[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxYuA5Wil22pzC-lN8aXT_zE_r5rmwnG_qA4M7gayU4s":3,"$fze0pgoXF6MStkG9VBS7LQjMyE9ZP2yfhwsO5bnkPtOc":239,"$fr5iqXhWyoJ6dl8LBFoh4Cu_PQuVg6HBMLmJ5Ehl3qko":243},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":51,"crawl_stats":38,"alternatives":57,"analysis":145,"fingerprints":224},"freetobook-responsive-widget","Freetobook Responsive Widget","1.1.2","freetobook","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreetobook\u002F","\u003Cp>The freetobook plugin is ideal for accommodation providers looking to add online booking functionality to their WordPress website.\u003C\u002Fp>\n\u003Cp>To find out more and register for an account simply visit our website.\u003Cbr \u002F>\nPlease be aware that the freetobook plugin is only suitable for accommodation providers, do not register if you are not an accommodation provider.\u003C\u002Fp>\n","Add the freetobook responsive widget to your WordPress blog.",500,5903,60,2,"2025-11-13T10:20:00.000Z","6.8.5","3.0","5.6",[20,21,7,22,23],"booking-button","booking-engine","online-booking","pms","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreetobook-responsive-widget.1.1.2.zip",99,1,0,"2025-04-04 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":29,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":38,"research_status":38,"research_verified":50,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":50,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-32273","freetobook-responsive-widget-cross-site-request-forgery","Freetobook Responsive Widget \u003C= 1.1 - Cross-Site Request Forgery","The Freetobook Responsive Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.1","1.1.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-30 14:28:06",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb90f76d9-3eb3-4ffe-aac7-95953de9972d?source=api-prod",27,[],false,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":52,"total_installs":53,"avg_security_score":54,"avg_patch_time_days":48,"trust_score":55,"computed_at":56},3,900,90,87,"2026-05-20T02:38:04.884Z",[58,75,87,111,128],{"slug":59,"name":60,"version":61,"author":7,"author_profile":8,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":52,"last_updated":67,"tested_up_to":68,"requires_at_least":17,"requires_php":24,"tags":69,"homepage":72,"download_link":73,"security_score":74,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"freetobook-booking-button","freetobook widget (legacy)","1.0.7","\u003Cp>The freetobook plugin is ideal for accommodation providers looking to add online booking functionality to their wordpress website.\u003Cbr \u002F>\nYou can choose to have a booking form where your customer enters dates or a simple “booking button”, both are linked to your rates and availability which you can update on freetobook.\u003C\u002Fp>\n\u003Cp>To find out more and register for an account simply visit our website.\u003Cbr \u002F>\nPlease be aware that the freetobook plugin is only suitable for accommodation providers, do not register if you are not an accommodation provider.\u003C\u002Fp>\n\u003Cp>Please note that this plugin is no longer maintained, please use the “Freetobook Responsive Widget” instead. Visit our website to find out more.\u003C\u002Fp>\n","Add the freetobook booking button to your wordpress blog.",300,9619,66,"2021-09-22T11:09:00.000Z","5.8.13",[70,7,22,23,71],"booking-system","web-booking","https:\u002F\u002Fen.freetobook.com\u002Fdevelopers\u002Fwordpress.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreetobook-booking-button.1.0.7.zip",85,{"slug":76,"name":77,"version":78,"author":7,"author_profile":8,"description":79,"short_description":63,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":27,"last_updated":83,"tested_up_to":84,"requires_at_least":17,"requires_php":24,"tags":85,"homepage":72,"download_link":86,"security_score":74,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"freetobook-review-widget","Freetobook review widget (legacy)","1.1","\u003Cp>The freetobook plugin is ideal for accommodation providers looking to add online booking functionality and live reviews to their wordpress website.\u003C\u002Fp>\n\u003Cp>To find out more and register for an account simply visit our website.\u003Cbr \u002F>\nPlease be aware that the freetobook reviews plugin is only suitable for accommodation providers, do not register if you are not an accommodation provider.\u003C\u002Fp>\n",100,3614,20,"2021-10-08T12:43:00.000Z","5.7.15",[70,7,22,23,71],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreetobook-review-widget.1.1.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":24,"tags":102,"homepage":106,"download_link":107,"security_score":108,"vuln_count":109,"unpatched_count":28,"last_vuln_date":110,"fetched_at":30},"beds24-online-booking","Beds24 Online Booking","2.0.30","markkinchin","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkkinchin\u002F","\u003Ch4>Powerful and Customisable Online Booking System\u003C\u002Fh4>\n\u003Cp>Beds24.com is a full featured online booking engine. The system is very flexible with many options for customization.\u003C\u002Fp>\n\u003Cp>The Beds24.com online booking system and channel manager is suitable for any type of accommodation such as hotels, motels, B&B’s, hostels, vacation rentals, holiday homes and campgrounds as well as selling extras like tickets or tours.\u003C\u002Fp>\n\u003Cp>The plugin is free to use but you do need an account with Beds24.com. A free trial account is available at http:\u002F\u002Fwww.beds24.com\u002Fjoin.html\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Real-time availability and commission free online bookings\u003C\u002Fli>\n\u003Cli>Customisable booking widgets\u003C\u002Fli>\n\u003Cli>Multiple rates and discounts\u003C\u002Fli>\n\u003Cli>Multi language booking page (30+languages)\u003C\u002Fli>\n\u003Cli>Online payments\u003C\u002Fli>\n\u003Cli>Optional channel manager\u003C\u002Fli>\n\u003Cli>Multi-language support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features for Property Managers, Hotel Groups and Agencies\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Agency seach box\u003C\u002Fli>\n\u003Cli>Subaccounts with access control\u003C\u002Fli>\n\u003C\u002Ful>\n","Accept commission free online bookings from your Wordpress website. Suitable for hotels, B&B's, holiday rentals, vacation rentals, apartments &hellip;",2000,100355,86,6,"2025-05-02T06:14:00.000Z","6.7.5","2.0.2",[21,70,103,104,105],"ibe","online-booking-engine","online-booking-system","https:\u002F\u002Fbeds24.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeds24-online-booking.zip",88,7,"2025-05-07 00:00:00",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":80,"downloaded":119,"rating":80,"num_ratings":52,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":24,"tags":123,"homepage":24,"download_link":127,"security_score":74,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"booking-calendar-with-availability-management","IdoBooking","1.2","IAI S.A.","https:\u002F\u002Fprofiles.wordpress.org\u002Fpartners_iai\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fidobooking.com\u002Fbooking\u002F\" rel=\"nofollow ugc\">IdoBooking\u003C\u002Fa> is an online booking plugin for your WordPress website. It’s an all-in-one reservation management system with a \u003Ca href=\"https:\u002F\u002Fidobooking.com\u002Fbooking\u002Ffunctions\u002Freservations\u002F\" rel=\"nofollow ugc\">web-based admin panel\u003C\u002Fa> to update your availability & rates, \u003Ca href=\"https:\u002F\u002Fidobooking.com\u002Fbooking\u002Ffunctions\u002Fchannel-manager\u002F\" rel=\"nofollow ugc\">synchronize with multiple sales channels\u003C\u002Fa>, handle \u003Ca href=\"https:\u002F\u002Fwww.idobooking.com\u002Fbooking\u002Fintegrations\u002Fpayments\u002F\" rel=\"nofollow ugc\">online payments\u003C\u002Fa>, send automatic booking confirmations and much more.\u003C\u002Fp>\n\u003Ch4>Who can use IdoBooking?\u003C\u002Fh4>\n\u003Cp>The system is an excellent choice for vacation rentals, apartments, flats, hotels,  B&Bs , camping sites and other accommodation facilities. With IdoBooking plugin, your clients can make overnight, weekly or even monthly reservations. You can sell single rooms or whole villas and even special packages. Your inventory updates automatically after each new reservation is made.\u003C\u002Fp>\n\u003Ch4>How does it work?\u003C\u002Fh4>\n\u003Cp>Using this plugin, you can connect your IdoBooking account to any WordPress-based website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fclient4835.idosell.com\u002Fen\" rel=\"nofollow ugc\">Live demo\u003C\u002Fa>\u003C\u002Fstrong> – check out our test website to see the Booking Engine in action.\u003C\u002Fp>\n\u003Ch4>Key features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Booking Management System\u003C\u002Fstrong> – get a professional admin tool, allowing to manage your inventory and rates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Online Booking Engine\u003C\u002Fstrong> – give clients an easy booking experience directly via your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clear and attractive offer display\u003C\u002Fstrong> – show the world what you’ve got by adding beautiful pictures and engaging descriptions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intuitive availability search\u003C\u002Fstrong> – suggest first available dates, limiting frustrating search for the right offer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Current availability and rates\u003C\u002Fstrong> – synchronize your website with the admin panel and update all information in real-time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple rates\u003C\u002Fstrong> – create different rates for adults, children, weekends and various seasons.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customer engagement tools\u003C\u002Fstrong> – fuel your sales and convert more clients with attractive extras, promotions and discounts available to book exclusively via your online calendar.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple colour themes\u003C\u002Fstrong> – match your brand’s look-and-feel by choosing one of available themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Online payment system\u003C\u002Fstrong> – minimize administrative work and take secure deposit right at the time of booking.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile friendly interface\u003C\u002Fstrong> – tap into the mobile booking trend and provide tools which adjust easily to any device.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic booking confirmations\u003C\u002Fstrong> – forget the mundane task of sending each booking confirmation manually, let us do it for you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reports and analysis\u003C\u002Fstrong> – learn booking habits of your clients and plan your next big move.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless integration with WordPress\u003C\u002Fstrong> – use the plugin or generate ready-to-use codes to customize your booking options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Channel Manager\u003C\u002Fstrong> –boost your revenue by updating availability in real-time across multiple sales channels and OTA such as Booking.com, Airbnb, Expedia and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited technical support\u003C\u002Fstrong> – our Support Team is always ready to help you get the best value from the IdoBooking system.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Powerful booking technology at low cost:\u003C\u002Fh4>\n\u003Cp>We offer convenient subscription models for using IdoBooking. You can decide which is more preferable for your business-type.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Flat fee model\u003C\u002Fstrong> – from \u003Cstrong>40 USD\u002FEUR\u002FGBP\u003C\u002Fstrong> per month and no commission charged for online reservations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Commission model – 25 USD\u002FEUR\u002FGDB\u003C\u002Fstrong> per year + only 2% commission charged for online reservations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Individual fee\u003C\u002Fstrong> – tailor-made offer with a dedicated infrastructure for big properties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find out more details at https:\u002F\u002Fwww.idobooking.com\u002Fbooking\u002Fpricelist\u002F.\u003C\u002Fp>\n\u003Ch4>How to get it started?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Try out a \u003Ca href=\"https:\u002F\u002Fwww.idobooking.com\u002Fen\u002Fbooking\u002Fdemo\u002F\" rel=\"nofollow ugc\">\u003Cstrong>DEMO\u003C\u002Fstrong>\u003C\u002Fa> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> available for \u003Cstrong>FREE\u003C\u002Fstrong> for 7 days.\u003C\u002Fli>\n\u003Cli>Order \u003Ca href=\"https:\u002F\u002Fwww.idobooking.com\u002Fen\u002Fbooking\u002Forder\u002F\" rel=\"nofollow ugc\">\u003Cstrong>the full version\u003C\u002Fstrong> with a \u003Cstrong>30-DAY TRAIL PERIOD\u003C\u002Fstrong>\u003C\u002Fa> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> there’s no commission taken during the first 30 days. To start, you only need to pay the installation fee – \u003Cstrong>25 USD\u002FEUR\u002FGBP\u003C\u002Fstrong>. If in any way you are not satisfied with IdoBooking, we’re going to return the fee back to your account.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Don’t hesitate to give us a call \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> +48 91 443 66 30 – or drop a message at sales@idobooking.com.\u003C\u002Fp>\n","Add a calendar to a reservation of: a room, suite, night or an attraction. The system sends emails, calculates payments and updates availability.",10489,"2022-11-14T14:07:00.000Z","6.0.11","4.0",[124,125,21,22,126],"availability-calendar","booking-calendar","reservation-system","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbooking-calendar-with-availability-management.zip",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":80,"downloaded":136,"rating":80,"num_ratings":27,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":143,"download_link":144,"security_score":80,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"mybooking-reservation-engine","MyBooking Reservation Engine","2.6.1","Juan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjuanmiqueo\u002F","\u003Cp>Mybooking Reservation Engine WordPress plugin is designed for your vehicle, boats, properties or material rental.\u003Cbr \u002F>\nIt also can be used for accommodation, transfers or tour and activities business.\u003C\u002Fp>\n\u003Cp>It’s easy to use and very powerful. You can manage offers, promotion codes and connect a payment gateway to charge\u003Cbr \u002F>\nfor your reservations. You can insert a search widget on your home page to start the reservation process. You can\u003Cbr \u002F>\nalso include a calendar in each of your products pages.\u003C\u002Fp>\n\u003Cp>This plugin provides a booking engine frontend in your WordPress site connecting to your mybooking account.\u003C\u002Fp>\n\u003Cp>It is very easy to set up:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create your products and prices on your mybooking account.\u003C\u002Fli>\n\u003Cli>Install and configure the plugin on your WordPress website.\u003C\u002Fli>\n\u003Cli>Start receiving and charging reservations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It has three modules for different reservation needs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Renting\u002FAccommation\u003C\u002Fli>\n\u003Cli>Activities\u002FAppointments\u003C\u002Fli>\n\u003Cli>Transfer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The reservation engine includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search widgets to start the reservation process\u003C\u002Fli>\n\u003Cli>Calendar shortcodes to add a calendar to your product page\u003C\u002Fli>\n\u003Cli>Language context adapted to the different business\u003C\u002Fli>\n\u003Cli>Prices by hours and days (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Prices by seasons (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Offers (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Promotion Code (defined on your mybooking accoount)\u003C\u002Fli>\n\u003Cli>Stop sales (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Min and max reservation duration (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Calendar to define delivery and collection times (defined on your mybooking account)\u003C\u002Fli>\n\u003Cli>Payment gateway connection. Paypal, Redsys and Addon Payments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The reservation engine can be used for the following businesses:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Vehicles rental (car rental, autocaravanning, motorcycle, scooters, bike)\u003C\u002Fli>\n\u003Cli>Boats rental\u003C\u002Fli>\n\u003Cli>Properties rental\u003C\u002Fli>\n\u003Cli>Sports material rental (Kayak, surf, paddle surf)\u003C\u002Fli>\n\u003Cli>Accommodation (hostels and hotels)\u003C\u002Fli>\n\u003Cli>Sport courts\u003C\u002Fli>\n\u003Cli>Coworking\u003C\u002Fli>\n\u003Cli>Escape Rooms\u003C\u002Fli>\n\u003Cli>Activities\u003C\u002Fli>\n\u003Cli>Tours\u003C\u002Fli>\n\u003Cli>Appointments\u003C\u002Fli>\n\u003Cli>Transfers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin does not use iframes to build the reservation process. It works directly on your WordPress installation.\u003C\u002Fli>\n\u003Cli>It is ready to use in any theme. But you can customize the components to match your website look and feel\u003C\u002Fli>\n\u003C\u002Ful>\n","Mybooking Reservation Engine WordPress plugin.",11229,"2026-04-11T11:38:00.000Z","6.9.4","5.2","7.2",[21,70,142,104,105],"car-rental-reservation","https:\u002F\u002Fwww.mybooking.es\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmybooking-reservation-engine.2.6.1.zip",{"attackSurface":146,"codeSignals":172,"taintFlows":180,"riskAssessment":217,"analyzedAt":223},{"hooks":147,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":28,"unprotectedCount":28},[148,154,158,162],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","wp_enqueue_scripts","enqueue_widget_script","freetobook-responsive-widget.php",30,{"type":149,"name":155,"callback":156,"file":152,"line":157},"widgets_init","register_ftb_widget",35,{"type":149,"name":159,"callback":160,"file":152,"line":161},"admin_menu","add_settings_menu",40,{"type":163,"name":164,"callback":165,"file":166,"line":167},"filter","plugin_action_links_freetobook-responsive-widget\u002Ffreetobook-responsive-widget.php","add_plugin_settings_link","includes\\ftb-widget-admin-settings.php",148,[],[],[],[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":28,"externalRequests":28,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":179},[],{"prepared":28,"raw":28,"locations":175},[],{"escaped":177,"rawEcho":28,"locations":178},9,[],[],[181,199],{"entryPoint":182,"graph":183,"unsanitizedCount":28,"severity":198},"update_widget_settings (includes\\ftb-widget-admin-settings.php:11)",{"nodes":184,"edges":195},[185,190],{"id":186,"type":187,"label":188,"file":166,"line":189},"n0","source","$_POST (x2)",12,{"id":191,"type":192,"label":193,"file":166,"line":161,"wp_function":194},"n1","sink","update_option() [Settings Manipulation]","update_option",[196],{"from":186,"to":191,"sanitized":197},true,"low",{"entryPoint":200,"graph":201,"unsanitizedCount":28,"severity":198},"\u003Cftb-widget-admin-settings> (includes\\ftb-widget-admin-settings.php:0)",{"nodes":202,"edges":214},[203,204,205,209],{"id":186,"type":187,"label":188,"file":166,"line":189},{"id":191,"type":192,"label":193,"file":166,"line":161,"wp_function":194},{"id":206,"type":187,"label":207,"file":166,"line":208},"n2","$_POST",13,{"id":210,"type":192,"label":211,"file":166,"line":212,"wp_function":213},"n3","echo() [XSS]",128,"echo",[215,216],{"from":186,"to":191,"sanitized":197},{"from":206,"to":210,"sanitized":197},{"summary":218,"deductions":219},"The \"freetobook-responsive-widget\" v1.1.2 plugin exhibits a generally good security posture due to the absence of critical code-level vulnerabilities and a strong adherence to secure coding practices. The static analysis reveals no dangerous functions, raw SQL queries, or insecure file operations. All identified output is properly escaped, and the plugin includes both nonce and capability checks, which are crucial for protecting against common attack vectors. Taint analysis also indicates no unsanitized paths or critical\u002Fhigh severity flows.\n\nHowever, a significant concern arises from the plugin's historical vulnerability record. The existence of one known CVE, even if currently patched, suggests that the plugin has had exploitable weaknesses in the past. The fact that the last vulnerability was a Cross-Site Request Forgery (CSRF) points to a specific type of attack that could have compromised user actions. While the current version appears secure, this history warrants caution and emphasizes the importance of staying updated.\n\nIn conclusion, while the current version of the \"freetobook-responsive-widget\" plugin demonstrates strong internal security measures and a clean code analysis, its past vulnerability history, specifically a CSRF issue, is a notable weakness. Users should ensure they are always running the latest patched version and remain vigilant regarding future updates. The lack of a large attack surface is a positive indicator, but the historical context necessitates ongoing monitoring.",[220],{"reason":221,"points":222},"One known CVE exists",10,"2026-03-16T19:35:46.466Z",{"wat":225,"direct":232},{"assetPaths":226,"generatorPatterns":228,"scriptPaths":229,"versionParams":231},[227],"\u002Fwp-content\u002Fplugins\u002Ffreetobook-responsive-widget\u002Fwidget.js",[],[230],"https:\u002F\u002Fwidget.freetobook.com\u002Fwidget.js",[],{"cssClasses":233,"htmlComments":234,"htmlAttributes":235,"restEndpoints":236,"jsGlobals":237,"shortcodeOutput":238},[],[],[],[],[],[],{"error":197,"url":240,"statusCode":241,"statusMessage":242,"message":242},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ffreetobook-responsive-widget\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":244,"versions":245},4,[246,251,257,264],{"version":6,"download_url":25,"svn_tag_url":247,"released_at":38,"has_diff":50,"diff_files_changed":248,"diff_lines":38,"trac_diff_url":249,"vulnerabilities":250,"is_current":197},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreetobook-responsive-widget\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreetobook-responsive-widget%2Ftags%2F1.1.1&new_path=%2Ffreetobook-responsive-widget%2Ftags%2F1.1.2",[],{"version":40,"download_url":252,"svn_tag_url":253,"released_at":38,"has_diff":50,"diff_files_changed":254,"diff_lines":38,"trac_diff_url":255,"vulnerabilities":256,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreetobook-responsive-widget.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreetobook-responsive-widget\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreetobook-responsive-widget%2Ftags%2F1.1&new_path=%2Ffreetobook-responsive-widget%2Ftags%2F1.1.1",[],{"version":78,"download_url":258,"svn_tag_url":259,"released_at":38,"has_diff":50,"diff_files_changed":260,"diff_lines":38,"trac_diff_url":261,"vulnerabilities":262,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreetobook-responsive-widget.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreetobook-responsive-widget\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreetobook-responsive-widget%2Ftags%2F1.0&new_path=%2Ffreetobook-responsive-widget%2Ftags%2F1.1",[263],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":265,"download_url":266,"svn_tag_url":267,"released_at":38,"has_diff":50,"diff_files_changed":268,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":269,"is_current":50},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreetobook-responsive-widget.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreetobook-responsive-widget\u002Ftags\u002F1.0\u002F",[],[270],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40}]