[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxXh04H3AILUJnqSuP_9Dwy7NFc6ENoY0NjmttujiKZY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":39,"fingerprints":332},"offen","Offen","3.9","seoptix","https:\u002F\u002Fprofiles.wordpress.org\u002Fseoptix\u002F","\u003Cul>\n\u003Cli>Easily display opening hours\u003C\u002Fli>\n\u003Cli>5 different styles\u003C\u002Fli>\n\u003Cli>Font color and size can be adjusted with ease\u003C\u002Fli>\n\u003Cli>Possibility to specify seasonal opening hours or company holidays\u003C\u002Fli>\n\u003Cli>Optional output in simple text form\u003C\u002Fli>\n\u003Cli>Company data (company name, address, telephone number, etc.) can be specified optionally. Ideal for imprint \u002F contact of your page\u003C\u002Fli>\n\u003Cli>Colors of each area can be adjusted separately\u003C\u002Fli>\n\u003Cli>Texts\u002FTitles can be changed\u003C\u002Fli>\n\u003Cli>Live-Preview of the output within the admin area\u003C\u002Fli>\n\u003Cli>Dedicated style for sidebar\u002Ffooter available\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily store and display the opening hours of your company. Including display of Open\u002FClosed, Holidays etc.",600,11823,76,6,"2023-02-07T09:49:00.000Z","6.1.10","4.0","5.3.0",[20,21,22,23,24],"ffnungszeiten","geschftszeiten","oeffnungszeiten","ordinationszeiten","sprechzeiten","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foffen.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},3,620,30,84,"2026-04-05T17:15:49.926Z",[],{"attackSurface":40,"codeSignals":74,"taintFlows":320,"riskAssessment":321,"analyzedAt":331},{"hooks":41,"ajaxHandlers":60,"restRoutes":65,"shortcodes":66,"cronEvents":71,"entryPointCount":72,"unprotectedCount":73},[42,48,52,55],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","admin_menu","business_hours_setup_menu","Admin\\AdminArea.php",5,{"type":43,"name":49,"callback":50,"file":46,"line":51},"admin_init","register_plugin_business_hours_settings",13,{"type":43,"name":49,"callback":53,"file":46,"line":54},"bhp_register_assets",14,{"type":43,"name":56,"callback":57,"file":58,"line":59},"widgets_init","closure","Admin\\Widget.php",210,[61],{"action":62,"nopriv":63,"callback":62,"hasNonce":63,"hasCapCheck":63,"file":46,"line":64},"bhp_live_preview",false,601,[],[67],{"tag":68,"callback":69,"file":70,"line":47},"business-hours","business_hours_from_widget","Admin\\Shortcode.php",[],2,1,{"dangerousFunctions":75,"sqlUsage":81,"outputEscaping":83,"fileOperations":28,"externalRequests":28,"nonceChecks":73,"capabilityChecks":73,"bundledLibraries":319},[76],{"fn":77,"file":78,"line":79,"context":80},"unserialize","offen.php",37,"$gbharr = unserialize($gbhserial);",{"prepared":28,"raw":28,"locations":82},[],{"escaped":84,"rawEcho":85,"locations":86},119,140,[87,90,92,94,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,150,152,154,156,158,160,161,163,164,166,168,170,172,174,175,177,179,181,183,185,187,189,190,192,193,195,196,197,198,199,201,203,204,206,208,209,210,211,213,215,216,218,219,221,223,226,227,228,229,231,232,234,235,236,237,238,239,241,243,244,245,247,249,250,252,254,255,257,259,262,263,264,265,266,268,270,272,274,276,277,279,281,282,283,285,286,288,289,291,293,294,295,297,299,302,303,305,306,307,308,309,310,311,313,314,315,316,317,318],{"file":46,"line":88,"context":89},207,"raw output",{"file":46,"line":91,"context":89},208,{"file":46,"line":93,"context":89},209,{"file":46,"line":59,"context":89},{"file":46,"line":96,"context":89},211,{"file":46,"line":98,"context":89},212,{"file":46,"line":100,"context":89},213,{"file":46,"line":102,"context":89},214,{"file":46,"line":104,"context":89},272,{"file":46,"line":106,"context":89},290,{"file":46,"line":108,"context":89},299,{"file":46,"line":110,"context":89},300,{"file":46,"line":112,"context":89},318,{"file":46,"line":114,"context":89},320,{"file":46,"line":116,"context":89},338,{"file":46,"line":118,"context":89},340,{"file":46,"line":120,"context":89},356,{"file":46,"line":122,"context":89},357,{"file":46,"line":124,"context":89},366,{"file":46,"line":126,"context":89},367,{"file":46,"line":128,"context":89},368,{"file":46,"line":130,"context":89},373,{"file":46,"line":132,"context":89},393,{"file":46,"line":134,"context":89},405,{"file":46,"line":136,"context":89},406,{"file":46,"line":138,"context":89},415,{"file":46,"line":140,"context":89},416,{"file":46,"line":142,"context":89},417,{"file":46,"line":144,"context":89},422,{"file":46,"line":146,"context":89},578,{"file":148,"line":149,"context":89},"Admin\\ajaxresp.php",193,{"file":58,"line":151,"context":89},23,{"file":58,"line":153,"context":89},24,{"file":58,"line":155,"context":89},25,{"file":58,"line":157,"context":89},74,{"file":159,"line":14,"context":89},"templates\\widget\\style1.php",{"file":159,"line":14,"context":89},{"file":159,"line":162,"context":89},11,{"file":159,"line":162,"context":89},{"file":159,"line":165,"context":89},22,{"file":159,"line":167,"context":89},33,{"file":159,"line":169,"context":89},35,{"file":159,"line":171,"context":89},40,{"file":159,"line":173,"context":89},49,{"file":159,"line":173,"context":89},{"file":159,"line":176,"context":89},51,{"file":159,"line":178,"context":89},54,{"file":159,"line":180,"context":89},58,{"file":159,"line":182,"context":89},60,{"file":159,"line":184,"context":89},62,{"file":159,"line":186,"context":89},64,{"file":159,"line":188,"context":89},66,{"file":159,"line":13,"context":89},{"file":191,"line":162,"context":89},"templates\\widget\\style2.php",{"file":191,"line":162,"context":89},{"file":191,"line":194,"context":89},15,{"file":191,"line":194,"context":89},{"file":191,"line":151,"context":89},{"file":191,"line":169,"context":89},{"file":191,"line":79,"context":89},{"file":191,"line":200,"context":89},42,{"file":191,"line":202,"context":89},52,{"file":191,"line":202,"context":89},{"file":191,"line":205,"context":89},55,{"file":191,"line":207,"context":89},56,{"file":191,"line":182,"context":89},{"file":191,"line":186,"context":89},{"file":191,"line":188,"context":89},{"file":191,"line":212,"context":89},73,{"file":191,"line":214,"context":89},77,{"file":191,"line":27,"context":89},{"file":191,"line":217,"context":89},93,{"file":191,"line":217,"context":89},{"file":191,"line":220,"context":89},95,{"file":191,"line":222,"context":89},105,{"file":224,"line":225,"context":89},"templates\\widget\\style3.php",21,{"file":224,"line":225,"context":89},{"file":224,"line":155,"context":89},{"file":224,"line":155,"context":89},{"file":224,"line":230,"context":89},32,{"file":224,"line":171,"context":89},{"file":224,"line":233,"context":89},43,{"file":224,"line":202,"context":89},{"file":224,"line":202,"context":89},{"file":224,"line":205,"context":89},{"file":224,"line":207,"context":89},{"file":224,"line":182,"context":89},{"file":224,"line":240,"context":89},65,{"file":224,"line":242,"context":89},69,{"file":224,"line":212,"context":89},{"file":224,"line":214,"context":89},{"file":224,"line":246,"context":89},81,{"file":224,"line":248,"context":89},91,{"file":224,"line":217,"context":89},{"file":224,"line":251,"context":89},98,{"file":224,"line":253,"context":89},104,{"file":224,"line":253,"context":89},{"file":224,"line":256,"context":89},106,{"file":224,"line":258,"context":89},114,{"file":260,"line":261,"context":89},"templates\\widget\\style4.php",16,{"file":260,"line":261,"context":89},{"file":260,"line":165,"context":89},{"file":260,"line":165,"context":89},{"file":260,"line":35,"context":89},{"file":260,"line":267,"context":89},31,{"file":260,"line":269,"context":89},36,{"file":260,"line":271,"context":89},38,{"file":260,"line":273,"context":89},41,{"file":260,"line":275,"context":89},53,{"file":260,"line":275,"context":89},{"file":260,"line":278,"context":89},59,{"file":260,"line":280,"context":89},61,{"file":260,"line":188,"context":89},{"file":260,"line":214,"context":89},{"file":260,"line":284,"context":89},80,{"file":260,"line":27,"context":89},{"file":260,"line":287,"context":89},89,{"file":260,"line":217,"context":89},{"file":260,"line":290,"context":89},97,{"file":260,"line":292,"context":89},101,{"file":260,"line":256,"context":89},{"file":260,"line":256,"context":89},{"file":260,"line":296,"context":89},108,{"file":260,"line":298,"context":89},116,{"file":300,"line":301,"context":89},"templates\\widget\\style5.php",26,{"file":300,"line":301,"context":89},{"file":300,"line":304,"context":89},29,{"file":300,"line":35,"context":89},{"file":300,"line":271,"context":89},{"file":300,"line":171,"context":89},{"file":300,"line":173,"context":89},{"file":300,"line":176,"context":89},{"file":300,"line":178,"context":89},{"file":300,"line":312,"context":89},57,{"file":300,"line":180,"context":89},{"file":300,"line":182,"context":89},{"file":300,"line":184,"context":89},{"file":300,"line":186,"context":89},{"file":300,"line":188,"context":89},{"file":300,"line":214,"context":89},[],[],{"summary":322,"deductions":323},"The \"offen\" v3.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having no recorded vulnerabilities in its history. This suggests a history of generally secure development.\n\nHowever, the static analysis reveals notable areas of concern. The presence of an AJAX handler without authentication checks represents a significant attack vector. Additionally, the `unserialize` function, a known risk if used with untrusted input, is present. The relatively low percentage of properly escaped output (46%) also indicates a potential for cross-site scripting (XSS) vulnerabilities.\n\nWhile the plugin has no known CVEs, the identified code signals warrant attention. The lack of taint analysis data limits the depth of assessment, but the static findings highlight specific areas where attackers could potentially exploit the plugin. The overall risk is moderate, leaning towards higher due to the unprotected AJAX endpoint and the `unserialize` function.",[324,327,329],{"reason":325,"points":326},"Unprotected AJAX handler",7,{"reason":328,"points":47},"Usage of unserialize function",{"reason":330,"points":14},"Low percentage of properly escaped output","2026-03-16T19:31:13.556Z",{"wat":333,"direct":340},{"assetPaths":334,"generatorPatterns":337,"scriptPaths":338,"versionParams":339},[335,336],"\u002Fwp-content\u002Fplugins\u002Foffen\u002Ftemplates\u002Fassets\u002Fvendor\u002Fnavigation\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Foffen\u002Ftemplates\u002Fassets\u002Fvendor\u002Ftimedropper\u002Ftimedropper.min.css",[],[],[],{"cssClasses":341,"htmlComments":342,"htmlAttributes":343,"restEndpoints":344,"jsGlobals":345,"shortcodeOutput":346},[],[],[],[],[],[]]