[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frkL2FD9SBrmathp_IDCaZI9hBlPIzag630dIYRAuWZw":3,"$f3ckKPLiUi2fOru43MJWyrEm8odnbKnTRzY5GRumMhO4":245,"$fktEMqvJsJWDOF3jWlxDV9tbnZupNi_HR0NzDbP3xDhE":249},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":32,"analysis":58,"fingerprints":210},"onlineafspraken-wordpress-plugin","OnlineAfspraken Plugin","0.9","onlineafspraken","https:\u002F\u002Fprofiles.wordpress.org\u002Fonlineafspraken\u002F","\u003Cp>Met deze plugin plaatst u de OnlineAfspraken boekingswidget in uw WordPress site.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Met deze plugin plaatst u de OnlineAfspraken boekingswidget in uw WordPress site.",10,1401,0,"2013-10-08T13:34:00.000Z","3.4.2","3.0.1","",[7,19],"reserveringssysteem","http:\u002F\u002Fonlineafspraken.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonlineafspraken-wordpress-plugin.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,84,"2026-05-20T10:48:32.229Z",[33],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":17,"download_link":54,"security_score":55,"vuln_count":28,"unpatched_count":13,"last_vuln_date":56,"fetched_at":57},"huurkalender-wp","Huurkalender WP","1.6.5","Huurkalender.nl","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuurkalender\u002F","\u003Cp>eheer boekingen en beschikbaarheid voor verhuur eenvoudig met Huurkalender.nl. Integreer kalenders in uw WordPress-site.\u003C\u002Fp>\n","Ontvang boekingen via uw eigen kalender en toon de beschikbaarheid van Huurkalender.nl op uw WordPress website.",800,12619,80,4,"2025-11-28T10:26:00.000Z","6.9.4","4.6","5.2.4",[50,51,52,19,53],"beschikbaarheidskalender","boekingssysteem","huurkalender","verhuurkalender","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhuurkalender-wp.zip",99,"2025-01-07 00:00:00","2026-04-16T10:56:18.058Z",{"attackSurface":59,"codeSignals":78,"taintFlows":164,"riskAssessment":194,"analyzedAt":209},{"hooks":60,"ajaxHandlers":70,"restRoutes":71,"shortcodes":72,"cronEvents":77,"entryPointCount":28,"unprotectedCount":13},[61,66],{"type":62,"name":63,"callback":63,"file":64,"line":65},"action","widgets_init","example-widget-popup.php",16,{"type":62,"name":67,"callback":68,"file":64,"line":69},"admin_menu","admin_oa_plugin_menu",25,[],[],[73],{"tag":7,"callback":74,"file":75,"line":76},"widget_shortcode","oa_shortcode.php",26,[],{"dangerousFunctions":79,"sqlUsage":84,"outputEscaping":86,"fileOperations":28,"externalRequests":13,"nonceChecks":13,"capabilityChecks":28,"bundledLibraries":163},[80],{"fn":81,"file":64,"line":82,"context":83},"move_uploaded_file",213,"move_uploaded_file($_FILES[\"file\"][\"tmp_name\"],",{"prepared":13,"raw":13,"locations":85},[],{"escaped":13,"rawEcho":87,"locations":88},45,[89,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,123,125,126,127,128,129,130,131,132,133,134,136,137,138,140,143,145,147,149,151,152,153,154,155,156,157,158,160,161],{"file":64,"line":90,"context":91},50,"raw output",{"file":64,"line":93,"context":91},74,{"file":64,"line":95,"context":91},79,{"file":64,"line":97,"context":91},94,{"file":64,"line":99,"context":91},135,{"file":64,"line":101,"context":91},165,{"file":64,"line":103,"context":91},169,{"file":64,"line":105,"context":91},202,{"file":64,"line":107,"context":91},208,{"file":64,"line":109,"context":91},246,{"file":64,"line":111,"context":91},247,{"file":64,"line":113,"context":91},270,{"file":64,"line":115,"context":91},274,{"file":64,"line":117,"context":91},1387,{"file":64,"line":119,"context":91},1403,{"file":121,"line":122,"context":91},"oa_widget.php",37,{"file":121,"line":124,"context":91},38,{"file":121,"line":124,"context":91},{"file":121,"line":124,"context":91},{"file":121,"line":124,"context":91},{"file":121,"line":124,"context":91},{"file":121,"line":124,"context":91},{"file":121,"line":124,"context":91},{"file":121,"line":124,"context":91},{"file":121,"line":124,"context":91},{"file":121,"line":124,"context":91},{"file":121,"line":135,"context":91},39,{"file":121,"line":135,"context":91},{"file":121,"line":135,"context":91},{"file":121,"line":139,"context":91},40,{"file":141,"line":142,"context":91},"oa_widget_popup.php",47,{"file":141,"line":144,"context":91},51,{"file":141,"line":146,"context":91},53,{"file":141,"line":148,"context":91},55,{"file":141,"line":150,"context":91},58,{"file":141,"line":150,"context":91},{"file":141,"line":150,"context":91},{"file":141,"line":150,"context":91},{"file":141,"line":150,"context":91},{"file":141,"line":150,"context":91},{"file":141,"line":150,"context":91},{"file":141,"line":150,"context":91},{"file":141,"line":159,"context":91},59,{"file":141,"line":159,"context":91},{"file":141,"line":162,"context":91},63,[],[165,185],{"entryPoint":166,"graph":167,"unsanitizedCount":183,"severity":184},"admin_oa_plugin_proces (example-widget-popup.php:1321)",{"nodes":168,"edges":180},[169,174],{"id":170,"type":171,"label":172,"file":64,"line":173},"n0","source","$_POST (x13)",1324,{"id":175,"type":176,"label":177,"file":64,"line":178,"wp_function":179},"n1","sink","update_option() [Settings Manipulation]",1338,"update_option",[181],{"from":170,"to":175,"sanitized":182},false,13,"low",{"entryPoint":186,"graph":187,"unsanitizedCount":13,"severity":184},"\u003Cexample-widget-popup> (example-widget-popup.php:0)",{"nodes":188,"edges":191},[189,190],{"id":170,"type":171,"label":172,"file":64,"line":173},{"id":175,"type":176,"label":177,"file":64,"line":178,"wp_function":179},[192],{"from":170,"to":175,"sanitized":193},true,{"summary":195,"deductions":196},"The onlineafspraken-wordpress-plugin v0.9 exhibits a mixed security posture.  While it demonstrates good practices such as using prepared statements for all SQL queries and the absence of any recorded vulnerabilities or CVEs, there are significant areas of concern stemming from the static analysis. The plugin's output is not properly escaped in any of its 45 identified outputs, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, a flow with an unsanitized path was identified, which could potentially lead to path traversal or other file system vulnerabilities, especially when combined with the presence of the `move_uploaded_file` function, a known sensitive operation.\n\nThe lack of nonce checks and capability checks for its single entry point (a shortcode) is a notable weakness. While the static analysis reports only one shortcode and no direct AJAX or REST API endpoints without authentication, the absence of these fundamental security measures on the shortcode leaves it potentially vulnerable to abuse if not handled carefully by the calling context. The vulnerability history being clean is a positive sign, suggesting either responsible development or limited exposure, but it does not negate the risks identified in the current code.",[197,200,202,205,207],{"reason":198,"points":199},"0% properly escaped output",20,{"reason":201,"points":11},"Flow with unsanitized path",{"reason":203,"points":204},"Dangerous function move_uploaded_file",5,{"reason":206,"points":204},"No nonce checks",{"reason":208,"points":204},"Insufficient capability checks","2026-04-16T11:50:39.692Z",{"wat":211,"direct":220},{"assetPaths":212,"generatorPatterns":215,"scriptPaths":216,"versionParams":217},[213,214],"\u002Fwp-content\u002Fplugins\u002Fonlineafspraken-wordpress-plugin\u002Foa-admin.js","\u002Fwp-content\u002Fplugins\u002Fonlineafspraken-wordpress-plugin\u002Foa-admin.css",[],[213],[218,219],"\u002Fwp-content\u002Fplugins\u002Fonlineafspraken-wordpress-plugin\u002Foa-admin.js?ver=","\u002Fwp-content\u002Fplugins\u002Fonlineafspraken-wordpress-plugin\u002Foa-admin.css?ver=",{"cssClasses":221,"htmlComments":223,"htmlAttributes":231,"restEndpoints":240,"jsGlobals":241,"shortcodeOutput":243},[222],"oa_admin_page_wrapper",[224,225,226,227,228,229,230],"\u003C!-- Het admin form -->","\u003C!-- NAAM AANPASSEN (icon url, en bestand)!!! -->","\u003C!-- zet de plugin menu link -->","\u003C!-- admin plugin beneer functie -->","\u003C!-- delete button -->","\u003C!-- uploaden button -->","\u003C!-- haalt buttons op voor delete -->",[232,233,234,235,236,237,238,239],"data-apikey-input","data-oaframewidth-input","data-oaframeheight-input","data-select-button-input","data-align-oa-input","data-align-oa-button-input","data-reset-button","data-reset-all-button",[],[242],"oa_admin_ajax_object",[244],"[onlineafspraken]",{"error":193,"url":246,"statusCode":247,"statusMessage":248,"message":248},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fonlineafspraken-wordpress-plugin\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":250},[]]