[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fW0-DwLxkGTcjb1NlZ6kBZe1hLm10xsKB3nPFJ9osIwI":3,"$fynz2cSF9HNqo92F717JlNuc_yiTEvWlp9GarAgfTtqc":177,"$fQ8z5VK1I0nbBfjwskzvLTKrU5GJOIlNX-ZmHZsu4z2k":182},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":122},"super-simple-events-list","Super Simple Events List","0.9","Rik","https:\u002F\u002Fprofiles.wordpress.org\u002Fbetacore\u002F","\u003Cp>Create and customise a simple events (and past events) list. Display them on your page with a shortcode. The shortcodes can be customised to show only the things you need. All the elements have classes so styling is made easy.\u003Cbr \u002F>\nIn the WP admin it has the look and feel of WordPress.\u003C\u002Fp>\n","Create and customise a simple events (and past events) list. Display them on your page with a shortcode. In the WP admin it has the look and feel of W …",0,854,"2020-09-12T11:34:00.000Z","5.5.18","5.4","",[18],"events-calendar-cpt","https:\u002F\u002Fbetacore.tech\u002Fplugins\u002Fsuper-simple-event-list-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsuper-simple-events-list.zip",85,null,"2026-03-15T15:16:48.613Z","no_bundle",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":21,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"betacore",5,6160,30,84,"2026-05-20T02:08:03.788Z",[],{"attackSurface":35,"codeSignals":95,"taintFlows":110,"riskAssessment":111,"analyzedAt":121},{"hooks":36,"ajaxHandlers":83,"restRoutes":84,"shortcodes":85,"cronEvents":93,"entryPointCount":94,"unprotectedCount":11},[37,43,49,55,59,63,68,71,75,79],{"type":38,"name":39,"callback":40,"priority":41,"file":42,"line":28},"filter","the_content","bcssel_the_content_meta",1,"includes\\content.php",{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","admin_menu","bcssel_cpt_subnav","includes\\docs.php",3,{"type":44,"name":50,"callback":51,"priority":52,"file":53,"line":54},"wp_enqueue_scripts","bcssel_fe_css",50,"includes\\init.php",9,{"type":44,"name":56,"callback":57,"file":53,"line":58},"admin_enqueue_scripts","bcssel_be_css",15,{"type":44,"name":60,"callback":61,"file":53,"line":62},"init","bcssel_cpt_events",67,{"type":44,"name":64,"callback":65,"file":66,"line":67},"add_meta_boxes","bcssel_event_box_call","includes\\wpadmin.php",12,{"type":44,"name":69,"callback":70,"file":66,"line":52},"save_post","bcssel_save_event",{"type":38,"name":72,"callback":73,"file":66,"line":74},"parse_query","bcssel_be_order_list",100,{"type":44,"name":76,"callback":77,"file":66,"line":78},"load-edit.php","bcssel_col_load",118,{"type":38,"name":80,"callback":81,"file":66,"line":82},"manage_posts_columns","bcssel_column_order",199,[],[],[86,90],{"tag":87,"callback":87,"file":88,"line":89},"bcssel_upcoming_events","includes\\shortcode.php",116,{"tag":91,"callback":91,"file":88,"line":92},"bcssel_past_events",231,[],2,{"dangerousFunctions":96,"sqlUsage":97,"outputEscaping":99,"fileOperations":11,"externalRequests":11,"nonceChecks":41,"capabilityChecks":41,"bundledLibraries":109},[],{"prepared":11,"raw":11,"locations":98},[],{"escaped":100,"rawEcho":48,"locations":101},31,[102,105,107],{"file":66,"line":103,"context":104},25,"raw output",{"file":66,"line":106,"context":104},175,{"file":66,"line":108,"context":104},177,[],[],{"summary":112,"deductions":113},"The \"super-simple-events-list\" v0.9 plugin demonstrates a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL queries without prepared statements, file operations, and external HTTP requests are all positive indicators.  The plugin also incorporates a nonce check and a capability check, suggesting an awareness of common security vulnerabilities.  The high percentage of properly escaped output further reinforces this good practice.\n\nThe primary areas of concern lie in the limited attack surface analysis, which shows no unprotected entry points, but also no taint analysis. While the static analysis did not uncover any critical vulnerabilities, the lack of taint analysis means that potential data flow vulnerabilities, where user input could be processed in an unsafe manner, might have been missed.  The vulnerability history is clean, with no known CVEs, which is a significant strength and suggests the plugin has historically been well-maintained from a security perspective.\n\nIn conclusion, the plugin appears to be built with security in mind, with good coding practices observed. The absence of historical vulnerabilities is a strong positive. However, the lack of taint analysis is a notable gap, as it limits the confidence that all potential vulnerabilities have been identified. The limited number of entry points and their protection are positive, but the absence of taint analysis prevents a complete assessment of the security of these entry points against more sophisticated attacks.",[114,117,119],{"reason":115,"points":116},"Lack of taint analysis",8,{"reason":118,"points":41},"Limited attack surface details (no unprotected entry points)",{"reason":120,"points":48},"91% output escaping (3% unescaped)","2026-03-17T06:17:16.670Z",{"wat":123,"direct":130},{"assetPaths":124,"generatorPatterns":127,"scriptPaths":128,"versionParams":129},[125,126],"\u002Fwp-content\u002Fplugins\u002Fsuper-simple-events-list\u002Fassets\u002Fbcssel.css","\u002Fwp-content\u002Fplugins\u002Fsuper-simple-events-list\u002Fassets\u002Fbcssel-admin.css",[],[],[],{"cssClasses":131,"htmlComments":150,"htmlAttributes":151,"restEndpoints":155,"jsGlobals":156,"shortcodeOutput":157},[132,87,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149],"bcssel","bcssel_list","bcssel_list_item","bcssel_list_link","bcssel_col_img","bcssel_img","bcssel_no_img","bcssel_col_content","bcssel_box_title","bcssel_title","bcssel_meta_box","bcssel_meta_item","bcssel_list_date","bcssel_value","bcssel_list_time","bcssel_list_loc","bcssel_box_text","bcssel_box_full_text",[],[152,153,154],"data-bcssel-date","data-bcssel-time","data-bcssel-loc",[],[],[158,159,160,161,162,163,164,165,164,166,167,168,169,164,170,171,172,173,172,174,172,164,175,164,164,176,164],"\u003Cdiv id=\"bcssel\" class=\"bcssel bcssel_upcoming_events bcssel_list\">","\u003Cdiv class=\"bcssel_list_item\">","\u003Ca href=\"","\" class=\"bcssel_list_link\">","\u003Cdiv class=\"bcssel_col_img\">","\u003Cdiv class=\"bcssel_img\">","\u003C\u002Fdiv>","\u003Cdiv class=\"bcssel_no_img\">\u003C\u002Fdiv>","\u003Cdiv class=\"bcssel_col_content\">","\u003Cdiv class=\"bcssel_box_title\">","\u003Ch3 class=\"bcssel_title\">","\u003C\u002Fh3>","\u003Cdiv class=\"bcssel_meta_box\">","\u003Cspan class=\"bcssel_meta_item bcssel_list_date\">","\u003C\u002Fspan>","\u003Cspan class=\"bcssel_meta_item bcssel_list_time\">","\u003Cspan class=\"bcssel_meta_item bcssel_list_loc\">","\u003Cdiv class=\"bcssel_box_text bcssel_box_full_text\">","\u003C\u002Fa>",{"error":178,"url":179,"statusCode":180,"statusMessage":181,"message":181},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsuper-simple-events-list\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":11,"versions":183},[]]