[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnT6vHZb4W40ZB2n__uJyHOFFhnjNNPYGpHWDdVPp-3E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":14,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":53,"crawl_stats":37,"alternatives":58,"analysis":122,"fingerprints":207},"hivepress-claim-listings","HivePress Claim Listings","1.1.4","HivePress","https:\u002F\u002Fprofiles.wordpress.org\u002Fhivepress\u002F","\u003Cp>HivePress Claim Listings is an extension for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhivepress\u002F\" rel=\"ugc\">HivePress\u003C\u002Fa> plugin. It allows you to charge users for claiming listings.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flistinghive.hivepress.io\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fhelp.hivepress.io\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcommunity.hivepress.io\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n","Charge users for claiming listings.",3000,45999,100,1,"2026-01-30T16:48:00.000Z","6.9.4","5.0","7.4",[20,21,22,23,24],"claim-listings","classifieds","directory","hivepress","listings","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhivepress-claim-listings.1.1.4.zip",77,2,"2025-09-26 00:00:00","2026-03-15T15:16:48.613Z",[32,46],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-60122","hivepress-claim-listings-missing-authorization","HivePress Claim Listings \u003C= 1.1.3 - Missing Authorization","The HivePress Claim Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=1.1.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-09-29 21:19:16",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F012e281d-7b9b-4ef1-ae8d-09984914a5e9?source=api-prod",{"id":47,"url_slug":48,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":49,"references":50,"days_to_patch":52},"CVE-2025-60123","hivepress-claim-listings-missing-authorization-2","2026-02-26 15:20:00",[51],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6200d57b-a62c-434f-a194-9199a1e39304?source=api-prod",154,{"slug":23,"display_name":7,"profile_url":8,"plugin_count":54,"total_installs":55,"avg_security_score":56,"avg_patch_time_days":52,"trust_score":27,"computed_at":57},9,60000,97,"2026-04-04T09:16:14.285Z",[59,73,86,96,109],{"slug":60,"name":61,"version":62,"author":7,"author_profile":8,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":67,"last_updated":68,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":69,"homepage":25,"download_link":71,"security_score":13,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"hivepress-favorites","HivePress Favorites","1.2.2","\u003Cp>HivePress Favorites is an extension for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhivepress\u002F\" rel=\"ugc\">HivePress\u003C\u002Fa> plugin. It allows users to keep a list of favorite listings.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flistinghive.hivepress.io\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fhelp.hivepress.io\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcommunity.hivepress.io\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n","Allow users to keep a list of favorite listings.",8000,76738,4,"2026-02-12T23:10:00.000Z",[21,22,70,23,24],"favorites","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhivepress-favorites.1.2.2.zip",0,{"slug":74,"name":75,"version":76,"author":7,"author_profile":8,"description":77,"short_description":78,"active_installs":65,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":83,"homepage":25,"download_link":85,"security_score":13,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"hivepress-messages","HivePress Messages","1.4.0","\u003Cp>HivePress Messages is an extension for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhivepress\u002F\" rel=\"ugc\">HivePress\u003C\u002Fa> plugin. It allows users to send private messages.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flistinghive.hivepress.io\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fhelp.hivepress.io\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcommunity.hivepress.io\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n","Allow users to send private messages.",89785,74,3,"2026-02-12T23:15:00.000Z",[21,22,23,24,84],"messages","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhivepress-messages.1.4.0.zip",{"slug":87,"name":88,"version":76,"author":7,"author_profile":8,"description":89,"short_description":90,"active_installs":65,"downloaded":91,"rating":80,"num_ratings":81,"last_updated":92,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":93,"homepage":25,"download_link":95,"security_score":13,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"hivepress-reviews","HivePress Reviews","\u003Cp>HivePress Reviews is an extension for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhivepress\u002F\" rel=\"ugc\">HivePress\u003C\u002Fa> plugin. It allows users to rate and review listings.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flistinghive.hivepress.io\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fhelp.hivepress.io\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcommunity.hivepress.io\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n","Allow users to rate and review listings.",93903,"2026-02-12T23:17:00.000Z",[21,22,23,24,94],"reviews","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhivepress-reviews.1.4.0.zip",{"slug":97,"name":98,"version":99,"author":7,"author_profile":8,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":28,"last_updated":105,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":106,"homepage":25,"download_link":108,"security_score":13,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"hivepress-geolocation","HivePress Geolocation","1.3.10","\u003Cp>HivePress Geolocation is an extension for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhivepress\u002F\" rel=\"ugc\">HivePress\u003C\u002Fa> plugin. It allows users to search listings by location.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flistinghive.hivepress.io\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fhelp.hivepress.io\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcommunity.hivepress.io\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n","Allow users to search listings by location.",7000,104094,90,"2026-02-10T23:07:00.000Z",[21,22,107,23,24],"geolocation","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhivepress-geolocation.1.3.10.zip",{"slug":110,"name":111,"version":112,"author":7,"author_profile":8,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":81,"last_updated":118,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":119,"homepage":25,"download_link":121,"security_score":13,"vuln_count":72,"unpatched_count":72,"last_vuln_date":37,"fetched_at":30},"hivepress-paid-listings","HivePress Paid Listings","1.1.9","\u003Cp>HivePress Paid Listings is an extension for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhivepress\u002F\" rel=\"ugc\">HivePress\u003C\u002Fa> plugin. It allows you to charge users for adding, featuring and renewing listings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please note that this extension is no longer in active development. If you need similar functionality, please consider \u003Ca href=\"https:\u002F\u002Fhivepress.io\u002Fextensions\u002Fmemberships\u002F?utm_medium=referral&utm_source=wordpress.org\" rel=\"nofollow ugc\">this one\u003C\u002Fa> as a replacement.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flistinghive.hivepress.io\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fhelp.hivepress.io\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcommunity.hivepress.io\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n","Charge users for adding, featuring and renewing listings.",6000,76934,66,"2026-02-12T23:19:00.000Z",[21,22,23,24,120],"paid-listings","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhivepress-paid-listings.1.1.9.zip",{"attackSurface":123,"codeSignals":181,"taintFlows":189,"riskAssessment":190,"analyzedAt":206},{"hooks":124,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":72,"unprotectedCount":72},[125,131,137,142,145,149,153,157,161,165,169,173],{"type":126,"name":127,"callback":128,"file":129,"line":130},"filter","hivepress\u002Fv1\u002Fextensions","closure","hivepress-claim-listings.php",18,{"type":126,"name":132,"callback":133,"priority":134,"file":135,"line":136},"hivepress\u002Fv1\u002Fmodels\u002Flisting_claim\u002Ferrors","validate_claim",10,"includes\\components\\class-listing-claim.php",32,{"type":138,"name":139,"callback":140,"file":135,"line":141},"action","hivepress\u002Fv1\u002Fmodels\u002Flisting_claim\u002Fcreate","update_claim",35,{"type":138,"name":143,"callback":140,"file":135,"line":144},"hivepress\u002Fv1\u002Fmodels\u002Flisting_claim\u002Fupdate",36,{"type":138,"name":146,"callback":147,"priority":134,"file":135,"line":148},"hivepress\u002Fv1\u002Fmodels\u002Flisting_claim\u002Fupdate_status","update_claim_status",39,{"type":138,"name":150,"callback":151,"priority":134,"file":135,"line":152},"woocommerce_order_status_changed","update_order_status",44,{"type":138,"name":154,"callback":155,"file":135,"line":156},"template_redirect","redirect_order_page",47,{"type":126,"name":158,"callback":159,"file":135,"line":160},"manage_hp_listing_claim_posts_columns","add_admin_columns",53,{"type":138,"name":162,"callback":163,"priority":134,"file":135,"line":164},"manage_hp_listing_claim_posts_custom_column","render_admin_columns",54,{"type":126,"name":166,"callback":167,"file":135,"line":168},"hivepress\u002Fv1\u002Fmeta_boxes\u002Flisting_claim_settings","alter_claim_settings_meta_box",57,{"type":126,"name":170,"callback":171,"file":135,"line":172},"hivepress\u002Fv1\u002Fforms\u002Flisting_claim_submit","alter_submission_form",61,{"type":126,"name":174,"callback":175,"priority":134,"file":135,"line":176},"hivepress\u002Fv1\u002Ftemplates\u002Flisting_view_page\u002Fblocks","alter_listing_view_page",64,[],[],[],[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":72,"externalRequests":72,"nonceChecks":72,"capabilityChecks":28,"bundledLibraries":188},[],{"prepared":72,"raw":72,"locations":184},[],{"escaped":186,"rawEcho":72,"locations":187},20,[],[],[],{"summary":191,"deductions":192},"The static analysis of hivepress-claim-listings v1.1.4 reveals a generally strong security posture with no identified dangerous functions, SQL injection vulnerabilities, or unescaped output. The absence of file operations and external HTTP requests is also a positive sign. However, the complete lack of detected AJAX handlers, REST API routes, shortcodes, cron events, and nonce checks within the analyzed attack surface is unusual and could indicate either an extremely minimal plugin or a limitation in the static analysis itself. The presence of only two capability checks suggests a potentially limited scope of access control implementation.\n\nThe vulnerability history presents a significant concern. With two known CVEs, and one currently unpatched, both classified as medium severity, this indicates a recurring pattern of security weaknesses. The common vulnerability type being 'Missing Authorization' directly contradicts the static analysis's indication of some capability checks, suggesting that the implemented checks may be insufficient or flawed in practice. The last vulnerability being so recent further amplifies the risk.\n\nIn conclusion, while the code itself appears to follow some good practices, the unpatched medium severity vulnerability and the historical pattern of missing authorization are critical red flags. The limited attack surface identified statically is a positive, but the potential for undiscovered vulnerabilities due to the historical issues warrants a high level of caution. The plugin's security is compromised by its past issues, despite some seemingly good static analysis results.",[193,196,198,201,204],{"reason":194,"points":195},"Unpatched medium severity vulnerability (1)",17,{"reason":197,"points":134},"Two known CVEs",{"reason":199,"points":200},"Common vulnerability type: Missing Authorization",8,{"reason":202,"points":203},"Lack of nonce checks",5,{"reason":205,"points":81},"Limited capability checks (2)","2026-03-16T18:19:19.717Z",{"wat":208,"direct":217},{"assetPaths":209,"generatorPatterns":212,"scriptPaths":213,"versionParams":214},[210,211],"\u002Fwp-content\u002Fplugins\u002Fhivepress-claim-listings\u002Fassets\u002Fcss\u002Fclaim-listing.css","\u002Fwp-content\u002Fplugins\u002Fhivepress-claim-listings\u002Fassets\u002Fjs\u002Fclaim-listing.js",[],[211],[215,216],"hivepress-claim-listings\u002Fassets\u002Fcss\u002Fclaim-listing.css?ver=","hivepress-claim-listings\u002Fassets\u002Fjs\u002Fclaim-listing.js?ver=",{"cssClasses":218,"htmlComments":222,"htmlAttributes":223,"restEndpoints":226,"jsGlobals":228,"shortcodeOutput":230},[219,220,221],"hp-listing-claim-button","hp-listing-claim-form","hp-listing-claim-details",[],[224,225],"data-listing-id","data-claim-id",[227],"\u002Fwp-json\u002Fhivepress\u002Fv1\u002Flisting_claim",[23,229],"hp_claim_listing_params",[]]