[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPhGgyFxmfmqb1rS6M4z4VkO6UnJyQb8TADZ4qkdMgs0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":62,"crawl_stats":37,"alternatives":69,"analysis":168,"fingerprints":260},"wp-mapa-politico-spain","WP Mapa Politico España","3.8.1","Juan Carlos","https:\u002F\u002Fprofiles.wordpress.org\u002Fjcglp\u002F","\u003Cp>Este plugin permite insertar un mapa político de España en post o páginas.\u003C\u002Fp>\n\u003Cp>En la página del plugin se pueden definir los titles e hipervínculos de cada una de las provincias.\u003C\u002Fp>\n","Inserta una imagen de un mapa político de España, con áreas definidas sobre las provincias sobre las que se pueden definir hipervínculos.",400,16550,100,26,"2025-05-07T06:30:00.000Z","6.8.5","4.6","5.2.4",[20,21,22,23],"comunidades","espana","mapa","provincias","https:\u002F\u002Fpisanowp.com\u002Fmapa-de-provincias\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mapa-politico-spain.zip",98,2,0,"2025-05-19 00:00:00","2026-03-15T15:16:48.613Z",[32,47],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-48259","wp-mapa-politico-espaa-cross-site-request-forgery","WP Mapa Politico España \u003C= 3.8.0 - Cross-Site Request Forgery","The WP Mapa Politico España plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=3.8.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-05-28 17:04:25",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2389eaae-374a-41c1-b28e-595841cda9a2?source=api-prod",10,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2021-24609","mapa-politico-espaa-stored-cross-site-scripting","Mapa Politico España \u003C 3.7.0 - Stored Cross-Site Scripting","The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed","\u003C3.7.0","3.7.0",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2021-08-05 00:00:00","2024-01-22 19:56:02",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbd2f7567-a438-417b-bf0f-dec7a9f098b2?source=api-prod",901,{"slug":63,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":64,"avg_security_score":65,"avg_patch_time_days":66,"trust_score":67,"computed_at":68},"jcglp",450,99,456,78,"2026-04-04T11:48:09.235Z",[70,93,111,131,149],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":13,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":90,"download_link":91,"security_score":92,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wc-provincia-canton-distrito","WC Provincia Canton Distrito","1.5.4","Keylor Mendoza","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeylorcr\u002F","\u003Cp>Manage your custom states, cities, and postcodes by countries from a .json file that it can be moved to your theme using hooks or managed them by the plugin settings.\u003C\u002Fp>\n\u003Cp>Available into My account, Shipping calculator form, and the Checkout.\u003C\u002Fp>\n\u003Cp>It started working only for Costa Rica but now it is compatible with multi countries.\u003C\u002Fp>\n\u003Cp>Check or request a custom PRO add-on \u003Ca href=\"https:\u002F\u002Fkeylormendoza.com\u002Fpro-add-ons\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features And Options:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Multicountry compatible.\u003C\u002Fli>\n\u003Cli>Postcode loaded from the selected location.\u003C\u002Fli>\n\u003Cli>Filters and actions are available.\u003C\u002Fli>\n\u003Cli>Also available for admin orders edition\u003C\u002Fli>\n\u003Cli>Shared locations for Ecuador, Guatemala, Peru and Nicaragua are available \u003Ca href=\"https:\u002F\u002Fkeylormendoza.com\u002Fhow-to\u002Fstate-and-cities-locations\u002F#wcpcd-locations\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to populate your custom states, cities, and postcodes for WooCommerce.",1000,16709,5,"2025-02-17T00:30:00.000Z","6.7.5","4.7","",[86,87,88,23,89],"canton","cities","distrito","states","https:\u002F\u002Fkeylormendoza.com\u002Fwoocommerce\u002Fwc-provincia-canton-distrito\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-provincia-canton-distrito.1.5.4.zip",92,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":13,"downloaded":101,"rating":13,"num_ratings":27,"last_updated":102,"tested_up_to":103,"requires_at_least":17,"requires_php":104,"tags":105,"homepage":108,"download_link":109,"security_score":110,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"provinces-and-districts-of-panama-for-woocommerce","Provinces and Districts of Panama for WooCommerce","1.0.4","Yordan Soares","https:\u002F\u002Fprofiles.wordpress.org\u002Fyordansoares\u002F","\u003Cp>This plugin allows you to choose the \u003Cstrong>Provinces, Districts and Corregimientos of Panama\u003C\u002Fstrong> as a dropdown menu in the \u003Cstrong>WooCommerce address forms\u003C\u002Fstrong>. It also makes filterable the \u003Cstrong>Province\u003C\u002Fstrong> and \u003Cstrong>Districts-Corregimiento\u003C\u002Fstrong> fields to enhance the \u003Cstrong>user experience\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Additionally it adds the \u003Cstrong>Provinces\u003C\u002Fstrong> to the \u003Cstrong>Shipping Zones\u003C\u002Fstrong> (The Districts and Corregimientos are not compatible with this area).\u003C\u002Fp>\n","Provinces, Districts and Corregimientos of Panama for WooCommerce.",2856,"2022-02-21T04:36:00.000Z","5.9.13","7.0",[106,107],"panama-provinces-and-districts","provincias-y-distritos-de-panama","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprovinces-and-districts-of-panama-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprovinces-and-districts-of-panama-for-woocommerce.1.0.4.zip",85,{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":84,"tags":126,"homepage":129,"download_link":130,"security_score":110,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"provincias-de-ecuador-para-woocommerce","Provincias de Ecuador para WooCommerce","1.1","icampana","https:\u002F\u002Fprofiles.wordpress.org\u002Ficampana\u002F","\u003Cp>Dentro de la instalación de Woocommerce cambia el campo State\u002FEstado y lo cambia por Provincias, así como agrega la lista de las 24 Provincias de Ecuador\u003C\u002Fp>\n","Agrega las Provincias de Ecuador a WooCommerce",70,2189,80,1,"2019-02-28T23:58:00.000Z","5.1.22","3.0.1",[127,23,128],"ecuador","woocommerce","http:\u002F\u002Fdomo.ec","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprovincias-de-ecuador-para-woocommerce.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":46,"downloaded":139,"rating":28,"num_ratings":28,"last_updated":84,"tested_up_to":140,"requires_at_least":125,"requires_php":84,"tags":141,"homepage":146,"download_link":147,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":148},"localizaciones-fotografia","Localizaciones Fotografía","0.1","subexpuestaweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fsubexpuestaweb\u002F","\u003Cp>Inserta en tu web de una manera rápida y sencilla un mapa con todas aquellas localizaciones de fotografía nocturna que tengas alojadas en www.subexpuesta.com\u003C\u002Fp>\n","Inserta en tu web un mapa todas las localizaciones que tengas subidas en www.subexpuesta.com",1863,"4.2.39",[142,143,22,144,145],"fotografia","localizaciones","mapa-con-localizaciones","subexpuesta","http:\u002F\u002Fwww.subexpuesta.com\u002Fplugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocalizaciones-fotografia.zip","2026-03-15T10:48:56.248Z",{"slug":150,"name":151,"version":152,"author":153,"author_profile":154,"description":155,"short_description":156,"active_installs":28,"downloaded":157,"rating":28,"num_ratings":28,"last_updated":158,"tested_up_to":16,"requires_at_least":159,"requires_php":84,"tags":160,"homepage":166,"download_link":167,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"hostpn","Hospedajes España – HOSTPN","1.0.0","Félix Martínez","https:\u002F\u002Fprofiles.wordpress.org\u002Ffelixmartinez\u002F","\u003Cp>The Hospedajes España – HOSTPN application has been created to allow the sending of the information required by Royal Decree 933\u002F2021, of October 26, which establishes the documentary and information registration obligations of natural or legal persons who carry out lodging and motor vehicle rental activities.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin stands on the shoulders of giants\u003C\u002Fp>\n\u003Cp>Tooltipster v4.2.8 – A rockin’ custom tooltip jQuery plugin\u003Cbr \u002F>\nDeveloped by Caleb Jacob and Louis Ameline\u003Cbr \u002F>\nMIT license\u003Cbr \u002F>\nhttps:\u002F\u002Fcalebjacob.github.io\u002Ftooltipster\u002F\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fcalebjacob\u002Ftooltipster\u002Fblob\u002Fmaster\u002Fdist\u002Fjs\u002Ftooltipster.main.js\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fcalebjacob\u002Ftooltipster\u002Fblob\u002Fmaster\u002Fdist\u002Fcss\u002Ftooltipster.main.css\u003C\u002Fp>\n\u003Cp>Owl Carousel v2.3.4\u003Cbr \u002F>\nLicensed under: SEE LICENSE IN https:\u002F\u002Fgithub.com\u002FOwlCarousel2\u002FOwlCarousel2\u002Fblob\u002Fmaster\u002FLICENSE\u003Cbr \u002F>\nCopyright 2013-2018 David Deutsch\u003Cbr \u002F>\nhttps:\u002F\u002Fowlcarousel2.github.io\u002FOwlCarousel2\u002F\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FOwlCarousel2\u002FOwlCarousel2\u002Fblob\u002Fdevelop\u002Fdist\u002Fowl.carousel.js\u003C\u002Fp>\n\u003Cp>Trumbowyg v2.27.3 – A lightweight WYSIWYG editor\u003Cbr \u002F>\nalex-d.github.io\u002FTrumbowyg\u002F\u003Cbr \u002F>\nLicense MIT – Author : Alexandre Demode (Alex-D)\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FAlex-D\u002FTrumbowyg\u002Fblob\u002Fdevelop\u002Fsrc\u002Fui\u002Fsass\u002Ftrumbowyg.scss\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FAlex-D\u002FTrumbowyg\u002Fblob\u002Fdevelop\u002Fsrc\u002Fui\u002Fsass\u002Ftrumbowyg.scss\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FAlex-D\u002FTrumbowyg\u002Fblob\u002Fdevelop\u002Fsrc\u002Ftrumbowyg.js\u003C\u002Fp>\n","Allow you to ask for, save and send the information required by spanish Royal Decree 933\u002F2021, of October 26.",704,"2026-01-09T12:40:00.000Z","3.5",[161,162,163,164,165],"check-in","hospedajes-espana","host-register","hosting","spain","https:\u002F\u002Fpadresenlanube.com\u002Fplugins\u002Fhostpn\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhostpn.zip",{"attackSurface":169,"codeSignals":215,"taintFlows":223,"riskAssessment":251,"analyzedAt":259},{"hooks":170,"ajaxHandlers":207,"restRoutes":208,"shortcodes":209,"cronEvents":214,"entryPointCount":122,"unprotectedCount":28},[171,178,182,186,189,192,197,201,204],{"type":172,"name":173,"callback":174,"priority":175,"file":176,"line":177},"action","init","init_settings",11,"includes\\class-wp-mapa-politico-settings.php",45,{"type":172,"name":179,"callback":180,"file":176,"line":181},"admin_init","register_settings",48,{"type":172,"name":183,"callback":184,"file":176,"line":185},"admin_menu","add_menu_item",51,{"type":172,"name":187,"callback":187,"priority":46,"file":188,"line":13},"admin_enqueue_scripts","includes\\class-wp-mapa-politico.php",{"type":172,"name":187,"callback":190,"priority":46,"file":188,"line":191},"admin_enqueue_styles",101,{"type":193,"name":194,"callback":195,"priority":46,"file":188,"line":196},"filter","plugin_row_meta","donate_link",110,{"type":193,"name":198,"callback":198,"priority":46,"file":199,"line":200},"wpmps_establecer_links_provincias","includes\\shortcodes.php",215,{"type":193,"name":202,"callback":202,"priority":46,"file":199,"line":203},"wpmps_provincia_link",222,{"type":193,"name":205,"callback":205,"priority":46,"file":199,"line":206},"wpmps_map_provincias_style",225,[],[],[210],{"tag":211,"callback":212,"file":199,"line":213},"wpmps-map","wpmps_show_map",3,[],{"dangerousFunctions":216,"sqlUsage":217,"outputEscaping":219,"fileOperations":28,"externalRequests":122,"nonceChecks":122,"capabilityChecks":28,"bundledLibraries":222},[],{"prepared":28,"raw":28,"locations":218},[],{"escaped":220,"rawEcho":28,"locations":221},54,[],[],[224,243],{"entryPoint":225,"graph":226,"unsanitizedCount":28,"severity":242},"settings_page (includes\\class-wp-mapa-politico-settings.php:310)",{"nodes":227,"edges":239},[228,233],{"id":229,"type":230,"label":231,"file":176,"line":232},"n0","source","$_REQUEST",320,{"id":234,"type":235,"label":236,"file":176,"line":237,"wp_function":238},"n1","sink","echo() [XSS]",431,"echo",[240],{"from":229,"to":234,"sanitized":241},true,"low",{"entryPoint":244,"graph":245,"unsanitizedCount":28,"severity":242},"\u003Cclass-wp-mapa-politico-settings> (includes\\class-wp-mapa-politico-settings.php:0)",{"nodes":246,"edges":249},[247,248],{"id":229,"type":230,"label":231,"file":176,"line":232},{"id":234,"type":235,"label":236,"file":176,"line":237,"wp_function":238},[250],{"from":229,"to":234,"sanitized":241},{"summary":252,"deductions":253},"The \"wp-mapa-politico-spain\" plugin v3.8.1 presents a mixed security posture.  On the positive side, the static analysis reveals strong coding practices. There are no dangerous functions identified, all SQL queries utilize prepared statements, and all output is properly escaped.  Furthermore, the plugin demonstrates a very limited attack surface with only one shortcode and no AJAX handlers or REST API routes exposed without proper authentication or permission checks. The taint analysis also shows no critical or high severity flows with unsanitized paths, indicating good input handling within the analyzed code paths.\n\nHowever, the plugin's historical vulnerability record raises significant concerns.  With two known medium-severity CVEs, even though they are currently patched, this suggests a history of exploitable flaws.  The common vulnerability types, Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS), are indicative of potential weaknesses in how user input is handled or how actions are validated, despite the current static analysis showing no issues in these areas.  The most recent vulnerability being dated in 2025 also implies potential for future discoveries or that the listed CVEs might be older and not reflective of the current codebase's state without a more granular look at the specific CVEs and their resolutions.  While the current version appears to have addressed past issues, the history warrants vigilance.\n\nIn conclusion, \"wp-mapa-politico-spain\" v3.8.1 exhibits good current development practices with a small attack surface and robust input sanitization in its analyzed code.  This is a significant strength.  However, its past vulnerability history, particularly the presence of medium-severity CSRF and XSS issues, cannot be overlooked. This suggests that developers should remain vigilant and consider thorough security audits for this plugin, especially if significant updates or new features are introduced. The plugin's external HTTP request without explicit mention of its purpose or validation also warrants a minor point of attention.",[254,257],{"reason":255,"points":256},"Two known medium-severity CVEs historically",20,{"reason":258,"points":80},"External HTTP request without clear context","2026-03-16T19:45:59.930Z",{"wat":261,"direct":269},{"assetPaths":262,"generatorPatterns":264,"scriptPaths":265,"versionParams":266},[263],"\u002Fwp-content\u002Fplugins\u002Fwp-mapa-politico-spain\u002Fjs\u002Fsettings.js",[],[263],[267,268],"wp-mapa-politico-spain\u002Fstyle.css?ver=","wp-mapa-politico-spain\u002Fjs\u002Fsettings.js?ver=",{"cssClasses":270,"htmlComments":271,"htmlAttributes":272,"restEndpoints":274,"jsGlobals":275,"shortcodeOutput":277},[],[],[273],"data-token",[],[276],"WP_Mapa_Politico",[278],"[mapa_politico_spain]"]