[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPAewEZapyYzvYA6E4900JsCUiwnvJdIH37RISyegrcY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":14,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":46,"crawl_stats":35,"alternatives":52,"analysis":106,"fingerprints":174},"laposta-woocommerce","Laposta WooCommerce","1.10.1","stijnvanderree","https:\u002F\u002Fprofiles.wordpress.org\u002Fstijnvanderree\u002F","\u003Cp>Laposta is a Dutch emailmarketing solution. Use this plugin to add an optin checkbox to your checkout,\u003Cbr \u002F>\nso your customers can subscribe to your newsletter.\u003C\u002Fp>\n","This plugin can be used to add an optin checkbox to receive newsletters, using Laposta newsletter software (https:\u002F\u002Flaposta.nl).",500,8616,100,1,"2026-03-03T14:09:00.000Z","6.9.4","3.0","7.1",[20,21,22],"aanmelden","laposta","nieuwsbrieven","http:\u002F\u002Flaposta.nl\u002Fdocumentatie\u002Fwordpress.524.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flaposta-woocommerce.1.10.1.zip",99,0,"2025-08-17 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":37,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-49434","laposta-woocommerce-authenticated-administrator-stored-cross-site-scripting","Laposta WooCommerce \u003C= 1.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Laposta WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.9.1","1.9.2","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-08-26 14:47:03",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbf29bc2a-876a-484a-983f-a751cf2070c0?source=api-prod",10,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":25,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},3,3500,114,78,"2026-04-05T03:23:43.972Z",[53,70,87],{"slug":54,"name":55,"version":56,"author":7,"author_profile":8,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":26,"num_ratings":26,"last_updated":61,"tested_up_to":16,"requires_at_least":62,"requires_php":18,"tags":63,"homepage":66,"download_link":67,"security_score":25,"vuln_count":68,"unpatched_count":26,"last_vuln_date":69,"fetched_at":28},"laposta-signup-embed","Laposta Signup Embed","1.5.2","\u003Cp>Laposta is a Dutch email marketing solution. This plugin can be used to load any of your Laposta embedded registration forms.\u003C\u002Fp>\n","Laposta is a Dutch email marketing solution. This plugin can be used to load any of your Laposta embedded registration forms.",1000,11813,"2026-02-24T10:03:00.000Z","5.0",[20,64,65,21,22],"avg","formulier","https:\u002F\u002Fdocs.laposta.nl\u002Farticle\u002F1058-installatie-en-configuratie-van-laposta-signup-embed-voor-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flaposta-signup-embed.1.5.2.zip",2,"2023-09-05 00:00:00",{"slug":71,"name":72,"version":73,"author":7,"author_profile":8,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":13,"num_ratings":68,"last_updated":78,"tested_up_to":16,"requires_at_least":79,"requires_php":18,"tags":80,"homepage":85,"download_link":86,"security_score":25,"vuln_count":68,"unpatched_count":26,"last_vuln_date":69,"fetched_at":28},"laposta-signup-basic","Laposta Signup Basic","3.2.5","\u003Cp>Laposta is a Dutch email marketing tool. Load your Laposta lists and render fields in a HTML form with custom styling.\u003C\u002Fp>\n","Laposta is a Dutch email marketing tool. Load your Laposta lists and render fields in a HTML form with custom styling.",2000,38826,"2026-02-24T10:01:00.000Z","4.7",[81,82,21,83,84],"form","gdpr","marketing","newsletters","https:\u002F\u002Fdocs.laposta.nl\u002Farticle\u002F546-installatie-van-laposta-signup-basic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flaposta-signup-basic.3.2.5.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":26,"downloaded":95,"rating":26,"num_ratings":26,"last_updated":96,"tested_up_to":16,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":104,"download_link":105,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"miix-laposta-campaigns-lite","Miix Laposta Campaigns Lite","1.2.0","Fred Klopper","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiix\u002F","\u003Cp>The Miix Laposta Campaigns Lite plugin allows you to display your Laposta email campaigns on your WordPress website. This lite version provides basic functionality to showcase your campaigns with simple display options.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Display Campaigns\u003C\u002Fstrong>: Show your Laposta campaigns on your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display Options\u003C\u002Fstrong>: Control campaign count and screenshot visibility\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Grid Layout\u003C\u002Fstrong>: Clean, responsive grid display\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Campaign Screenshots\u003C\u002Fstrong>: Toggle campaign preview images on\u002Foff\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-language Support\u003C\u002Fstrong>: Available in English and Dutch\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive Design\u003C\u002Fstrong>: Works on all device sizes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Available Shortcode Parameters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>number\u003C\u002Fcode> – Maximum number of campaigns to display (default: 0 = all)\u003C\u002Fli>\n\u003Cli>\u003Ccode>per_page\u003C\u002Fcode> – Campaigns per page for pagination (default: 6)\u003C\u002Fli>\n\u003Cli>\u003Ccode>show_screenshot\u003C\u002Fcode> – Display campaign screenshots (yes\u002Fno, default: yes)\u003C\u002Fli>\n\u003Cli>\u003Ccode>show_date\u003C\u002Fcode> – Display campaign dates (yes\u002Fno, default: yes)\u003C\u002Fli>\n\u003Cli>\u003Ccode>keyword\u003C\u002Fcode> – Only show campaigns whose subject contains this keyword\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Example Usage:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[miix_laposta_campaigns_lite] - Shows all campaigns with pagination (6 per page)\n[miix_laposta_campaigns_lite per_page=\"9\"] - Shows 9 campaigns per page\n[miix_laposta_campaigns_lite number=\"12\"] - Shows maximum 12 campaigns (paginated)\n[miix_laposta_campaigns_lite show_screenshot=\"no\"] - Shows campaigns without screenshots\n[miix_laposta_campaigns_lite keyword=\"newsletter\"] - Shows only campaigns with \"newsletter\" in the subject\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Laposta API to retrieve and display your email campaigns on your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What is Laposta?\u003C\u002Fstrong>\u003Cbr \u002F>\nLaposta is a Dutch email marketing service that allows you to create and send newsletters. This plugin retrieves your campaign data from Laposta to display it on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent and when:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Your Laposta API key is sent to authenticate requests\u003Cbr \u002F>\n* Requests are made to retrieve campaign lists, campaign details, and campaign statistics\u003Cbr \u002F>\n* Data is fetched when you view the plugin admin pages or when the shortcode is displayed on your website\u003Cbr \u002F>\n* Campaign data is cached locally to reduce API calls\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No personal visitor data is sent to Laposta through this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Laposta service links:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.laposta.nl\u002F\" rel=\"nofollow ugc\">Laposta website\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.laposta.nl\u002Falgemene-voorwaarden\" rel=\"nofollow ugc\">Laposta Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.laposta.nl\u002Fprivacyverklaring\" rel=\"nofollow ugc\">Laposta Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Display your Laposta email campaigns within WordPress with shortcode functionality.",203,"2026-02-21T11:41:00.000Z","5.8","7.4",[100,101,102,21,103],"campaigns","email","email-marketing","newsletter","https:\u002F\u002Fmiix.dev\u002Fwp\u002Fmiix-laposta-campaigns-lite","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmiix-laposta-campaigns-lite.1.2.0.zip",{"attackSurface":107,"codeSignals":142,"taintFlows":162,"riskAssessment":163,"analyzedAt":173},{"hooks":108,"ajaxHandlers":138,"restRoutes":139,"shortcodes":140,"cronEvents":141,"entryPointCount":26,"unprotectedCount":26},[109,114,118,123,127,131,135],{"type":110,"name":111,"callback":111,"file":112,"line":113},"action","admin_init","laposta.php",46,{"type":110,"name":115,"callback":116,"priority":13,"file":112,"line":117},"admin_menu","add_menu",47,{"type":119,"name":120,"callback":121,"file":112,"line":122},"filter","woocommerce_checkout_fields","addFieldToCheckout",135,{"type":110,"name":124,"callback":125,"file":112,"line":126},"woocommerce_checkout_update_order_meta","actionWooCheckoutUpdateOrderMeta",136,{"type":119,"name":128,"callback":129,"file":112,"line":130},"woocommerce_email_order_meta_keys","filterWooEmailOrderMetaKeys",137,{"type":110,"name":132,"callback":133,"file":112,"line":134},"admin_notices","laposta_woocommerce_continued_support_notice",255,{"type":110,"name":111,"callback":136,"file":112,"line":137},"laposta_woocommerce_admin_init",258,[],[],[],[],{"dangerousFunctions":143,"sqlUsage":144,"outputEscaping":146,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":161},[],{"prepared":26,"raw":26,"locations":145},[],{"escaped":45,"rawEcho":147,"locations":148},5,[149,152,154,157,159],{"file":112,"line":150,"context":151},235,"raw output",{"file":112,"line":153,"context":151},240,{"file":155,"line":156,"context":151},"templates\\settings.php",164,{"file":155,"line":158,"context":151},165,{"file":155,"line":160,"context":151},166,[],[],{"summary":164,"deductions":165},"The static analysis of the laposta-woocommerce plugin v1.10.1 indicates a generally good security posture in terms of immediate attack vectors.  There are no identified AJAX handlers, REST API routes, shortcodes, or cron events exposed without authorization, suggesting a limited attack surface.  The code also appears to avoid dangerous functions and file operations, and all SQL queries are properly prepared.  However, a concerning aspect is the output escaping, where only 67% of outputs are properly escaped, leaving potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully in the remaining 33% of outputs.  The taint analysis shows no identified unsanitized flows, which is a positive sign.",[166,169,171],{"reason":167,"points":168},"Improper output escaping",6,{"reason":170,"points":147},"No nonce checks",{"reason":172,"points":147},"No capability checks","2026-03-16T19:38:41.708Z",{"wat":175,"direct":184},{"assetPaths":176,"generatorPatterns":179,"scriptPaths":180,"versionParams":181},[177,178],"\u002Fwp-content\u002Fplugins\u002Flaposta-woocommerce\u002Fassets\u002Fcss\u002Flaposta-admin.css","\u002Fwp-content\u002Fplugins\u002Flaposta-woocommerce\u002Fassets\u002Fjs\u002Flaposta-admin.js",[],[178],[182,183],"laposta-woocommerce\u002Fassets\u002Fcss\u002Flaposta-admin.css?ver=","laposta-woocommerce\u002Fassets\u002Fjs\u002Flaposta-admin.js?ver=",{"cssClasses":185,"htmlComments":187,"htmlAttributes":188,"restEndpoints":189,"jsGlobals":190,"shortcodeOutput":191},[186],"laposta-woocommerce-continued-support-notice",[],[],[],[],[]]