[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIJ_R_LgUV2V0BVabazUYVObj8ublrCVpUen7j3iKIGM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":47,"crawl_stats":37,"alternatives":51,"analysis":148,"fingerprints":796},"webling","Webling","3.9.1","uSystems","https:\u002F\u002Fprofiles.wordpress.org\u002Fusystemsgmbh\u002F","\u003Cp>Zeige Mitgliederdaten aus Webling auf deiner Webseite an oder erstelle ein Anmeldeformular, welches dir automatisch Mitglieder in deinem Webling erstellt.\u003C\u002Fp>\n\u003Ch4>Mitgliederlisten\u003C\u002Fh4>\n\u003Cp>Zeige eine Mitgliederliste mit Daten aus der Vereinssoftware Webling auf deiner Webseite an. Es können entweder alle Mitglieder angezeigt werden, oder nach bestimmten Gruppen gefiltert.\u003C\u002Fp>\n\u003Ch4>Anmeldeformuare\u003C\u002Fh4>\n\u003Cp>Erstelle ein Anmeldeformular, über welches sich Mitglieder anmelden können. Es wird automatisch ein Mitglied mit den angegebene Daten in Webling erstellt. Die Formulare lassen sich so konfigurieren, dass nur gewünschte Felder angezeigt werden.\u003C\u002Fp>\n\u003Ch4>Webling\u003C\u002Fh4>\n\u003Cp>Webling ist eine praktische Vereinsverwaltungssoftware. Du benötigst mindestens ein \u003Ca href=\"https:\u002F\u002Fwww.webling.eu\u002Fangebote.php\" rel=\"nofollow ugc\">Webling Basic\u003C\u002Fa> oder höher um dieses Plugin zu nutzen. Die benötigte API ist im Free Abo nicht verfügbar. Das Plugin kann nicht ohne Webling benutzt werden.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Bei Fragen zum Plugin wenden sie sich bitte an support@webling.ch\u003C\u002Fp>\n","Anmeldeformulare und Mitgliederdaten aus der Vereinssoftware webling.eu auf deiner Webseite anzeigen.",500,11764,100,3,"2026-03-03T09:42:00.000Z","6.7.5","4.6","5.6",[20,21,22,23,4],"anmeldung","mitglieder","verein","vereinssoftware","https:\u002F\u002Fwww.webling.eu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebling.3.9.1.zip",99,1,0,"2025-04-01 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-31806","webling-authenticated-administrator-stored-cross-site-scripting","Webling \u003C= 3.9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=3.9.0","medium",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-17 21:21:03",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd4b4b5a0-b121-4ed2-b3ae-506f2950c7cf?source=api-prod",351,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":49,"computed_at":50},"usystemsgmbh",78,"2026-04-04T16:24:17.947Z",[52,72,92,109,129],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":28,"num_ratings":28,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":70,"download_link":71,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"vereinonline","VereinOnline.org","3.0.7","Dr. Thomas Fuessl","https:\u002F\u002Fprofiles.wordpress.org\u002Fdr-thomas-fuessl\u002F","\u003Cp>Das Plugin stellte WordPress-Tags bereit, um VereinOnline.org-Inhalte in WordPress-Seiten einfachst darzustellen:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Veranstaltungs-Kalender\u003C\u002Fli>\n\u003Cli>Veranstaltungs-Details\u003C\u002Fli>\n\u003Cli>Veranstaltungs-Gruppen-Informationen\u003C\u002Fli>\n\u003Cli>Veranstaltungs-Bildergalerien\u003C\u002Fli>\n\u003Cli>Aktuelle Meldungen\u003C\u002Fli>\n\u003Cli>Newsletter-Subscribe-Dialog\u003C\u002Fli>\n\u003Cli>…weiteres nach Bedarf, bitte melden!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>VereinOnline.org – Ihre Vereinssoftware im Internet\u003Cbr \u002F>\nIdeal für Vereine, Verbände, Interessensgemeinschaften, Clubs und Parteien, die Ihre Veranstaltungen und Mitglieder online verwalten möchten.\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.vereinonline.org\u002F\u003C\u002Fp>\n\u003Cp>Hier alle Funktionen von VereinOnline:\u003C\u002Fp>\n\u003Cp>Mitglieder-Verwaltung: Verwalten Sie Ihre Mitglieder online.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Jedes Mitglied kann hierbei seine eigenes Profil selbst bearbeiten. So bleiben Adressen und E-Mail-Adressen ständig aktuell.\u003C\u002Fli>\n\u003Cli>ueber frei definierbare Rollen können Sie genau festlegen, welches Vereinmitglied im Internet welche Rechte besitzt und wer was bearbeiten kann.\u003C\u002Fli>\n\u003Cli>ueber frei definierbare Gruppen können Sie u.a. genau festlegen, welches Vereinmitglied welche Informationen erhält\u003C\u002Fli>\n\u003Cli>Mitgliederbeiträge können Sie sehr flexibel definieren und mit minimalen Aufwand versenden, einziehen und die Zhalungen überwachen.\u003C\u002Fli>\n\u003Cli>ueber die Online-Dateiablage können Sie im passwortgeschützten Intranet Ihre aktuellen Dateien (Personalpläne usf.) ablegen – jeder Verantwortliche hat so Zugriff auf die aktuelle Version.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Veranstaltungskalender: Präsentieren Sie Ihre Veranstaltungen in einem Online-Kalender.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ihre Mitglieder und falls gewünscht auch externe Gäste können sich über das Internet anmelden.\u003C\u002Fli>\n\u003Cli>Bei kostenpflichtigen Veranstaltungen wird direkt eine Rechnung erstellt und per Anmeldebestätigung verschickt. Die Rechnung steht direkt im Kasse-Modul.\u003C\u002Fli>\n\u003Cli>Sie haben so jederzeit den aktuellen Planungsstand.\u003C\u002Fli>\n\u003Cli>Nach den Veranstaltungen können Sie Bilder zur Veranstaltung hinzufügen und laden so Ihre Mitglieder und externe Gäste ein, sich am Vereinsleben zu beteiligen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Newsletter: Nutzen Sie VereinOnline als Kommunikationsplattform\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Versenden Sie über die Plattform spontane Info-Mails an Ihre Mitglieder, oder nur an bestimmte Gruppen (z.B. an alle Handball-Teilnehmer).\u003C\u002Fli>\n\u003Cli>Jedes Mitglied kann seine Interessen selbst festlegen, so dass Sie Ihre Mitglieder gezielt ansprechen können, ohne dass Sie Ihre Mitglieder mit Mails überfluten.\u003C\u002Fli>\n\u003Cli>Versenden Sie über die Plattform ergänzend regelmäaessige E-Mail-Newsletter an Ihre Mitglieder, Interessenten oder nur an bestimmte Gruppen. Ihre Mitglieder und Ihre Verantwortlichen können im Vorfeld die Beiträge (Ankündigung Veranstaltungen, …) zusteuern, der Vorstand kann sich auf die redaktionelle Arbeit beschränken. Auf Ihrer Internet-Homepage ist eine Anmeldung\u002FAbmeldung möglich (inkl. Double-Opt-In).\u003C\u002Fli>\n\u003Cli>Ergänzend können Sie mit einem Klick tagesaktuelle Nachrichten auf der Startseite ablegen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Kasse: Verwalten Sie Ihre Kasse mit VereinOnline.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Erstellen Sie automatisch Beitragsrechnungen. Auch jede Anmeldung zu einer kostenpflichtigen Veranstaltung und jeder Kauf im Onlineshop erzeugt eine Rechnung.\u003C\u002Fli>\n\u003Cli>Verwenden Sie als Bezahlart “per Rechnung”, “per Bankeinzug” oder einen Partner – auch eine Bezahlung per sofortueberweisung.de und\u002Foder iclear ist möglich.\u003C\u002Fli>\n\u003Cli>ueber HBCI können Sie Ihre Kontoauszüge einlesen, dabei werden offene Rechnungen erkannt und als bezahlt markiert.\u003C\u002Fli>\n\u003Cli>ueber DTAUS\u002FSEPA-Dateien sowie direkt online per HBCI können Sie Bankeinzugsdaten an Ihre Bank geben.\u003C\u002Fli>\n\u003Cli>Erstellen Sie mit einem Klick finanzamtskonforme Spendenquittungen\u003C\u002Fli>\n\u003Cli>Stellen Sie alle Einnahme\u002FAusgaben-Belege ein. Sie erhalten dann automatisch eine Einnahme\u002FUeberschuss-Rechnung, eine Bilanz, eine Budget-Uebersicht und ein Kassenbuch.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Integration in Internet-Homepage oder als Internet-Homepage: Binden Sie VereinOnline in Ihre Homepage ein -oder- nutzen Sie VereinOnline als Homepage.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ueber HTML-Befehle (IFRAME-Tags) können Sie alle Elemente von VereinOnline in Ihre Homepage einbinden (z.B. Kalender, Mitgliedersuche, Nächste Termine einer bestimmten Gruppe.\u003C\u002Fli>\n\u003Cli>Ueber individuelle Layouts können Sie VereinOnline direkt als Homepage nutzen, z.B. www.wjbayern.de (das ist 100% VereinOnline).\u003C\u002Fli>\n\u003Cli>Ueber ein API (per JSON-Anfrage) können Sie auf Ihrer Homepage auf die Daten von VereinOnline zugreifen und selbst beliebig darstellen, z.B. tresorvinum.de (die Daten kommen aus VereinOnline).\u003C\u002Fli>\n\u003Cli>Ueber ein WordPress-Plugin (nutzt das API per JSON-Anfrage) können Sie auf Ihrer Homepage auf die Daten von VereinOnline zugreifen und selbst beliebig darstellen, z.B. tresorvinum.de (die Daten kommen aus VereinOnline).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Bei Fragen jeglicher Art können Sie uns gerne kontaktieren:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.vereinonline.org\u002Fkontakt\u003C\u002Fp>\n\u003Cp>GRITH AG\u003Cbr \u002F>\nVon-Poschinger-Str. 32, 85737 Ismaning\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.grith-ag.de\u002F\u003Cbr \u002F>\nHandelsregister München, HRB 150627\u003Cbr \u002F>\nVorstände: Dr. Thomas Füssl, Grit Franzky\u003Cbr \u002F>\nAufsichtsratsvorsitzender: Armin Müller\u003C\u002Fp>\n","Zeigt VereinOnline-Inhalte in WordPress an. http:\u002F\u002Fwww.vereinonline.org\u002F",200,11925,"2025-12-01T10:29:00.000Z","6.9.4","3.0.3","",[21,67,68,69,22],"online","software","veranstaltungen","http:\u002F\u002Fwww.vereinonline.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvereinonline.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":13,"num_ratings":27,"last_updated":82,"tested_up_to":16,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":88,"download_link":89,"security_score":90,"vuln_count":27,"unpatched_count":28,"last_vuln_date":91,"fetched_at":30},"dr-flex","Dr. Flex","2.0.1","sfaerber","https:\u002F\u002Fprofiles.wordpress.org\u002Fsfaerber\u002F","\u003Cp>Vergeben Sie Ihre Arzttermine direkt auf Ihrer WordPress Website. Das offizielle Dr. Flex Plug-in lässt sich schnell und einfach in Ihren Webauftritt integrieren.\u003C\u002Fp>\n\u003Cp>Der Patientenkalender erscheint auf Ihrer Praxiswebsite und kann kinderleicht konfiguriert werden, um vor dem Arzttermin alle für Sie relevanten Informationen abzufragen. So können Ihre Patient:innen in weniger als 30 Sek. Termine vereinbaren – ohne Registrierung oder Anmeldung.\u003Cbr \u002F>\nAlle Informationen werden DSGVO-konform an Ihre Praxissoftware übermittelt und dort angezeigt. Außerdem werden keine externen Skripte auf Ihre Website geladen, sodass keine Erwähnung von Dr. Flex im Cookie-Banner für Sie erforderlich ist.\u003Cbr \u002F>\nDas offizielle Terminvergabe-Tool bietet viele Features wie eine SMS-TAN-Verifizierung, Terminbestätigung via SMS, Schnittstellen zu 27+ Arztsoftware-Programmen und mehr – bereits ab 29€\u002FMonat, ohne Vertragslaufzeit und jederzeit kündbar.\u003Cbr \u002F>\nVereinbaren Sie Ihr erstes Beratungsgespräch mit uns!\u003C\u002Fp>\n","Das offizielle Dr. Flex® Wordpress Plugin zur einfachen Einbindung des Dr. Flex® Buchungstools auf Ihrer Website.",1000,6335,"2025-03-11T15:42:00.000Z","5.0","5.6.28",[86,87],"drflex","terminvereinbarung","https:\u002F\u002Fdr-flex.de\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdr-flex.2.0.1.zip",91,"2025-03-27 00:00:00",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":28,"num_ratings":28,"last_updated":102,"tested_up_to":63,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":107,"download_link":108,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"easyverein","easyVerein","2.1.9","SD Software Design GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdsoftwaredesign\u002F","\u003Cp>Das offizielle easyVerein Plugin für WordPress.\u003C\u002Fp>\n\u003Ch3>Beschreibung\u003C\u002Fh3>\n\u003Cp>Mit unserem WordPress-Plugin könnt ihr eure WordPress-Website mit der easyVerein Vereinsverwaltung verbinden, um bestimmte Daten aus easyVerein über die Website zu teilen.\u003C\u002Fp>\n\u003Ch4>Mitgliederliste teilen\u003C\u002Fh4>\n\u003Cp>Ihr könnt eure Mitgliederliste via WordPress-Shortcode auf eurer Website anzeigen lassen. Optische Darstellung und die Auswahl der angezeigten Felder lassen sich individuell einstellen.\u003C\u002Fp>\n\u003Ch4>Vereinskalender teilen\u003C\u002Fh4>\n\u003Cp>Über einen Shortcode lassen sich die Termine eures easyVerein Vereinskalenders auf eure WordPress-Website übertragen. Auch hier kann die optische Darstellung individuell konfiguriert werden.\u003Cbr \u002F>\nSetzt Funktionsumfang Community, Office oder Professional in der easyVerein-Lizenz voraus.\u003C\u002Fp>\n\u003Ch4>Sitzungsprotokolle teilen\u003C\u002Fh4>\n\u003Cp>Wenn ihr bestimmte Sitzungsprotokolle auf eurer Website freigeben möchtet, lässt sich das ebenfalls über einen WordPress-Shortcode einrichten.\u003Cbr \u002F>\nSetzt Funktionsumfang Essentials, Community oder Professional in der easyVerein-Lizenz voraus.\u003C\u002Fp>\n\u003Cp>Um das WordPress-Plugin nutzen können, müsst ihr zunächst in WordPress im Bereich “Plugins” das easyVerein-Plugin installieren. Ihr findet danach in eurem Dashboard eine neue Menüseite “easyVerein”.\u003C\u002Fp>\n\u003Cp>In easyVerein aktiviert ihr unter easyVerein API die API und generiert den API-Schlüssel. Diesen API-Schlüssel fügt ihr nun im WordPress-Dashboard auf der easyVerein-Seite an und könnt dort auch direkt eure Freigabeeinstellungen setzen.\u003C\u002Fp>\n","Das offizielle easyVerein Plugin für WordPress.",300,5115,"2025-12-03T11:55:00.000Z","5.2","7.2",[93,106],"vereinsverwaltung","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasyverein","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasyverein.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":28,"num_ratings":28,"last_updated":119,"tested_up_to":63,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":65,"download_link":128,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"vereinsantrag-formular","Vereinsantrag Formular","1.1","Marcel Beutner","https:\u002F\u002Fprofiles.wordpress.org\u002Fvereinsantrag\u002F","\u003Cp>Mit diesem Plugin können Vereine über die Plattform \u003Ca href=\"https:\u002F\u002Fvereinsantrag.de\" rel=\"nofollow ugc\">vereinsantrag.de\u003C\u002Fa> erstellte Formulare auf ihrer WordPress-Website einbetten.\u003C\u002Fp>\n\u003Cp>Die Formulare stehen in drei Varianten zur Verfügung:\u003Cbr \u002F>\n– Mitgliedsantrag\u003Cbr \u002F>\n– Änderungsantrag (z. B. Adresse, Bankverbindung)\u003Cbr \u002F>\n– Kündigungsformular\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hinweis:\u003C\u002Fstrong>\u003Cbr \u002F>\nZum Einbinden der Formulare ist ein WordPress Integrations-Schlüssel erforderlich, den du nach Registrierung deines Vereins kostenlos auf \u003Ca href=\"https:\u002F\u002Fvereinsantrag.de\" rel=\"nofollow ugc\">vereinsantrag.de\u003C\u002Fa> erhältst.\u003C\u002Fp>\n\u003Cp>Die Formulare sind:\u003Cbr \u002F>\n– DSGVO-konform\u003Cbr \u002F>\n– mobilfähig (responsive)\u003Cbr \u002F>\n– für Desktop und Smartphone geeignet\u003C\u002Fp>\n","Bindet Onlineformulare für Mitgliedsanträge, Änderungen und Kündigungen auf Vereinswebsites ein – responsiv und datenschutzkonform.",40,431,"2026-02-06T18:29:00.000Z","5.5","7.4",[123,124,125,126,127],"datenschutz","digitalisierung","formular","kundigung","vereine","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvereinsantrag-formular.1.1.zip",{"slug":130,"name":131,"version":132,"author":130,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":28,"num_ratings":28,"last_updated":138,"tested_up_to":63,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":145,"download_link":146,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":147,"fetched_at":30},"microtango","Microtango","0.9.31","https:\u002F\u002Fprofiles.wordpress.org\u002Fmicrotango\u002F","\u003Cp>Microtango integrates the Microtango REST API into WordPress.\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Provides four shortcodes: \u003Cstrong>mt_courses\u003C\u002Fstrong>, \u003Cstrong>mt_reservation\u003C\u002Fstrong>, \u003Cstrong>mt_video\u003C\u002Fstrong> and \u003Cstrong>mt_form\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage:\u003C\u002Fh4>\n\u003Cblockquote>\u003Cp>\n[mt_courses]\u003Cbr \u002F>\nor\u003Cbr \u002F>\n[mt_courses webcategory=”WTP2″]\u003Cbr \u002F>\nor\u003Cbr \u002F>\n[mt_courses webcategory=”WTP2″ orderby=”StartWeekday, Name”]\u003Cbr \u002F>\nor\u003Cbr \u002F>\n[mt_courses webcategory=”WTP1″]Kursname|{{Subject}} ({{Name}})#Tag \u002F Zeit|{{StartWeekdayText}} {{Timespan}}#Startdatum|{{StartDateText}}#|{{AttendButton}}[\u002Fmt_courses]\u003Cbr \u002F>\nor\u003Cbr \u002F>\n[mt_courses webcategory=”WTP1″]Kursname|{{Subject}} ({{Name}})#1. Termin|{{DatesText.[0]}}#2. Termin|{{DatesText.[1]}}#3. Termin|{{DatesText.[2]}}#|{{AttendButton}}[\u002Fmt_courses]\u003C\u002Fp>\n\u003Cp>[mt_reservation]\u003C\u002Fp>\n\u003Cp>[mt_video]\u003Cbr \u002F>\nor\u003Cbr \u002F>\n[mt_video videogroup=”GK”]\n\u003C\u002Fp>\u003C\u002Fblockquote>\n\u003Ch4>mt_courses parameters:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>mtattendform (optional): Use the built-in Microtango attend form. Values: \u003Ccode>popup\u003C\u002Fcode> (default) or \u003Ccode>standalone\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>webcategory (optional): Web category filter.\u003C\u002Fli>\n\u003Cli>orderby (optional): Sort order.\u003C\u002Fli>\n\u003Cli>template (optional): \u003Ccode>1-9\u003C\u002Fcode>, selects one of the additional templates.\u003C\u002Fli>\n\u003Cli>templateid (optional): ID of the HTML template.\u003C\u002Fli>\n\u003Cli>category (optional): Category filter.\u003C\u002Fli>\n\u003Cli>attendurl (optional): URL for the attend form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Content \u003Ccode>[mt_courses] ... [\u002Fmt_courses]\u003C\u002Fcode>:\u003Cbr \u002F>\nDefines the table columns in the format:\u003Cbr \u002F>\n    Column title | {{FieldName}}#Column title | {{FieldName}}\u003C\u002Fp>\n\u003Cp>Default:\u003Cbr \u002F>\nKurs|{{Subject}}#Start|{{StartDateText}}#Von|{{Timespan}}#Stunden|{{RepeatCount}}#Verfügbarkeit|{{AvailabilityText}}#|{{AttendButton}}\u003C\u002Fp>\n\u003Cp>FieldName:\u003Cbr \u002F>\nValues from the Microtango REST API (https:\u002F\u002Fapi.microtango.de\u002Fswagger -> RESTCourseModel). Possible values:\u003Cbr \u002F>\n* Id: adea471d-d109-416f-9638-5362b490b37a\u003Cbr \u002F>\n* Season: 21-1\u003Cbr \u002F>\n* Name: 3TK-06\u003Cbr \u002F>\n* Subject: Paare Tanzkreis Fr\u003Cbr \u002F>\n* StartDate: 2021-01-01T00:00:00\u003Cbr \u002F>\n* StartDateText: 01.01.2021\u003Cbr \u002F>\n* StartTime: 20:30:00\u003Cbr \u002F>\n* StartTimeText: 20:30\u003Cbr \u002F>\n* StartWeekday: 5\u003Cbr \u002F>\n* StartWeekdayText: Freitag\u003Cbr \u002F>\n* StartMonthText: Januar\u003Cbr \u002F>\n* EndDate: 2021-12-24T00:00:00\u003Cbr \u002F>\n* EndDateText: 24.12.2021\u003Cbr \u002F>\n* EndTime: 21:30:00\u003Cbr \u002F>\n* EndTimeText: 21:30\u003Cbr \u002F>\n* EndWeekday: 5\u003Cbr \u002F>\n* EndWeekdayText: Freitag\u003Cbr \u002F>\n* EndMonthText: Dezember\u003Cbr \u002F>\n* Timespan: 20:30 – 21:30\u003Cbr \u002F>\n* Length: 1 Stunde\u003Cbr \u002F>\n* TimeCondition: wöchentlich 1 Stunde\u003Cbr \u002F>\n* Price: 0\u003Cbr \u002F>\n* PriceClub: 35\u003Cbr \u002F>\n* PriceText: 35,00\u003Cbr \u002F>\n* PriceTextFull: 35,00 € monatlich\u003Cbr \u002F>\n* HallName: Großer Saal\u003Cbr \u002F>\n* HallAddress: Testweg 1, 12345 Musterhausen\u003Cbr \u002F>\n* TeacherName: Dr. Sch. Nitzel\u003Cbr \u002F>\n* AssistantName: Ein Name\u003Cbr \u002F>\n* ProgramName: Grundkurs 1\u003Cbr \u002F>\n* Category: GK\u003Cbr \u002F>\n* WebCategory: Grundkurs1\u003Cbr \u002F>\n* Availability: G, Y or R\u003Cbr \u002F>\n* AvailabilityText: Plätze verfügbar, Wenig Plätze verfügbar, Ausgebucht\u003Cbr \u002F>\n* RepeatCount: 12\u003Cbr \u002F>\n* SkipDays: 7\u003Cbr \u002F>\n* WebNotes: Sonstige Informationen\u003Cbr \u002F>\n* AttendFormShowPartner: true\u003Cbr \u002F>\n* AttendFormShowLegalGuardian: false\u003Cbr \u002F>\n* FreeText1, FreeText2, FreeText3, FreeText4, FreeText5, FreeText6, FreeText7, FreeText8, FreeText9\u003Cbr \u002F>\n* DatesText.[x]: 04.05.2023 (x= 0 – RepeatCount)\u003Cbr \u002F>\n* Dates.[x]: 2023-05-04T18:00:00 (x= 0 – RepeatCount)\u003C\u002Fp>\n\u003Cp>Special fields:\u003Cbr \u002F>\n* Attend: Generates the attend link.\u003Cbr \u002F>\n* AttendButton: Generates an attend button (includes booked information).\u003Cbr \u002F>\n* ScheduleInfo: Shows a popup with the timetable.\u003C\u002Fp>\n\u003Cp>Example:\u003Cbr \u002F>\n[mt_courses]\u003Cbr \u002F>\nor\u003Cbr \u002F>\n[mt_courses webcategory=”WTP2″]\u003Cbr \u002F>\nor\u003Cbr \u002F>\n[mt_courses webcategory=”WTP2″ orderby=”StartWeekday, Name”]\u003Cbr \u002F>\nor\u003Cbr \u002F>\n[mt_courses webcategory=”WTP1″]Kursname|{{Subject}}{{Name}}#Tag \u002F Zeit|{{StartWeekdayText}} {{Timespan}}#Startdatum|{{StartDateText}}#|{{Attend}}[\u002Fmt_courses]\u003C\u002Fp>\n\u003Ch4>mt_reservation:\u003C\u002Fh4>\n\u003Cp>Shows the online reservation form for customers.\u003C\u002Fp>\n\u003Ch4>mt_video:\u003C\u002Fh4>\n\u003Cp>Shows the available videos for customers.\u003C\u002Fp>\n\u003Cp>Example:\u003Cbr \u002F>\n[mt_video videogroup=”GK”]\u003Cbr \u002F>\n[mt_video videogroup=”GK”, videoPublic=true]\u003C\u002Fp>\n\u003Ch4>mt_form parameters:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>restkey: Microtango REST Key.\u003C\u002Fli>\n\u003Cli>formid (optional): ID of the form to use (default: the form directly before \u003Ccode>[mt_form]\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>redirecturl (optional): URL to redirect to after the form post.\u003C\u002Fli>\n\u003Cli>testmode (optional): If \u003Ccode>true\u003C\u002Fcode>, no registration is performed. Instead the mapped values are returned as an HTML page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Content \u003Ccode>[mt_form] ... [\u002Fmt_form]\u003C\u002Fcode>:\u003Cbr \u002F>\nThe field mapping in the format:\u003Cbr \u002F>\n    RESTApi field=Form field name#RESTApi field=Form field name\u003C\u002Fp>\n\u003Cp>Form field name:\u003Cbr \u002F>\nUse browser developer tools (F12).\u003C\u002Fp>\n\u003Cp>RESTApi field:\u003Cbr \u002F>\nValues from the Microtango REST API (https:\u002F\u002Fapi.microtango.de\u002Fswagger -> OnlineRegistrationModel). Possible values:\u003Cbr \u002F>\nSeason, SeasonID, Course, CourseID: Will be set by the API in hidden fields.\u003Cbr \u002F>\nFirstName, MiddleName, LastName, Gender, Street, Street2, ZIPCode, City, Birthday, Phone, Cell, EMail, AccountOwner, IBAN, BIC, Notes, PartnerFirstname, PartnerMiddlename, PartnerLastname, PartnerGender, PartnerStreet, PartnerStreet2, PartnerZIPCode, PartnerCity, PartnerBirthday, PartnerPhone, PartnerCell, PartnerEMail, PartnerAccountOwner, PartnerIBAN, PartnerBIC, PartnerNotes\u003C\u002Fp>\n\u003Cp>Example:\u003Cbr \u002F>\n[mt_form restkey=”ABCDEFGH” redirecturl=”\u002F” testmode=”true”]subject=wpforms[fields][3]#course=wpforms[fields][4]#firstname=wpforms[fields][0][first]#lastname=wpforms[fields][0][last]#email=wpforms[fields][1][\u002Fmt_form]\u003C\u002Fp>\n","Microtango WordPress integration. This plugin requires a Microtango subscription. It loads data from the Microtango REST API and renders it on your si &hellip;",30,2931,"2026-02-07T11:29:00.000Z","4.1.0","7.0.0",[20,142,143,130,144],"ubersicht","kurse","tanzschule","https:\u002F\u002Fmicrotango.de\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmicrotango.0.9.30.zip","2026-02-10 20:03:34",{"attackSurface":149,"codeSignals":227,"taintFlows":562,"riskAssessment":781,"analyzedAt":795},{"hooks":150,"ajaxHandlers":207,"restRoutes":208,"shortcodes":218,"cronEvents":226,"entryPointCount":14,"unprotectedCount":27},[151,157,163,166,170,174,178,182,186,190,195,199,203],{"type":152,"name":153,"callback":154,"priority":155,"file":156,"line":155},"filter","pre_update_option_webling-options","webling_update_field_webling_options",10,"src\\admin\\actions\\init.php",{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","admin_init","webling_admin_init","src\\admin\\admin.php",32,{"type":158,"name":159,"callback":164,"file":161,"line":165},"webling_bulk_actions",33,{"type":158,"name":167,"callback":168,"file":161,"line":169},"admin_post_save_memberlist","webling_admin_save_memberlist",37,{"type":158,"name":171,"callback":172,"file":161,"line":173},"admin_post_save_form","webling_admin_save_form",38,{"type":158,"name":175,"callback":176,"file":161,"line":177},"admin_menu","webling_admin_add_menue",42,{"type":158,"name":179,"callback":180,"file":161,"line":181},"admin_enqueue_scripts","webling_admin_add_headers",48,{"type":158,"name":183,"callback":184,"file":161,"line":185},"update_option_webling-options","webling_clear_cache",51,{"type":158,"name":187,"callback":188,"file":161,"line":189},"admin_post_webling-clear-cache","webling_clear_cache_action",54,{"type":158,"name":191,"callback":192,"file":193,"line":194},"plugins_loaded","webling_plugin_update_check","webling.php",47,{"type":158,"name":196,"callback":197,"file":193,"line":198},"init","webling_form_submit",61,{"type":158,"name":200,"callback":201,"file":193,"line":202},"wp_head","webling_custom_css",64,{"type":158,"name":204,"callback":205,"file":193,"line":206},"rest_api_init","webling_register_rest_api",67,[],[209],{"namespace":210,"route":211,"methods":212,"callback":214,"permissionCallback":215,"file":216,"line":217},"webling\u002Fv1","\u002Fmemberimage",[213],"GET","webling_rest_api_memberimage","__return_true","src\\actions\\webling_rest_api.php",7,[219,223],{"tag":220,"callback":221,"file":193,"line":222},"webling_memberlist","handler",57,{"tag":224,"callback":221,"file":193,"line":225},"webling_form",58,[],{"dangerousFunctions":228,"sqlUsage":237,"outputEscaping":283,"fileOperations":558,"externalRequests":28,"nonceChecks":559,"capabilityChecks":560,"bundledLibraries":561},[229,233],{"fn":230,"file":231,"line":13,"context":232},"unserialize","src\\admin\\pages\\memberlist_edit.php","\u003C?php echo self::groupselector(unserialize($data['groups'])) ?>",{"fn":230,"file":234,"line":235,"context":236},"src\\helpers\\WeblingMemberlistHelper.php",23,"$groupIds = unserialize($listconfig['groups']);",{"prepared":238,"raw":239,"locations":240},31,19,[241,245,247,249,252,255,256,258,260,262,264,266,268,270,272,275,278,279,281],{"file":242,"line":243,"context":244},"src\\actions\\webling_form_submit.php",65,"$wpdb->get_row() with variable interpolation",{"file":216,"line":246,"context":244},45,{"file":248,"line":235,"context":244},"src\\admin\\actions\\save_form.php",{"file":248,"line":250,"context":251},121,"$wpdb->query() with variable interpolation",{"file":253,"line":254,"context":251},"src\\setup\\setup.php",75,{"file":253,"line":49,"context":251},{"file":253,"line":257,"context":251},149,{"file":253,"line":259,"context":251},217,{"file":253,"line":261,"context":251},218,{"file":253,"line":263,"context":251},239,{"file":253,"line":265,"context":251},240,{"file":253,"line":267,"context":251},264,{"file":253,"line":269,"context":251},265,{"file":271,"line":136,"context":244},"src\\shortcodes\\webling_form.php",{"file":273,"line":274,"context":244},"src\\shortcodes\\webling_memberlist.php",29,{"file":276,"line":277,"context":244},"src\\WeblingAPI\\WordpressCacheAdapter.php",44,{"file":276,"line":194,"context":251},{"file":276,"line":280,"context":244},70,{"file":276,"line":282,"context":251},101,{"escaped":284,"rawEcho":285,"locations":286},190,151,[287,291,293,295,297,298,300,302,303,305,306,307,308,309,311,312,313,314,315,318,320,321,322,324,326,328,330,332,334,336,338,339,341,343,345,347,349,351,353,355,357,359,361,363,365,367,369,371,373,375,377,379,381,383,385,387,389,390,392,394,396,398,400,402,404,405,407,409,411,413,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,454,456,458,460,462,464,465,466,468,470,471,473,475,477,478,479,481,483,485,486,488,490,492,494,496,498,499,500,502,503,505,507,508,510,512,514,516,517,519,521,523,525,527,529,530,533,535,537,538,539,541,543,544,546,547,549,550,551,553,554,556],{"file":288,"line":289,"context":290},"src\\actions\\webling_custom_css.php",11,"raw output",{"file":288,"line":292,"context":290},13,{"file":216,"line":294,"context":290},102,{"file":296,"line":27,"context":290},"src\\admin\\errors\\no_connection.html.php",{"file":296,"line":14,"context":290},{"file":296,"line":299,"context":290},5,{"file":296,"line":301,"context":290},6,{"file":296,"line":301,"context":290},{"file":304,"line":27,"context":290},"src\\admin\\errors\\no_read_access.html.php",{"file":304,"line":14,"context":290},{"file":304,"line":299,"context":290},{"file":304,"line":301,"context":290},{"file":304,"line":301,"context":290},{"file":310,"line":27,"context":290},"src\\admin\\errors\\no_write_access.html.php",{"file":310,"line":14,"context":290},{"file":310,"line":299,"context":290},{"file":310,"line":301,"context":290},{"file":310,"line":301,"context":290},{"file":316,"line":317,"context":290},"src\\admin\\pages\\form_edit.php",35,{"file":316,"line":319,"context":290},63,{"file":316,"line":243,"context":290},{"file":316,"line":280,"context":290},{"file":316,"line":323,"context":290},79,{"file":316,"line":325,"context":290},87,{"file":316,"line":327,"context":290},88,{"file":316,"line":329,"context":290},89,{"file":316,"line":331,"context":290},97,{"file":316,"line":333,"context":290},114,{"file":316,"line":335,"context":290},116,{"file":316,"line":337,"context":290},117,{"file":316,"line":250,"context":290},{"file":316,"line":340,"context":290},123,{"file":316,"line":342,"context":290},124,{"file":316,"line":344,"context":290},128,{"file":316,"line":346,"context":290},131,{"file":316,"line":348,"context":290},135,{"file":316,"line":350,"context":290},137,{"file":316,"line":352,"context":290},138,{"file":316,"line":354,"context":290},142,{"file":316,"line":356,"context":290},144,{"file":316,"line":358,"context":290},145,{"file":316,"line":360,"context":290},146,{"file":316,"line":362,"context":290},150,{"file":316,"line":364,"context":290},156,{"file":316,"line":366,"context":290},159,{"file":316,"line":368,"context":290},166,{"file":316,"line":370,"context":290},167,{"file":316,"line":372,"context":290},170,{"file":316,"line":374,"context":290},172,{"file":316,"line":376,"context":290},173,{"file":316,"line":378,"context":290},177,{"file":316,"line":380,"context":290},181,{"file":316,"line":382,"context":290},186,{"file":316,"line":384,"context":290},189,{"file":316,"line":386,"context":290},193,{"file":316,"line":388,"context":290},199,{"file":316,"line":60,"context":290},{"file":316,"line":391,"context":290},204,{"file":316,"line":393,"context":290},206,{"file":316,"line":395,"context":290},207,{"file":316,"line":397,"context":290},211,{"file":316,"line":399,"context":290},213,{"file":316,"line":401,"context":290},214,{"file":316,"line":403,"context":290},234,{"file":316,"line":265,"context":290},{"file":316,"line":406,"context":290},242,{"file":316,"line":408,"context":290},245,{"file":316,"line":410,"context":290},254,{"file":316,"line":412,"context":290},262,{"file":316,"line":267,"context":290},{"file":316,"line":415,"context":290},406,{"file":316,"line":417,"context":290},407,{"file":316,"line":419,"context":290},421,{"file":316,"line":421,"context":290},425,{"file":316,"line":423,"context":290},429,{"file":316,"line":425,"context":290},434,{"file":316,"line":427,"context":290},436,{"file":316,"line":429,"context":290},440,{"file":316,"line":431,"context":290},443,{"file":316,"line":433,"context":290},444,{"file":316,"line":435,"context":290},445,{"file":316,"line":437,"context":290},452,{"file":316,"line":439,"context":290},453,{"file":316,"line":441,"context":290},458,{"file":316,"line":443,"context":290},459,{"file":316,"line":445,"context":290},464,{"file":316,"line":447,"context":290},466,{"file":316,"line":449,"context":290},470,{"file":316,"line":451,"context":290},472,{"file":316,"line":453,"context":290},473,{"file":316,"line":455,"context":290},486,{"file":316,"line":457,"context":290},488,{"file":316,"line":459,"context":290},494,{"file":316,"line":461,"context":290},495,{"file":463,"line":292,"context":290},"src\\admin\\pages\\form_list.php",{"file":463,"line":292,"context":290},{"file":231,"line":169,"context":290},{"file":231,"line":467,"context":290},74,{"file":231,"line":469,"context":290},83,{"file":231,"line":329,"context":290},{"file":231,"line":472,"context":290},92,{"file":231,"line":474,"context":290},93,{"file":231,"line":476,"context":290},94,{"file":231,"line":26,"context":290},{"file":231,"line":13,"context":290},{"file":231,"line":480,"context":290},104,{"file":231,"line":482,"context":290},105,{"file":231,"line":484,"context":290},108,{"file":231,"line":333,"context":290},{"file":231,"line":487,"context":290},118,{"file":231,"line":489,"context":290},125,{"file":231,"line":491,"context":290},126,{"file":231,"line":493,"context":290},129,{"file":231,"line":495,"context":290},130,{"file":231,"line":497,"context":290},141,{"file":231,"line":356,"context":290},{"file":231,"line":257,"context":290},{"file":231,"line":501,"context":290},155,{"file":231,"line":364,"context":290},{"file":231,"line":504,"context":290},198,{"file":231,"line":506,"context":290},205,{"file":231,"line":395,"context":290},{"file":231,"line":509,"context":290},212,{"file":231,"line":511,"context":290},221,{"file":231,"line":513,"context":290},229,{"file":231,"line":515,"context":290},232,{"file":231,"line":403,"context":290},{"file":231,"line":518,"context":290},236,{"file":231,"line":520,"context":290},237,{"file":231,"line":522,"context":290},241,{"file":231,"line":524,"context":290},243,{"file":231,"line":526,"context":290},244,{"file":528,"line":292,"context":290},"src\\admin\\pages\\memberlist_list.php",{"file":528,"line":292,"context":290},{"file":531,"line":532,"context":290},"src\\admin\\pages\\settings.php",68,{"file":531,"line":534,"context":290},72,{"file":531,"line":536,"context":290},73,{"file":531,"line":467,"context":290},{"file":531,"line":254,"context":290},{"file":531,"line":540,"context":290},112,{"file":531,"line":542,"context":290},115,{"file":531,"line":487,"context":290},{"file":531,"line":545,"context":290},120,{"file":531,"line":493,"context":290},{"file":531,"line":548,"context":290},132,{"file":531,"line":348,"context":290},{"file":531,"line":350,"context":290},{"file":531,"line":552,"context":290},143,{"file":531,"line":358,"context":290},{"file":531,"line":555,"context":290},147,{"file":531,"line":557,"context":290},154,9,8,4,[],[563,603,620,640,654,664,672,689,701,726,744,764],{"entryPoint":564,"graph":565,"unsanitizedCount":28,"severity":602},"webling_form_submit (src\\actions\\webling_form_submit.php:12)",{"nodes":566,"edges":596},[567,572,577,580,584,586,590,592],{"id":568,"type":569,"label":570,"file":242,"line":571},"n0","source","$_POST",21,{"id":573,"type":574,"label":575,"file":242,"line":243,"wp_function":576},"n1","sink","get_row() [SQLi]","get_row",{"id":578,"type":569,"label":579,"file":242,"line":469},"n2","$_POST['webling-form-redirect'] (x5)",{"id":581,"type":574,"label":582,"file":242,"line":469,"wp_function":583},"n3","wp_redirect() [Open Redirect]","wp_redirect",{"id":585,"type":569,"label":570,"file":242,"line":571},"n4",{"id":587,"type":574,"label":588,"file":242,"line":329,"wp_function":589},"n5","get_results() [SQLi]","get_results",{"id":591,"type":569,"label":570,"file":242,"line":333},"n6",{"id":593,"type":574,"label":594,"file":242,"line":372,"wp_function":595},"n7","file_get_contents() [SSRF\u002FLFI]","file_get_contents",[597,599,600,601],{"from":568,"to":573,"sanitized":598},true,{"from":578,"to":581,"sanitized":598},{"from":585,"to":587,"sanitized":598},{"from":591,"to":593,"sanitized":598},"low",{"entryPoint":604,"graph":605,"unsanitizedCount":28,"severity":602},"\u003Cwebling_form_submit> (src\\actions\\webling_form_submit.php:0)",{"nodes":606,"edges":615},[607,608,609,610,611,612,613,614],{"id":568,"type":569,"label":570,"file":242,"line":571},{"id":573,"type":574,"label":575,"file":242,"line":243,"wp_function":576},{"id":578,"type":569,"label":579,"file":242,"line":469},{"id":581,"type":574,"label":582,"file":242,"line":469,"wp_function":583},{"id":585,"type":569,"label":570,"file":242,"line":571},{"id":587,"type":574,"label":588,"file":242,"line":329,"wp_function":589},{"id":591,"type":569,"label":570,"file":242,"line":333},{"id":593,"type":574,"label":594,"file":242,"line":372,"wp_function":595},[616,617,618,619],{"from":568,"to":573,"sanitized":598},{"from":578,"to":581,"sanitized":598},{"from":585,"to":587,"sanitized":598},{"from":591,"to":593,"sanitized":598},{"entryPoint":621,"graph":622,"unsanitizedCount":28,"severity":602},"webling_admin_save_form (src\\admin\\actions\\save_form.php:3)",{"nodes":623,"edges":636},[624,626,627,630,633,635],{"id":568,"type":569,"label":570,"file":248,"line":625},16,{"id":573,"type":574,"label":575,"file":248,"line":235,"wp_function":576},{"id":578,"type":569,"label":628,"file":248,"line":629},"$_POST['title'] (x2)",46,{"id":581,"type":574,"label":631,"file":248,"line":274,"wp_function":632},"query() [SQLi]","query",{"id":585,"type":569,"label":634,"file":248,"line":625},"$_POST (x2)",{"id":587,"type":574,"label":631,"file":248,"line":250,"wp_function":632},[637,638,639],{"from":568,"to":573,"sanitized":598},{"from":578,"to":581,"sanitized":598},{"from":585,"to":587,"sanitized":598},{"entryPoint":641,"graph":642,"unsanitizedCount":28,"severity":602},"\u003Csave_form> (src\\admin\\actions\\save_form.php:0)",{"nodes":643,"edges":650},[644,645,646,647,648,649],{"id":568,"type":569,"label":570,"file":248,"line":625},{"id":573,"type":574,"label":575,"file":248,"line":235,"wp_function":576},{"id":578,"type":569,"label":628,"file":248,"line":629},{"id":581,"type":574,"label":631,"file":248,"line":274,"wp_function":632},{"id":585,"type":569,"label":634,"file":248,"line":625},{"id":587,"type":574,"label":631,"file":248,"line":250,"wp_function":632},[651,652,653],{"from":568,"to":573,"sanitized":598},{"from":578,"to":581,"sanitized":598},{"from":585,"to":587,"sanitized":598},{"entryPoint":655,"graph":656,"unsanitizedCount":28,"severity":602},"webling_admin_save_memberlist (src\\admin\\actions\\save_memberlist.php:3)",{"nodes":657,"edges":662},[658,660],{"id":568,"type":569,"label":628,"file":659,"line":536},"src\\admin\\actions\\save_memberlist.php",{"id":573,"type":574,"label":631,"file":659,"line":661,"wp_function":632},56,[663],{"from":568,"to":573,"sanitized":598},{"entryPoint":665,"graph":666,"unsanitizedCount":28,"severity":602},"\u003Csave_memberlist> (src\\admin\\actions\\save_memberlist.php:0)",{"nodes":667,"edges":670},[668,669],{"id":568,"type":569,"label":628,"file":659,"line":536},{"id":573,"type":574,"label":631,"file":659,"line":661,"wp_function":632},[671],{"from":568,"to":573,"sanitized":598},{"entryPoint":673,"graph":674,"unsanitizedCount":28,"severity":602},"\u003CForm_List> (src\\admin\\lists\\Form_List.php:0)",{"nodes":675,"edges":686},[676,679,681,682],{"id":568,"type":569,"label":677,"file":678,"line":317},"$_REQUEST","src\\admin\\lists\\Form_List.php",{"id":573,"type":574,"label":588,"file":678,"line":680,"wp_function":589},41,{"id":578,"type":569,"label":677,"file":678,"line":317},{"id":581,"type":574,"label":683,"file":678,"line":684,"wp_function":685},"get_var() [SQLi]",80,"get_var",[687,688],{"from":568,"to":573,"sanitized":598},{"from":578,"to":581,"sanitized":598},{"entryPoint":690,"graph":691,"unsanitizedCount":28,"severity":602},"\u003CMemberlist_List> (src\\admin\\lists\\Memberlist_List.php:0)",{"nodes":692,"edges":698},[693,695,696,697],{"id":568,"type":569,"label":677,"file":694,"line":317},"src\\admin\\lists\\Memberlist_List.php",{"id":573,"type":574,"label":588,"file":694,"line":680,"wp_function":589},{"id":578,"type":569,"label":677,"file":694,"line":317},{"id":581,"type":574,"label":683,"file":694,"line":536,"wp_function":685},[699,700],{"from":568,"to":573,"sanitized":598},{"from":578,"to":581,"sanitized":598},{"entryPoint":702,"graph":703,"unsanitizedCount":559,"severity":725},"html (src\\admin\\pages\\form_edit.php:5)",{"nodes":704,"edges":719},[705,707,708,710,713,714,716,718],{"id":568,"type":569,"label":706,"file":316,"line":558},"$_GET",{"id":573,"type":574,"label":575,"file":316,"line":165,"wp_function":576},{"id":578,"type":569,"label":709,"file":316,"line":558},"$_GET (x6)",{"id":581,"type":574,"label":711,"file":316,"line":317,"wp_function":712},"echo() [XSS]","echo",{"id":585,"type":569,"label":706,"file":316,"line":558},{"id":587,"type":574,"label":588,"file":316,"line":715,"wp_function":589},39,{"id":591,"type":569,"label":717,"file":316,"line":558},"$_GET (x8)",{"id":593,"type":574,"label":711,"file":316,"line":323,"wp_function":712},[720,722,723,724],{"from":568,"to":573,"sanitized":721},false,{"from":578,"to":581,"sanitized":721},{"from":585,"to":587,"sanitized":721},{"from":591,"to":593,"sanitized":598},"high",{"entryPoint":727,"graph":728,"unsanitizedCount":559,"severity":725},"\u003Cform_edit> (src\\admin\\pages\\form_edit.php:0)",{"nodes":729,"edges":739},[730,731,732,733,734,735,736,738],{"id":568,"type":569,"label":706,"file":316,"line":558},{"id":573,"type":574,"label":575,"file":316,"line":165,"wp_function":576},{"id":578,"type":569,"label":709,"file":316,"line":558},{"id":581,"type":574,"label":711,"file":316,"line":317,"wp_function":712},{"id":585,"type":569,"label":706,"file":316,"line":558},{"id":587,"type":574,"label":588,"file":316,"line":715,"wp_function":589},{"id":591,"type":569,"label":737,"file":316,"line":558},"$_GET (x12)",{"id":593,"type":574,"label":711,"file":316,"line":323,"wp_function":712},[740,741,742,743],{"from":568,"to":573,"sanitized":721},{"from":578,"to":581,"sanitized":721},{"from":585,"to":587,"sanitized":721},{"from":591,"to":593,"sanitized":598},{"entryPoint":745,"graph":746,"unsanitizedCount":558,"severity":725},"html (src\\admin\\pages\\memberlist_edit.php:4)",{"nodes":747,"edges":759},[748,749,750,752,753,755,756,757],{"id":568,"type":569,"label":706,"file":231,"line":559},{"id":573,"type":574,"label":575,"file":231,"line":317,"wp_function":576},{"id":578,"type":569,"label":751,"file":231,"line":559},"$_GET (x7)",{"id":581,"type":574,"label":711,"file":231,"line":169,"wp_function":712},{"id":585,"type":569,"label":754,"file":231,"line":559},"$_GET (x4)",{"id":587,"type":574,"label":711,"file":231,"line":469,"wp_function":712},{"id":591,"type":569,"label":706,"file":231,"line":559},{"id":593,"type":574,"label":758,"file":231,"line":13,"wp_function":230},"unserialize() [Object Injection]",[760,761,762,763],{"from":568,"to":573,"sanitized":721},{"from":578,"to":581,"sanitized":721},{"from":585,"to":587,"sanitized":598},{"from":591,"to":593,"sanitized":721},{"entryPoint":765,"graph":766,"unsanitizedCount":558,"severity":725},"\u003Cmemberlist_edit> (src\\admin\\pages\\memberlist_edit.php:0)",{"nodes":767,"edges":776},[768,769,770,771,772,773,774,775],{"id":568,"type":569,"label":706,"file":231,"line":559},{"id":573,"type":574,"label":575,"file":231,"line":317,"wp_function":576},{"id":578,"type":569,"label":751,"file":231,"line":559},{"id":581,"type":574,"label":711,"file":231,"line":169,"wp_function":712},{"id":585,"type":569,"label":754,"file":231,"line":559},{"id":587,"type":574,"label":711,"file":231,"line":469,"wp_function":712},{"id":591,"type":569,"label":706,"file":231,"line":559},{"id":593,"type":574,"label":758,"file":231,"line":13,"wp_function":230},[777,778,779,780],{"from":568,"to":573,"sanitized":721},{"from":578,"to":581,"sanitized":721},{"from":585,"to":587,"sanitized":598},{"from":591,"to":593,"sanitized":721},{"summary":782,"deductions":783},"The 'webling' plugin v3.9.1 presents a mixed security posture. While it demonstrates some good practices like a significant percentage of SQL queries using prepared statements and a decent number of nonce and capability checks, there are several concerning areas. The presence of the `unserialize` function is a significant risk, as it can lead to Remote Code Execution if misused with untrusted input. Furthermore, the static analysis reveals a REST API route exposed without permission callbacks, creating an unprotected entry point into the plugin's functionality.  The taint analysis further amplifies these concerns, showing four flows with unsanitized paths, all categorized as high severity. This suggests potential vulnerabilities where user input might not be adequately validated or escaped, leading to data leakage or manipulation.  The vulnerability history, while not indicating critical or high severity past issues, does show a medium severity Cross-site Scripting vulnerability from April 2025 that remains unpatched. This persistent vulnerability, coupled with the new high-severity taint flows and the unprotected REST API endpoint, indicates a need for immediate attention and remediation to strengthen the plugin's overall security.",[784,786,789,791,793],{"reason":785,"points":155},"Unprotected REST API route",{"reason":787,"points":788},"High severity unsanitized taint flows",15,{"reason":790,"points":788},"Dangerous function 'unserialize' used",{"reason":792,"points":788},"Unpatched medium severity CVE",{"reason":794,"points":217},"Low percentage of properly escaped output","2026-03-16T19:37:24.405Z",{"wat":797,"direct":808},{"assetPaths":798,"generatorPatterns":802,"scriptPaths":803,"versionParams":804},[799,800,801],"\u002Fwp-content\u002Fplugins\u002Fwebling\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fwebling\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fwebling\u002Fjs\u002Fjquery-ui-1.12.1.custom\u002Fjquery-ui.min.css",[],[800],[805,806,807],"webling\u002Fcss\u002Fadmin.css?pluginver=","webling\u002Fjs\u002Fadmin.js?pluginver=","webling\u002Fjs\u002Fjquery-ui-1.12.1.custom\u002Fjquery-ui.min.css?pluginver=",{"cssClasses":809,"htmlComments":813,"htmlAttributes":819,"restEndpoints":823,"jsGlobals":825,"shortcodeOutput":828},[810,811,812],"webling-memberlist","webling-member","webling-form-field",[814,815,816,817,818],"\u003C!-- START Webling Memberlist -->","\u003C!-- END Webling Memberlist -->","\u003C!-- START Webling Form -->","\u003C!-- END Webling Form -->","\u003C!-- IMPORTANT: THIS FILE WAS GENERATED BY THE WEBLING PLUGIN AND SHOULD NOT BE MODIFIED MANUALLY -->",[820,821,822],"data-webling-list-id","data-webling-member-id","data-webling-field-id",[824],"\u002Fwp-json\u002Fwebling\u002Fv1\u002Fmemberimage",[826,827],"webling_admin_ajax_object","webling_memberlist_data",[829,830],"\u003Cdiv class=\"webling-memberlist\">","\u003Cform class=\"webling-form\" method=\"post\">"]