Does OnlineAfspraken Plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is OnlineAfspraken Plugin compatible with WordPress 3.4.2?

According to WordPress.org data, OnlineAfspraken Plugin 0.9 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is OnlineAfspraken Plugin updated?

OnlineAfspraken Plugin was last updated on Oct 8, 2013. Frequent updates are generally a positive security signal.

What is OnlineAfspraken Plugin's security score?

OnlineAfspraken Plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OnlineAfspraken Plugin Security & Risk Analysis

wordpress.org/plugins/onlineafspraken-wordpress-plugin

Met deze plugin plaatst u de OnlineAfspraken boekingswidget in uw WordPress site.

10 active installs v0.9 PHP + WP 3.0.1+ Updated Oct 8, 2013

onlineafsprakenreserveringssysteem

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is OnlineAfspraken Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

OnlineAfspraken Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The onlineafspraken-wordpress-plugin v0.9 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and the absence of any recorded vulnerabilities or CVEs, there are significant areas of concern stemming from the static analysis. The plugin's output is not properly escaped in any of its 45 identified outputs, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, a flow with an unsanitized path was identified, which could potentially lead to path traversal or other file system vulnerabilities, especially when combined with the presence of the `move_uploaded_file` function, a known sensitive operation.

The lack of nonce checks and capability checks for its single entry point (a shortcode) is a notable weakness. While the static analysis reports only one shortcode and no direct AJAX or REST API endpoints without authentication, the absence of these fundamental security measures on the shortcode leaves it potentially vulnerable to abuse if not handled carefully by the calling context. The vulnerability history being clean is a positive sign, suggesting either responsible development or limited exposure, but it does not negate the risks identified in the current code.

Key Concerns

0% properly escaped output
Flow with unsanitized path
Dangerous function move_uploaded_file
No nonce checks
Insufficient capability checks

Vulnerabilities

None known

OnlineAfspraken Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

OnlineAfspraken Plugin Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

OnlineAfspraken Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

move_uploaded_filemove_uploaded_file($_FILES["file"]["tmp_name"],example-widget-popup.php:213

Output Escaping

0% escaped45 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

admin_oa_plugin_proces (example-widget-popup.php:1321)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

OnlineAfspraken Plugin Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[onlineafspraken] oa_shortcode.php:26

WordPress Hooks 2

actionwidgets_initexample-widget-popup.php:16

actionadmin_menuexample-widget-popup.php:25

Maintenance & Trust

OnlineAfspraken Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedOct 8, 2013

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

OnlineAfspraken Plugin Alternatives

Huurkalender WP

huurkalender-wp

Ontvang boekingen via uw eigen kalender en toon de beschikbaarheid van Huurkalender.nl op uw WordPress website.

800 1 CVE

Developer Profile

OnlineAfspraken Plugin Developer Profile

onlineafspraken

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect OnlineAfspraken Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/onlineafspraken-wordpress-plugin/oa-admin.js/wp-content/plugins/onlineafspraken-wordpress-plugin/oa-admin.css

Script Paths

/wp-content/plugins/onlineafspraken-wordpress-plugin/oa-admin.js

Version Parameters

/wp-content/plugins/onlineafspraken-wordpress-plugin/oa-admin.js?ver=/wp-content/plugins/onlineafspraken-wordpress-plugin/oa-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

oa_admin_page_wrapper

HTML Comments

+3 more

Data Attributes

data-apikey-inputdata-oaframewidth-inputdata-oaframeheight-inputdata-select-button-inputdata-align-oa-inputdata-align-oa-button-input+2 more

JS Globals

oa_admin_ajax_object

Shortcode Output

[onlineafspraken]

FAQ