[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fndeXKY45dk-jWMiTPt7S558N50bFdegiKwfJs_0PQyA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":133,"fingerprints":306},"meetup-widgets","Meetup Widgets","2.2.1","Kelly Choyce-Dwan","https:\u002F\u002Fprofiles.wordpress.org\u002Fryelle\u002F","\u003Cp>For use with a \u003Ca href=\"http:\u002F\u002Fmeetup.com\" rel=\"nofollow ugc\">Meetup.com\u003C\u002Fa> group.\u003C\u002Fp>\n\u003Cp>This plugin creates two widgets: one a list of events from a meetup group (by ID or URL name, for multiple groups use IDs); the other shows details about single event (by ID) with a link to RSVP – using OAuth if keys are specified, otherwise just a link to the event on meetup.com. Does require at least an API key (which it asks for on the settings page).\u003C\u002Fp>\n","Adds widgets displaying information from a meetup.com group.",60,10385,46,3,"2016-01-07T02:56:00.000Z","4.4.34","3.3","",[20,21,22,23],"meetup","meetup-com","meetups","widget","http:\u002F\u002Fredradar.net\u002Fcategory\u002Fplugins\u002Fmeetup-widgets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeetup-widgets.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"ryelle",4,890,30,84,"2026-04-04T11:43:28.655Z",[39,55,76,95,110],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":35,"downloaded":47,"rating":27,"num_ratings":27,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":53,"download_link":54,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"r3df-meetup-widget","R3DF Meetup Widget","1.0.12","Rick Radko","https:\u002F\u002Fprofiles.wordpress.org\u002Fr3df\u002F","\u003Cp>A simple widget for use with a \u003Ca href=\"http:\u002F\u002Fmeetup.com\" rel=\"nofollow ugc\">Meetup.com\u003C\u002Fa> group.  The plugin adds a widget that shows a link to your Meetup group.\u003C\u002Fp>\n\u003Cp>Simply enter your Meetup group name and it’s URL and save.  You can display the widget with or without a title.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Support for this plugin is limited to fixing \u003Cem>confirmed bugs\u003C\u002Fem> and improving the plugin with enhancements that can be reasonably accommodated.\u003C\u002Fp>\n","A simple widget for displaying a link to a meetup.com group.",4724,"2015-09-30T01:53:00.000Z","4.3.34","4.0",[20,52,21,22,23],"meetup-widget","http:\u002F\u002Fr3df.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fr3df-meetup-widget.1.0.12.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":74,"download_link":75,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"meetup-winner","Meetup Winner!","0.2","Dustin Filippini","https:\u002F\u002Fprofiles.wordpress.org\u002Fdustyf\u002F","\u003Cp>Do you want to add something extra to your next Meetup?  Everyone likes getting free prizes and swag, right?  But, you have more people attending than things to give away.  Now you can use this plugin to hold a drawing for the free prize!\u003C\u002Fp>\n\u003Cp>This plugin will connect to the Meetup.com API and select a random member of your Meetup who RSVPed to your event so you can give a prize at the event.\u003C\u002Fp>\n\u003Cp>To use, install the plugin, activate, and add your Meetup.com API key in the settings.  Next, add the shortcode [meetup_winner eventid=”110963702″] to any page on your site and replace the number with the Event ID of your Meetup Event.  Whenever you visit that page or refresh the page a new winner will be selected.\u003C\u002Fp>\n","Give away prizes and swag to a random attendee who RSVPed to your meetup!",10,1916,100,2,"2013-07-10T15:30:00.000Z","3.5.2","3.0.1",[71,72,20,21,73],"contest","giveaway","winner","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmeetup-winner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeetup-winner.0.2.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":63,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":18,"tested_up_to":68,"requires_at_least":87,"requires_php":18,"tags":88,"homepage":92,"download_link":93,"security_score":65,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":94},"wp-meetup-activity","WP-Meetup-Activity","0.1.7","Michele Pinassi","https:\u002F\u002Fprofiles.wordpress.org\u002Fo-zone\u002F","\u003Cp>If you want to show your meetup’s groups activities on you wordpress blog, here’s the widget right for you.\u003Cbr \u002F>\nJust get the API key from Meetup.com and choose which groups to show: you’re done !\u003C\u002Fp>\n","WP-Meetup-Activity display your groups latest activities (discussions, photos...) and events in a sidebar widget",2226,20,1,"3.0",[89,90,91,20,21],"activity","events","group","http:\u002F\u002Fwww.zerozone.it\u002Fwordpress-meetup-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-meetup-activity.zip","2026-03-15T10:48:56.248Z",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":63,"downloaded":103,"rating":65,"num_ratings":86,"last_updated":104,"tested_up_to":105,"requires_at_least":50,"requires_php":18,"tags":106,"homepage":108,"download_link":109,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wpmeetup-widget","WPMeetup Widget deutschsprachig","0.6.1","Bernhard Kau","https:\u002F\u002Fprofiles.wordpress.org\u002Fkau-boy\u002F","\u003Cp>The WordPress community in Germany, Austria and Switzerland has changed and grown a lot in the past few years.\u003Cbr \u002F>\nTo maintain a current list of all active meetups can be a lot of work for every individual meetup and takes a lot of time.\u003Cbr \u002F>\nWith the data from \u003Ca href=\"https:\u002F\u002Fwpmeetups.de\u002Fmeetup\u002F\" rel=\"nofollow ugc\">wpmeetups.de\u003C\u002Fa>, this plugin enables any WordPress meetup to include a small\u003Cbr \u002F>\nwidget into their sites, with a current list of all active meetup in the German-speaking community.\u003C\u002Fp>\n\u003Ch3>Languages\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>German\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Authors: \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fkau-boy\" rel=\"nofollow ugc\">Bernhard Kau\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002F00sleepy\" rel=\"nofollow ugc\">Thomas Brühl\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fkrafit\" rel=\"nofollow ugc\">Simon Kraft\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","List of all German-speaking WordPress meetups as a widget.",3111,"2023-01-27T22:19:00.000Z","6.1.10",[107,22],"community","https:\u002F\u002Fgithub.com\u002Fdeworg\u002Fwpmg-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpmeetup-widget.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":120,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":131,"download_link":132,"security_score":65,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"classic-widgets","Classic Widgets","0.3","Tonya Mork","https:\u002F\u002Fprofiles.wordpress.org\u002Fhellofromtonya\u002F","\u003Cp>Classic Widgets is an official plugin maintained by the WordPress team that restores the previous (“classic”) WordPress widgets settings screens. It will be supported and maintained to 2024, or as long as is necessary.\u003C\u002Fp>\n\u003Cp>Once activated and when using a classic (non-block) theme, this plugin restores the previous widgets settings screens and disables the block editor from managing widgets. There is no other configuration, the classic widgets settings screens are enabled or disabled by either enabling or disabling this plugin.\u003C\u002Fp>\n","Enables the previous \"classic\" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.",2000000,7214667,98,262,"2025-12-08T10:52:00.000Z","6.9.4","4.9","5.6",[111,127,128,129,130],"disable","disable-gutenberg","editor","gutenberg","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-widgets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclassic-widgets.0.3.zip",{"attackSurface":134,"codeSignals":171,"taintFlows":288,"riskAssessment":289,"analyzedAt":305},{"hooks":135,"ajaxHandlers":159,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":66,"unprotectedCount":66},[136,142,147,151,155,157],{"type":137,"name":138,"callback":139,"file":140,"line":141},"filter","admin_init","register_fields","vs_meetup.php",42,{"type":143,"name":144,"callback":145,"file":140,"line":146},"action","pre_current_active_plugins","vsmw_need_oauth",113,{"type":143,"name":148,"callback":149,"file":140,"line":150},"init","meetup_widgets_start",117,{"type":143,"name":152,"callback":153,"file":140,"line":154},"widgets_init","anonymous",120,{"type":143,"name":152,"callback":153,"file":140,"line":156},121,{"type":143,"name":152,"callback":153,"file":140,"line":158},122,[160,167],{"action":161,"nopriv":162,"callback":163,"hasNonce":164,"hasCapCheck":164,"file":165,"line":166},"meetup_event",true,"meetup_event_popup",false,"vs_meetup_widgets.php",29,{"action":161,"nopriv":164,"callback":163,"hasNonce":164,"hasCapCheck":164,"file":165,"line":35},[],[],[],{"dangerousFunctions":172,"sqlUsage":180,"outputEscaping":182,"fileOperations":27,"externalRequests":86,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":287},[173,176,178],{"fn":174,"file":140,"line":154,"context":175},"create_function","add_action( 'widgets_init', create_function( '', 'return register_widget(\"VsMeetSingleWidget\");' ) )",{"fn":174,"file":140,"line":156,"context":177},"add_action( 'widgets_init', create_function( '', 'return register_widget(\"VsMeetListWidget\");' ) );",{"fn":174,"file":140,"line":158,"context":179},"add_action( 'widgets_init', create_function( '', 'return register_widget(\"VsMeetUserListWidget\");' )",{"prepared":27,"raw":27,"locations":181},[],{"escaped":183,"rawEcho":184,"locations":185},22,57,[186,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,234,235,237,239,240,241,243,245,247,249,251,253,254,255,257,259,260,261,263,265,266,267,269,271,273,275,277,279,280,281,283,285,286],{"file":187,"line":63,"context":188},"meetup-single.php","raw output",{"file":187,"line":190,"context":188},12,{"file":187,"line":192,"context":188},14,{"file":187,"line":194,"context":188},15,{"file":187,"line":196,"context":188},19,{"file":187,"line":198,"context":188},21,{"file":187,"line":200,"context":188},27,{"file":187,"line":202,"context":188},31,{"file":165,"line":204,"context":188},305,{"file":165,"line":206,"context":188},306,{"file":165,"line":208,"context":188},307,{"file":165,"line":210,"context":188},325,{"file":165,"line":212,"context":188},334,{"file":165,"line":214,"context":188},341,{"file":165,"line":216,"context":188},342,{"file":165,"line":218,"context":188},348,{"file":165,"line":220,"context":188},351,{"file":165,"line":222,"context":188},375,{"file":165,"line":224,"context":188},377,{"file":165,"line":226,"context":188},382,{"file":165,"line":228,"context":188},384,{"file":165,"line":230,"context":188},406,{"file":165,"line":232,"context":188},408,{"file":165,"line":232,"context":188},{"file":165,"line":232,"context":188},{"file":165,"line":236,"context":188},410,{"file":165,"line":238,"context":188},412,{"file":165,"line":238,"context":188},{"file":165,"line":238,"context":188},{"file":165,"line":242,"context":188},433,{"file":165,"line":244,"context":188},435,{"file":165,"line":246,"context":188},440,{"file":165,"line":248,"context":188},442,{"file":165,"line":250,"context":188},471,{"file":165,"line":252,"context":188},473,{"file":165,"line":252,"context":188},{"file":165,"line":252,"context":188},{"file":165,"line":256,"context":188},475,{"file":165,"line":258,"context":188},477,{"file":165,"line":258,"context":188},{"file":165,"line":258,"context":188},{"file":165,"line":262,"context":188},480,{"file":165,"line":264,"context":188},483,{"file":165,"line":264,"context":188},{"file":165,"line":264,"context":188},{"file":165,"line":268,"context":188},503,{"file":165,"line":270,"context":188},505,{"file":165,"line":272,"context":188},509,{"file":165,"line":274,"context":188},510,{"file":165,"line":276,"context":188},537,{"file":165,"line":278,"context":188},539,{"file":165,"line":278,"context":188},{"file":165,"line":278,"context":188},{"file":165,"line":282,"context":188},542,{"file":165,"line":284,"context":188},545,{"file":165,"line":284,"context":188},{"file":165,"line":284,"context":188},[],[],{"summary":290,"deductions":291},"The \"meetup-widgets\" v2.2.1 plugin exhibits a concerning security posture, primarily due to significant gaps in authentication and authorization checks for its entry points. While the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and having no recorded vulnerability history, these strengths are overshadowed by critical weaknesses in its attack surface. The presence of two AJAX handlers without any authentication checks presents a direct pathway for unauthorized users to interact with the plugin's functionality, potentially leading to various exploits depending on the actions performed by these handlers.\n\nThe static analysis further reveals the use of a dangerous function, `create_function`, which can be a source of security vulnerabilities if not handled with extreme care, though no specific exploit is detailed in the provided data. The low percentage of properly escaped output (28%) is another significant concern, suggesting that user-supplied data might be reflected in the output without adequate sanitization, opening the door for Cross-Site Scripting (XSS) attacks. The absence of nonce checks on AJAX handlers exacerbates the risk of Cross-Site Request Forgery (CSRF) attacks.\n\nIn conclusion, while the plugin's SQL query handling and lack of historical vulnerabilities are positive indicators, the unprotected AJAX endpoints, insufficient output escaping, and the use of `create_function` create a high-risk environment. Remediation efforts should prioritize adding robust authentication and authorization to AJAX handlers, implementing comprehensive output escaping for all user-facing data, and reviewing the usage of `create_function` for potential security implications.",[292,294,297,300,303],{"reason":293,"points":63},"2 AJAX handlers without auth checks",{"reason":295,"points":296},"Low percentage of properly escaped output (28%)",8,{"reason":298,"points":299},"Dangerous functions: 3 (create_function)",5,{"reason":301,"points":302},"No nonce checks on AJAX",7,{"reason":304,"points":302},"No capability checks","2026-03-16T21:42:16.829Z",{"wat":307,"direct":317},{"assetPaths":308,"generatorPatterns":312,"scriptPaths":313,"versionParams":314},[309,310,311],"\u002Fwp-content\u002Fplugins\u002Fmeetup-widgets\u002Fcss\u002Fmeetup-widgets.css","\u002Fwp-content\u002Fplugins\u002Fmeetup-widgets\u002Fjs\u002Fmeetup-widgets.js","\u002Fwp-content\u002Fplugins\u002Fmeetup-widgets\u002Fcss\u002Fmeetup-widgets-admin.css",[],[310],[315,316],"meetup-widgets\u002Fcss\u002Fmeetup-widgets.css?ver=","meetup-widgets\u002Fjs\u002Fmeetup-widgets.js?ver=",{"cssClasses":318,"htmlComments":333,"htmlAttributes":334,"restEndpoints":337,"jsGlobals":338,"shortcodeOutput":340},[319,320,321,322,323,324,325,326,327,328,329,330,331,332],"meetup-widget-wrap","meetup-list-widget","meetup-single-event-widget","meetup-user-list-widget","meetup-event-title","meetup-event-date","meetup-event-venue","meetup-event-description","meetup-event-link","meetup-group-name","meetup-group-link","meetup-user-avatar","meetup-user-name","meetup-user-link",[],[335,336],"data-event-id","data-group-url-name",[],[339],"vsmw_ajax_object",[]]