[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGqvX2UL9QU6usnbAEOJ3ycaeXfwqTe9FypCyOomsvZY":3,"$fpgX1TgOa26FSiDf5zXTtkJL5uW5ZLx5c23jvyY1pVh0":599,"$fNmxp9-28Peco3hoelNRF0dVfJFGbXwG15aelyEWtcwI":603},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":568},"wp-immo","WP Immo","1.1.4","cvmh","https:\u002F\u002Fprofiles.wordpress.org\u002Fcvmh\u002F","\u003Cp>Manage properties in WordPress.\u003C\u002Fp>\n\u003Ch4>Current features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adjustable images sizes\u003C\u002Fli>\n\u003Cli>Image zoom\u003C\u002Fli>\n\u003Cli>Paging navigation\u003C\u002Fli>\n\u003Cli>Default templates (list, property details and taxonomy)\u003C\u002Fli>\n\u003Cli>Configurable search boxes (full and\u002For basic)\u003C\u002Fli>\n\u003Cli>Add\u002Fedit fields groups\u003C\u002Fli>\n\u003Cli>Last properties widget\u003C\u002Fli>\n\u003Cli>Search box widget\u003C\u002Fli>\n\u003Cli>Fields group widget\u003C\u002Fli>\n\u003Cli>SEO settings\u003C\u002Fli>\n\u003Cli>Embeds a slideshow, a lazy load and addThis buttons\u003C\u002Fli>\n\u003Cli>Comes with a default fields set :\n\u003Cul>\n\u003Cli>reference,\u003C\u002Fli>\n\u003Cli>transaction type,\u003C\u002Fli>\n\u003Cli>property type,\u003C\u002Fli>\n\u003Cli>price,\u003C\u002Fli>\n\u003Cli>title,\u003C\u002Fli>\n\u003Cli>description,\u003C\u002Fli>\n\u003Cli>zip code,\u003C\u002Fli>\n\u003Cli>city,\u003C\u002Fli>\n\u003Cli>number of rooms,\u003C\u002Fli>\n\u003Cli>area,\u003C\u002Fli>\n\u003Cli>images,\u003C\u002Fli>\n\u003Cli>is new,\u003C\u002Fli>\n\u003Cli>plot area,\u003C\u002Fli>\n\u003Cli>energy consumption,\u003C\u002Fli>\n\u003Cli>gas emissions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Property fields are set in a php file so \u003Cstrong>you must have a minimum of knowledge in php\u003C\u002Fstrong> (see \u002Fwp-content\u002Fplugins\u002Fwp-immo\u002Fdefault-data.php)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You need a gateway with your real estate software? Contact us: \u003Ca href=\"http:\u002F\u002Fwww.agence-web-cvmh.fr\" rel=\"nofollow ugc\">agence web WordPress\u003C\u002Fa>\u003C\u002Fp>\n","This plugin allow you to manage properties in WordPress.",10,4071,100,1,"2022-01-26T19:42:00.000Z","5.9.13","3.6","",[20],"real-estate-software","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-immo.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":31,"computed_at":33},5,180,81,30,"2026-06-03T01:23:39.017Z",[],{"attackSurface":36,"codeSignals":155,"taintFlows":491,"riskAssessment":556,"analyzedAt":567},{"hooks":37,"ajaxHandlers":139,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":154,"unprotectedCount":154},[38,44,50,52,54,59,62,66,70,73,77,81,85,89,93,97,101,105,109,113,117,121,125,127,131,135],{"type":39,"name":40,"callback":41,"file":42,"line":43},"filter","body_class","add_body_classes","includes\\wpimmo-front.php",54,{"type":45,"name":46,"callback":47,"file":48,"line":49},"action","widgets_init","register","includes\\wpimmo-widgets.php",314,{"type":45,"name":46,"callback":47,"file":48,"line":51},315,{"type":45,"name":46,"callback":47,"file":48,"line":53},316,{"type":45,"name":55,"callback":56,"file":57,"line":58},"admin_enqueue_scripts","enqueues","includes\\wpimmo.php",41,{"type":45,"name":60,"callback":56,"file":57,"line":61},"wp_enqueue_scripts",42,{"type":39,"name":63,"callback":64,"priority":23,"file":57,"line":65},"post_type_link","remove_cpt_slug",64,{"type":45,"name":67,"callback":68,"file":57,"line":69},"pre_get_posts","parse_request_trick",65,{"type":45,"name":71,"callback":71,"file":57,"line":72},"admin_head",114,{"type":45,"name":74,"callback":75,"file":57,"line":76},"manage_posts_custom_column","display_columns",119,{"type":45,"name":78,"callback":79,"file":57,"line":80},"restrict_manage_posts","restrict_by_taxonomy",120,{"type":39,"name":82,"callback":83,"file":57,"line":84},"parse_query","convert_id_to_term_in_query",121,{"type":45,"name":86,"callback":87,"priority":11,"file":57,"line":88},"save_post","save_informations",122,{"type":45,"name":86,"callback":90,"priority":91,"file":57,"line":92},"save_images",20,123,{"type":39,"name":94,"callback":95,"file":57,"line":96},"posts_join","search_join",124,{"type":39,"name":98,"callback":99,"file":57,"line":100},"posts_where","search_where",125,{"type":45,"name":102,"callback":103,"file":57,"line":104},"admin_menu","menu",129,{"type":45,"name":106,"callback":107,"file":57,"line":108},"wp","setup",133,{"type":45,"name":110,"callback":111,"file":57,"line":112},"wpimmo_cron","process",134,{"type":39,"name":114,"callback":115,"priority":13,"file":57,"line":116},"wp_title","set_title",184,{"type":45,"name":118,"callback":119,"file":57,"line":120},"template_redirect","set_template",187,{"type":39,"name":122,"callback":123,"file":57,"line":124},"wpseo_breadcrumb_links","override_yoast_breadcrumb_trail",190,{"type":45,"name":67,"callback":67,"file":57,"line":126},193,{"type":39,"name":128,"callback":129,"file":57,"line":130},"language_attributes","add_opengraph_doctype",196,{"type":45,"name":132,"callback":133,"priority":29,"file":57,"line":134},"wp_head","insert_fb_in_head",197,{"type":45,"name":136,"callback":136,"file":137,"line":138},"init","wp-immo.php",22,[140,145],{"action":141,"nopriv":142,"callback":143,"hasNonce":142,"hasCapCheck":142,"file":57,"line":144},"wpimmo_import",false,"import",45,{"action":146,"nopriv":142,"callback":147,"hasNonce":142,"hasCapCheck":142,"file":57,"line":148},"wpimmo_delete","delete",46,[],[],[152],{"hook":110,"callback":110,"file":153,"line":138},"includes\\wpimmo-cron.php",2,{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":165,"fileOperations":307,"externalRequests":23,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":490},[],{"prepared":154,"raw":154,"locations":158},[159,162],{"file":48,"line":160,"context":161},199,"$wpdb->get_col() with variable interpolation",{"file":57,"line":163,"context":164},280,"$wpdb->query() with variable interpolation",{"escaped":166,"rawEcho":167,"locations":168},50,209,[169,173,175,177,179,181,183,185,187,189,191,193,195,197,198,199,200,201,202,203,204,205,206,207,208,210,212,213,214,216,218,219,221,223,225,226,228,229,231,233,234,236,238,240,242,244,247,248,250,253,254,255,256,257,258,260,261,263,264,266,268,269,271,272,273,275,276,278,281,282,283,285,287,289,291,293,294,296,298,299,300,302,304,306,308,310,312,313,315,316,317,319,320,322,324,326,327,328,329,331,332,334,335,337,338,339,341,342,344,345,346,347,348,349,350,352,353,355,356,357,359,361,363,364,365,367,368,370,371,373,375,376,377,378,380,382,384,386,388,389,391,392,394,396,398,400,401,403,405,406,408,410,411,413,414,416,418,420,422,423,424,426,427,429,430,432,433,435,436,438,440,441,442,444,446,447,449,450,452,453,454,455,456,457,458,459,460,462,463,464,466,467,468,469,470,471,473,475,476,477,478,479,480,481,482,484,485,487,489],{"file":170,"line":171,"context":172},"includes\\wpimmo-admin.php",35,"raw output",{"file":170,"line":174,"context":172},36,{"file":170,"line":176,"context":172},37,{"file":170,"line":178,"context":172},38,{"file":170,"line":180,"context":172},135,{"file":170,"line":182,"context":172},137,{"file":170,"line":184,"context":172},143,{"file":170,"line":186,"context":172},152,{"file":42,"line":188,"context":172},468,{"file":42,"line":190,"context":172},469,{"file":42,"line":192,"context":172},471,{"file":42,"line":194,"context":172},472,{"file":42,"line":196,"context":172},478,{"file":48,"line":176,"context":172},{"file":48,"line":178,"context":172},{"file":48,"line":178,"context":172},{"file":48,"line":58,"context":172},{"file":48,"line":61,"context":172},{"file":48,"line":61,"context":172},{"file":48,"line":144,"context":172},{"file":48,"line":148,"context":172},{"file":48,"line":148,"context":172},{"file":48,"line":166,"context":172},{"file":48,"line":166,"context":172},{"file":48,"line":209,"context":172},110,{"file":48,"line":211,"context":172},151,{"file":48,"line":186,"context":172},{"file":48,"line":186,"context":172},{"file":48,"line":215,"context":172},155,{"file":48,"line":217,"context":172},156,{"file":48,"line":217,"context":172},{"file":48,"line":220,"context":172},229,{"file":48,"line":222,"context":172},270,{"file":48,"line":224,"context":172},271,{"file":48,"line":224,"context":172},{"file":48,"line":227,"context":172},273,{"file":48,"line":227,"context":172},{"file":48,"line":230,"context":172},278,{"file":48,"line":232,"context":172},279,{"file":48,"line":163,"context":172},{"file":48,"line":235,"context":172},310,{"file":57,"line":237,"context":172},294,{"file":57,"line":239,"context":172},300,{"file":57,"line":241,"context":172},303,{"file":57,"line":243,"context":172},309,{"file":245,"line":246,"context":172},"templates\\admin\\metaboxes\\images.php",18,{"file":245,"line":91,"context":172},{"file":245,"line":249,"context":172},26,{"file":251,"line":252,"context":172},"templates\\admin\\metaboxes\\informations.php",33,{"file":251,"line":252,"context":172},{"file":251,"line":174,"context":172},{"file":251,"line":174,"context":172},{"file":251,"line":174,"context":172},{"file":251,"line":174,"context":172},{"file":251,"line":259,"context":172},39,{"file":251,"line":61,"context":172},{"file":251,"line":262,"context":172},49,{"file":251,"line":262,"context":172},{"file":251,"line":265,"context":172},51,{"file":251,"line":267,"context":172},52,{"file":251,"line":43,"context":172},{"file":251,"line":270,"context":172},62,{"file":251,"line":270,"context":172},{"file":251,"line":65,"context":172},{"file":251,"line":274,"context":172},67,{"file":251,"line":274,"context":172},{"file":251,"line":277,"context":172},71,{"file":279,"line":280,"context":172},"templates\\admin\\settings.php",98,{"file":279,"line":280,"context":172},{"file":279,"line":280,"context":172},{"file":279,"line":284,"context":172},103,{"file":279,"line":286,"context":172},104,{"file":279,"line":288,"context":172},105,{"file":279,"line":290,"context":172},107,{"file":279,"line":292,"context":172},109,{"file":279,"line":209,"context":172},{"file":279,"line":295,"context":172},115,{"file":297,"line":154,"context":172},"templates\\admin\\tabs\\delete.php",{"file":297,"line":29,"context":172},{"file":297,"line":11,"context":172},{"file":297,"line":301,"context":172},11,{"file":297,"line":303,"context":172},12,{"file":297,"line":305,"context":172},13,{"file":297,"line":307,"context":172},14,{"file":297,"line":309,"context":172},15,{"file":311,"line":154,"context":172},"templates\\admin\\tabs\\groups.php",{"file":311,"line":32,"context":172},{"file":311,"line":314,"context":172},32,{"file":311,"line":314,"context":172},{"file":311,"line":252,"context":172},{"file":311,"line":318,"context":172},34,{"file":311,"line":178,"context":172},{"file":311,"line":321,"context":172},43,{"file":311,"line":323,"context":172},48,{"file":311,"line":325,"context":172},61,{"file":311,"line":325,"context":172},{"file":311,"line":69,"context":172},{"file":311,"line":69,"context":172},{"file":311,"line":330,"context":172},73,{"file":311,"line":330,"context":172},{"file":311,"line":333,"context":172},77,{"file":311,"line":333,"context":172},{"file":311,"line":336,"context":172},84,{"file":311,"line":336,"context":172},{"file":311,"line":336,"context":172},{"file":340,"line":58,"context":172},"templates\\admin\\tabs\\help.php",{"file":340,"line":61,"context":172},{"file":343,"line":29,"context":172},"templates\\admin\\tabs\\import.php",{"file":343,"line":11,"context":172},{"file":343,"line":301,"context":172},{"file":343,"line":303,"context":172},{"file":343,"line":305,"context":172},{"file":343,"line":307,"context":172},{"file":343,"line":309,"context":172},{"file":351,"line":154,"context":172},"templates\\admin\\tabs\\main.php",{"file":351,"line":91,"context":172},{"file":351,"line":354,"context":172},28,{"file":351,"line":43,"context":172},{"file":351,"line":270,"context":172},{"file":351,"line":358,"context":172},70,{"file":351,"line":360,"context":172},78,{"file":351,"line":362,"context":172},108,{"file":351,"line":362,"context":172},{"file":351,"line":80,"context":172},{"file":351,"line":366,"context":172},140,{"file":351,"line":366,"context":172},{"file":351,"line":369,"context":172},168,{"file":351,"line":369,"context":172},{"file":351,"line":372,"context":172},176,{"file":351,"line":374,"context":172},177,{"file":351,"line":120,"context":172},{"file":351,"line":120,"context":172},{"file":351,"line":130,"context":172},{"file":351,"line":379,"context":172},203,{"file":351,"line":381,"context":172},205,{"file":351,"line":383,"context":172},215,{"file":351,"line":385,"context":172},217,{"file":351,"line":387,"context":172},227,{"file":351,"line":220,"context":172},{"file":351,"line":390,"context":172},241,{"file":351,"line":230,"context":172},{"file":351,"line":393,"context":172},282,{"file":351,"line":395,"context":172},286,{"file":351,"line":397,"context":172},291,{"file":351,"line":399,"context":172},296,{"file":351,"line":239,"context":172},{"file":351,"line":402,"context":172},304,{"file":351,"line":404,"context":172},331,{"file":351,"line":404,"context":172},{"file":351,"line":407,"context":172},337,{"file":351,"line":409,"context":172},347,{"file":351,"line":409,"context":172},{"file":351,"line":412,"context":172},355,{"file":351,"line":412,"context":172},{"file":351,"line":415,"context":172},367,{"file":351,"line":417,"context":172},373,{"file":419,"line":154,"context":172},"templates\\admin\\tabs\\search.php",{"file":419,"line":421,"context":172},23,{"file":419,"line":421,"context":172},{"file":419,"line":178,"context":172},{"file":419,"line":425,"context":172},44,{"file":419,"line":262,"context":172},{"file":419,"line":428,"context":172},63,{"file":419,"line":428,"context":172},{"file":419,"line":431,"context":172},76,{"file":419,"line":431,"context":172},{"file":419,"line":434,"context":172},80,{"file":419,"line":434,"context":172},{"file":419,"line":437,"context":172},88,{"file":419,"line":439,"context":172},89,{"file":419,"line":439,"context":172},{"file":419,"line":439,"context":172},{"file":419,"line":443,"context":172},93,{"file":419,"line":445,"context":172},95,{"file":419,"line":445,"context":172},{"file":419,"line":448,"context":172},96,{"file":419,"line":448,"context":172},{"file":419,"line":451,"context":172},101,{"file":419,"line":451,"context":172},{"file":419,"line":451,"context":172},{"file":419,"line":288,"context":172},{"file":419,"line":288,"context":172},{"file":419,"line":288,"context":172},{"file":419,"line":292,"context":172},{"file":419,"line":292,"context":172},{"file":419,"line":292,"context":172},{"file":419,"line":461,"context":172},113,{"file":419,"line":461,"context":172},{"file":419,"line":461,"context":172},{"file":419,"line":465,"context":172},117,{"file":419,"line":465,"context":172},{"file":419,"line":465,"context":172},{"file":419,"line":84,"context":172},{"file":419,"line":84,"context":172},{"file":419,"line":84,"context":172},{"file":472,"line":91,"context":172},"templates\\front\\list.php",{"file":474,"line":252,"context":172},"templates\\front\\property.php",{"file":474,"line":252,"context":172},{"file":474,"line":171,"context":172},{"file":474,"line":58,"context":172},{"file":474,"line":58,"context":172},{"file":474,"line":61,"context":172},{"file":474,"line":61,"context":172},{"file":474,"line":425,"context":172},{"file":474,"line":483,"context":172},69,{"file":474,"line":277,"context":172},{"file":474,"line":486,"context":172},83,{"file":474,"line":488,"context":172},87,{"file":474,"line":488,"context":172},[],[492,510,519,531,540,548],{"entryPoint":493,"graph":494,"unsanitizedCount":14,"severity":509},"save_options (includes\\wpimmo-process.php:13)",{"nodes":495,"edges":507},[496,502],{"id":497,"type":498,"label":499,"file":500,"line":501},"n0","source","$_REQUEST['wpimmo_custom_data']","includes\\wpimmo-process.php",16,{"id":503,"type":504,"label":505,"file":500,"line":501,"wp_function":506},"n1","sink","update_option() [Settings Manipulation]","update_option",[508],{"from":497,"to":503,"sanitized":142},"low",{"entryPoint":511,"graph":512,"unsanitizedCount":23,"severity":509},"\u003Cwpimmo-process> (includes\\wpimmo-process.php:0)",{"nodes":513,"edges":516},[514,515],{"id":497,"type":498,"label":499,"file":500,"line":501},{"id":503,"type":504,"label":505,"file":500,"line":501,"wp_function":506},[517],{"from":497,"to":503,"sanitized":518},true,{"entryPoint":520,"graph":521,"unsanitizedCount":154,"severity":509},"\u003Cwpimmo-widgets> (includes\\wpimmo-widgets.php:0)",{"nodes":522,"edges":529},[523,526],{"id":497,"type":498,"label":524,"file":48,"line":525},"$_GET (x2)",212,{"id":503,"type":504,"label":527,"file":48,"line":220,"wp_function":528},"echo() [XSS]","echo",[530],{"from":497,"to":503,"sanitized":142},{"entryPoint":532,"graph":533,"unsanitizedCount":14,"severity":509},"\u003Cgroups> (templates\\admin\\tabs\\groups.php:0)",{"nodes":534,"edges":538},[535,537],{"id":497,"type":498,"label":536,"file":311,"line":154},"$_SERVER['REQUEST_URI']",{"id":503,"type":504,"label":527,"file":311,"line":154,"wp_function":528},[539],{"from":497,"to":503,"sanitized":142},{"entryPoint":541,"graph":542,"unsanitizedCount":14,"severity":509},"\u003Cmain> (templates\\admin\\tabs\\main.php:0)",{"nodes":543,"edges":546},[544,545],{"id":497,"type":498,"label":536,"file":351,"line":154},{"id":503,"type":504,"label":527,"file":351,"line":154,"wp_function":528},[547],{"from":497,"to":503,"sanitized":142},{"entryPoint":549,"graph":550,"unsanitizedCount":14,"severity":509},"\u003Csearch> (templates\\admin\\tabs\\search.php:0)",{"nodes":551,"edges":554},[552,553],{"id":497,"type":498,"label":536,"file":419,"line":154},{"id":503,"type":504,"label":527,"file":419,"line":154,"wp_function":528},[555],{"from":497,"to":503,"sanitized":142},{"summary":557,"deductions":558},"The \"wp-immo\" v1.1.4 plugin exhibits a mixed security posture.  While it has no recorded historical vulnerabilities, indicating a potentially stable development history, the static analysis reveals significant areas of concern.  The plugin has a small but concerning attack surface, with 2 AJAX handlers, both of which lack authentication checks. This immediately exposes them to unauthorized execution, a critical weakness.  Furthermore, the taint analysis indicates 5 out of 6 flows have unsanitized paths, though none reached critical or high severity. This suggests a potential for input validation issues that could be exploited if they were to lead to more severe consequences.  The low percentage of properly escaped output (19%) is also a worrying sign, increasing the risk of cross-site scripting (XSS) vulnerabilities, especially when combined with unsanitized input paths.  While the plugin avoids dangerous functions and has no bundled libraries, the lack of robust authentication on AJAX endpoints and the prevalence of unsanitized paths present immediate risks that outweigh the absence of known CVEs.",[559,561,564],{"reason":560,"points":11},"AJAX handlers without auth checks",{"reason":562,"points":563},"Flows with unsanitized paths (5\u002F6)",8,{"reason":565,"points":566},"Low percentage of properly escaped output",7,"2026-03-16T23:58:55.007Z",{"wat":569,"direct":586},{"assetPaths":570,"generatorPatterns":577,"scriptPaths":578,"versionParams":579},[571,572,573,574,575,576],"\u002Fwp-content\u002Fplugins\u002Fwp-immo\u002Fcss\u002Fwpimmo.css","\u002Fwp-content\u002Fplugins\u002Fwp-immo\u002Fgenericons\u002Fgenericons.css","\u002Fwp-content\u002Fplugins\u002Fwp-immo\u002Fjs\u002Fjquery-ui\u002Fjquery.ui.progressbar.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-immo\u002Fjs\u002Fjquery-ui\u002Fjquery.ui.progressbar.min.1.7.2.js","\u002Fwp-content\u002Fplugins\u002Fwp-immo\u002Fjs\u002Fjquery-ui\u002Fredmond\u002Fjquery-ui-1.7.2.custom.css","\u002Fwp-content\u002Fplugins\u002Fwp-immo\u002Fjs\u002Fwpimmo-admin.js",[],[576],[580,581,582,583,584,585],"wp-immo\u002Fcss\u002Fwpimmo.css?ver=","wp-immo\u002Fgenericons\u002Fgenericons.css?ver=","wp-immo\u002Fjs\u002Fjquery-ui\u002Fjquery.ui.progressbar.min.js?ver=","wp-immo\u002Fjs\u002Fjquery-ui\u002Fjquery.ui.progressbar.min.1.7.2.js?ver=","wp-immo\u002Fjs\u002Fjquery-ui\u002Fredmond\u002Fjquery-ui-1.7.2.custom.css?ver=","wp-immo\u002Fjs\u002Fwpimmo-admin.js?ver=",{"cssClasses":587,"htmlComments":590,"htmlAttributes":591,"restEndpoints":592,"jsGlobals":593,"shortcodeOutput":598},[588,589],"wpimmo_informations","wpimmo_images",[],[589],[],[594,595,596,597],"wpimmo.ajaxurl","wpimmo.l10n","wpimmo.fields","wpimmo.taxonomies",[],{"error":518,"url":600,"statusCode":601,"statusMessage":602,"message":602},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-immo\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":23,"versions":604},[]]