4",[95,18,19,21,22],"administration","https:\u002F\u002Fgithub.com\u002FForetagsakademin\u002Fcasa-wordpress-plugin.git","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcasa-courses.1.0.3.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":25,"num_ratings":53,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":66,"tags":111,"homepage":115,"download_link":116,"security_score":117,"vuln_count":53,"unpatched_count":53,"last_vuln_date":118,"fetched_at":55},"easyme-connect","EasyMe Connect","3.0.3","easymebiz","https:\u002F\u002Fprofiles.wordpress.org\u002Feasymebiz\u002F","\u003Cp>Connects your EasyMe account and automatically embeds your custom javascript client code in your Web site.\u003C\u002Fp>\n\u003Cp>Grab and insert “Magic” EasyMe links from the links tab of any product and your booking modal will open as a layer on top of your own design.\u003C\u002Fp>\n\u003Cp>The plugin will automatically update your embedded code, so once connected, you can forget about it.\u003C\u002Fp>\n","Connects your EasyMe account to Wordpress.",500,12205,"2025-11-28T07:59:00.000Z","6.9.4","5.3",[18,112,21,113,114],"easyme","online-courses","subscriptions","https:\u002F\u002Feasyme.dk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasyme-connect.3.0.3.zip",78,"2025-05-07 00:00:00",{"attackSurface":120,"codeSignals":166,"taintFlows":177,"riskAssessment":178,"analyzedAt":188},{"hooks":121,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":165,"entryPointCount":53,"unprotectedCount":11},[122,128,132,136,140,145,149,153],{"type":123,"name":124,"callback":125,"file":126,"line":127},"action","eduadmin-checkpaymentplugins","intercept_booking","class\\class-edu-sveawebpay.php",27,{"type":123,"name":129,"callback":130,"file":126,"line":131},"eduadmin-processbooking","process_booking",28,{"type":123,"name":133,"callback":134,"file":126,"line":135},"eduadmin-bookingcompleted","process_svearesponse",29,{"type":123,"name":137,"callback":138,"file":126,"line":139},"wp_loaded","process_paymentstatus",30,{"type":123,"name":141,"callback":142,"file":143,"line":144},"admin_init","checkForEduAdminPlugin","eduadmin-wordpress-sveawebpay.php",38,{"type":123,"name":146,"callback":147,"file":143,"line":148},"admin_notices","closure",41,{"type":123,"name":150,"callback":151,"file":143,"line":152},"plugins_loaded","init",59,{"type":154,"name":155,"callback":156,"file":143,"line":157},"filter","edu_integrations","add_integration",67,[],[],[161],{"tag":162,"callback":163,"file":126,"line":164},"eduadmin-svea-testpage","test_page",32,[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":53,"bundledLibraries":176},[],{"prepared":11,"raw":11,"locations":169},[],{"escaped":171,"rawEcho":53,"locations":172},14,[173],{"file":126,"line":174,"context":175},169,"raw output",[],[],{"summary":179,"deductions":180},"The eduadmin-sveawebpay plugin version 3.0.1 exhibits a generally strong security posture based on the provided static analysis.  The absence of dangerous functions, SQL queries without prepared statements, file operations, and external HTTP requests are all positive indicators. Furthermore, the high percentage of properly escaped output suggests good practices in preventing cross-site scripting (XSS) vulnerabilities. The plugin also demonstrates a clean vulnerability history with no recorded CVEs.\n\nHowever, there are areas that warrant attention. The complete absence of nonce checks across all entry points is a significant concern. While the plugin does have one capability check, this single check may not be sufficient to protect all functionalities. The lack of taint analysis results is also noted, though this may simply mean no flows were identified during the analysis. The limited attack surface is a positive, but the lack of specific authentication or authorization on the shortcode, despite it being the only entry point identified without explicit auth checks, could present a risk if it handles sensitive data or performs critical actions.\n\nIn conclusion, the plugin has implemented several robust security measures. Nevertheless, the lack of nonce checks on all entry points and the potential for the shortcode to be inadequately protected require further investigation. The absence of known vulnerabilities is a strong positive, but it is crucial to ensure that the current security practices, particularly regarding input validation and authorization, are comprehensive enough to prevent future issues.",[181,184,186],{"reason":182,"points":183},"No nonce checks on entry points",15,{"reason":185,"points":31},"Single capability check may not cover all entry points",{"reason":187,"points":31},"Shortcode without explicit auth check identified","2026-03-17T05:46:56.056Z",{"wat":190,"direct":199},{"assetPaths":191,"generatorPatterns":194,"scriptPaths":195,"versionParams":196},[192,193],"\u002Fwp-content\u002Fplugins\u002Feduadmin-sveawebpay\u002Fcss\u002Feduadmin-sveawebpay.css","\u002Fwp-content\u002Fplugins\u002Feduadmin-sveawebpay\u002Fjs\u002Feduadmin-sveawebpay.js",[],[193],[197,198],"eduadmin-sveawebpay\u002Fcss\u002Feduadmin-sveawebpay.css?ver=","eduadmin-sveawebpay\u002Fjs\u002Feduadmin-sveawebpay.js?ver=",{"cssClasses":200,"htmlComments":201,"htmlAttributes":202,"restEndpoints":204,"jsGlobals":205,"shortcodeOutput":207},[],[],[203],"data-nonce",[],[206],"EDU",[208],"[eduadmin-svea-testpage]"]