[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnY93EsYNNZGwgEiJ1vIyLkrUeiFNaN8LtkQLOpP8ams":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":138,"fingerprints":216},"access-fotoweb-media","FotoWare WordPress Lite","2.0.0","ViitorCloud Technologies Pvt Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fviitorcloudvc\u002F","\u003Cp>The Plugin’s WordPress editor button connector for FotoWare allows users to include images directly from the Fotoweb DAM, into the WordPress platform.\u003C\u002Fp>\n\u003Cp>In the current plugin version, only, images are supported and are not imported in the WordPress Library, but stay in the Fotoweb repository.\u003C\u002Fp>\n\u003Cp>The plugin relays on FotoWare API to connect it and follows security protocols based on FotoWare data privacy guidelines. \u003Ca href=\"https:\u002F\u002Fwww.FotoWare.com\u002Fcompany\u002Flegal\u002Fprivacy-policy\" rel=\"nofollow ugc\">FotoWare\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>For further details and to add FotoWare URL, Client ID, Client Secret from FotoWare Account please review documentation by FotoWare. \u003Ca href=\"https:\u002F\u002Flearn.FotoWare.com\u002F\" rel=\"nofollow ugc\">FotoWare\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>No coding required.\u003C\u002Fp>\n\u003Cp>Compatible with Visual Editor and HTML Editor only.\u003C\u002Fp>\n\u003Cp>Required to connect with FotoWare through FotoWare settings.\u003C\u002Fp>\n\u003Cp>Required FotoWare URL, Client ID, Client Secret from FotoWare Account.\u003C\u002Fp>\n\u003Ch4>Get Involved\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fviitorcloud.com\u002F\" rel=\"nofollow ugc\">ViitorCloud\u003C\u002Fa> believes in active community support. So, with our plugins, we aim to try to make life easy for developers & customers. Subscribe to our newsletter for more updates.\u003C\u002Fp>\n\u003Ch4>Advance Features (Pro Version)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Supports Gutenberg (Popular default editor of WordPress). \u003C\u002Fli>\n\u003Cli>Best Compatible with all posts, pages, and custom post types of WordPress.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress Multisite Subdomain\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Enables multilingual support and is compatible with Popular Plugin “WPML”.\u003C\u002Fp>\n\u003Cp>Please visit \u003Ca href=\"https:\u002F\u002Fviitorcloud.com\u002Fvcstore\" rel=\"nofollow ugc\">Fotoware WordPress Premium\u003C\u002Fa>  to buy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","The Plugin's WordPress editor button connector for FotoWare allows users to include images directly from the Fotoweb DAM, into the WordPress plat &hellip;",10,1879,0,"2024-05-31T05:22:00.000Z","6.5.8","3.8","",[19,20,21],"dam","fotoware","upload-image-from-fotoware","https:\u002F\u002Fviitorcloud.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-fotoweb-media.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"viitorcloudvc",3120,89,30,86,"2026-04-04T05:41:04.924Z",[36,59,83,102,122],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"podamibe-custom-user-gravatar","Podamibe Custom User Gravatar","1.0.8","Podamibe Nepal","https:\u002F\u002Fprofiles.wordpress.org\u002Fpodamibe\u002F","\u003Cp>This is a plugin that allows users to upload their own gravatar in the media gallery and displays that image as gravatar instead of grabbing avatar from gravatar.com based on their registered email.\u003C\u002Fp>\n\u003Cp>You can also use the default gravatar by disabling custom gravatar.\u003C\u002Fp>\n","Replace Gravatar with custom picture in your gallery",3000,78301,100,5,"2019-05-22T03:28:00.000Z","5.0.25","3.7.0",[52,53,54,55],"change-gravatar","custom-gravatar","gravatar","podamibe","http:\u002F\u002Fpodamibenepal.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpodamibe-custom-user-gravatar.1.0.8.zip",85,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":79,"download_link":80,"security_score":58,"vuln_count":81,"unpatched_count":13,"last_vuln_date":82,"fetched_at":26},"adamrob-parallax-scroll","Parallax Scroll by adamrob.co.uk","3.0.1","adamrob","https:\u002F\u002Fprofiles.wordpress.org\u002Fadamrob\u002F","\u003Cp>Parallax Scroll; the easiest way to get a parallax scrolling background image for an element on your page\u002Fposts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Examples include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create a header text with a parallax scrolling background.\u003C\u002Fli>\n\u003Cli>Create a full section containing any content with a parallax scrolling background.\u003C\u002Fli>\n\u003Cli>Give single elements of your pages a parallax scrolling background.\u003C\u002Fli>\n\u003Cli>Ideal for sites with sections.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simply create the content required in the custom Parallax Scroll post type.\u003C\u002Fli>\n\u003Cli>The Parallax Scroll admin page will display the shortcode required for all Parallax Scroll post types defined. Copy this shortcode, and paste it into any page or post.\u003C\u002Fli>\n\u003Cli>Alternatively you can use the plugin directly in your php code. Implement it straight into your theme!\u003C\u002Fli>\n\u003Cli>Thats it!\u003C\u002Fli>\n\u003C\u002Ful>\n","Create a header, or custom post\u002Fpage with a scrolling parallax background. All with a simple shortcode.",1000,175847,84,21,"2019-03-09T13:09:00.000Z","5.1.0","4.0",[63,75,76,77,78],"header","image","parallax","scroll","https:\u002F\u002Fwww.adamrob.co.uk\u002Fparallax-scroll","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadamrob-parallax-scroll.zip",1,"2019-02-03 00:00:00",{"slug":84,"name":85,"version":86,"author":85,"author_profile":87,"description":88,"short_description":89,"active_installs":46,"downloaded":90,"rating":13,"num_ratings":13,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":17,"tags":94,"homepage":98,"download_link":99,"security_score":31,"vuln_count":100,"unpatched_count":13,"last_vuln_date":101,"fetched_at":26},"canto","Canto","3.1.1","https:\u002F\u002Fprofiles.wordpress.org\u002Fflightbycanto\u002F","\u003Cp>Simplify collaboration: Publish media from Canto to WordPress. Browse\u002Fsearch your library directly. Inserted images save to WordPress.\u003C\u002Fp>\n","Find & publish creative assets to WordPress easily, no email or folder search needed, with Canto's digital asset management.",14826,"2025-12-23T05:35:00.000Z","6.8.5","5.0",[84,19,95,96,97],"digital-asset-management","file-storage","photo-library","https:\u002F\u002Fwww.canto.com\u002Fintegrations\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcanto.3.1.1.zip",7,"2024-06-13 15:59:14",{"slug":103,"name":104,"version":105,"author":104,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":46,"num_ratings":81,"last_updated":111,"tested_up_to":92,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":120,"download_link":121,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"ci-hub-connector","CI HUB Connector","1.2.106","https:\u002F\u002Fprofiles.wordpress.org\u002Fcihubconnector\u002F","\u003Cp>Work better with images, text and video by connecting your WordPress Site to your cloud storage or the stock media platform of your choice. Easy, fast, and simple!\u003C\u002Fp>\n\u003Ch3>CI HUB is the ultimate digital supply chain connector handling images, Graphics Stock Media, and more.\u003C\u002Fh3>\n\u003Cp>The CI HUB Connector is an enterprise level productivity tool that allows you to connect to Images, Templates, Graphics, etc. Access your Assets and drag assets into the website you work in.\u003Cbr \u002F>\nCI HUB Connector synchronizes your WordPress Media Library to the connected services. If there is a new version of an image, or if there are changes to the copyright of an image you are using, CI HUB will tell you.\u003Cbr \u002F>\nThe plugin also keeps your website up to date. CI HUB Connector synchronizes your WordPress Media library in Sync with your DAM\u002FMAM\u002FPIM or Cloud Storage.\u003Cbr \u002F>\nCheck out the CI HUB Connector here \u003Ca href=\"https:\u002F\u002Fci-hub.com\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>Access assets directly. Connect to Images, Templates, Graphics, and Text from your DAM\u002FMAM\u002FPIM or Cloud Storage, directly in WordPress Bi-directional.\u003Cbr \u002F>\nDownload, make changes, and upload back to your repository Metadata. Linked metadata can be transformed into styled content.\u003C\u002Fp>\n\u003Ch3>Main Benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simplifies daily work.\u003C\u002Fli>\n\u003Cli>Streamlines workflows.\u003C\u002Fli>\n\u003Cli>Connects internal and external units.\u003C\u002Fli>\n\u003Cli>Consistent and compliant asset handling.\u003C\u002Fli>\n\u003Cli>Track Copyright changes to know you are using licensed imaging\u003C\u002Fli>\n\u003Cli>Ensures production on demand.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>We are already connected to:\u003C\u002Fh3>\n\u003Cp>Dropbox, Google Drive, Google Photos, Pixelboxx, Picturepark, Bynder, Asana, Workfront, eye base, MyView, SiteFusion, Adobe Stock, Getty-Images, iStock, Bandmaster, Brandfolder, CELUM ContentHub, Sharedien, Aprimo, SiteCore, WebDAM, Adobe Creative Cloud Library, Adobe Lightroom see more \u003Ca href=\"https:\u002F\u002Fci-hub.com\u002Fci-hub-integrations-to-the-leading-data-source-systems\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>We are integrated in:\u003C\u002Fh3>\n\u003Cp>Adobe CC, Microsoft365, Google Workspace, Figma, Sketch, with many more coming soon\u003C\u002Fp>\n\u003Ch3>Free Trial and Subscription Payment:\u003C\u002Fh3>\n\u003Cp>All first-time users receive a 30-day free trial upon registration\u002Fcreation of a CI HUB ID.\u003Cbr \u002F>\nPayment via credit card is required upon the conclusion of the trial period to continue use. The amount is €10,50\u002Fmonth\u002FYearly invoiced, plus applicable taxes.\u003Cbr \u002F>\nThe costs are not for downloading the plugin, as it is only the subscription to CI HUB that incurs the cost stated above.\u003Cbr \u002F>\nCorporate plans are available on request at sales@ci-hub.com.\u003C\u002Fp>\n\u003Ch3>Important notes:\u003C\u002Fh3>\n\u003Cp>To connect the CI HUB Connector to one of the selected third-party system, you may need a login\u002Fuser account with that system. The availability and\u002For the right to connect to the third-party system is not part of the CI HUB Connector or the CI HUB Services. There may be an additional cost and\u002For agreements with the provider of the third-party system to use the third-party system. CI HUB reserves the right to remove the third-party system from the list of available systems or add new third-party systems at any time and without prior notice. To use CI HUB Connector, a connection to the Internet is required at all times. (Corporate setups with Proxy or Firewalls are available on request)\u003Cbr \u002F>\nTo see Demo-Video, Tutorials, and more, go to \u003Ca href=\"https:\u002F\u002Fci-hub.com\u002Fci-hub-how-to-tutorial\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fci-hub.com\u002Fci-hub-how-to-tutorial\u002F\u003C\u002Fa> or visit our Youtube Channel.\u003C\u002Fp>\n\u003Ch4>Try it for FREE for 30 Days.\u003C\u002Fh4>\n\u003Ch3>Shortcodes:\u003C\u002Fh3>\n\u003Ch4>Metadata shortcode “cihub_metadata”:\u003C\u002Fh4>\n\u003Ch4>Attribute: id\u003C\u002Fh4>\n\u003Cp>Required: false\u003Cbr \u002F>\nDefault: Current Post ID\u003Cbr \u002F>\nDescription: The ID of the attachment. If empty, the ID of the current post will be used.\u003C\u002Fp>\n\u003Ch4>Attribute: key\u003C\u002Fh4>\n\u003Cp>Required: true\u003Cbr \u002F>\nDefault: –\u003Cbr \u002F>\nDescription: The key of the metadata field.\u003C\u002Fp>\n\u003Ch4>Attribute: wrapper\u003C\u002Fh4>\n\u003Cp>Required: false\u003Cbr \u002F>\nDefault: div\u003Cbr \u002F>\nDescription: Use “” or “false” to remove the wrapper element.\u003C\u002Fp>\n\u003Ch4>Attribute: mode\u003C\u002Fh4>\n\u003Cp>Required: false\u003Cbr \u002F>\nDefault: value\u003Cbr \u002F>\nDescription: “value” => metadata value \u002F name => localized name for key \u002F entry => full metadata entry\u003C\u002Fp>\n\u003Ch4>Attribute: htmlattributes\u003C\u002Fh4>\n\u003Cp>Required: false\u003Cbr \u002F>\nDefault: –\u003Cbr \u002F>\nDescription: Comma separated list of HTML attributes.\u003C\u002Fp>\n\u003Ch4>Attribute: content\u003C\u002Fh4>\n\u003Cp>Required: false\u003Cbr \u002F>\nDefault: true\u003Cbr \u002F>\nDescription: Use “” or “false” to disable insertion of content inside the wrapper element.\u003C\u002Fp>\n\u003Ch4>Attribute: throwerror\u003C\u002Fh4>\n\u003Cp>Required: false\u003Cbr \u002F>\nDefault: true\u003Cbr \u002F>\nDescription: Use “” or “false” to disable errors and use fallback instead.\u003C\u002Fp>\n\u003Ch4>Attribute: fallback\u003C\u002Fh4>\n\u003Cp>Required: false\u003Cbr \u002F>\nDefault: –\u003Cbr \u002F>\nDescription: Used in combination with throwerror = “false” as a fallback for a not existing value.\u003Cbr \u002F>\n\u003Cbr \u002F>\nAll occurrences of “{metadata}” will be replaced with the result of the shortcode for the corresponding key specified with the attribute “key”.\u003C\u002Fp>\n\u003Cp>All occurrences of “{metadata.key}” will be replaced with the result of the shortcode for the key specified after the dot.\u003C\u002Fp>\n\u003Ch3>Actions:\u003C\u002Fh3>\n\u003Ch4>Action: com_ci_hub_upload_asset\u003C\u002Fh4>\n\u003Cp>Params: post_id (Integer)\u003Cbr \u002F>\nDescription: Triggered after an asset was uploaded to the media library.\u003C\u002Fp>\n\u003Ch4>Action: com_ci_hub_relink_item\u003C\u002Fh4>\n\u003Cp>Params: post_id (Integer)\u003Cbr \u002F>\nDescription: Triggered after an asset in the media library was relinked.\u003C\u002Fp>\n","Work better with images, text and video by connecting your WordPress Site to your cloud storage or the stock media platform of your choice.",90,3454,"2025-07-18T09:13:00.000Z","4.1","5.6",[115,116,117,118,119],"connector","dam-mam-pim","drag-and-drop","metadata","synchronization","https:\u002F\u002Fci-hub.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fci-hub-connector.1.2.106.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":109,"downloaded":130,"rating":13,"num_ratings":13,"last_updated":131,"tested_up_to":92,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":17,"download_link":137,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"pixx-io","pixx.io","2.1.1","pixx.io GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixxio\u002F","\u003Cp>Integrate pixx.io DAM Digital Asset Management into WordPress. Use files from your pixx.io media pool with WordPress easily and without any detour.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>You can easily import image files into your WordPress library with our plugin.\u003C\u002Fp>\n\u003Cp>If you use Gutenberg or the Classic Editor, you can import the images directly from pixx.io into your media library and use them from there.\u003C\u002Fp>\n\u003Cp>Otherwise you can just import the images in the media overview.\u003C\u002Fp>\n\u003Cp>When importing into your WordPress library you can choose the file format. Also, there is a preview to choose from where your image will be imported in JPEG format with a maximum width of 1000px.\u003C\u002Fp>\n","Integrate pixx.io DAM Digital Asset Management into WordPress. Use files from your pixx.io media pool with WordPress easily and without any detour.",2261,"2025-11-12T09:48:00.000Z","6.0","7.4",[19,95,135,136],"pixx","pixxio","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpixx-io.2.1.1.zip",{"attackSurface":139,"codeSignals":164,"taintFlows":202,"riskAssessment":203,"analyzedAt":215},{"hooks":140,"ajaxHandlers":160,"restRoutes":161,"shortcodes":162,"cronEvents":163,"entryPointCount":13,"unprotectedCount":13},[141,148,152,156],{"type":142,"name":143,"callback":144,"priority":145,"file":146,"line":147},"action","media_buttons","login_fotoweb_button",15,"fotoware-main.php",43,{"type":142,"name":149,"callback":150,"file":151,"line":145},"admin_init","register_settings_and_fields","fotoware-options.php",{"type":142,"name":153,"callback":154,"file":151,"line":155},"admin_menu","add_menu_page",16,{"type":142,"name":157,"callback":158,"file":151,"line":159},"admin_enqueue_scripts","fw_media_include",126,[],[],[],[],{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":168,"fileOperations":200,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":201},[],{"prepared":13,"raw":13,"locations":167},[],{"escaped":13,"rawEcho":145,"locations":169},[170,173,175,177,179,181,183,185,186,188,189,191,194,196,198],{"file":146,"line":171,"context":172},59,"raw output",{"file":146,"line":174,"context":172},60,{"file":146,"line":176,"context":172},62,{"file":146,"line":178,"context":172},63,{"file":146,"line":180,"context":172},64,{"file":146,"line":182,"context":172},65,{"file":146,"line":184,"context":172},69,{"file":151,"line":69,"context":172},{"file":151,"line":187,"context":172},87,{"file":151,"line":109,"context":172},{"file":151,"line":190,"context":172},93,{"file":192,"line":193,"context":172},"fotoware-selection.php",25,{"file":192,"line":195,"context":172},27,{"file":192,"line":197,"context":172},31,{"file":192,"line":199,"context":172},70,2,[],[],{"summary":204,"deductions":205},"The \"access-fotoweb-media\" v2.0.0 plugin exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly reduces the immediate attack surface. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries, indicating a strong defense against SQL injection vulnerabilities.  The lack of any recorded vulnerabilities (CVEs) or common vulnerability types, coupled with no recent security incidents, suggests a well-maintained and secure codebase.\n\nHowever, a significant concern arises from the complete lack of output escaping for all 15 identified output points. This represents a critical weakness that could allow for Cross-Site Scripting (XSS) attacks if any of the data being outputted originates from user-controlled input or external sources. Additionally, the absence of any nonce checks or capability checks on any code signals, while seemingly mitigated by the zero entry points, means that if any new entry points were inadvertently introduced or if the existing zero entry points were exploitable through an indirect path, there would be no built-in protection against unauthorized actions or data manipulation.  The presence of file operations without explicit security checks also warrants caution, as improper handling could lead to unauthorized file access or modification.\n\nIn conclusion, while the plugin is commendably free of known vulnerabilities and secure in its handling of database interactions and attack surface minimization, the critical deficiency in output escaping presents a substantial risk. The lack of authorization checks, though currently theoretical due to the limited attack surface, remains a potential area for concern should the plugin evolve or be misused. Addressing the output escaping issue should be the highest priority for improving the plugin's security.",[206,208,210,212],{"reason":207,"points":145},"100% of outputs are not properly escaped",{"reason":209,"points":47},"No nonce checks present",{"reason":211,"points":47},"No capability checks present",{"reason":213,"points":214},"File operations present without context",3,"2026-03-17T00:49:08.694Z",{"wat":217,"direct":224},{"assetPaths":218,"generatorPatterns":220,"scriptPaths":221,"versionParams":222},[219],"\u002Fwp-content\u002Fplugins\u002Faccess-fotoweb-media\u002Fcss\u002Ffotoware-media.css",[],[],[223],"access-fotoweb-media\u002Fcss\u002Ffotoware-media.css?ver=",{"cssClasses":225,"htmlComments":228,"htmlAttributes":229,"restEndpoints":234,"jsGlobals":235,"shortcodeOutput":236},[226,227],"fotoware-setting","fotoware-setting-form",[],[230,231,232,233],"name=\"fotoweb_plugin_options[fw_url]\"","name=\"fotoweb_plugin_options[client_id]\"","name=\"fotoweb_plugin_options[client_secret]\"","name=\"fotoweb_plugin_options[wordpress_url]\"",[],[],[]]