[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjd4coIIvMGk5ts1n-Q6RANxtpT9v0GV4a_GddQUc_qA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":40,"fingerprints":84},"xllentech-upcoming-events","Xllentech Upcoming Events","1.2.5","Abbas","https:\u002F\u002Fprofiles.wordpress.org\u002Fxllentech\u002F","\u003Cp>Xllentech Upcoming Events Plugin shows fixed number of upcoming Islamic events at any time. It stores list of events in an array in php file. The plugin checks for the upcoming events in the file and shows fixed number of upcoming events throughout the year.\u003C\u002Fp>\n\u003Cp>It’s very easy to add or remove event from the data file with php editor. The plugin doesn’t perform database operation that makes it very efficient.\u003C\u002Fp>\n\u003Cp>Please Note that this plugin requires \u003Ca href=\"https:\u002F\u002Fwp-plugins.xllentech.com\u002Fxllentech-english-islamic-calendar\u002F\" rel=\"nofollow ugc\">Xllentech English Islamic Calendar plugin\u003C\u002Fa> installed, because of it’s use for Islamic dates.\u003C\u002Fp>\n\u003Ch4>View Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-plugins.xllentech.com\u002Fxllentech-english-islamic-calendar\u002F\" rel=\"nofollow ugc\">Xllentech Calendar Basic\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Extensions galore\u003C\u002Fh4>\n\u003Cp>Some amazing ADD-ONs you might be interested in:\u003C\u002Fp>\n\u003Cp>The Pro Version of the calendar provides next month and previous month links, so that viewers can go back or forward for any past or future months with no limit. Also show Today’s Date as colored box on the Calendar. And much more..Visit the link below.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-plugins.xllentech.com\u002Fxllentech-calendar-pro\u002F\" rel=\"nofollow ugc\">XllenTech Calendar Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Datepicker Pro extension can be used to display Calendar Pop-up with English and Islamic Dates in your contact forms\u002Fbooking calendar\u002Fevent calendar, Your customer will have ability to choose date with better accuracy with Islamic dates displayed alongside English date. You can choose English or Islamic date to be filled in the date field when your customer selects the date.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-plugins.xllentech.com\u002Fenglish-islamic-datepicker\u002F\" rel=\"nofollow ugc\">XllenTech Datepicker Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin Developed by:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fxllentech.com\u002F\" rel=\"nofollow ugc\">IT Support Company Calgary\u003C\u002Fa>\u003Cbr \u002F>\nOur Other IT Services:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fxllentech.com\u002Fit-services\u002F\" title=\"IT Services Canada\" rel=\"nofollow ugc\">IT Services Canada\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fxllentech.com\u002Fabout-us\u002F\" title=\"Onsite IT Support USA & Canada\" rel=\"nofollow ugc\">Onsite IT Support USA & Canada\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fxllentech.com\u002Fit-services\u002Fvoip-phone-system\u002F\" title=\"VoIP Phone System\" rel=\"nofollow ugc\">VoIP Phone System\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fxllentech.com\u002Fit-services\u002Fmanaged-it\u002F\" title=\"Managed IT Services Calgary\" rel=\"nofollow ugc\">Managed IT Services Calgary\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fxllentech.com\u002Fit-services\u002Fit-consultancy\u002F\" title=\"IT Consultancy Calgary\" rel=\"nofollow ugc\">IT Consultancy Calgary\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fxllentech.com\u002Fit-services\u002Fcyber-security-company-calgary\u002F\" title=\"Cyber Security Calgary\" rel=\"nofollow ugc\">Cyber Security Calgary\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fverifiableletter.com\u002F\" title=\"Online Company Letterhead\" rel=\"nofollow ugc\">Online Company Letterhead\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fxllentech.com\u002Fit-services\u002Fcloud-computing\u002F\" title=\"Cloud Migration Calgary\" rel=\"nofollow ugc\">Cloud Migration Calgary\u003C\u002Fa>\u003C\u002Fp>\n","Xllentech Upcoming Events shows fixed number of Upcoming Islamic Events at any time, out of the php file events data. Sample data file included.",10,3300,100,1,"2024-09-05T04:49:00.000Z","6.6.5","3.0","",[20,21,22,23],"islamic-events","upcoming-event-plugin","upcoming-islamic-events","xllentech-islamic-events","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fxllentech-upcoming-events\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxllentech-upcoming-events.1.2.5.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"xllentech",3,140,97,971,77,"2026-04-04T16:31:34.206Z",[],{"attackSurface":41,"codeSignals":57,"taintFlows":71,"riskAssessment":72,"analyzedAt":83},{"hooks":42,"ajaxHandlers":53,"restRoutes":54,"shortcodes":55,"cronEvents":56,"entryPointCount":27,"unprotectedCount":27},[43,49],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","widgets_init","xllentech_upcoming_events_widget","xllentech-upcoming-events.php",225,{"type":44,"name":50,"callback":51,"file":47,"line":52},"wp_enqueue_scripts","xllentech_upcoming_events_css",233,[],[],[],[],{"dangerousFunctions":58,"sqlUsage":59,"outputEscaping":68,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":70},[],{"prepared":27,"raw":33,"locations":60},[61,64,66],{"file":47,"line":62,"context":63},157,"$wpdb->get_results() with variable interpolation",{"file":47,"line":65,"context":63},172,{"file":47,"line":67,"context":63},201,{"escaped":33,"rawEcho":27,"locations":69},[],[],[],{"summary":73,"deductions":74},"Based on the static analysis and vulnerability history, the \"xllentech-upcoming-events\" plugin version 1.2.5 exhibits a generally good security posture with several positive indicators. Notably, the plugin has a zero attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events that are not protected by authentication or permission checks. Furthermore, all identified output is properly escaped, and there are no indications of dangerous functions, file operations, or external HTTP requests. The absence of any known vulnerabilities or CVEs in its history is also a strong positive sign, suggesting diligent security practices during development and maintenance.\n\nHowever, there are critical areas for concern. The most significant issue is the presence of three SQL queries that are not using prepared statements. This practice is highly risky and makes the plugin susceptible to SQL injection vulnerabilities, especially given the lack of other identified entry points which might have mitigated this risk. The absence of nonce checks and capability checks across all entry points, while not a direct vulnerability in this specific version due to the zero attack surface, represents a potential weakness if new entry points are added in the future without proper security considerations. The taint analysis also showing zero flows is positive, but this is likely a consequence of the limited attack surface and should not be relied upon as a sole indicator of safety without considering the raw SQL issue.\n\nIn conclusion, while the \"xllentech-upcoming-events\" plugin has a clean history and minimal apparent external attack vectors, the use of raw SQL queries without prepared statements introduces a significant, exploitable risk. This oversight overshadows the otherwise positive aspects of the plugin's security. Future development should prioritize addressing this critical SQL injection vulnerability and ensuring that any new functionalities include appropriate authorization and validation mechanisms.",[75,78,81],{"reason":76,"points":77},"Raw SQL queries without prepared statements",15,{"reason":79,"points":80},"No nonce checks on entry points",5,{"reason":82,"points":80},"No capability checks on entry points","2026-03-17T00:48:15.981Z",{"wat":85,"direct":92},{"assetPaths":86,"generatorPatterns":88,"scriptPaths":89,"versionParams":90},[87],"\u002Fwp-content\u002Fplugins\u002Fxllentech-upcoming-events\u002Fjs\u002Fxllentech-upcoming-events.js",[],[87],[91],"xllentech-upcoming-events\u002Fjs\u002Fxllentech-upcoming-events.js?ver=",{"cssClasses":93,"htmlComments":97,"htmlAttributes":98,"restEndpoints":99,"jsGlobals":100,"shortcodeOutput":101},[46,94,95,96],"xllentech_upcoming_events","xllentech-event-desc","xllentech-event-date",[],[],[],[],[]]