[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftwyBxg6fQTAqyO6qhwfmfGn1KGvhbhmg9z6gHtIdgvM":3,"$ff-_H-uiDec7f-5oGxy9mCKKEH6anKGI7DQZplpTFEUs":188,"$fbL2KA8CR-adZT-WobZ-WH4Q0eNKcyq2F_PsVD1m6FJw":192},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":37,"fingerprints":157},"feature-add-ons-for-booked","Feature Add-Ons For Booked","1.0.1","alvinmuthui","https:\u002F\u002Fprofiles.wordpress.org\u002Falvinmuthui\u002F","\u003Cblockquote>\n\u003Cp>\n        \u003Cstrong>Extend Your Appointments List View and Export Options\u003C\u002Fstrong>\n    \u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin gives you the option to view all your appointments in a paginated format. The plugin also removes the 500 export limit to the ability to export everything.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgetbooked.io\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Booked Appointments\u003C\u002Fstrong>\u003C\u002Fa> plugin must be installed and activated to use this plugin.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Paginated Appointments List View\u003C\u002Fli>\n\u003Cli>Unlimited Exports and a few additional options\u003C\u002Fli>\n\u003C\u002Ful>\n","Extending the capabilities of Boxy Studio's Booked Appointments plugin.",40,1382,1,"2023-04-28T21:38:00.000Z","6.2.9","5.3","7.2",[19,20,21],"booked-appointments","boxy-studio","extension-add-ons","https:\u002F\u002Fwww.example.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeature-add-ons-for-booked.1.0.1.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},3,95,30,91,"2026-05-20T04:32:52.100Z",[],{"attackSurface":38,"codeSignals":58,"taintFlows":97,"riskAssessment":147,"analyzedAt":156},{"hooks":39,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":25,"unprotectedCount":25},[40,46,50],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_enqueue_scripts","add_plugin_scripts","includes\\class-faofb.php",50,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_menu","add_faofb_menu",52,{"type":41,"name":51,"callback":52,"file":44,"line":53},"admin_init","export_file",54,[],[],[],[],{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":62,"fileOperations":95,"externalRequests":25,"nonceChecks":31,"capabilityChecks":25,"bundledLibraries":96},[],{"prepared":25,"raw":25,"locations":61},[],{"escaped":63,"rawEcho":64,"locations":65},48,15,[66,70,72,74,76,78,81,83,84,86,87,89,90,92,93],{"file":67,"line":68,"context":69},"includes\\ajax\\admin\\add-appointment.php",146,"raw output",{"file":67,"line":71,"context":69},153,{"file":67,"line":73,"context":69},207,{"file":67,"line":75,"context":69},308,{"file":67,"line":77,"context":69},313,{"file":79,"line":80,"context":69},"includes\\ajax\\admin\\appointment-form.php",39,{"file":79,"line":82,"context":69},41,{"file":79,"line":82,"context":69},{"file":79,"line":85,"context":69},45,{"file":79,"line":45,"context":69},{"file":79,"line":88,"context":69},51,{"file":79,"line":49,"context":69},{"file":79,"line":91,"context":69},76,{"file":79,"line":91,"context":69},{"file":79,"line":94,"context":69},136,2,[],[98,117,129],{"entryPoint":99,"graph":100,"unsanitizedCount":25,"severity":116},"\u003Cview-appointments> (admin\\view-appointments.php:0)",{"nodes":101,"edges":113},[102,107],{"id":103,"type":104,"label":105,"file":106,"line":33},"n0","source","$_GET (x2)","admin\\view-appointments.php",{"id":108,"type":109,"label":110,"file":106,"line":111,"wp_function":112},"n1","sink","echo() [XSS]",140,"echo",[114],{"from":103,"to":108,"sanitized":115},true,"low",{"entryPoint":118,"graph":119,"unsanitizedCount":128,"severity":116},"\u003Cadd-appointment> (includes\\ajax\\admin\\add-appointment.php:0)",{"nodes":120,"edges":125},[121,124],{"id":103,"type":104,"label":122,"file":67,"line":123},"$_POST (x4)",5,{"id":108,"type":109,"label":110,"file":67,"line":68,"wp_function":112},[126],{"from":103,"to":108,"sanitized":127},false,4,{"entryPoint":130,"graph":131,"unsanitizedCount":146,"severity":116},"\u003Cappointment-form> (includes\\ajax\\admin\\appointment-form.php:0)",{"nodes":132,"edges":143},[133,136,137,140],{"id":103,"type":104,"label":134,"file":79,"line":135},"$_POST (x8)",17,{"id":108,"type":109,"label":110,"file":79,"line":80,"wp_function":112},{"id":138,"type":104,"label":139,"file":79,"line":128},"n2","$_POST",{"id":141,"type":109,"label":110,"file":79,"line":142,"wp_function":112},"n3",137,[144,145],{"from":103,"to":108,"sanitized":127},{"from":138,"to":141,"sanitized":115},8,{"summary":148,"deductions":149},"The plugin 'feature-add-ons-for-booked' v1.0.1 exhibits a generally strong security posture based on the static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, indicating a minimal attack surface. The code also demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage of output escaping. Nonce checks are present, further contributing to security.  However, the analysis did identify two flows with unsanitized paths during taint analysis. While these did not escalate to critical or high severity, they represent potential weaknesses that could be exploited under certain conditions.  Furthermore, the complete lack of recorded vulnerabilities in its history, while positive, could also imply limited historical testing or a very small user base, making it difficult to draw firm conclusions about its long-term resilience. Overall, the plugin has a good foundation, but the identified unsanitized paths warrant attention to ensure complete security.",[150,152,154],{"reason":151,"points":146},"Unsanitized paths found in taint analysis",{"reason":153,"points":123},"Capability checks are missing",{"reason":155,"points":31},"Some output not properly escaped","2026-03-16T22:17:39.592Z",{"wat":158,"direct":171},{"assetPaths":159,"generatorPatterns":164,"scriptPaths":165,"versionParams":166},[160,161,162,163],"\u002Fwp-content\u002Fplugins\u002Ffeature-add-ons-for-booked\u002Fassets\u002Fcss\u002Fcss.css","\u002Fwp-content\u002Fplugins\u002Ffeature-add-ons-for-booked\u002Fassets\u002Fjs\u002Fjs.js","\u002Fwp-content\u002Fplugins\u002Ffeature-add-ons-for-booked\u002Fassets\u002Fcss\u002Fjquery-ui.css","\u002Fwp-content\u002Fplugins\u002Ffeature-add-ons-for-booked\u002Fassets\u002Fadmin\u002Fcss\u002Ffaofb-style.min.css",[],[161],[167,168,169,170],"feature-add-ons-for-booked\u002Fassets\u002Fcss\u002Fcss.css?ver=","feature-add-ons-for-booked\u002Fassets\u002Fjs\u002Fjs.js?ver=","feature-add-ons-for-booked\u002Fassets\u002Fcss\u002Fjquery-ui.css?ver=","feature-add-ons-for-booked\u002Fassets\u002Fadmin\u002Fcss\u002Ffaofb-style.min.css?ver=",{"cssClasses":172,"htmlComments":178,"htmlAttributes":181,"restEndpoints":185,"jsGlobals":186,"shortcodeOutput":187},[173,174,175,176,177],"apt-container","apt-panel-head","apt-panel-body","apt-table","apt-export-btn",[179,180],"\u003C!-- View Appointments -->","\u003C!-- Adds all appointment form nonce. -->",[182,183,184],"name=\"faofb_field_check\"","name=\"booked_addon_csv\"","name=\"faofb_get_check\"",[],[],[],{"error":115,"url":189,"statusCode":190,"statusMessage":191,"message":191},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ffeature-add-ons-for-booked\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":95,"versions":193},[194,199],{"version":6,"download_url":23,"svn_tag_url":195,"released_at":26,"has_diff":127,"diff_files_changed":196,"diff_lines":26,"trac_diff_url":197,"vulnerabilities":198,"is_current":115},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffeature-add-ons-for-booked\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffeature-add-ons-for-booked%2Ftags%2F1.0.0&new_path=%2Ffeature-add-ons-for-booked%2Ftags%2F1.0.1",[],{"version":200,"download_url":201,"svn_tag_url":202,"released_at":26,"has_diff":127,"diff_files_changed":203,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":204,"is_current":127},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeature-add-ons-for-booked.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffeature-add-ons-for-booked\u002Ftags\u002F1.0.0\u002F",[],[]]