[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-ws_FSTtz7GqlBoW9rROU012hWxtvMpYtjToXP0eeZg":3,"$f0D2szGnvNuWRVh2TSrY6uPKH1kcBMgQqre1B-Ll6lbw":152,"$f33dGAPDIG3LvmYGzcXJfVw90nlmGjyXzmr5_Gy0qOcM":157},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":52,"crawl_stats":39,"alternatives":55,"analysis":74,"fingerprints":125},"huurkalender-wp","Huurkalender WP","1.6.5","Huurkalender.nl","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuurkalender\u002F","\u003Cp>eheer boekingen en beschikbaarheid voor verhuur eenvoudig met Huurkalender.nl. Integreer kalenders in uw WordPress-site.\u003C\u002Fp>\n","Ontvang boekingen via uw eigen kalender en toon de beschikbaarheid van Huurkalender.nl op uw WordPress website.",800,12619,80,4,"2025-11-28T10:26:00.000Z","6.9.4","4.6","5.2.4",[20,21,22,23,24],"beschikbaarheidskalender","boekingssysteem","huurkalender","reserveringssysteem","verhuurkalender","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhuurkalender-wp.zip",99,1,0,"2025-01-07 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-22528","huurkalender-wp-authenticated-contributor-stored-cross-site-scripting","Huurkalender WP \u003C= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Huurkalender WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.5.6","1.6.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-30 22:16:42",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7a1ee5da-4e15-427a-96bc-0d1a015cdb17?source=api-prod",24,[],false,{"slug":22,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":49,"trust_score":53,"computed_at":54},93,"2026-05-20T09:55:42.355Z",[56],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":29,"num_ratings":29,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":25,"tags":69,"homepage":70,"download_link":71,"security_score":72,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":73},"onlineafspraken-wordpress-plugin","OnlineAfspraken Plugin","0.9","onlineafspraken","https:\u002F\u002Fprofiles.wordpress.org\u002Fonlineafspraken\u002F","\u003Cp>Met deze plugin plaatst u de OnlineAfspraken boekingswidget in uw WordPress site.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Met deze plugin plaatst u de OnlineAfspraken boekingswidget in uw WordPress site.",10,1401,"2013-10-08T13:34:00.000Z","3.4.2","3.0.1",[60,23],"http:\u002F\u002Fonlineafspraken.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonlineafspraken-wordpress-plugin.zip",85,"2026-04-06T09:54:40.288Z",{"attackSurface":75,"codeSignals":102,"taintFlows":112,"riskAssessment":113,"analyzedAt":124},{"hooks":76,"ajaxHandlers":95,"restRoutes":96,"shortcodes":97,"cronEvents":101,"entryPointCount":28,"unprotectedCount":29},[77,83,87,91],{"type":78,"name":79,"callback":80,"priority":29,"file":81,"line":82},"action","init","ts_init","huurkalender-wp.php",35,{"type":78,"name":84,"callback":85,"file":81,"line":86},"admin_init","ts_register_settings",36,{"type":78,"name":88,"callback":89,"file":81,"line":90},"wp_enqueue_scripts","huurkalender_enqueue_assets",37,{"type":78,"name":92,"callback":93,"file":81,"line":94},"admin_menu","ts_register_submenu_page",42,[],[],[98],{"tag":22,"callback":99,"file":81,"line":100},"ts_shortcode_exec",43,[],{"dangerousFunctions":103,"sqlUsage":104,"outputEscaping":106,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":111},[],{"prepared":29,"raw":29,"locations":105},[],{"escaped":64,"rawEcho":28,"locations":107},[108],{"file":81,"line":109,"context":110},374,"raw output",[],[],{"summary":114,"deductions":115},"The \"huurkalender-wp\" plugin v1.6.5 exhibits a generally good security posture based on the static analysis.  The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests are all positive indicators.  Furthermore, the high percentage of properly escaped output suggests a good understanding of preventing common web vulnerabilities.\n\nHowever, a notable concern arises from the vulnerability history. The plugin has a known medium severity Cross-Site Scripting (XSS) vulnerability, and while it is currently patched, the presence of such vulnerabilities in the past warrants caution.  The static analysis did not reveal any critical or high-severity taint flows, which is positive, but the lack of explicit nonce checks and capability checks on the identified entry point (shortcode) could be a weakness if the shortcode handles user-supplied data in a sensitive manner.\n\nIn conclusion, while the current version demonstrates strong defensive coding practices in many areas, the historical XSS vulnerability and the potential for unauthenticated shortcode execution (if not handled carefully) are points of attention. The plugin's strengths lie in its avoidance of common risky coding patterns, but continuous vigilance and robust testing are recommended.",[116,119,122],{"reason":117,"points":118},"Medium severity XSS vulnerability history",15,{"reason":120,"points":121},"No capability checks on shortcode",5,{"reason":123,"points":121},"No nonce checks on entry points","2026-03-16T19:18:47.583Z",{"wat":126,"direct":136},{"assetPaths":127,"generatorPatterns":130,"scriptPaths":131,"versionParams":133},[128,129],"\u002Fwp-content\u002Fplugins\u002Fhuurkalender-wp\u002Fonline\u002Fembed\u002Fhuurkalender.js","\u002Fwp-content\u002Fplugins\u002Fhuurkalender-wp\u002Fonline\u002Fembed\u002Fhuurkalender.css",[],[132],"https:\u002F\u002Fwww.huurkalender.nl\u002Fonline\u002Fembed\u002Fhuurkalender.js",[134,135],"huurkalender-wp\u002Fonline\u002Fembed\u002Fhuurkalender.js?ver=","huurkalender-wp\u002Fonline\u002Fembed\u002Fhuurkalender.css?ver=",{"cssClasses":137,"htmlComments":142,"htmlAttributes":143,"restEndpoints":147,"jsGlobals":148,"shortcodeOutput":149},[138,139,140,141],"huurkalender-embed","huurkalender-embed-container","huurkalender-embed-container_overview","calendar_alert",[],[144,145,146],"id=\"iframe_huurkalender_","id=\"iframe_huurkalender_booking3_","id=\"iframe_huurkalender_view2_",[],[],[150,151],"\u003Cdiv class=\"huurkalender-embed huurkalender-embed-container\">\u003Ciframe id=\"iframe_huurkalender_","\u003Cdiv class=\"huurkalender-embed huurkalender-embed-container_overview\">\u003Ciframe id=\"iframe_huurkalender_view2_",{"error":153,"url":154,"statusCode":155,"statusMessage":156,"message":156},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhuurkalender-wp\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":28,"versions":158},[159],{"version":160,"download_url":161,"svn_tag_url":162,"released_at":39,"has_diff":51,"diff_files_changed":163,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":164,"is_current":51},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhuurkalender-wp.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhuurkalender-wp\u002Ftags\u002F1.0.5\u002F",[],[165],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41}]