[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fc5odf0NN5pzJ9JbLvZFLv607a5qYtl7jWXGyUJeuHmU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":37,"fingerprints":76},"mml-booking-calendar","MML Booking Calendar","1.0.0","My Music Lessons","https:\u002F\u002Fprofiles.wordpress.org\u002Fmymusiclessons\u002F","\u003Cp>MML Booking Calender was created to allow private music teachers to take bookings and payment directly from their website\u003C\u002Fp>\n\u003Cp>MML Booking Calender is designed to be used with the My Music Lessons booking platform.\u003C\u002Fp>\n\u003Cp>Music teachers will need to have an active account on My Music Lessons before being able to use the MML Booking Calendar plugin.\u003C\u002Fp>\n\u003Cp>1 month free trial available.\u003C\u002Fp>\n\u003Cp>To get started visit \u003Ca href=\"https:\u002F\u002Fmymusiclessons.org.uk\u002Fsignup\" rel=\"nofollow ugc\">www.MyMusicLessons.org.uk\u002Fsignup\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Once your account is setup the MML Booking Calender will communicate with your My Music Lessons account through an API and show your customers your latest availability and allow them to make a booking and payment.\u003C\u002Fp>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fmymusiclessons.org.uk\u002F\" rel=\"nofollow ugc\">www.MyMusicLessons.org.uk\u002F\u003C\u002Fa> for more information.\u003C\u002Fp>\n","MML Booking Calender was created to allow private music teachers to take bookings and payment directly from their website.",10,1705,100,1,"2025-04-08T11:06:00.000Z","6.8.5","5.0.2","5.2.4",[20,21,22,23,24],"music-lesson-booking-platform","music-lesson-diary","music-lessons-booking-calendar","music-tuition-booking-system","private-music-teacher-diary","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmml-booking-calendar.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"mymusiclessons",30,94,"2026-04-04T11:34:01.651Z",[],{"attackSurface":38,"codeSignals":54,"taintFlows":64,"riskAssessment":65,"analyzedAt":75},{"hooks":39,"ajaxHandlers":50,"restRoutes":51,"shortcodes":52,"cronEvents":53,"entryPointCount":27,"unprotectedCount":27},[40,46],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_menu","mml_booking_calendar_admin_menu","mml_booking_calendar.php",13,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_init","mml_booking_calendar_admin_init",36,[],[],[],[],{"dangerousFunctions":55,"sqlUsage":56,"outputEscaping":58,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":63},[],{"prepared":27,"raw":27,"locations":57},[],{"escaped":14,"rawEcho":14,"locations":59},[60],{"file":44,"line":61,"context":62},131,"raw output",[],[],{"summary":66,"deductions":67},"The \"mml-booking-calendar\" v1.0.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points indicates a very limited attack surface. Furthermore, the code signals show no dangerous functions, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are all positive indicators. The taint analysis also yielded no critical or high-severity flows with unsanitized paths.\n\nHowever, a few areas warrant attention. The 50% rate of properly escaped output suggests that a portion of the plugin's output is not being properly sanitized, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved. The complete lack of nonce and capability checks on any entry points, although currently not directly exploitable due to the zero attack surface, represents a potential future risk should new entry points be added without these crucial security measures. The vulnerability history being clean is a positive sign, suggesting a history of secure development, but the lack of checks could expose it if a vulnerability were to arise in the future.\n\nIn conclusion, the plugin is currently in a relatively secure state with a minimal attack surface and good practices in SQL handling. The primary concern lies with the unescaped output and the absence of authentication\u002Fauthorization checks, which are foundational security practices. Addressing these would further solidify the plugin's security.",[68,71,73],{"reason":69,"points":70},"Output not properly escaped",5,{"reason":72,"points":70},"No nonce checks",{"reason":74,"points":70},"No capability checks","2026-03-17T00:43:15.436Z",{"wat":77,"direct":82},{"assetPaths":78,"generatorPatterns":79,"scriptPaths":80,"versionParams":81},[],[],[],[],{"cssClasses":83,"htmlComments":84,"htmlAttributes":85,"restEndpoints":87,"jsGlobals":88,"shortcodeOutput":89},[],[],[86],"name=\"mml-booking-calendar-iframe\"",[],[],[90,86,91,92,93,94,95,96,97],"\u003Ciframe src=\"https:\u002F\u002Fmymusiclessons.org.uk\u002Fexternal\u002Fdiary?key=","width=\"100%\"","height=\"700\"","frameborder=\"1\"","marginwidth=\"0px\"","marginheight=\"0px\"","scrolling=\"no\"","style=\"border: 0px #ffffff none;\"\u003C\u002Fiframe>"]