[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frrLH0v9-2OB_RX5xFovNJjUDdSmJbys7-Q1cOeFbrLw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":128,"fingerprints":380},"lift-trail-status","Lift & Trail Status","1.4.7","Medic52","https:\u002F\u002Fprofiles.wordpress.org\u002Fmedic52wp\u002F","\u003Cp>This plugin helps you display up to date information about the status of lifts and trails on your website. The data is imported from the MTN.XML standard in XML or JSON format. Any user able to install plugins can set this up and customise it. The default configuration provides HTML & CSS that allows display for lifts and trails within areas.\u003C\u002Fp>\n\u003Ch4>Installation Via Medic52 Dashboard\u003C\u002Fh4>\n\u003Cp>As an administrator for your company, login to the Medic52 Dashboard and navigate to Settings > Resort Settings\u003Cbr \u002F>\n* Look for the ‘Live Lift \u002F Run status feeds’\u003Cbr \u002F>\n* Copy the link titled ‘JSON’\u003Cbr \u002F>\n* Paste in to the plugin under Settings ‘Datafeed URL’\u003Cbr \u002F>\n* Click Save\u003C\u002Fp>\n\u003Ch4>Any XML or JSON MTN.XML feed\u003C\u002Fh4>\n\u003Cp>Find the URL to your MTN.XML feed and copy it\u003Cbr \u002F>\n* Paste in to the plugin under Settings ‘Datafeed URL’\u003Cbr \u002F>\n* Click Save\u003C\u002Fp>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>Once your feed is configured, you can implement the shortcode on any page. This is displayed on the first Settings page of the plugin. You can click the ‘Create a new page’ button to add a new page with the shortcode installed, or copy it and place it on an existing page if you prefer.\u003C\u002Fp>\n\u003Cp>[medic52_lift_trail_status]\u003Cbr \u002F>\n[medic52_lift_status]\u003Cbr \u002F>\n[medic52_trail_status]\u003C\u002Fp>\n\u003Ch4>Customisation Trail Ratings\u003C\u002Fh4>\n\u003Cp>You can customise the Trail Ratings colors and icons as you wish. The plugin comes with a default set that you are free to use, however your circumstances may mean that you already present different icons to your audience.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Icons *\u003Cbr \u002F>\nTo change an icon \u003C\u002Fli>\n\u003Cli>click on the existing icon to the right of the color picker \u003C\u002Fli>\n\u003Cli>upload your new icon to the media library (recommended 24px x 24px)\u003C\u002Fli>\n\u003Cli>select this icon \u003C\u002Fli>\n\u003Cli>\n\u003Cp>click save at the bottom\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Colors *\u003Cbr \u002F>\nSelect the color next to the trail rating you wish to change and use the color picker to alter it. Click save at the bottom.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Layout *\u003Cbr \u002F>\nThe plugin has two layouts currently, you can list your lifts at the top, seperately to the trails, or have lifts and trails combined within each area. Change this with the ‘List Lifts separately’ in the Customisation tab.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Change your Datafeed URL\u003C\u002Fh4>\n\u003Cp>You can change your data feed URL by clicking the ‘Change URL’ button in the plugin settings and saving a new URL.\u003C\u002Fp>\n","Display the status of lifts and trails for your ski resort or adventure park on your website. Great for mountain bike, water, ropes & adventure parks.",0,1891,"2025-04-09T04:26:00.000Z","6.7.5","4.7","8.0",[18,19,20,21,22],"biking","hiking","lifts","skiing","trails","https:\u002F\u002Fwww.medic52.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flift-trail-status.1.4.7.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"medic52wp",1,30,94,"2026-04-04T07:18:03.714Z",[36,55,78,93,113],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":53,"download_link":54,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"trail-status","Trail Status","2.2.1","Chris - On the Grid Web Design LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Ffalcon13\u002F","\u003Cp>This plugin allows you to display the status of trails on your website. Any user with author or higher permissions can update the status, while only editors and admin can add and update the trails and status names. The trails can have links to pages with more information about them. Both the shortcodes and widget are customizable. Widgets and shortcode can have different sets of trails and notes.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Widget\u003C\u002Fli>\n\u003Cli>Shortcode for showing the trails in a list format\u003C\u002Fli>\n\u003Cli>A second shortcode for showing the trails in a block format\u003C\u002Fli>\n\u003Cli>Add images to trails for display in the shortcode\u003C\u002Fli>\n\u003Cli>Placeholder images for trails without images\u003C\u002Fli>\n\u003Cli>Add links to the trails\u003C\u002Fli>\n\u003Cli>Set up to 10 statuses including their color\u003C\u002Fli>\n\u003Cli>Trail name and status can be the status color\u003C\u002Fli>\n\u003Cli>The order of both trails and statuses can be set\u003C\u002Fli>\n\u003Cli>Notes can be added at the end which can include embedded videos\u003C\u002Fli>\n\u003Cli>Separate notes for the shortcode and widget\u003C\u002Fli>\n\u003Cli>Initial set of trail conditions\u003C\u002Fli>\n\u003Cli>Admin that allows authors and higher users to update the current conditions, while editors and higher users can create and edit the trails and statuses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>DISCLAIMER: Under no circumstances do we release this plugin with any warranty, implied or otherwise. We cannot be held responsible for any damage that might arise from the use of this plugin. Back up your WordPress database and files before installation.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Released under the terms of the GNU General Public License.\u003C\u002Fp>\n","Display the status of trails on your website.",10,1513,"2026-01-17T22:41:00.000Z","6.9.4","5.8","5.6",[18,19,51,52,22],"outdoors","trail","http:\u002F\u002Fonthegridwebdesign.com\u002Fsoftware\u002Ftrail-status","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftrail-status.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":14,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":76,"vuln_count":31,"unpatched_count":11,"last_vuln_date":77,"fetched_at":27},"outdooractive-embed","Outdooractive Embed","1.6","outdooractive","https:\u002F\u002Fprofiles.wordpress.org\u002Foutdooractive\u002F","\u003Cp>After installing the plugin, the button editor for the plugin will appear in the page editor of WordPress. Use it to add your Outdooractive content to your website.\u003Cbr \u002F>\nFor programmers: The plugin uses the shortcode oaembed. The only required parameter is url, all others are optional.\u003C\u002Fp>\n\u003Ch4>For example:\u003C\u002Fh4>\n\u003Cp>paste \u003Ccode>[oaembed url = \"http:\u002F\u002Fwww.outdooractive.com\u002Fen\u002Fserviced-hut\u002Fgraubuenden\u002Ftschiervahuette\u002F15280962\u002F\"]\u003C\u002Fcode> into “text mode” of the editor and click Preview. Your embedded content will appear.\u003C\u002Fp>\n\u003Cp>The following options are supported:\u003Cbr \u002F>\n\u003Cem>Maximum width\u003C\u002Fem>\u003Cbr \u002F>\nSpecify a maximum pixel width for incorporating your content. The maximum width must not be less than 260 pixels.\u003Cbr \u002F>\nExample: \u003Ccode>[oaembed url = \"http:\u002F\u002Fwww.outdooractive.com\u002Fen\u002Fserviced-hut\u002Fgraubuenden\u002Ftschiervahuette\u002F15280962\u002F\" maxwidth = \"400\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Include content in the sidebar, footer, etc.\u003C\u002Fh4>\n\u003Cp>You can embed your content in sidebars and footers using WordPress widgets. For more information on WordPress widgets, visit: https:\u002F\u002Fcodex.wordpress.org\u002FWordPress_Widgets\u003C\u002Fp>\n\u003Ch4>Tip: white label embedding with Pro+\u003C\u002Fh4>\n\u003Cp>With Pro+ you have even better opportunities to integrate tours and interesting points on your website. [Learn more about Pro+] (https:\u002F\u002Fwww.outdooractive.com\u002Fen\u002Fpro-business.html)\u003Cbr \u002F>\nTo use Pro+ Embedding, follow the instructions on the settings page of the plugin (\u003Cem>Settings\u003C\u002Fem> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Cem>Outdooractive Embed\u003C\u002Fem>).\u003C\u002Fp>\n\u003Cp>In the new Gutenberg Editor you can find a “Outdooractive Embed” block under the category “Embed”. It has the same options as mentioned above. Additionally it will show you a live preview in the editor.\u003C\u002Fp>\n\u003Ch4>Please note:\u003C\u002Fh4>\n\u003Cp>Only published Contents can be embeded\u003C\u002Fp>\n","Embed any kind of content from outdooractive.com into your WordPress site.",400,7870,46,3,"2025-03-27T17:09:00.000Z","5.0","",[18,19,71,72,73],"hut","mountaineering","trekking","https:\u002F\u002Fcorporate.outdooractive.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foutdooractive-embed.1.6.zip",91,"2024-12-19 18:07:46",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":43,"active_installs":11,"downloaded":85,"rating":11,"num_ratings":11,"last_updated":86,"tested_up_to":47,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":91,"download_link":92,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"vstm-trail-monitor","Trail Monitor","1.11","Mark Vejvoda","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftcoder\u002F","\u003Cp>This plugin allows you to display the status of trails on your website. Any user can add a trail status (for review), while only editors and admin can add and update the trails and status names. The trails can have links to pages with more information about them. Both the shortcodes and widget are customizable. Widgets and shortcode can have different sets of trails and notes.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Widget\u003C\u002Fli>\n\u003Cli>Shortcode for showing:\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Trails in a list format\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Trails in a block format\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Add trail status (with optional anti spam google recaptcha)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Add images to trails for display in the shortcode\u003C\u002Fli>\n\u003Cli>Placeholder images for trails without images\u003C\u002Fli>\n\u003Cli>Add links to the trails\u003C\u002Fli>\n\u003Cli>Support for embedded youtube video in the comment field\u003C\u002Fli>\n\u003Cli>Set up statuses including their color\u003C\u002Fli>\n\u003Cli>Trail name and status can be the status color\u003C\u002Fli>\n\u003Cli>The order of both trails and statuses can be set\u003C\u002Fli>\n\u003Cli>Notes can be added at the end which can include embedded videos\u003C\u002Fli>\n\u003Cli>Separate notes for the shortcode and widget\u003C\u002Fli>\n\u003Cli>Initial set of trail conditions\u003C\u002Fli>\n\u003Cli>Admin that allows authors and higher users to update the current conditions\u003C\u002Fli>\n\u003Cli>Every Trail can show a list of the last X trail updates submitted by users\u003C\u002Fli>\n\u003Cli>Every Trail can show a list of links to a) weather forecasts b) forest fire smoke forecasts c) Avalanche forecasts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>DISCLAIMER: Under no circumstances do we release this plugin with any warranty, implied or otherwise. We cannot be held responsible for any damage that might arise from the use of this plugin. Back up your WordPress database and files before installation.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Released under the terms of the GNU General Public License.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to a Google API to protect trail updates from spam attacks, it’s needed to provide anti-spam detection in the plugin.\u003C\u002Fp>\n\u003Cp>It sends a unique key every time the widget is loaded.\u003Cbr \u002F>\nThis service is provided by “Google”: terms of use, privacy policy.\u003Cbr \u002F>\nhttps:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\u002Fdocs\u002Ffaq\u003C\u002Fp>\n",548,"2025-11-28T15:46:00.000Z","6.2","8.2",[19,51,90,52,22],"status","https:\u002F\u002Fhiking.princegeorge.tech\u002Fsoftware\u002Ftrail-monitor-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvstm-trail-monitor.1.11.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":31,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":69,"tags":107,"homepage":110,"download_link":111,"security_score":112,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"strava-ride-details","Strava Ride Details","1.2.1","Jeremy Green","https:\u002F\u002Fprofiles.wordpress.org\u002Fendocreative\u002F","\u003Cp>Strava Ride Details allows you to display Strava ride details from a specific ride in your posts and pages using a shortcode. It uses v3 of Strava’s API, and uses OAuth for authentication.\u003C\u002Fp>\n\u003Cp>The details displayed by default are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ride Name\u003C\u002Fli>\n\u003Cli>Distance\u003C\u002Fli>\n\u003Cli>Elevation Gain\u003C\u002Fli>\n\u003Cli>Moving Time\u003C\u002Fli>\n\u003Cli>Location\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Each of the details can be turned on or off. The details are displayed in an unordered list so you can style the elements however you would like using CSS.\u003C\u002Fp>\n\u003Cp>You can also choose to display units in mi\u002Fft or km\u002Fm.\u003C\u002Fp>\n\u003Cp>While Strava does offer their own embed widget, this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>does not require an iframe\u003C\u002Fli>\n\u003Cli>allows you to style the results to match your site\u003C\u002Fli>\n\u003Cli>will work in responsive themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default all details are display using the shortcode \u003Ccode>[strava id=\"ride_id\"]\u003C\u002Fcode>, where ride_id is the string of digits at the end of the URL when viewing a single ride on Strava.\u003C\u002Fp>\n\u003Cp>If you would like to remove a detail, just set it to false in the shortcode. For example, if you would like to show only the distance, then use this shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[strava id=\"ride_id\" name=\"false\" elevation=\"false\" moving_time=\"false\" location=\"false\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Plugin Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Log in to your Strava account and create an application [http:\u002F\u002Fwww.strava.com\u002Fdevelopers]\u003C\u002Fli>\n\u003Cli>Make sure the redirect URI of your application is the same domain as your site\u003C\u002Fli>\n\u003Cli>Copy your client ID and client secret from your application into the Strava Ride Details settings page\u003C\u002Fli>\n\u003Cli>Click “Connect with Strava” on the settings page to generate an access token\u003C\u002Fli>\n\u003Cli>Save settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Add to page\u002Fpost\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Insert \u003Ccode>[strava id=\"ride_id\"]\u003C\u002Fcode> in your post or page\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin allows you to display Strava ride details from a specific ride in your posts and pages using a shortcode.",50,4095,80,"2014-03-23T21:13:00.000Z","3.7.41","3.4",[18,108,109],"shortcode","strava","http:\u002F\u002Fwww.endocreative.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstrava-ride-details.1.2.1.zip",85,{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":11,"num_ratings":11,"last_updated":123,"tested_up_to":124,"requires_at_least":106,"requires_php":69,"tags":125,"homepage":69,"download_link":127,"security_score":112,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"custom-strava-integration","Custom Strava Integration","1.0","floriankimmel","https:\u002F\u002Fprofiles.wordpress.org\u002Ffloriankimmel\u002F","\u003Cp>The “Custom Strava Integration” is a powerful plugin that makes integrating strava activities easy and simple. It gives you the opportunity to create output exactly the way you like it.\u003C\u002Fp>\n\u003Ch4>The Plugin\u003C\u002Fh4>\n\u003Cp>Basically what this plugin does is adding the shortcode [strava id=”[activity id]”] to your post, receiving data via Strava API v3 and filling the preconfigured template with this information.\u003C\u002Fp>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cp>You want full control of the shortcode’s output ? No Problem. You can specify a template at the settings page and define the positions of strava information. Therefore ‘Custom Strava Integration’ provides these placeholders:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>[distance] – Overall distance of the activity\u003C\u002Fli>\n\u003Cli>[description] – Description of the activity       \u003C\u002Fli>\n\u003Cli>[duration] – Duration of the activity\u003C\u002Fli>\n\u003Cli>[elevation] – Overall elevation of the activity\u003C\u002Fli>\n\u003Cli>[location] – Location of the activity     \u003C\u002Fli>\n\u003Cli>[name] – Name of the activity     \u003C\u002Fli>\n\u003Cli>[speed] – Depending on type (ride or run) – either running pace or riding speed       \u003C\u002Fli>\n\u003Cli>[time] – Local start time of the activity\u003C\u002Fli>\n\u003Cli>[type] – Type of the activity (run – ride – swim)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can not only customize the style by using CSS features, moreover you have full control over the html output.\u003C\u002Fp>\n\u003Cp>Moreover you can choose the type of display unit (mi\u002Fft or km\u002Fm) you want to use.\u003C\u002Fp>\n\u003Ch4>Difference to other solutaions\u003C\u002Fh4>\n\u003Cp>We know that strava also does offer their own embedded widget, but this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>does not use iframes (if you want to)\u003C\u002Fli>\n\u003Cli>allows you to fully customize the content\u003C\u002Fli>\n\u003Cli>can display more information than the widget\u003C\u002Fli>\n\u003Cli>does not require you to leave the site \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can concentrate on the important things – writing good blog posts!\u003C\u002Fp>\n","This plugin provides an easy way to add your strava activities to your posts without leaving your site.",20,2352,"2015-09-30T06:29:00.000Z","4.3.34",[18,126,108,109],"running","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-strava-integration.zip",{"attackSurface":129,"codeSignals":167,"taintFlows":315,"riskAssessment":364,"analyzedAt":379},{"hooks":130,"ajaxHandlers":159,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":31,"unprotectedCount":31},[131,137,140,144,147,151,155],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","plugins_loaded","on_plugins_loaded","includes\\class-medic52-wpstatus.php",260,{"type":132,"name":138,"callback":138,"file":135,"line":139},"init",262,{"type":132,"name":141,"callback":142,"file":135,"line":143},"wp_enqueue_scripts","load_scripts",264,{"type":132,"name":145,"callback":145,"file":135,"line":146},"wp_head",267,{"type":132,"name":148,"callback":148,"priority":149,"file":150,"line":121},"admin_menu",9,"includes\\class-mwps-admin.php",{"type":132,"name":152,"callback":153,"file":150,"line":154},"admin_enqueue_scripts","admin_scripts",23,{"type":132,"name":156,"callback":156,"file":157,"line":158},"admin_notices","includes\\class-mwps-install.php",19,[160],{"action":161,"nopriv":162,"callback":161,"hasNonce":162,"hasCapCheck":162,"file":150,"line":163},"mwps_validate_data_feed_url",false,29,[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":11,"externalRequests":313,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":314},[],{"prepared":11,"raw":11,"locations":170},[],{"escaped":172,"rawEcho":173,"locations":174},48,71,[175,178,180,182,184,186,188,190,192,194,196,198,199,201,203,204,206,208,210,212,214,216,218,219,221,223,225,227,229,231,233,235,237,239,241,244,246,248,250,251,253,254,256,258,260,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311],{"file":135,"line":176,"context":177},365,"raw output",{"file":150,"line":179,"context":177},90,{"file":150,"line":181,"context":177},115,{"file":150,"line":183,"context":177},120,{"file":150,"line":185,"context":177},143,{"file":150,"line":187,"context":177},166,{"file":150,"line":189,"context":177},182,{"file":150,"line":191,"context":177},183,{"file":150,"line":193,"context":177},184,{"file":150,"line":195,"context":177},195,{"file":150,"line":197,"context":177},197,{"file":150,"line":197,"context":177},{"file":150,"line":200,"context":177},198,{"file":150,"line":202,"context":177},202,{"file":150,"line":202,"context":177},{"file":150,"line":205,"context":177},203,{"file":150,"line":207,"context":177},209,{"file":150,"line":209,"context":177},251,{"file":150,"line":211,"context":177},252,{"file":150,"line":213,"context":177},253,{"file":150,"line":215,"context":177},254,{"file":150,"line":217,"context":177},266,{"file":150,"line":146,"context":177},{"file":150,"line":220,"context":177},279,{"file":150,"line":222,"context":177},280,{"file":150,"line":224,"context":177},292,{"file":150,"line":226,"context":177},293,{"file":150,"line":228,"context":177},305,{"file":150,"line":230,"context":177},306,{"file":150,"line":232,"context":177},318,{"file":150,"line":234,"context":177},319,{"file":150,"line":236,"context":177},412,{"file":150,"line":238,"context":177},425,{"file":157,"line":240,"context":177},65,{"file":242,"line":243,"context":177},"includes\\class-mwps-shortcodes-lift-trail.php",108,{"file":242,"line":245,"context":177},110,{"file":242,"line":247,"context":177},147,{"file":242,"line":249,"context":177},175,{"file":242,"line":200,"context":177},{"file":242,"line":252,"context":177},200,{"file":242,"line":207,"context":177},{"file":242,"line":255,"context":177},235,{"file":242,"line":257,"context":177},271,{"file":242,"line":259,"context":177},300,{"file":242,"line":232,"context":177},{"file":242,"line":262,"context":177},325,{"file":242,"line":264,"context":177},334,{"file":242,"line":266,"context":177},366,{"file":242,"line":268,"context":177},377,{"file":242,"line":270,"context":177},383,{"file":242,"line":272,"context":177},385,{"file":242,"line":274,"context":177},392,{"file":242,"line":276,"context":177},422,{"file":242,"line":278,"context":177},441,{"file":242,"line":280,"context":177},461,{"file":242,"line":282,"context":177},465,{"file":242,"line":284,"context":177},469,{"file":242,"line":286,"context":177},474,{"file":242,"line":288,"context":177},484,{"file":242,"line":290,"context":177},488,{"file":242,"line":292,"context":177},494,{"file":242,"line":294,"context":177},552,{"file":242,"line":296,"context":177},553,{"file":242,"line":298,"context":177},572,{"file":242,"line":300,"context":177},581,{"file":242,"line":302,"context":177},662,{"file":242,"line":304,"context":177},670,{"file":242,"line":306,"context":177},678,{"file":242,"line":308,"context":177},691,{"file":242,"line":310,"context":177},693,{"file":242,"line":312,"context":177},700,2,[],[316,334,349],{"entryPoint":317,"graph":318,"unsanitizedCount":31,"severity":333},"settings_page (includes\\class-mwps-admin.php:72)",{"nodes":319,"edges":331},[320,325],{"id":321,"type":322,"label":323,"file":150,"line":324},"n0","source","$_POST",77,{"id":326,"type":327,"label":328,"file":150,"line":329,"wp_function":330},"n1","sink","update_option() [Settings Manipulation]",83,"update_option",[332],{"from":321,"to":326,"sanitized":162},"low",{"entryPoint":335,"graph":336,"unsanitizedCount":31,"severity":333},"mwps_validate_data_feed_url (includes\\class-mwps-admin.php:381)",{"nodes":337,"edges":346},[338,340,343],{"id":321,"type":322,"label":323,"file":150,"line":339},396,{"id":326,"type":341,"label":342,"file":150,"line":339},"transform","→ mwps_get_data()",{"id":344,"type":327,"label":328,"file":345,"line":65,"wp_function":330},"n2","includes\\mwps-core-functions.php",[347,348],{"from":321,"to":326,"sanitized":162},{"from":326,"to":344,"sanitized":162},{"entryPoint":350,"graph":351,"unsanitizedCount":313,"severity":333},"\u003Cclass-mwps-admin> (includes\\class-mwps-admin.php:0)",{"nodes":352,"edges":360},[353,354,355,356,358],{"id":321,"type":322,"label":323,"file":150,"line":324},{"id":326,"type":327,"label":328,"file":150,"line":329,"wp_function":330},{"id":344,"type":322,"label":323,"file":150,"line":339},{"id":357,"type":341,"label":342,"file":150,"line":339},"n3",{"id":359,"type":327,"label":328,"file":345,"line":65,"wp_function":330},"n4",[361,362,363],{"from":321,"to":326,"sanitized":162},{"from":344,"to":357,"sanitized":162},{"from":357,"to":359,"sanitized":162},{"summary":365,"deductions":366},"The \"lift-trail-status\" plugin v1.4.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and having no recorded historical vulnerabilities. This suggests a developer who is aware of common security pitfalls. However, there are significant concerns related to its attack surface and input sanitization.\n\nThe primary risk stems from the presence of one AJAX handler that lacks authentication checks. This creates a direct entry point for unauthenticated users to potentially interact with plugin functionality, which could lead to unintended consequences if not properly secured within the handler itself. Furthermore, the taint analysis revealed three flows with unsanitized paths, although these did not reach a critical or high severity according to the analysis. This, coupled with only 40% of output being properly escaped, indicates potential vulnerabilities to cross-site scripting (XSS) or information disclosure if the unsanitized inputs are used in sensitive contexts or displayed without adequate escaping.\n\nThe absence of any recorded historical vulnerabilities is a strong positive indicator. It suggests the plugin has either not been a target or has been developed with a degree of security consciousness. However, the findings from the static analysis, particularly the unprotected AJAX endpoint and the taint analysis indicating unsanitized paths, highlight areas where the plugin's security could be significantly strengthened. The plugin's strengths lie in its lack of historical issues and safe SQL practices, but its weaknesses are evident in its attack surface management and input validation.",[367,369,372,374,377],{"reason":368,"points":44},"Unprotected AJAX handler",{"reason":370,"points":371},"Unsanitized paths in taint analysis",6,{"reason":373,"points":371},"Low percentage of properly escaped output",{"reason":375,"points":376},"No nonce checks on AJAX",5,{"reason":378,"points":376},"No capability checks","2026-03-17T07:08:08.009Z",{"wat":381,"direct":390},{"assetPaths":382,"generatorPatterns":385,"scriptPaths":386,"versionParams":387},[383,384],"\u002Fwp-content\u002Fplugins\u002Flift-trail-status\u002Fcss\u002Flift-trail-status.css","\u002Fwp-content\u002Fplugins\u002Flift-trail-status\u002Fjs\u002Flift-trail-status.js",[],[384],[388,389],"lift-trail-status\u002Fcss\u002Flift-trail-status.css?ver=","lift-trail-status\u002Fjs\u002Flift-trail-status.js?ver=",{"cssClasses":391,"htmlComments":396,"htmlAttributes":397,"restEndpoints":399,"jsGlobals":400,"shortcodeOutput":402},[392,393,394,395],"medic52-lift-trail-status-wrapper","medic52-lift-trail-status-title","medic52-lift-trail-status-item","medic52-lift-trail-status-condition",[],[398],"data-plugin-version",[],[401],"mwps_ajax_object",[403],"[lift_trail_status]"]