[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIsKokYYH8FP_C-fdAwrtDF8KfkeoEYasQSSWUE8sqqs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":165},"know-co-app-integration-events","Know – Events","1.2.0","brandonpadula","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrandonpadula\u002F","\u003Cp>This plugin creates a front-end client portal that integrates with your Events app on the Know Platform.\u003C\u002Fp>\n\u003Cp>Simply use our provided shortcodes to create your client portal on any page.\u003C\u002Fp>\n\u003Cp>You must have a valid Know Platform subscription for this plugin to function properly.\u003C\u002Fp>\n","Create a client portal for your Events clients.",0,977,"2020-02-19T02:38:00.000Z","5.3.21","4.6","5.2.4",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fknow-co-app-integration-events.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":26,"avg_security_score":27,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},2,10,89,30,86,"2026-04-04T14:20:06.301Z",[],{"attackSurface":33,"codeSignals":106,"taintFlows":132,"riskAssessment":151,"analyzedAt":164},{"hooks":34,"ajaxHandlers":54,"restRoutes":97,"shortcodes":98,"cronEvents":103,"entryPointCount":104,"unprotectedCount":105},[35,41,45,50],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","wp_head","know__events___ajax_url","index.php",14,{"type":36,"name":42,"callback":43,"file":39,"line":44},"admin_init","know__events__register_settings",23,{"type":36,"name":46,"callback":47,"priority":48,"file":39,"line":49},"admin_menu","know__events__admin_menu",11,40,{"type":36,"name":51,"callback":52,"file":39,"line":53},"wp_enqueue_scripts","know__events__scripts_and_stylesheets",195,[55,60,62,65,67,70,72,75,77,80,82,85,87,90,92,95],{"action":56,"nopriv":57,"callback":56,"hasNonce":58,"hasCapCheck":58,"file":39,"line":59},"know__events__custom_login_init",true,false,342,{"action":56,"nopriv":58,"callback":56,"hasNonce":58,"hasCapCheck":58,"file":39,"line":61},343,{"action":63,"nopriv":57,"callback":63,"hasNonce":58,"hasCapCheck":58,"file":39,"line":64},"know__events__custom_login_auth",363,{"action":63,"nopriv":58,"callback":63,"hasNonce":58,"hasCapCheck":58,"file":39,"line":66},364,{"action":68,"nopriv":57,"callback":68,"hasNonce":58,"hasCapCheck":58,"file":39,"line":69},"know__events__custom_event_details",405,{"action":68,"nopriv":58,"callback":68,"hasNonce":58,"hasCapCheck":58,"file":39,"line":71},406,{"action":73,"nopriv":57,"callback":73,"hasNonce":58,"hasCapCheck":58,"file":39,"line":74},"know__events__payment_init",439,{"action":73,"nopriv":58,"callback":73,"hasNonce":58,"hasCapCheck":58,"file":39,"line":76},440,{"action":78,"nopriv":57,"callback":78,"hasNonce":58,"hasCapCheck":58,"file":39,"line":79},"know__events__payment_confirmation_init",467,{"action":78,"nopriv":58,"callback":78,"hasNonce":58,"hasCapCheck":58,"file":39,"line":81},468,{"action":83,"nopriv":57,"callback":83,"hasNonce":58,"hasCapCheck":58,"file":39,"line":84},"know__events__payment_process",492,{"action":83,"nopriv":58,"callback":83,"hasNonce":58,"hasCapCheck":58,"file":39,"line":86},493,{"action":88,"nopriv":57,"callback":88,"hasNonce":58,"hasCapCheck":58,"file":39,"line":89},"know__events__payment_processed_controller",537,{"action":88,"nopriv":58,"callback":88,"hasNonce":58,"hasCapCheck":58,"file":39,"line":91},538,{"action":93,"nopriv":57,"callback":93,"hasNonce":58,"hasCapCheck":58,"file":39,"line":94},"know__events__logout",554,{"action":93,"nopriv":58,"callback":93,"hasNonce":58,"hasCapCheck":58,"file":39,"line":96},555,[],[99],{"tag":100,"callback":101,"file":39,"line":102},"know--events--portal","know__events__my_event",252,[],17,16,{"dangerousFunctions":107,"sqlUsage":108,"outputEscaping":110,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":131},[],{"prepared":11,"raw":11,"locations":109},[],{"escaped":111,"rawEcho":112,"locations":113},20,8,[114,117,119,121,123,125,127,129],{"file":39,"line":115,"context":116},18,"raw output",{"file":39,"line":118,"context":116},358,{"file":39,"line":120,"context":116},400,{"file":39,"line":122,"context":116},434,{"file":39,"line":124,"context":116},462,{"file":39,"line":126,"context":116},487,{"file":39,"line":128,"context":116},532,{"file":39,"line":130,"context":116},549,[],[133],{"entryPoint":134,"graph":135,"unsanitizedCount":149,"severity":150},"\u003Cindex> (index.php:0)",{"nodes":136,"edges":147},[137,142],{"id":138,"type":139,"label":140,"file":39,"line":141},"n0","source","$_POST",515,{"id":143,"type":144,"label":145,"file":39,"line":130,"wp_function":146},"n1","sink","echo() [XSS]","echo",[148],{"from":138,"to":143,"sanitized":58},1,"low",{"summary":152,"deductions":153},"The \"know-co-app-integration-events\" plugin v1.2.0 exhibits a significant security concern due to its large attack surface of AJAX handlers, all of which lack authentication checks. While the code analysis shows a lack of dangerous functions, no SQL queries with prepared statements, and no file operations or external HTTP requests, the absence of nonce and capability checks on a substantial number of AJAX endpoints is a critical weakness. This means any authenticated user, potentially even with minimal privileges, could trigger these AJAX actions, leading to unintended behavior or exploitation if combined with other vulnerabilities. The taint analysis revealing a flow with an unsanitized path, despite being rated as low severity, further exacerbates this concern as it suggests a potential pathway for malicious input to be processed without proper sanitization. The plugin's history of zero known vulnerabilities is positive but does not mitigate the identified risks in the current version's code. Overall, while the plugin avoids common pitfalls like raw SQL or unescaped output, the unprotected AJAX endpoints present a substantial security risk that requires immediate attention.",[154,156,159,162],{"reason":155,"points":26},"AJAX handlers without authentication checks",{"reason":157,"points":158},"Unsanitized path in taint analysis",5,{"reason":160,"points":161},"No nonce checks on AJAX handlers",7,{"reason":163,"points":161},"No capability checks on AJAX handlers","2026-03-17T07:07:39.976Z",{"wat":166,"direct":172},{"assetPaths":167,"generatorPatterns":169,"scriptPaths":170,"versionParams":171},[168],"\u002Fwp-content\u002Fplugins\u002Fknow-co-app-integration-events\u002Fjs\u002Fcomponents\u002Fangular-mask.js",[],[],[],{"cssClasses":173,"htmlComments":176,"htmlAttributes":177,"restEndpoints":198,"jsGlobals":199,"shortcodeOutput":201},[174,175],"know--container","know--input",[],[178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197],"id=\"know__events__button_classes\"","name=\"know__events__button_classes\"","id=\"know__events__button_styles\"","name=\"know__events__button_styles\"","id=\"know__events__alert_container_classes\"","name=\"know__events__alert_container_classes\"","id=\"know__events__alert_container_styles\"","name=\"know__events__alert_container_styles\"","id=\"know__events__alert_heading_classes\"","name=\"know__events__alert_heading_classes\"","id=\"know__events__alert_heading_styles\"","name=\"know__events__alert_heading_styles\"","id=\"know__events__login_button_classes\"","name=\"know__events__login_button_classes\"","id=\"know__events__login_button_styles\"","name=\"know__events__login_button_styles\"","id=\"know__events__payment_process_button_classes\"","name=\"know__events__payment_process_button_classes\"","id=\"know__events__payment_process_button_styles\"","name=\"know__events__payment_process_button_styles\"",[],[200],"var ajaxurl",[202],"[know--events--portal]"]