[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fL1H1E3e9RZLz5oY1guHWqmMQg3SYkY_YqWYixI1SoOw":3},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":10,"num_ratings":10,"last_updated":12,"tested_up_to":13,"requires_at_least":14,"requires_php":15,"tags":16,"homepage":21,"download_link":22,"security_score":23,"vuln_count":10,"unpatched_count":10,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":34,"fingerprints":107},"waavo","Waavo","1.0.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimaswaavo\u002F","\u003Cp>https:\u002F\u002Fwaavo.com\u003Cbr \u002F>\nWordpress integration of waavo.com widgets\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin relies on the following external service:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Waavo.com\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Purpose\u003C\u002Fstrong>: The plugin allows customers to embed an iframe from Waavo.com into their site using Elementor widgets. The iframe displays travel deals and is managed through the Waavo administrative system.\u003Cbr \u002F>\n– \u003Cstrong>Data Sent\u003C\u002Fstrong>: The configured project host URL (e.g., \u003Ccode>waavodemolt.waavo.com\u003C\u002Fcode>) is used to load the iframe content. No personal data is sent from the plugin itself. Any interactions within the iframe are managed by Waavo and subject to their policies which are signed with Waavo agreement.\u003Cbr \u002F>\n– \u003Cstrong>When\u003C\u002Fstrong>: The iframe is loaded when the widget is rendered on the front end of the site.\u003Cbr \u002F>\n– \u003Cstrong>Service Provider\u003C\u002Fstrong>: Waavo (https:\u002F\u002Fwaavo.com)\u003Cbr \u002F>\n– \u003Cstrong>Terms & Privacy\u003C\u002Fstrong>: Waavo operates under private contracts with its partner agencies. All data handling, terms of use, and privacy agreements are governed by these contracts and are not publicly available.\u003C\u002Fp>\n","Short Description: Waavo widgets integration.",0,774,"2025-06-17T12:46:00.000Z","6.8.5","5.8","7.4",[17,18,19,20],"flights-search-engine","solution-for-travel-agencies","travel-planner","travel-search-engine","https:\u002F\u002Fwaavo.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwaavo.1.0.3.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":4,"profile_url":7,"plugin_count":29,"total_installs":10,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"simaswaavo",1,30,94,"2026-04-04T11:44:47.448Z",[],{"attackSurface":35,"codeSignals":82,"taintFlows":99,"riskAssessment":100,"analyzedAt":106},{"hooks":36,"ajaxHandlers":78,"restRoutes":79,"shortcodes":80,"cronEvents":81,"entryPointCount":10,"unprotectedCount":10},[37,43,47,50,55,59,63,65,68,70,74],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","admin_menu","add_plugin_page","src\\Settings.php",38,{"type":38,"name":44,"callback":45,"file":41,"line":46},"admin_init","page_init",39,{"type":38,"name":48,"callback":48,"file":41,"line":49},"admin_notices",40,{"type":38,"name":51,"callback":52,"file":53,"line":54},"wp_enqueue_scripts","register_waavo_script","src\\Utils\\ScriptLoader.php",12,{"type":38,"name":48,"callback":56,"file":57,"line":58},"closure","waavo.php",34,{"type":38,"name":60,"callback":61,"file":57,"line":62},"plugins_loaded","waavo_init",54,{"type":38,"name":48,"callback":56,"file":57,"line":64},61,{"type":38,"name":44,"callback":66,"file":57,"line":67},"waavo_elementor_dependency_notice",72,{"type":38,"name":51,"callback":69,"file":57,"line":31},"waavo_register_assets",{"type":38,"name":71,"callback":72,"file":57,"line":73},"elementor\u002Felements\u002Fcategories_registered","waavo_add_elementor_widget_categories",108,{"type":38,"name":75,"callback":76,"file":57,"line":77},"elementor\u002Fwidgets\u002Fregister","waavo_register_elementor_widgets",133,[],[],[],[],{"dangerousFunctions":83,"sqlUsage":84,"outputEscaping":86,"fileOperations":10,"externalRequests":10,"nonceChecks":29,"capabilityChecks":97,"bundledLibraries":98},[],{"prepared":10,"raw":10,"locations":85},[],{"escaped":87,"rawEcho":88,"locations":89},15,3,[90,93,95],{"file":41,"line":91,"context":92},89,"raw output",{"file":41,"line":94,"context":92},154,{"file":57,"line":96,"context":92},68,2,[],[],{"summary":101,"deductions":102},"The \"waavo\" v1.0.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points, combined with the fact that all detected SQL queries utilize prepared statements, indicates a good awareness of common attack vectors. Furthermore, the presence of nonce and capability checks suggests an effort to implement authorization mechanisms. The plugin also shows good practices in output escaping, with a high percentage of outputs being properly handled, minimizing the risk of cross-site scripting (XSS) vulnerabilities. The complete lack of vulnerability history and taint analysis flags further reinforces a positive security assessment.",[103],{"reason":104,"points":105},"Minor risk: Unescaped output identified",4,"2026-03-17T06:21:27.521Z",{"wat":108,"direct":118},{"assetPaths":109,"generatorPatterns":112,"scriptPaths":113,"versionParams":115},[110,111],"\u002Fwp-content\u002Fplugins\u002Fwaavo\u002Fassets\u002Fjs\u002Fwaavo-widget.js","\u002Fwp-content\u002Fplugins\u002Fwaavo\u002Fassets\u002Fcss\u002Fwaavo-widget.css",[],[114],"https:\u002F\u002Fwww.waavo.com\u002Fjs\u002Fwaavo_loader.min.js",[116,117],"waavo-widget-script?ver=","waavo-widget-style?ver=",{"cssClasses":119,"htmlComments":120,"htmlAttributes":121,"restEndpoints":122,"jsGlobals":123,"shortcodeOutput":124},[],[],[],[],[],[]]