[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flKZaS_oZ4TyRYLfIh1s7sa3idl0aaFOzWIzztES66JM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":40,"fingerprints":135},"mylisting-elementor-toolkit","MyListing Elementor Toolkit","1.0.18","Christiaan van Luik","https:\u002F\u002Fprofiles.wordpress.org\u002Fcvl01\u002F","\u003Cp>This plugin adds Elementor related functionality to the MyListing theme. The plugin is under constant development, it is very likely that more features will be added in the coming weeks.\u003C\u002Fp>\n\u003Cp>\u003Cem>This plugin requires Elementor Pro and MyListing theme\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Design the single listing page using Elementor\u003C\u002Fli>\n\u003Cli>Set different Elementor Header for Listing pages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Tutorial\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FsgeGsV5yx7g?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&start=1&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Free vs Pro\u003C\u002Fh4>\n\u003Cp>The most essential\u002Fbasic features are included in the free version. If you want more control over the fields & layout options, consider buying the Pro version.\u003C\u002Fp>\n\u003Cp>By buying the pro version, you help me, Christiaan, the developer, keep this free plugin running and stay active expanding & improving the MyListing theme.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.yellowwave.eu\u002Fmylisting-elementor-toolkit\u002F\" rel=\"nofollow ugc\">Find the PRO version here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Theme locations\u003C\u002Fstrong>\u003Cbr \u002F>\n[FREE] Single listing page\u003Cbr \u002F>\n[PRO] Preview \u002F index cards\u003Cbr \u002F>\n[PRO] Quick view popup\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Elementor Dynamic Tags\u003C\u002Fstrong>\u003Cbr \u002F>\n[FREE] Text\u003Cbr \u002F>\n[FREE] Image\u003Cbr \u002F>\n[FREE] Rating\u003Cbr \u002F>\n[PRO] Gallery\u003Cbr \u002F>\n[PRO] Date \u002F recurring date\u003Cbr \u002F>\n[PRO] Work hours\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Elementor Widgets\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[FREE] Related Listing (Host)\u003Cbr \u002F>\n[PRO] Related Listings (multiple cards)\u003Cbr \u002F>\n[PRO] Bookmark \u002F quick view\u003Cbr \u002F>\n[PRO] Quick actions\u003Cbr \u002F>\n[PRO] Taxonomy \u002F terms with MyListing icon\u003Cbr \u002F>\n[PRO] Map \u002F Location\u003Cbr \u002F>\n[PRO] Work hours\u003Cbr \u002F>\n[PRO] Upcoming dates\u003Cbr \u002F>\nmore will be added…\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Display conditions\u003C\u002Fstrong>\u003Cbr \u002F>\n[FREE] Listing Type\u003C\u002Fp>\n","A simple Elementor addon that adds elementor functionality to parts of the My Listing theme.",300,10408,86,3,"2025-01-02T12:26:00.000Z","6.7.5","5.2","8.0",[20,21,22,23,24],"my-listing","my-listing-elementor","my-listing-toolkit","mylisting","mylisting-elementor","https:\u002F\u002Fyellowwave.eu\u002Fml-elementor-toolkit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmylisting-elementor-toolkit.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"cvl01",350,87,30,85,"2026-04-04T20:35:35.655Z",[],{"attackSurface":41,"codeSignals":102,"taintFlows":127,"riskAssessment":128,"analyzedAt":134},{"hooks":42,"ajaxHandlers":98,"restRoutes":99,"shortcodes":100,"cronEvents":101,"entryPointCount":28,"unprotectedCount":28},[43,49,51,55,58,61,64,67,73,78,82,86,90,94],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","init","i18n","ml-elementor-toolkit.php",64,{"type":44,"name":45,"callback":45,"file":47,"line":50},68,{"type":44,"name":52,"callback":53,"file":47,"line":54},"admin_notices","admin_notice_missing_main_plugin",100,{"type":44,"name":52,"callback":56,"file":47,"line":57},"admin_notice_missing_elementor_pro",106,{"type":44,"name":52,"callback":59,"file":47,"line":60},"admin_notice_missing_mylisting",111,{"type":44,"name":52,"callback":62,"file":47,"line":63},"admin_notice_minimum_elementor_version",117,{"type":44,"name":52,"callback":65,"file":47,"line":66},"admin_notice_minimum_php_version",123,{"type":44,"name":68,"callback":69,"priority":70,"file":71,"line":72},"wp_enqueue_scripts","enqueue_scripts",50,"plugin.php",169,{"type":74,"name":75,"callback":76,"priority":70,"file":71,"line":77},"filter","elementor_pro\u002Futils\u002Fget_public_post_types","elementor_post_types",172,{"type":44,"name":79,"callback":80,"file":71,"line":81},"elementor\u002Felements\u002Fcategories_registered","register_category",179,{"type":44,"name":83,"callback":84,"file":71,"line":85},"elementor\u002Fwidgets\u002Fregister","register_widgets",182,{"type":44,"name":87,"callback":88,"file":71,"line":89},"elementor\u002Fdynamic_tags\u002Fregister","register_tags",185,{"type":44,"name":91,"callback":92,"file":71,"line":93},"elementor\u002Ftheme\u002Fregister_conditions","register_conditions",188,{"type":44,"name":95,"callback":96,"file":71,"line":97},"elementor\u002Ftheme\u002Fregister_locations","register_theme_locations",191,[],[],[],[],{"dangerousFunctions":103,"sqlUsage":104,"outputEscaping":106,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":126},[],{"prepared":28,"raw":28,"locations":105},[],{"escaped":107,"rawEcho":108,"locations":109},8,6,[110,114,115,118,121,123],{"file":111,"line":112,"context":113},"dynamic-tags\\tags\\field.php",98,"raw output",{"file":111,"line":54,"context":113},{"file":116,"line":117,"context":113},"dynamic-tags\\tags\\number.php",108,{"file":119,"line":120,"context":113},"dynamic-tags\\tags\\review-count.php",34,{"file":122,"line":13,"context":113},"dynamic-tags\\tags\\wp-editor.php",{"file":124,"line":125,"context":113},"widgets\\related-listings-host.php",791,[],[],{"summary":129,"deductions":130},"The \"mylisting-elementor-toolkit\" v1.0.18 plugin exhibits a generally strong security posture based on the provided static analysis.  The complete absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant positive.  Furthermore, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and not engaging in file operations or external HTTP requests, minimizing common attack vectors.  The lack of known vulnerabilities in its history is also reassuring.\n\nHowever, a notable concern arises from the output escaping, where only 57% of the identified outputs are properly escaped. This leaves a portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks, especially if user-supplied data is directly reflected in these unescaped outputs.  The absence of nonce checks, capability checks, and taint analysis findings (though this could be due to the limited scope of analysis or the absence of complex data flows) also suggests potential areas where vulnerabilities might exist but were not detected by the specific analysis performed. The total absence of any identified entry points is highly unusual and might indicate limitations in the static analysis tool's capabilities for this specific plugin.\n\nIn conclusion, while the plugin has proactively avoided many common security pitfalls and has no recorded historical vulnerabilities, the incomplete output escaping represents a tangible risk that requires attention. The limited data on entry points and checks warrants a cautious approach, as undiscovered vulnerabilities could still be present. Addressing the unescaped output is the most immediate priority.",[131],{"reason":132,"points":133},"Unescaped output detected",5,"2026-03-16T19:53:18.115Z",{"wat":136,"direct":145},{"assetPaths":137,"generatorPatterns":140,"scriptPaths":141,"versionParams":142},[138,139],"\u002Fwp-content\u002Fplugins\u002Fmylisting-elementor-toolkit\u002Fassets\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fmylisting-elementor-toolkit\u002Fassets\u002Fjs\u002Ffrontend.js",[],[],[143,144],"mylisting-elementor-toolkit\u002Fassets\u002Fcss\u002Ffrontend.css?ver=","mylisting-elementor-toolkit\u002Fassets\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":146,"htmlComments":151,"htmlAttributes":152,"restEndpoints":154,"jsGlobals":155,"shortcodeOutput":157},[147,148,149,150],"ml-elementor-toolkit-wrapper","ml-elementor-toolkit-button","ml-elementor-toolkit-carousel","ml-elementor-toolkit-grid",[],[153],"data-ml-elementor-toolkit",[],[156],"ML_Elementor_Toolkit_Frontend",[]]