[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLfcceapObQtnAJze56Fdgl8LJYqzYy4CPTCsLtNhV-U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":76,"fingerprints":123},"lh-booking-widget","Little Hotelier Booking Widget","1.2.1","Carl Alberto","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarl-alberto\u002F","\u003Cp>This is a Booking Widget used for Little Hotelier. Please get your channel code from the official site: http:\u002F\u002Fwww.littlehotelier.com\u002F. This is a widget that can help you place your Little Hotelier booking, all you need is just your “mychannelcode”. You can get it from the Little Hotelier Website after you register\u003C\u002Fp>\n","This is a Booking Widget used for Little Hotelier. Please get your channel code from the official site: http:\u002F\u002Fwww.littlehotelier.com\u002F",100,4389,0,"2022-10-24T17:01:00.000Z","6.0.11","4.0","",[19,20],"booking-widget","little-hotelier","https:\u002F\u002Fcarl.alber2.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-booking-widget.1.2.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"carl-alberto",6,400,88,30,86,"2026-04-05T04:32:55.706Z",[36,57],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":55,"download_link":56,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"astro-booking-engine","Astro Booking Engine","1.4.0","Alian Schiavoncini","https:\u002F\u002Fprofiles.wordpress.org\u002Falian\u002F","\u003Cp>Display the \u003Cstrong>booking engine form\u003C\u002Fstrong> through the use of the shortcode \u003Cstrong>[astro-booking-engine]\u003C\u002Fstrong>.\u003Cbr \u002F>\nIncludes the most popular booking engine providers.\u003Cbr \u002F>\nYou need to have a contract with one of the booking engine providers listed below and configure the plugin settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>List of configurable booking engine providers in alphabetical order\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.hotelcinquestelle.cloud\u002Fen\u002F\" rel=\"nofollow ugc\">5Stelle\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.iperbooking.com\u002F\" rel=\"nofollow ugc\">Iperbooking\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.passepartout.net\u002F\" rel=\"nofollow ugc\">Passepartout\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.simplebooking.travel\u002F\" rel=\"nofollow ugc\">Simple booking\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.verticalbooking.com\u002Fen\u002Fhome\u002F\" rel=\"nofollow ugc\">Vertical booking\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>New booking engine providers are welcome!\u003C\u002Fstrong>\u003Cbr \u002F>\nIf your booking engine provider is not on the list, you can request its inclusion by sending an email to \u003Ca href=\"mailto:info@astrothemes.com\" rel=\"nofollow ugc\">info@astrothemes.com\u003C\u002Fa> with the provider documentation if you have.\u003C\u002Fp>\n\u003Cp>This plugin is compatible with translation plugins such as WPML and Loco Translate.\u003C\u002Fp>\n\u003Ch3>Wordefence vendor verification key\u003C\u002Fh3>\n\u003Cp>gsphudo7by90lzwdlihyerqxbzj6jiln\u003C\u002Fp>\n","Use shortcode [astro-booking-engine] to display the booking form. Configure with 5Stelle, Iperbooking, Passepartout, Simple booking, or Vertical booki …",10,1413,"2025-10-31T17:25:00.000Z","6.8.5","5.2","7.4",[51,19,52,53,54],"booking-engine","hotel-booking","hotel-booking-engine","hotel-widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fastro-booking-engine","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fastro-booking-engine.1.4.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":44,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"resonline-booking-gadget","ResOnline Booking Gadget","1.0","Phoenix Online","https:\u002F\u002Fprofiles.wordpress.org\u002Fpsdtofinal\u002F","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwww.resonline.com\u002Ffeatures\u002Fonline-booking-integration\" rel=\"nofollow ugc\">ResOnline Booking Gadget\u003C\u002Fa> allows registered Hotels, Motels, Caravan Parks and other Accommodation Businesses to embed a relatively user-friendly booking widget directly on their website.\u003C\u002Fp>\n\u003Cp>This plugin simplifies the process of embedding the \u003Cem>ResOnline Booking Gadget\u003C\u002Fem> by adding a simple shortcode to WordPress, allowing you to add the ResOnline Booking Gadget to any page, post or CPT on your site using:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[resonline id=\"123456\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>ResOnline Booking Gadget Lite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Embed a Booking Gadget on \u003Cstrong>any\u003C\u002Fstrong> Page, Post or CPT on your site\u003C\u002Fli>\n\u003Cli>Set your default currency\u003C\u002Fli>\n\u003Cli>Set a default search layout (horizontal or vertical)\u003C\u002Fli>\n\u003Cli>Switch image previews \u002F thumbnails on and off\u003C\u002Fli>\n\u003Cli>Override default settings at a shortcode-level\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>ResOnline Booking Gadget Pro\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>All of the free versions’ options, plus…\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set the default number of days \u002F columns displayed\u003C\u002Fli>\n\u003Cli>Change the default \u003Cem>Room Name\u003C\u002Fem> label\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shortcode Usage\u003C\u002Fh3>\n\u003Cp>For ease of use and flexibility, this plugin’s shortcodes can be added with practically no options; however most functional options can be used and \u002F or overridden at a shortcode level (including the Columns and Room Label options)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Basic Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>At a minimum, the Hotel ID must be supplied in order to “pick up” the correct Booking Gadget. So, if you have the Hotel ID 12345, the corresponding short code would be:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[resonline id=\"12345\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Additional Parameters \u002F Overrides\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The following parameters can be added to the Standard or Pro version of the short code to override the default features:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>currency\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Any three-letter ISO currency code available to the vendor (eg AUD, USD, IDR, etc)\u003C\u002Fp>\n\u003Cpre>\u003Ccode>layout\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Layout override. Either horiz for the Wide \u002F Horizontal Layout or vert for the Tall \u002F Vertical Layout\u003C\u002Fp>\n\u003Cpre>\u003Ccode>show-images\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Set to true to display preview images \u002F thumbnails, or false to hide image previews\u003C\u002Fp>\n\u003Cpre>\u003Ccode>columns\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The default number of columns to display, when showing a Booking Gadget in Wide \u002F Horizontal Layout mode\u003C\u002Fp>\n\u003Cpre>\u003Ccode>label\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The label to show (eg, Rooms, Apartments, Cabins, etc)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Example Shortcode Overrides\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Different default currency:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[resonline id=\"12345\" currency=\"GBP\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Force a horizontal layout:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[resonline id=\"12345\" layout=\"horiz\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Hide thumbnails:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[resonline id=\"12345\" show-images=\"false\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Reduce columns for a narrow layout:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[resonline id=\"12345\" columns=\"5\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Display a custom room label:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[resonline id=\"12345\" label=\"Yurts\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>A combination of options:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[resonline id=\"12345\" currency=\"USD\" layout=\"vert\" label=\"Houseboats\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Displays a ResOnline Booking Gadget for any ResOnline property, using a simple short code.",1142,"2019-07-18T05:13:00.000Z","5.2.24","4.6","5.4",[71,72,19,73],"accommodation","booking-gadget","resonline","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresonline-booking-gadget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresonline-booking-gadget.zip",{"attackSurface":77,"codeSignals":89,"taintFlows":108,"riskAssessment":109,"analyzedAt":122},{"hooks":78,"ajaxHandlers":85,"restRoutes":86,"shortcodes":87,"cronEvents":88,"entryPointCount":13,"unprotectedCount":13},[79],{"type":80,"name":81,"callback":82,"file":83,"line":84},"action","widgets_init","lhw_register_widget","little-hotelier-booking-widget.php",24,[],[],[],[],{"dangerousFunctions":90,"sqlUsage":91,"outputEscaping":93,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":107},[],{"prepared":13,"raw":13,"locations":92},[],{"escaped":29,"rawEcho":94,"locations":95},5,[96,99,101,103,105],{"file":83,"line":97,"context":98},104,"raw output",{"file":83,"line":100,"context":98},108,{"file":83,"line":102,"context":98},109,{"file":83,"line":104,"context":98},113,{"file":83,"line":106,"context":98},114,[],[],{"summary":110,"deductions":111},"The \"lh-booking-widget\" v1.2.1 plugin exhibits a strong security posture in several key areas, demonstrating good development practices. Notably, the static analysis reveals no identified attack surface points (AJAX handlers, REST API routes, shortcodes, cron events), meaning there are no direct entry points for external interaction that could be exploited. Furthermore, the code signals indicate a complete absence of dangerous functions and raw SQL queries, with all SQL operations utilizing prepared statements. There are also no file operations or external HTTP requests, which reduces the potential for various types of vulnerabilities. The lack of any recorded vulnerabilities in its history is also a positive indicator.\n\nHowever, the analysis does highlight some areas for concern. The output escaping is only 55% properly escaped, which means that a significant portion of the plugin's output is not being sanitized, potentially opening the door to cross-site scripting (XSS) vulnerabilities. Additionally, the absence of any nonce checks and capability checks, while not directly indicative of a vulnerability in this version due to the lack of an attack surface, represents a potential weakness if new entry points are introduced in future updates or if existing code has hidden interactions. The taint analysis showing zero flows with unsanitized paths is reassuring, but this is in conjunction with zero flows analyzed, suggesting the taint analysis might be incomplete or that the plugin has very limited data processing.\n\nIn conclusion, while \"lh-booking-widget\" v1.2.1 appears to be relatively secure due to its minimal attack surface and proper SQL handling, the significant unescaped output is a notable weakness. The lack of historical vulnerabilities is a positive trend, but the development team should prioritize addressing the unescaped output to further harden the plugin. The absence of extensive taint analysis and the lack of nonce\u002Fcapability checks in the existing code, though not currently exploitable, suggest an area where improved development practices would be beneficial for future-proofing.",[112,115,118,120],{"reason":113,"points":114},"55% of outputs are not properly escaped",7,{"reason":116,"points":117},"No nonce checks implemented",3,{"reason":119,"points":117},"No capability checks implemented",{"reason":121,"points":94},"Taint analysis did not analyze any flows","2026-03-16T20:43:49.311Z",{"wat":124,"direct":129},{"assetPaths":125,"generatorPatterns":126,"scriptPaths":127,"versionParams":128},[],[],[],[],{"cssClasses":130,"htmlComments":132,"htmlAttributes":133,"restEndpoints":139,"jsGlobals":140,"shortcodeOutput":141},[131],"lhw_widget",[],[134,135,136,137,138],"widget-lhw_widget[2][title]","widget-lhw_widget[2][gridmode]","widget-lhw_widget[2][mychannelcode]","lhw_widget_title","lhw_widget_mychannelcode",[],[],[142,143,144,145],"\u003Ciframe src=\"https:\u002F\u002Fapp.littlehotelier.com\u002Fproperties\u002F","\u002Fbooking_widget","https:\u002F\u002Fapp.littlehotelier.com\u002Fproperties\u002F","\u002Fwidget?number_of_days=14"]