[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftqZSjZbXKui621w3dspLwTPd4_DPmWrwHPEWz9DR0aQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":14,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":53,"analysis":154,"fingerprints":326},"events-listing-widget","Events Listing Widget","1.3.5","Yannick Lefebvre","https:\u002F\u002Fprofiles.wordpress.org\u002Fjackdewey\u002F","\u003Cp>Create a list of upcoming events and display them using an easy-to-use widget\u003C\u002Fp>\n\u003Cp>You can try it out in a temporary copy of WordPress \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fevents-listing-widget\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Ftags\u002Fevents-listing-widget\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Create a list of upcoming events and display them using an easy-to-use widget",60,14934,100,1,"2026-02-01T15:25:00.000Z","6.9.4","3.3","",[20,21,22,23],"events","sidebar","upcoming","widget","https:\u002F\u002Fylefebvre.github.io\u002Fwordpress-plugins\u002Fevents-listing-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fevents-listing-widget.1.3.5.zip",99,0,"2026-02-05 19:36:04","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":14},"CVE-2026-1252","events-listing-widget-authenticated-author-stored-cross-site-scripting-via-event-url-field","Events Listing Widget \u003C= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field","The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.3.4","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-06 08:25:27",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7f3b13a5-0711-4ad3-b11c-f8556e1ca9f9?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},"jackdewey",8,10970,89,529,71,"2026-04-05T02:59:41.494Z",[54,78,96,112,130],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":76,"vuln_count":14,"unpatched_count":14,"last_vuln_date":77,"fetched_at":29},"upcoming-events-lists","Upcoming Events Lists","1.4.0","Sayful Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Fsayful\u002F","\u003Cp>A WordPress plugin to show a list of upcoming events on the front-end as widget.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Step 1: Creating events\u003C\u002Fp>\n\u003Cp>After installing and activating the plugin, a new custom post type called “Events” will appear at your WordPress Admin area.\u003Cbr \u002F>\nJust create your events from the “Events” menu.\u003C\u002Fp>\n\u003Cp>Step 2: Using on Gutenberg Block Editor (WordPress 5.0 or later)\u003C\u002Fp>\n\u003Cp>If you are using block editor, add a new page and search for ‘Upcoming Events Lists’, set necessary options as your requirement.\u003Cbr \u002F>\nSave and view you page. All done!\u003C\u002Fp>\n\u003Cp>Step 3: Shortcode (When you cannot use step 2)\u003Cbr \u002F>\nAdd a new page and paste the following shortcode where you want to display the events:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[upcoming_events_list]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The shortcode can include following attributes.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>view_type\u003C\u002Fcode>: Default value \u003Ccode>list\u003C\u002Fcode>. Value can be \u003Ccode>list\u003C\u002Fcode> or \u003Ccode>grid\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>show_all_event_link\u003C\u002Fcode>: Default value \u003Ccode>yes\u003C\u002Fcode>. Value can be \u003Ccode>yes\u003C\u002Fcode> or \u003Ccode>no\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you set \u003Ccode>grid\u003C\u002Fcode> for \u003Ccode>view_type\u003C\u002Fcode>, you can also include the following attributes.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>columns_on_tablet\u003C\u002Fcode>: Default value \u003Ccode>2\u003C\u002Fcode>. Value can be from 1 to 6 (except 5)\u003C\u002Fli>\n\u003Cli>\u003Ccode>columns_on_desktop\u003C\u002Fcode>: Default value \u003Ccode>3\u003C\u002Fcode>. Value can be from 1 to 6 (except 5)\u003C\u002Fli>\n\u003Cli>\u003Ccode>columns_on_widescreen\u003C\u002Fcode>: Default value \u003Ccode>4\u003C\u002Fcode>. Value can be from 1 to 6 (except 5)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example 1:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[upcoming_events_list view_type='grid' columns_on_tablet='3' columns_on_desktop='4' columns_on_widescreen='6']\n\u003C\u002Fcode>\u003C\u002Fpre>\n","A WordPress plugin to show a list of upcoming events on the front-end.",1000,42004,96,6,"2025-04-15T12:19:00.000Z","6.8.5","6.0","7.0",[71,20,72,73,23],"calendar","feed","upcoming-events","https:\u002F\u002Fsayfulislam.com\u002F?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupcoming-events-lists.1.4.0.zip",78,"2025-09-22 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":27,"num_ratings":27,"last_updated":88,"tested_up_to":18,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":93,"download_link":94,"security_score":95,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"external-events-calendar","External Events Calendar","0.4.0","goldenapples","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoldenapples\u002F","\u003Cp>This plugin is useful for listing speaking engagements, upcoming social events, or other calendar listings which link outside of your site. It adds a special link category for “Events Calendar” with meta fields for location and date. Any links in this category can be displayed through a widget withoption to display all events or only future events, show in ascending\u002Fdescending order, and options to show or hide link images and descriptions.\u003C\u002Fp>\n\u003Cp>The Start Date and End Date fields are stored as text fields and can be entered as any standard php-readable date format (i.e. “Aug 1, 2010 5:00pm”, “10\u002F4\u002F11”, and “November 2012” are all acceptable, and will be ordered properly and displayed just as they are entered). The End Date field is optional; if included, it will display the dates as a range; if not, only the first date will be displayed.\u003C\u002Fp>\n\u003Cp>There is an option to use dates exactly as they are entered (may look better in some cases, but doesn’t work very well for non-US English dates) or to use WordPress’s localized date formatting.\u003C\u002Fp>\n\u003Cp>Styling is customizable through css: each field is given its own  class. A basic stylesheet is included in the plugin, but feel free to modify that or delete it and use your own stylesheet to override. You can also copy the default stylesheet to your theme directory or a new directory called \u003Ccode>\u002Fwp-content\u002Fplugins\u002Fgad-events-custom\u002F\u003C\u002Fcode> to preserve any changes to make against future plugin\u002Ftheme upgrades.\u003C\u002Fp>\n","This plugin adds a basic \"upcoming events\" calendar of links to Wordpress.",30,19724,"2011-02-03T19:05:00.000Z","2.9.1",[71,91,92,73,23],"events-calendar","links","http:\u002F\u002Fgoldenapplesdesign.com\u002Fprojects\u002Fupcoming-events-calendar-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexternal-events-calendar.0.4.1.zip",85,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":27,"downloaded":104,"rating":27,"num_ratings":27,"last_updated":18,"tested_up_to":105,"requires_at_least":106,"requires_php":18,"tags":107,"homepage":109,"download_link":110,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":111},"lcs-em-widget-calendar","LCS Fast Calendar Widget for Events Manager","1.0","latcomsystems","https:\u002F\u002Fprofiles.wordpress.org\u002Flatcomsystems\u002F","\u003Cp>If you are using the Events Manager sidebar calendar widget AND you have a lot of events AND you are using either event categories or event tags or both, this will be a much faster sidebar calendar widget than the one that comes with the Events Manager plugin.  Replace the existing slow Events Manger sidebar calendar widget with this one and you will notice a significant boost in page load speed and switching from month to another month in the calendar.\u003C\u002Fp>\n\u003Cp>CAUTION:  This widget requires the Events Manager plugin to be installed and active, otherwise an error message will be shown in the widget sidebar location.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"mailto:sysdev@latcomsystems.com\" rel=\"nofollow ugc\">sysdev@latcomsystems.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin adds a fast sidebar calendar widget to replace the one that comes with Events Manager.",1105,"5.1.22","4.5",[71,20,108,21,23],"manager","http:\u002F\u002Fwww.latcomsystems.com\u002Findex.cfm?SheetIndex=wp_lcs_em_widget_calendar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flcs-em-widget-calendar.1.0.zip","2026-03-15T10:48:56.248Z",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":27,"downloaded":120,"rating":27,"num_ratings":27,"last_updated":121,"tested_up_to":67,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":127,"download_link":128,"security_score":129,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"smntcs-simple-events-widget","SMNTCS Simple Events Widget","2.4","Niels Lange","https:\u002F\u002Fprofiles.wordpress.org\u002Fnielslange\u002F","\u003Cp>Sidebar widget to show (upcoming and previous) events.\u003C\u002Fp>\n","Sidebar widget to show (upcoming and previous) events.",3335,"2025-03-23T09:24:00.000Z","3.4","7.4",[125,21,126,23],"event","simple-events","https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-simple-events-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmntcs-simple-events-widget.2.4.zip",92,{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":140,"num_ratings":141,"last_updated":142,"tested_up_to":16,"requires_at_least":143,"requires_php":144,"tags":145,"homepage":149,"download_link":150,"security_score":151,"vuln_count":152,"unpatched_count":27,"last_vuln_date":153,"fetched_at":29},"custom-sidebars","Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager","3.38","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Cstrong>Manage and replace sidebars and other classic widget areas on your site with Custom Sidebars, a flexible widget area manager.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Make custom sidebar configurations and be able to choose what classic widgets display on each page or post of your site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Need to make a \u003Cstrong>widget sticky\u003C\u002Fstrong> or fixed? Try our free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsticky-menu-or-anything-on-scroll\u002F\" rel=\"ugc\">WP Sticky Anything\u003C\u002Fa> plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Custom Sidebars works ONLY with the classic widgets screen that was used in WordPress before version 5.8. If you want to use it with version 5.8 (and above) you have to install the official \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-widgets\u002F\" rel=\"ugc\">Classic Widgets\u003C\u002Fa> plugin, or enable the classic widgets interface yourself. Once the classic widgets screen is activated the plugin will work the same as before.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Having problems setting up SSL or generating an SSL certificate? Install the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-force-ssl\u002F\" rel=\"ugc\">WP Force SSL\u003C\u002Fa> plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Display Different Sidebars on Pages and Posts\u003C\u002Fh4>\n\u003Cp>Custom Sidebars allows you to dynamically display custom widget configurations on any page, post, category, post type, or archive page.\u003C\u002Fp>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Custom Sidebars will go on my “essential plugins” list from now on. I am pleased by how easy it was to figure out and by how many options are available in the free version.” – \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmonkeyhateclean\" rel=\"nofollow ugc\">monkeyhateclean\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“This plugin does exactly what it says. It’s light, integrates well into WordPress and gives you tons of possibilities.” – \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fdarknova11\" rel=\"nofollow ugc\">DarkNova\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Every part of Custom Sidebars integrates seamlessly with the Widgets menu for simplicity and control. No confusing settings pages or added menu items, just simple core integration.\u003C\u002Fp>\n\u003Ch4>A Simple Flexible Sidebar Manager\u003C\u002Fh4>\n\u003Cp>** Custom Sidebars Includes: **\u003Cbr \u002F>\n* Unlimited custom widget configurations\u003Cbr \u002F>\n* Set custom widgets for individual posts and pages, categories, post types, and archives\u003Cbr \u002F>\n* Seamless integration with the WordPress Widgets menu\u003Cbr \u002F>\n* Works with well-coded themes and doesn’t slow down your site\u003Cbr \u002F>\n* Set individual widget visibility – for guests, by user role, by post type, for special pages or categories\u003Cbr \u002F>\n* Author specific sidebars – display a custom sidebar for each of your authors\u003Cbr \u002F>\n* Clone and sync widget settings – quickly edit complex configurations\u003Cbr \u002F>\n* Import and export custom sidebars – backup and share sidebars\u003C\u002Fp>\n\u003Cp>Install Custom Sidebars and see for yourself why it’s the most popular widget extension plugin available for WordPress with over 200,000 active installs.\u003C\u002Fp>\n\u003Ch3>Contact and Credits\u003C\u002Fh3>\n\u003Cp>Original development completed by \u003Ca href=\"http:\u002F\u002Fmarquex.es\u002F\" rel=\"nofollow ugc\">Javier Marquez\u003C\u002Fa>.\u003C\u002Fp>\n","Flexible sidebars for custom classic widget configurations on any page or post. Create custom sidebars with ease!",100000,5193767,94,1028,"2025-12-03T19:20:00.000Z","4.6","5.6",[146,147,148,21,23],"classic-widgets","custom-sidebar","dynamic-widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-sidebars\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-sidebars.3.38.zip",98,3,"2017-10-04 00:00:00",{"attackSurface":155,"codeSignals":233,"taintFlows":314,"riskAssessment":315,"analyzedAt":325},{"hooks":156,"ajaxHandlers":213,"restRoutes":214,"shortcodes":215,"cronEvents":231,"entryPointCount":232,"unprotectedCount":27},[157,163,167,171,175,179,183,188,192,197,201,205,209],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","plugins_loaded","events_listing_widget_plugin_init","events-listing-widget.php",15,{"type":158,"name":164,"callback":165,"file":161,"line":166},"widgets_init","events_listing_widget_load_widgets",20,{"type":158,"name":168,"callback":169,"file":161,"line":170},"init","my_events_listing_post_type_init",322,{"type":158,"name":172,"callback":173,"file":161,"line":174},"admin_init","events_listing_admin_init",406,{"type":158,"name":176,"callback":177,"file":161,"line":178},"admin_post_save_events_listing_options","process_events_listing_options",411,{"type":158,"name":180,"callback":181,"file":161,"line":182},"admin_enqueue_scripts","events_listing_enqueue_admin_scripts",473,{"type":158,"name":184,"callback":185,"priority":186,"file":161,"line":187},"save_post","save_events_listing_fields",10,482,{"type":158,"name":189,"callback":190,"file":161,"line":191},"delete_post","events_listing_delete_fields",541,{"type":193,"name":194,"callback":195,"file":161,"line":196},"filter","manage_edit-events_listing_columns","events_listing_add_columns",550,{"type":158,"name":198,"callback":199,"file":161,"line":200},"manage_posts_custom_column","events_listing_populate_columns",563,{"type":193,"name":202,"callback":203,"file":161,"line":204},"manage_edit-events_listing_sortable_columns","events_listing_author_column_sortable",580,{"type":193,"name":206,"callback":207,"file":161,"line":208},"request","events_listing_column_ordering",591,{"type":158,"name":210,"callback":211,"file":161,"line":212},"admin_menu","events_listing_settings_menu",648,[],[],[216,220,223,227],{"tag":217,"callback":218,"file":161,"line":219},"events-listing-date","events_listing_event_date_shortcode",359,{"tag":221,"callback":218,"file":161,"line":222},"events-listing-end-date",360,{"tag":224,"callback":225,"file":161,"line":226},"events-listing-name","events_listing_event_name_shortcode",361,{"tag":228,"callback":229,"file":161,"line":230},"events-listing-url","events_listing_event_url_shortcode",362,[],4,{"dangerousFunctions":234,"sqlUsage":235,"outputEscaping":240,"fileOperations":27,"externalRequests":27,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":313},[],{"prepared":14,"raw":14,"locations":236},[237],{"file":161,"line":238,"context":239},630,"$wpdb->get_results() with variable interpolation",{"escaped":241,"rawEcho":242,"locations":243},12,39,[244,247,249,250,251,253,255,256,257,259,261,262,263,265,267,268,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,306,307,309,311],{"file":161,"line":245,"context":246},44,"raw output",{"file":161,"line":248,"context":246},45,{"file":161,"line":248,"context":246},{"file":161,"line":248,"context":246},{"file":161,"line":252,"context":246},50,{"file":161,"line":254,"context":246},51,{"file":161,"line":254,"context":246},{"file":161,"line":254,"context":246},{"file":161,"line":258,"context":246},56,{"file":161,"line":260,"context":246},57,{"file":161,"line":260,"context":246},{"file":161,"line":260,"context":246},{"file":161,"line":264,"context":246},62,{"file":161,"line":266,"context":246},63,{"file":161,"line":266,"context":246},{"file":161,"line":266,"context":246},{"file":161,"line":270,"context":246},139,{"file":161,"line":272,"context":246},141,{"file":161,"line":274,"context":246},266,{"file":161,"line":276,"context":246},268,{"file":161,"line":278,"context":246},272,{"file":161,"line":280,"context":246},277,{"file":161,"line":282,"context":246},282,{"file":161,"line":284,"context":246},285,{"file":161,"line":286,"context":246},286,{"file":161,"line":288,"context":246},297,{"file":161,"line":290,"context":246},431,{"file":161,"line":292,"context":246},437,{"file":161,"line":294,"context":246},443,{"file":161,"line":296,"context":246},460,{"file":161,"line":298,"context":246},466,{"file":161,"line":300,"context":246},576,{"file":161,"line":302,"context":246},708,{"file":161,"line":304,"context":246},725,{"file":161,"line":304,"context":246},{"file":161,"line":304,"context":246},{"file":161,"line":308,"context":246},733,{"file":161,"line":310,"context":246},739,{"file":161,"line":312,"context":246},745,[],[],{"summary":316,"deductions":317},"The \"events-listing-widget\" plugin v1.3.5 exhibits a mixed security posture. On the positive side, the static analysis reveals a relatively small attack surface with no unprotected AJAX handlers or REST API routes. The plugin also demonstrates some good practices, including the presence of nonce and capability checks, and no file operations or external HTTP requests, which are common vectors for vulnerabilities. However, several areas of concern are highlighted. The code analysis shows that only 50% of SQL queries use prepared statements, leaving 50% vulnerable to SQL injection. Furthermore, a significant portion of output (76%) is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.\n\nThe plugin's vulnerability history is also a point of concern, with one known medium-severity CVE for Cross-Site Scripting. While this vulnerability is not currently unpatched, the fact that it exists and its nature (XSS) aligns with the findings from the output escaping analysis. The presence of a past XSS vulnerability, coupled with poor output escaping practices in the current version, strongly suggests a recurring risk. The taint analysis shows zero flows, which is a positive sign, but this could be due to the limited nature of the analysis or the absence of complex taint chains that might be present.\n\nIn conclusion, while the plugin has strengths in limiting its attack surface and avoiding certain dangerous practices, the high rate of unescaped output and the history of XSS vulnerabilities represent significant security weaknesses. The incomplete use of prepared statements for SQL queries also introduces an unnecessary risk. These factors collectively indicate a moderate to high risk for users of this plugin, particularly concerning XSS and potentially SQL injection.",[318,321,323],{"reason":319,"points":320},"50% of SQL queries not using prepared statements",5,{"reason":322,"points":47},"Only 24% of outputs properly escaped",{"reason":324,"points":186},"One known medium CVE (XSS) historically","2026-03-16T21:42:31.165Z",{"wat":327,"direct":336},{"assetPaths":328,"generatorPatterns":331,"scriptPaths":332,"versionParams":333},[329,330],"\u002Fwp-content\u002Fplugins\u002Fevents-listing-widget\u002Fcss\u002Fevents-listing-widget.css","\u002Fwp-content\u002Fplugins\u002Fevents-listing-widget\u002Fjs\u002Fevents-listing-widget.js",[],[330],[334,335],"events-listing-widget\u002Fcss\u002Fevents-listing-widget.css?ver=","events-listing-widget\u002Fjs\u002Fevents-listing-widget.js?ver=",{"cssClasses":337,"htmlComments":339,"htmlAttributes":342,"restEndpoints":343,"jsGlobals":344,"shortcodeOutput":346},[338],"widget_events_listing_widget",[340,341],"\u003C!--more-->","\u003C!--noteaser-->",[],[],[345],"events_listing_widget",[347],"Events Listing"]