[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$furEtmXi6fb06g6aJUNy8RyCAwGM7OHQM2F8NXluOPHE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":36,"fingerprints":117},"hostaway-connector","HostAway Connector","1.0.2","610 Web Lab","https:\u002F\u002Fprofiles.wordpress.org\u002F610weblab\u002F","\u003Cp>HostAway Connector seamlessly integrates your WordPress website with your Hostaway account.\u003C\u002Fp>\n\u003Cp>The plugin displays real-time property listings, availability calendars, and allows visitors to book directly from your website using the official Hostaway API.\u003C\u002Fp>\n\u003Cp>No listing, availability, or booking data is stored locally on your server. All data is fetched dynamically, ensuring accuracy, performance, and security.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display Hostaway listings with images and details\u003C\u002Fli>\n\u003Cli>Show real-time availability calendars\u003C\u002Fli>\n\u003Cli>Enable direct booking via Hostaway API\u003C\u002Fli>\n\u003Cli>Lightweight and fully API-driven\u003C\u002Fli>\n\u003Cli>No local data storage\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>The Pro version of HostAway Connector adds advanced features for professional hosts and property managers.\u003C\u002Fp>\n\u003Ch4>Pro Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Enable booking functionality with payment integration\u003C\u002Fli>\n\u003Cli>Advanced listing filters for improved search experience\u003C\u002Fli>\n\u003Cli>Display guest reviews on single listing pages\u003C\u002Fli>\n\u003Cli>Google Maps integration for listing location views\u003C\u002Fli>\n\u003Cli>View and manage reservations from the WordPress admin area\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to Pro\u003C\u002Fh4>\n\u003Cp>Learn more about the \u003Ca href=\"https:\u002F\u002F610weblab.com\u002Fhostaway-wordpress-connector\u002F\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa> and pricing\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the \u003Cstrong>Hostaway API\u003C\u002Fstrong> (\u003Ca href=\"https:\u002F\u002Fapi.hostaway.com\u002Fdocumentation\" rel=\"nofollow ugc\">API Documentation\u003C\u002Fa>) to:\u003C\u002Fp>\n\u003Ch4>Data Accessed\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Property listings and images\u003C\u002Fli>\n\u003Cli>Availability and pricing calendars\u003C\u002Fli>\n\u003Cli>Booking and reservation submissions\u003C\u002Fli>\n\u003Cli>Cancellation policy details\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API Endpoints Used\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u002Fv1\u002Flistings\u002F\u003C\u002Fli>\n\u003Cli>\u002Fv1\u002Flistings\u002F{listingID}\u003C\u002Fli>\n\u003Cli>\u002Fv1\u002Flistings\u002F{listingID}\u002Fcalendar\u003C\u002Fli>\n\u003Cli>\u002Fv1\u002Flistings\u002F{listingID}\u002Fcalendar\u002FpriceDetails\u003C\u002Fli>\n\u003Cli>\u002Fv1\u002Freservations\u002F\u003C\u002Fli>\n\u003Cli>\u002Fv1\u002FcancellationPolicies\u002F{cancellationPolicyId}\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Authentication\u003C\u002Fh4>\n\u003Cp>All API requests require an OAuth 2.0 access token.\u003C\u002Fp>\n\u003Cp>The plugin retrieves the access token using your Client ID and Client Secret and includes it in all requests using the following header:\u003C\u002Fp>\n\u003Cp>Authorization: Bearer ACCESS_TOKEN\u003C\u002Fp>\n\u003Cp>No personal or booking data is stored locally.\u003C\u002Fp>\n\u003Cp>Hostaway Privacy Policy:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.hostaway.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.hostaway.com\u002Fprivacy-policy\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>HostAway Connector can optionally connect to a 610 Web Lab service to provide plugin-related support and service functionality.\u003C\u002Fp>\n\u003Cp>When explicitly approved by the site administrator, the plugin may send:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Site URL\u003C\u002Fli>\n\u003Cli>Administrator email address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is used solely for plugin-related support, service communication, and update-related purposes.\u003C\u002Fp>\n\u003Cp>No data is sent automatically on plugin activation.\u003Cbr \u002F>\nNo data is shared without explicit administrator consent.\u003C\u002Fp>\n\u003Cp>Plugin Service URL:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002F610weblab.com\u002Fhostaway-wordpress-connector\u002F\" rel=\"nofollow ugc\">https:\u002F\u002F610weblab.com\u002Fhostaway-wordpress-connector\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002F610weblab.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">https:\u002F\u002F610weblab.com\u002Fprivacy-policy\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by 610 Web Lab\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002F610weblab.com\u002Fabout-us\u002F\" rel=\"nofollow ugc\">https:\u002F\u002F610weblab.com\u002Fabout-us\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Display real-time Hostaway listings, availability calendars, and enable direct bookings using the Hostaway API — with no local data storage.",60,641,0,"2026-01-30T04:41:00.000Z","6.9.4","5.0","7.4",[19,20,21,4,22],"hostaway","hostaway-booking","hostaway-calendar","hostaway-listings","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhostaway-connector.1.0.2.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"610weblab",1,30,94,"2026-04-04T05:30:17.723Z",[],{"attackSurface":37,"codeSignals":92,"taintFlows":110,"riskAssessment":111,"analyzedAt":116},{"hooks":38,"ajaxHandlers":88,"restRoutes":89,"shortcodes":90,"cronEvents":91,"entryPointCount":13,"unprotectedCount":13},[39,45,50,54,59,63,67,71,76,80,85],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","plugins_loaded","init_plugin","hostaway-connector.php",111,{"type":40,"name":46,"callback":47,"file":48,"line":49},"admin_menu","haway_register_menu","includes\\class-haway-admin.php",22,{"type":40,"name":51,"callback":52,"file":48,"line":53},"admin_init","haway_register_settings",23,{"type":40,"name":55,"callback":56,"priority":57,"file":48,"line":58},"update_option_haway_listings_per_page","listings_per_page_check",10,24,{"type":40,"name":60,"callback":61,"file":48,"line":62},"admin_notices","haway_admin_notice",25,{"type":40,"name":64,"callback":65,"file":48,"line":66},"admin_post_haway_approve_api","haway_approve_api_handle",26,{"type":40,"name":68,"callback":69,"file":48,"line":70},"admin_footer","closure",32,{"type":40,"name":72,"callback":73,"file":74,"line":75},"wp_enqueue_scripts","enqueue_styles","includes\\class-haway-frontend.php",75,{"type":40,"name":77,"callback":78,"file":74,"line":79},"init","haway_rewrite_rule",79,{"type":81,"name":82,"callback":83,"file":74,"line":84},"filter","query_vars","haway_register_query_var",83,{"type":81,"name":86,"callback":69,"file":74,"line":87},"redirect_canonical",87,[],[],[],[],{"dangerousFunctions":93,"sqlUsage":94,"outputEscaping":96,"fileOperations":13,"externalRequests":98,"nonceChecks":107,"capabilityChecks":108,"bundledLibraries":109},[],{"prepared":13,"raw":13,"locations":95},[],{"escaped":97,"rawEcho":98,"locations":99},165,3,[100,103,105],{"file":48,"line":101,"context":102},186,"raw output",{"file":48,"line":104,"context":102},187,{"file":48,"line":106,"context":102},313,4,2,[],[],{"summary":112,"deductions":113},"The hostaway-connector plugin version 1.0.2 demonstrates a generally strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with exposed entry points significantly limits the potential attack surface. The code also shows a commitment to secure coding practices, with 100% of SQL queries utilizing prepared statements and a very high rate of proper output escaping (98%). Furthermore, the presence of nonce and capability checks, although limited in number, indicates an awareness of common WordPress security mechanisms.\n\nHowever, there are minor areas for attention. The plugin makes three external HTTP requests, which, while not inherently a vulnerability, represent a potential risk if the target endpoints are compromised or if data is transmitted insecurely. The taint analysis revealing zero flows with unsanitized paths is a very positive indicator, suggesting no obvious vulnerabilities in data handling. The plugin's vulnerability history being entirely clear, with no recorded CVEs, is an excellent sign of its current security and maintenance. Despite the low number of entry points, the lack of any, even if protected, could be interpreted as either a very focused plugin or a missed opportunity for certain functionalities if not handled with extreme care.\n\nIn conclusion, hostaway-connector v1.0.2 appears to be a well-secured plugin with a minimal attack surface and good coding practices. The absence of known vulnerabilities is a significant strength. The only points of minor concern are the external HTTP requests, which should be monitored for secure implementation. The overall security is high, but continuous vigilance, especially regarding external dependencies, is always recommended.",[114],{"reason":115,"points":98},"External HTTP requests detected","2026-03-16T21:47:14.091Z",{"wat":118,"direct":137},{"assetPaths":119,"generatorPatterns":127,"scriptPaths":128,"versionParams":129},[120,121,122,123,124,125,126],"\u002Fwp-content\u002Fplugins\u002Fhostaway-connector\u002Fassets\u002Fcss\u002Fjquery-ui.css","\u002Fwp-content\u002Fplugins\u002Fhostaway-connector\u002Fassets\u002Fcss\u002Ffonts.css","\u002Fwp-content\u002Fplugins\u002Fhostaway-connector\u002Fassets\u002Fcss\u002Fslick.css","\u002Fwp-content\u002Fplugins\u002Fhostaway-connector\u002Fassets\u002Fcss\u002Fslick-theme.css","\u002Fwp-content\u002Fplugins\u002Fhostaway-connector\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fhostaway-connector\u002Fassets\u002Fjs\u002Fslick.js","\u002Fwp-content\u002Fplugins\u002Fhostaway-connector\u002Fassets\u002Fjs\u002Fscript.js",[],[125,126],[130,131,132,133,134,135,136],"hostaway-connector\u002Fassets\u002Fcss\u002Fjquery-ui.css?ver=","hostaway-connector\u002Fassets\u002Fcss\u002Ffonts.css?ver=","hostaway-connector\u002Fassets\u002Fcss\u002Fslick.css?ver=","hostaway-connector\u002Fassets\u002Fcss\u002Fslick-theme.css?ver=","hostaway-connector\u002Fassets\u002Fcss\u002Fstyle.css?ver=","hostaway-connector\u002Fassets\u002Fjs\u002Fslick.js?ver=","hostaway-connector\u002Fassets\u002Fjs\u002Fscript.js?ver=",{"cssClasses":138,"htmlComments":139,"htmlAttributes":140,"restEndpoints":141,"jsGlobals":142,"shortcodeOutput":143},[],[],[],[],[],[144],"[hostaway_listing]"]