[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffTYiKRqfkKuTtf8y2E1Hm6kSiKZYRVNWKZ9HpQorcsE":3},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":8,"requires_at_least":8,"requires_php":8,"tags":15,"homepage":16,"download_link":17,"security_score":18,"vuln_count":19,"unpatched_count":20,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":95,"crawl_stats":29,"alternatives":102,"analysis":103,"fingerprints":876},"travelpayouts","Travelpayouts","1.2.2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftravelpayouts\u002F","","Earn money and make your visitors happy! Offer them useful tools for their travel needs. Earn on commission for each booking.",7000,316102,88,17,"2026-02-26T14:22:00.000Z",[],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftravelpayouts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftravelpayouts.zip",67,5,1,"2026-01-29 00:00:00","2026-03-15T15:16:48.613Z",[24,38,53,67,80],{"id":25,"url_slug":26,"title":27,"description":28,"plugin_slug":4,"theme_slug":29,"affected_versions":30,"patched_in_version":29,"severity":31,"cvss_score":32,"cvss_vector":33,"vuln_type":34,"published_date":21,"updated_date":35,"references":36,"days_to_patch":29},"CVE-2025-68042","travelpayouts-missing-authorization","Travelpayouts \u003C= 1.2.1 - Missing Authorization","The Travelpayouts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=1.2.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-02 16:15:25",[37],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd8f7b930-dad7-49ce-8826-8c8ab7b390ef?source=api-prod",{"id":39,"url_slug":40,"title":41,"description":42,"plugin_slug":4,"theme_slug":29,"affected_versions":43,"patched_in_version":44,"severity":31,"cvss_score":45,"cvss_vector":46,"vuln_type":47,"published_date":48,"updated_date":49,"references":50,"days_to_patch":52},"CVE-2024-0337","travelpayouts-all-travel-brands-in-one-place-open-redirect","Travelpayouts: All Travel Brands in One Place \u003C= 1.1.16 - Open Redirect","The Travelpayouts: All Travel Brands in One Place plugin for WordPress is vulnerable to Open Redirect in versions 0.0.0.0 to 1.1.16. This is due to insufficient validation on the redirect url supplied via the travelpayouts_redirect parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","\u003C=1.1.16","1.1.17",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","URL Redirection to Untrusted Site ('Open Redirect')","2024-02-28 00:00:00","2024-05-29 21:08:36",[51],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd9d19571-f0a1-4f15-a292-89b938c49afc?source=api-prod",92,{"id":54,"url_slug":55,"title":56,"description":57,"plugin_slug":4,"theme_slug":29,"affected_versions":58,"patched_in_version":59,"severity":31,"cvss_score":32,"cvss_vector":60,"vuln_type":61,"published_date":62,"updated_date":63,"references":64,"days_to_patch":66},"CVE-2023-5934","travelpayouts-cross-site-request-forgery-to-settings-import","Travelpayouts \u003C= 1.1.12 - Cross-Site Request Forgery to Settings Import","The Travelpayouts: All Travel Brands in One Place plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.12. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import settings granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.1.12","1.1.13","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-26 00:00:00","2025-05-27 14:32:22",[65],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F04f2ebf8-5721-4db7-8fc0-f2ae05e94239?source=api-prod",488,{"id":68,"url_slug":69,"title":70,"description":71,"plugin_slug":4,"theme_slug":29,"affected_versions":72,"patched_in_version":73,"severity":31,"cvss_score":45,"cvss_vector":46,"vuln_type":74,"published_date":75,"updated_date":76,"references":77,"days_to_patch":79},"CVE-2023-5932","travelpayouts-reflected-cross-site-scripting","Travelpayouts \u003C= 1.1.13 - Reflected Cross-Site Scripting","The Travelpayouts: All Travel Brands in One Place plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.13","1.1.14","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-23 00:00:00","2025-05-21 20:55:20",[78],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3aa14f56-85b7-4f8d-bc62-a1e99977e510?source=api-prod",485,{"id":81,"url_slug":82,"title":83,"description":84,"plugin_slug":4,"theme_slug":29,"affected_versions":85,"patched_in_version":86,"severity":87,"cvss_score":88,"cvss_vector":89,"vuln_type":61,"published_date":90,"updated_date":91,"references":92,"days_to_patch":94},"WF-7e199cd3-e2ce-4969-a517-4a9c2a84bf44-travelpayouts","travelpayouts-cross-site-request-forgery","Travelpayouts \u003C= 1.0.16 - Cross-Site Request Forgery","The Travelpayouts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.16. This is due to missing or incorrect nonce validation in the outdated Redux Framework. This makes it possible for unauthenticated attackers to gain restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.0.16","1.0.17","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","2021-09-13 00:00:00","2024-01-22 19:56:02",[93],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7e199cd3-e2ce-4969-a517-4a9c2a84bf44?source=api-prod",862,{"slug":4,"display_name":5,"profile_url":7,"plugin_count":96,"total_installs":97,"avg_security_score":98,"avg_patch_time_days":99,"trust_score":100,"computed_at":101},2,7010,76,482,62,"2026-04-05T01:56:05.887Z",[],{"attackSurface":104,"codeSignals":247,"taintFlows":781,"riskAssessment":856,"analyzedAt":875},{"hooks":105,"ajaxHandlers":226,"restRoutes":243,"shortcodes":244,"cronEvents":245,"entryPointCount":246,"unprotectedCount":96},[106,113,118,123,127,131,134,138,143,149,154,159,163,168,171,174,177,179,180,184,188,193,196,198,201,206,210,214,219,223],{"type":107,"name":108,"callback":109,"priority":110,"file":111,"line":112},"action","admin_notices","notices",99,"redux-core\\inc\\classes\\class-travelpayouts-admin-notices.php",42,{"type":107,"name":114,"callback":115,"priority":116,"file":111,"line":117},"admin_init","dismiss",9,43,{"type":107,"name":119,"callback":120,"file":121,"line":122},"init","create_redux","redux-core\\inc\\classes\\class-travelpayouts-api.php",120,{"type":107,"name":124,"callback":125,"file":121,"line":126},"plugins_loaded","delay_init",164,{"type":107,"name":128,"callback":129,"file":121,"line":130},"TravelpayoutsSettingsFrameworkPlugin_admin_notice","Redux_Travelpayouts::remove_demo",1705,{"type":107,"name":132,"callback":129,"file":121,"line":133},"Redux_Travelpayouts_framework_plugin_admin_notice",1706,{"type":107,"name":135,"callback":119,"priority":20,"file":136,"line":137},"admin_enqueue_scripts","redux-core\\inc\\classes\\class-travelpayouts-enqueue.php",57,{"type":107,"name":139,"callback":140,"priority":141,"file":136,"line":142},"wp_enqueue_scripts","frontend_init",10,60,{"type":144,"name":145,"callback":146,"file":147,"line":148},"filter","redux_travelpayouts\u002Ffields","closure","redux-core\\inc\\classes\\class-travelpayouts-extension-abstract.php",189,{"type":107,"name":150,"callback":151,"file":152,"line":153},"wp_head","meta_tag","redux-core\\inc\\classes\\class-travelpayouts-functions-ex.php",158,{"type":107,"name":155,"callback":156,"priority":19,"file":157,"line":158},"redux_travelpayouts\u002Fconstruct","store","redux-core\\inc\\classes\\class-travelpayouts-instances.php",74,{"type":107,"name":114,"callback":160,"file":161,"line":162},"register","redux-core\\inc\\classes\\class-travelpayouts-options-constructor.php",55,{"type":107,"name":150,"callback":164,"priority":165,"file":166,"line":167},"output_css",150,"redux-core\\inc\\classes\\class-travelpayouts-output.php",30,{"type":107,"name":139,"callback":169,"priority":165,"file":166,"line":170},"enqueue",31,{"type":107,"name":172,"callback":164,"priority":165,"file":166,"line":173},"login_head",36,{"type":107,"name":175,"callback":169,"priority":165,"file":166,"line":176},"login_enqueue_scripts",37,{"type":107,"name":178,"callback":164,"priority":165,"file":166,"line":112},"admin_head",{"type":107,"name":135,"callback":169,"priority":165,"file":166,"line":117},{"type":144,"name":181,"callback":182,"priority":141,"file":166,"line":183},"style_loader_tag","add_style_attributes",219,{"type":144,"name":185,"callback":186,"priority":141,"file":166,"line":187},"wp_resource_hints","google_fonts_preconnect",220,{"type":107,"name":189,"callback":190,"file":191,"line":192},"admin_menu","options_page","redux-core\\inc\\classes\\class-travelpayouts-page-render.php",47,{"type":107,"name":194,"callback":190,"file":191,"line":195},"network_admin_menu",51,{"type":107,"name":178,"callback":178,"file":191,"line":197},141,{"type":144,"name":199,"callback":199,"file":191,"line":200},"admin_footer_text",144,{"type":144,"name":202,"callback":203,"file":204,"line":205},"deprecated_file_trigger_error","tick_file_deprecate_warning","redux-core\\inc\\classes\\class-travelpayouts-panel.php",314,{"type":107,"name":207,"callback":207,"file":208,"line":209},"rest_api_init","redux-core\\inc\\classes\\class-travelpayouts-rest-api-builder.php",46,{"type":144,"name":211,"callback":212,"file":213,"line":52},"upload_mimes","custom_upload_mimes","redux-core\\inc\\extensions\\import_export\\class-travelpayouts-extension-import-export.php",{"type":144,"name":215,"callback":216,"file":217,"line":218},"redux_travelpayouts\u002Ffont-icons","Redux_Travelpayouts_get_font_icons","redux-core\\inc\\fields\\select\\elusive-icons.php",11,{"type":107,"name":220,"callback":221,"file":222,"line":170},"admin_footer","printModal","src\\admin\\components\\DeactivationFeedback.php",{"type":107,"name":207,"callback":146,"file":224,"line":225},"src\\components\\web\\WpRestRouteGroup.php",16,[227,233,238],{"action":228,"nopriv":229,"callback":230,"hasNonce":229,"hasCapCheck":229,"file":231,"line":232},"Redux_Travelpayouts_support_hash",false,"support_hash","redux-core\\class-travelpayouts-core.php",250,{"action":234,"nopriv":229,"callback":235,"hasNonce":236,"hasCapCheck":229,"file":111,"line":237},"Redux_Travelpayouts_hide_admin_notice","ajax",true,41,{"action":239,"nopriv":229,"callback":240,"hasNonce":229,"hasCapCheck":229,"file":241,"line":242},"Redux_Travelpayouts_update_google_fonts","google_fonts_update","redux-core\\inc\\classes\\class-travelpayouts-ajax-typography.php",26,[],[],[],3,{"dangerousFunctions":248,"sqlUsage":257,"outputEscaping":264,"fileOperations":776,"externalRequests":96,"nonceChecks":141,"capabilityChecks":96,"bundledLibraries":777},[249,254],{"fn":250,"file":251,"line":252,"context":253},"unserialize","src\\components\\base\\cache\\Cache.php",101,"$value = unserialize($value,[",{"fn":250,"file":251,"line":255,"context":256},171,"$value = unserialize($values[$newKey]);",{"prepared":19,"raw":96,"locations":258},[259,262],{"file":260,"line":237,"context":261},"src\\components\\db\\Query.php","$wpdb->get_var() with variable interpolation",{"file":260,"line":192,"context":263},"$wpdb->get_row() with variable interpolation",{"escaped":265,"rawEcho":266,"locations":267},572,276,[268,271,273,276,278,280,282,284,286,288,291,293,295,297,299,301,303,305,307,309,311,312,314,315,317,319,322,325,328,330,332,334,336,338,340,342,345,347,349,352,353,356,358,361,362,365,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,449,451,453,455,457,459,461,463,465,468,470,472,474,477,480,483,485,487,489,490,492,494,495,497,499,500,502,504,506,507,508,510,512,513,515,517,519,522,524,526,527,528,530,532,535,538,541,543,544,545,546,549,551,554,557,559,560,562,564,565,566,567,569,572,573,574,576,577,578,580,582,583,584,585,586,587,588,590,591,593,594,595,596,597,599,601,603,604,606,607,609,610,611,612,614,615,616,617,619,621,622,624,626,628,630,632,634,636,638,640,642,644,646,648,650,651,653,655,656,657,659,661,663,664,665,667,669,670,672,674,676,677,679,681,683,684,686,688,690,691,693,695,697,699,700,701,702,703,704,705,706,708,709,711,712,713,714,716,718,720,721,722,723,725,727,729,731,734,736,739,742,744,745,746,747,748,749,751,752,754,755,756,759,761,763,765,768,770,771,773],{"file":111,"line":269,"context":270},130,"raw output",{"file":111,"line":272,"context":270},135,{"file":274,"line":275,"context":270},"redux-core\\inc\\classes\\class-travelpayouts-ajax-save.php",38,{"file":274,"line":277,"context":270},49,{"file":274,"line":279,"context":270},90,{"file":274,"line":281,"context":270},112,{"file":274,"line":283,"context":270},174,{"file":121,"line":285,"context":270},349,{"file":147,"line":287,"context":270},251,{"file":289,"line":290,"context":270},"redux-core\\inc\\classes\\class-travelpayouts-filesystem.php",149,{"file":166,"line":292,"context":270},203,{"file":166,"line":294,"context":270},360,{"file":191,"line":296,"context":270},515,{"file":191,"line":298,"context":270},682,{"file":204,"line":300,"context":270},85,{"file":204,"line":302,"context":270},257,{"file":204,"line":304,"context":270},272,{"file":204,"line":306,"context":270},431,{"file":204,"line":308,"context":270},473,{"file":204,"line":310,"context":270},480,{"file":204,"line":99,"context":270},{"file":204,"line":313,"context":270},487,{"file":213,"line":200,"context":270},{"file":213,"line":316,"context":270},178,{"file":213,"line":318,"context":270},191,{"file":320,"line":321,"context":270},"redux-core\\inc\\extensions\\import_export\\import_export\\class-travelpayouts-import-export.php",80,{"file":323,"line":324,"context":270},"redux-core\\inc\\extensions\\options_object\\options_object\\class-redux-options-object.php",100,{"file":326,"line":327,"context":270},"redux-core\\inc\\fields\\checkbox\\class-travelpayouts-checkbox.php",81,{"file":326,"line":329,"context":270},106,{"file":331,"line":100,"context":270},"redux-core\\inc\\fields\\color\\class-travelpayouts-color.php",{"file":333,"line":197,"context":270},"redux-core\\inc\\fields\\dimensions\\class-travelpayouts-dimensions.php",{"file":333,"line":335,"context":270},168,{"file":333,"line":337,"context":270},190,{"file":333,"line":339,"context":270},194,{"file":333,"line":341,"context":270},216,{"file":343,"line":344,"context":270},"redux-core\\inc\\fields\\image_select\\class-travelpayouts-image-select.php",148,{"file":346,"line":209,"context":270},"redux-core\\inc\\fields\\radio\\class-travelpayouts-radio.php",{"file":346,"line":348,"context":270},53,{"file":350,"line":351,"context":270},"redux-core\\inc\\fields\\raw\\class-travelpayouts-raw.php",39,{"file":350,"line":237,"context":270},{"file":354,"line":355,"context":270},"redux-core\\inc\\fields\\select\\class-travelpayouts-select.php",138,{"file":354,"line":357,"context":270},166,{"file":359,"line":360,"context":270},"redux-core\\inc\\fields\\text\\class-travelpayouts-text.php",103,{"file":359,"line":281,"context":270},{"file":363,"line":364,"context":270},"redux-core\\inc\\fields\\textarea\\class-travelpayouts-textarea.php",45,{"file":366,"line":367,"context":270},"redux-core\\inc\\fields\\typography\\class-travelpayouts-typography.php",292,{"file":366,"line":369,"context":270},334,{"file":366,"line":371,"context":270},335,{"file":366,"line":373,"context":270},346,{"file":366,"line":375,"context":270},355,{"file":366,"line":377,"context":270},356,{"file":366,"line":379,"context":270},372,{"file":366,"line":381,"context":270},388,{"file":366,"line":383,"context":270},396,{"file":366,"line":385,"context":270},398,{"file":366,"line":387,"context":270},415,{"file":366,"line":389,"context":270},416,{"file":366,"line":391,"context":270},417,{"file":366,"line":393,"context":270},438,{"file":366,"line":395,"context":270},446,{"file":366,"line":397,"context":270},447,{"file":366,"line":399,"context":270},448,{"file":366,"line":401,"context":270},469,{"file":366,"line":403,"context":270},477,{"file":366,"line":405,"context":270},478,{"file":366,"line":407,"context":270},479,{"file":366,"line":409,"context":270},497,{"file":366,"line":411,"context":270},505,{"file":366,"line":413,"context":270},506,{"file":366,"line":415,"context":270},507,{"file":366,"line":417,"context":270},528,{"file":366,"line":419,"context":270},537,{"file":366,"line":421,"context":270},539,{"file":366,"line":423,"context":270},556,{"file":366,"line":425,"context":270},558,{"file":366,"line":427,"context":270},576,{"file":366,"line":429,"context":270},578,{"file":366,"line":431,"context":270},596,{"file":366,"line":433,"context":270},598,{"file":366,"line":435,"context":270},623,{"file":366,"line":437,"context":270},637,{"file":366,"line":439,"context":270},645,{"file":366,"line":441,"context":270},708,{"file":366,"line":443,"context":270},1400,{"file":366,"line":445,"context":270},1413,{"file":447,"line":448,"context":270},"src\\admin\\AdminHooks.php",259,{"file":447,"line":450,"context":270},274,{"file":447,"line":452,"context":270},291,{"file":447,"line":454,"context":270},305,{"file":447,"line":456,"context":270},323,{"file":447,"line":458,"context":270},384,{"file":222,"line":460,"context":270},22,{"file":462,"line":162,"context":270},"src\\admin\\components\\elementor\\ElementorControl.php",{"file":462,"line":464,"context":270},77,{"file":466,"line":467,"context":270},"src\\admin\\components\\elementor\\ElementorWidget.php",122,{"file":466,"line":469,"context":270},132,{"file":466,"line":471,"context":270},143,{"file":473,"line":242,"context":270},"src\\admin\\components\\elementor\\PreviewController.php",{"file":475,"line":476,"context":270},"src\\admin\\partials\\LandingPage.php",104,{"file":478,"line":479,"context":270},"src\\admin\\redux\\extensions\\AutocompleteField.php",21,{"file":481,"line":482,"context":270},"src\\admin\\redux\\extensions\\clearTableCache\\ClearTableCacheField.php",20,{"file":484,"line":100,"context":270},"src\\admin\\redux\\extensions\\linksForms\\LinksForms.php",{"file":484,"line":486,"context":270},64,{"file":484,"line":488,"context":270},69,{"file":484,"line":158,"context":270},{"file":484,"line":491,"context":270},79,{"file":484,"line":493,"context":270},89,{"file":484,"line":110,"context":270},{"file":484,"line":496,"context":270},109,{"file":484,"line":498,"context":270},111,{"file":484,"line":281,"context":270},{"file":484,"line":501,"context":270},119,{"file":484,"line":503,"context":270},121,{"file":484,"line":505,"context":270},125,{"file":484,"line":269,"context":270},{"file":484,"line":272,"context":270},{"file":484,"line":509,"context":270},140,{"file":484,"line":511,"context":270},145,{"file":484,"line":165,"context":270},{"file":484,"line":514,"context":270},152,{"file":484,"line":516,"context":270},153,{"file":484,"line":518,"context":270},156,{"file":520,"line":521,"context":270},"src\\admin\\redux\\extensions\\OscAccordionField.php",82,{"file":520,"line":523,"context":270},93,{"file":525,"line":491,"context":270},"src\\admin\\redux\\extensions\\platformSelect\\PlatformSelectField.php",{"file":525,"line":252,"context":270},{"file":525,"line":329,"context":270},{"file":525,"line":529,"context":270},124,{"file":525,"line":531,"context":270},136,{"file":533,"line":534,"context":270},"src\\admin\\redux\\extensions\\reimportSearchForms\\ReimportSearchFormField.php",18,{"file":536,"line":537,"context":270},"src\\admin\\redux\\extensions\\SettingsImportField.php",23,{"file":539,"line":540,"context":270},"src\\admin\\redux\\extensions\\sortBy\\SortByField.php",96,{"file":539,"line":542,"context":270},118,{"file":539,"line":529,"context":270},{"file":539,"line":197,"context":270},{"file":539,"line":516,"context":270},{"file":547,"line":548,"context":270},"src\\admin\\redux\\extensions\\sorter\\SorterField.php",167,{"file":550,"line":170,"context":270},"src\\admin\\redux\\ReduxHooks.php",{"file":552,"line":553,"context":270},"src\\admin\\redux\\templates\\panel\\container.tpl.php",25,{"file":555,"line":556,"context":270},"src\\admin\\redux\\templates\\panel\\header-stickybar.tpl.php",27,{"file":555,"line":558,"context":270},28,{"file":555,"line":167,"context":270},{"file":555,"line":561,"context":270},32,{"file":563,"line":460,"context":270},"src\\admin\\redux\\templates\\panel\\menu-container.tpl.php",{"file":563,"line":167,"context":270},{"file":563,"line":348,"context":270},{"file":563,"line":18,"context":270},{"file":568,"line":509,"context":270},"src\\admin\\templates\\deactivationFeedback\\modal.php",{"file":570,"line":571,"context":270},"src\\admin\\templates\\feedbackButton.php",15,{"file":570,"line":571,"context":270},{"file":570,"line":225,"context":270},{"file":575,"line":534,"context":270},"src\\admin\\templates\\landingPage\\landing.php",{"file":575,"line":558,"context":270},{"file":575,"line":170,"context":270},{"file":575,"line":579,"context":270},33,{"file":575,"line":581,"context":270},34,{"file":575,"line":173,"context":270},{"file":575,"line":176,"context":270},{"file":575,"line":112,"context":270},{"file":575,"line":117,"context":270},{"file":575,"line":209,"context":270},{"file":575,"line":192,"context":270},{"file":575,"line":589,"context":270},50,{"file":575,"line":195,"context":270},{"file":575,"line":592,"context":270},68,{"file":575,"line":321,"context":270},{"file":575,"line":300,"context":270},{"file":575,"line":12,"context":270},{"file":575,"line":279,"context":270},{"file":575,"line":598,"context":270},91,{"file":575,"line":600,"context":270},94,{"file":575,"line":602,"context":270},98,{"file":575,"line":324,"context":270},{"file":575,"line":605,"context":270},105,{"file":575,"line":496,"context":270},{"file":575,"line":608,"context":270},116,{"file":575,"line":122,"context":270},{"file":575,"line":505,"context":270},{"file":575,"line":269,"context":270},{"file":575,"line":613,"context":270},134,{"file":575,"line":197,"context":270},{"file":575,"line":511,"context":270},{"file":575,"line":516,"context":270},{"file":575,"line":618,"context":270},157,{"file":575,"line":620,"context":270},177,{"file":575,"line":316,"context":270},{"file":575,"line":623,"context":270},180,{"file":575,"line":625,"context":270},181,{"file":575,"line":627,"context":270},199,{"file":575,"line":629,"context":270},202,{"file":575,"line":631,"context":270},207,{"file":575,"line":633,"context":270},218,{"file":575,"line":635,"context":270},222,{"file":575,"line":637,"context":270},224,{"file":575,"line":639,"context":270},228,{"file":575,"line":641,"context":270},230,{"file":575,"line":643,"context":270},234,{"file":575,"line":645,"context":270},236,{"file":575,"line":647,"context":270},240,{"file":575,"line":649,"context":270},242,{"file":575,"line":232,"context":270},{"file":575,"line":652,"context":270},255,{"file":575,"line":654,"context":270},258,{"file":575,"line":448,"context":270},{"file":575,"line":448,"context":270},{"file":575,"line":658,"context":270},266,{"file":575,"line":660,"context":270},268,{"file":575,"line":662,"context":270},269,{"file":575,"line":662,"context":270},{"file":575,"line":266,"context":270},{"file":575,"line":666,"context":270},278,{"file":575,"line":668,"context":270},279,{"file":575,"line":668,"context":270},{"file":575,"line":671,"context":270},286,{"file":575,"line":673,"context":270},288,{"file":575,"line":675,"context":270},289,{"file":575,"line":675,"context":270},{"file":575,"line":678,"context":270},296,{"file":575,"line":680,"context":270},298,{"file":575,"line":682,"context":270},299,{"file":575,"line":682,"context":270},{"file":575,"line":685,"context":270},306,{"file":575,"line":687,"context":270},308,{"file":575,"line":689,"context":270},309,{"file":575,"line":689,"context":270},{"file":575,"line":692,"context":270},317,{"file":575,"line":694,"context":270},319,{"file":575,"line":696,"context":270},320,{"file":698,"line":482,"context":270},"src\\admin\\templates\\notices\\notice.php",{"file":698,"line":482,"context":270},{"file":698,"line":537,"context":270},{"file":698,"line":556,"context":270},{"file":698,"line":167,"context":270},{"file":698,"line":275,"context":270},{"file":698,"line":209,"context":270},{"file":698,"line":192,"context":270},{"file":707,"line":460,"context":270},"src\\admin\\templates\\notices\\wrapper.php",{"file":707,"line":556,"context":270},{"file":710,"line":571,"context":270},"src\\admin\\templates\\notices\\_notificationCloseDialog.php",{"file":710,"line":561,"context":270},{"file":710,"line":275,"context":270},{"file":710,"line":237,"context":270},{"file":715,"line":141,"context":270},"src\\admin\\templates\\platformsScript.php",{"file":717,"line":13,"context":270},"src\\admin\\templates\\script.php",{"file":719,"line":633,"context":270},"src\\components\\base\\BasePluginCore.php",{"file":719,"line":637,"context":270},{"file":719,"line":645,"context":270},{"file":719,"line":649,"context":270},{"file":719,"line":724,"context":270},254,{"file":719,"line":726,"context":270},261,{"file":719,"line":728,"context":270},300,{"file":719,"line":730,"context":270},307,{"file":732,"line":733,"context":270},"src\\components\\BaseWidget.php",175,{"file":735,"line":237,"context":270},"src\\components\\notices\\Notices.php",{"file":737,"line":738,"context":270},"src\\components\\tables\\TableShortcode.php",460,{"file":740,"line":741,"context":270},"src\\components\\web\\Response.php",163,{"file":743,"line":300,"context":270},"src\\components\\web\\views\\error.php",{"file":743,"line":493,"context":270},{"file":743,"line":279,"context":270},{"file":743,"line":598,"context":270},{"file":743,"line":598,"context":270},{"file":743,"line":523,"context":270},{"file":743,"line":750,"context":270},95,{"file":743,"line":110,"context":270},{"file":753,"line":571,"context":270},"src\\components\\widgets\\templates\\alert.php",{"file":753,"line":13,"context":270},{"file":753,"line":460,"context":270},{"file":757,"line":758,"context":270},"src\\frontend\\PublicHooks.php",146,{"file":757,"line":760,"context":270},176,{"file":757,"line":762,"context":270},188,{"file":764,"line":167,"context":270},"src\\modules\\moneyScript\\components\\MoneyScript.php",{"file":766,"line":767,"context":270},"src\\modules\\moneyScript\\widgets\\templates\\section_description.php",13,{"file":766,"line":769,"context":270},14,{"file":766,"line":553,"context":270},{"file":766,"line":772,"context":270},29,{"file":774,"line":775,"context":270},"src\\modules\\tables\\components\\api\\travelpayouts\\BaseTravelpayoutsApiModel.php",44,40,[778],{"name":779,"version":29,"knownCves":780},"Select2",[],[782,803,813,825,835,848],{"entryPoint":783,"graph":784,"unsanitizedCount":20,"severity":31},"save (redux-core\\inc\\classes\\class-travelpayouts-ajax-save.php:34)",{"nodes":785,"edges":800},[786,790,794],{"id":787,"type":788,"label":789,"file":274,"line":98},"n0","source","$_POST",{"id":791,"type":792,"label":793,"file":274,"line":98},"n1","transform","→ validate_options()",{"id":795,"type":796,"label":797,"file":161,"line":798,"wp_function":799},"n2","sink","wp_remote_get() [SSRF]",756,"wp_remote_get",[801,802],{"from":787,"to":791,"sanitized":229},{"from":791,"to":795,"sanitized":229},{"entryPoint":804,"graph":805,"unsanitizedCount":20,"severity":31},"\u003Cclass-travelpayouts-ajax-save> (redux-core\\inc\\classes\\class-travelpayouts-ajax-save.php:0)",{"nodes":806,"edges":810},[807,808,809],{"id":787,"type":788,"label":789,"file":274,"line":98},{"id":791,"type":792,"label":793,"file":274,"line":98},{"id":795,"type":796,"label":797,"file":161,"line":798,"wp_function":799},[811,812],{"from":787,"to":791,"sanitized":229},{"from":791,"to":795,"sanitized":229},{"entryPoint":814,"graph":815,"unsanitizedCount":20,"severity":31},"save_network_page (redux-core\\inc\\classes\\class-travelpayouts-network.php:65)",{"nodes":816,"edges":822},[817,820,821],{"id":787,"type":788,"label":789,"file":818,"line":819},"redux-core\\inc\\classes\\class-travelpayouts-network.php",72,{"id":791,"type":792,"label":793,"file":818,"line":819},{"id":795,"type":796,"label":797,"file":161,"line":798,"wp_function":799},[823,824],{"from":787,"to":791,"sanitized":229},{"from":791,"to":795,"sanitized":229},{"entryPoint":826,"graph":827,"unsanitizedCount":20,"severity":31},"\u003Cclass-travelpayouts-network> (redux-core\\inc\\classes\\class-travelpayouts-network.php:0)",{"nodes":828,"edges":832},[829,830,831],{"id":787,"type":788,"label":789,"file":818,"line":819},{"id":791,"type":792,"label":793,"file":818,"line":819},{"id":795,"type":796,"label":797,"file":161,"line":798,"wp_function":799},[833,834],{"from":787,"to":791,"sanitized":229},{"from":791,"to":795,"sanitized":229},{"entryPoint":836,"graph":837,"unsanitizedCount":846,"severity":847},"landing_page_action (src\\admin\\AdminHooks.php:436)",{"nodes":838,"edges":844},[839,841],{"id":787,"type":788,"label":840,"file":447,"line":397},"$_POST['_wp_http_referer']",{"id":791,"type":796,"label":842,"file":447,"line":397,"wp_function":843},"wp_redirect() [Open Redirect]","wp_redirect",[845],{"from":787,"to":791,"sanitized":236},0,"low",{"entryPoint":849,"graph":850,"unsanitizedCount":846,"severity":847},"\u003CAdminHooks> (src\\admin\\AdminHooks.php:0)",{"nodes":851,"edges":854},[852,853],{"id":787,"type":788,"label":840,"file":447,"line":397},{"id":791,"type":796,"label":842,"file":447,"line":397,"wp_function":843},[855],{"from":787,"to":791,"sanitized":236},{"summary":857,"deductions":858},"The TravelPayouts plugin version 1.2.2 exhibits a concerning security posture, primarily due to significant risks identified in its attack surface and a history of multiple, serious vulnerabilities.  The presence of two unprotected AJAX handlers represents a direct avenue for attackers to potentially exploit the plugin without proper authorization, which is a critical oversight. While the plugin utilizes prepared statements for a majority of its SQL queries and has a decent percentage of properly escaped output, the existence of the `unserialize` dangerous function, especially if used with user-controlled input, poses a severe risk of remote code execution. Taint analysis, though limited in scope, did not reveal critical or high severity unsanitized flows, which is a small positive, but this could be a result of limited analysis coverage rather than true security.",[859,861,863,865,868,870,873],{"reason":860,"points":141},"Unprotected AJAX handlers",{"reason":862,"points":571},"Dangerous function: unserialize",{"reason":864,"points":13},"Unpatched high severity CVE",{"reason":866,"points":867},"Vulnerability history: 5 CVEs",8,{"reason":869,"points":19},"Vulnerability history: High severity",{"reason":871,"points":872},"Vulnerability history: Medium severity",4,{"reason":874,"points":872},"Bundled library: Select2","2026-03-16T18:00:29.846Z",{"wat":877,"direct":893},{"assetPaths":878,"generatorPatterns":885,"scriptPaths":886,"versionParams":887},[879,880,881,882,883,884],"\u002Fwp-content\u002Fplugins\u002Ftravelpayouts\u002Ftravelpayouts-core.js","\u002Fwp-content\u002Fplugins\u002Ftravelpayouts\u002Ftravelpayouts.css","\u002Fwp-content\u002Fplugins\u002Ftravelpayouts\u002Ftravelpayouts-core.css","\u002Fwp-content\u002Fplugins\u002Ftravelpayouts\u002Fjs\u002Ftravelpayouts-frontend.js","\u002Fwp-content\u002Fplugins\u002Ftravelpayouts\u002Fcss\u002Ftravelpayouts.css","\u002Fwp-content\u002Fplugins\u002Ftravelpayouts\u002Fcss\u002Ftravelpayouts-frontend.css",[],[879,882],[888,889,890,891,889,892],"travelpayouts-core.js?ver=","travelpayouts.css?ver=","travelpayouts-core.css?ver=","travelpayouts-frontend.js?ver=","travelpayouts-frontend.css?ver=",{"cssClasses":894,"htmlComments":900,"htmlAttributes":905,"restEndpoints":909,"jsGlobals":910,"shortcodeOutput":912},[895,896,897,898,899],"travelpayouts-search-form","tp_widget_search_form","tp_widget_search_form_wrapper","tp_widget_search_form_field","tp_widget_search_form_submit",[901,902,903,904],"\u003C!-- Travelpayouts widget start -->","\u003C!-- Travelpayouts widget end -->","\u003C!-- Travelpayouts search form widget -->","\u003C!-- Travelpayouts search form widget end -->",[906,907,908],"data-tp-widget-id","data-tp-widget-type","data-tp-widget-config",[],[911],"TravelpayoutsFrontend",[913,914],"[travelpayouts_widget]","[tp_widget type=\"search_form\"]"]