[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8jajS7H-8cJ9jUkXalRpGQL7a15_eLA1XQTZ1Wp3r5s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":136,"fingerprints":238},"apoyl-grabdouyin","[凹凸曼]一键采集抖音视频","1.1.0","apoyl","https:\u002F\u002Fprofiles.wordpress.org\u002Fapoyl\u002F","\u003Cp>通过抖音分享视频链接，一键采集抖音视频到自己网站上，非常方便实用的工具。\u003C\u002Fp>\n\u003Ch3>插件功能\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>支持编辑器下面输入抖音链接，一键采集抖音视频（一键抓取抖音视频）到网站上，并快捷发布，提供使用者效率\u003C\u002Fli>\n\u003Cli>支持视频本地化，这样及时抖音平台关闭分享，网站上也可以继续播放视频\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>此插件特此申明：方便用户抓取合规及原创作者授权抖音视频，请勿把文章用于商业及非法用途。\u003C\u002Fp>\n","通过抖音分享视频链接，一键采集抖音视频到自己网站上，非常方便实用的工具。",20,1309,0,"2024-11-20T14:17:00.000Z","6.7.5","6.0","7.4",[19,20,21,22],"douyin","%e9%87%87%e9%9b%86","%e6%8a%93%e5%8f%96","%e6%8a%96%e9%9f%b3","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapoyl-grabdouyin.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},27,710,100,30,94,"2026-04-04T18:17:35.934Z",[37,52,76,98,119],{"slug":38,"name":39,"version":40,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":46,"requires_at_least":16,"requires_php":17,"tags":47,"homepage":50,"download_link":51,"security_score":32,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"apoyl-grabtoutiao","[凹凸曼]一键采集今日头条文章","1.3.0","\u003Cp>在编辑器里输入今日头条文章链接，点击采集今日头条文章就自动抓取到编辑器里,非常方便用户获取今日头条文章内容.\u003C\u002Fp>\n\u003Ch3>功能概述\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>支持编辑器旁边显示 输入今日头条文章链接\u003C\u002Fli>\n\u003Cli>支持block块编辑器和经典编辑器一键抓取今日头条文章\u003C\u002Fli>\n\u003Cli>支持一键今日头条文章的文字\u003C\u002Fli>\n\u003Cli>支持一键采集今日头条文章的的图文+\u003C\u002Fli>\n\u003Cli>支持今日头条文章图片自动本地化转换\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>以上功能部分免费,点击购买付费版：\u003Ca href=\"http:\u002F\u002Fwww.girltm.com\u002F\" rel=\"nofollow ugc\">凹凸曼插件\u003C\u002Fa>\u003Cbr \u002F>\n也可以加开发者QQ：3201361925 email: 3201361925@qq.com\u003C\u002Fp>\n\u003Cp>此插件特此申明：方便用户采集合规及原创作者授权今日头条内容，请勿把文章用于商业及非法用途。\u003C\u002Fp>\n","在编辑器里输入今日头条文章链接，点击采集今日头条文章就自动抓取到编辑器里,非常方便用户获取今日头条文章内容.",10,1277,"2025-04-24T02:04:00.000Z","6.8.5",[20,48,21,49],"toutiao","%e4%bb%8a%e6%97%a5%e5%a4%b4%e6%9d%a1%e6%96%87%e7%ab%a0","http:\u002F\u002Fwww.girltm.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapoyl-grabtoutiao.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":34,"num_ratings":62,"last_updated":63,"tested_up_to":15,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":71,"download_link":72,"security_score":73,"vuln_count":74,"unpatched_count":13,"last_vuln_date":75,"fetched_at":27},"fat-rat-collect","胖鼠采集(Fat Rat Collect)","2.7.5","KitePig","https:\u002F\u002Fprofiles.wordpress.org\u002Ffbtopcn\u002F","\u003Cp>胖鼠采集(\u003Ca href=\"https:\u002F\u002Fwww.fatrat.cn\" rel=\"nofollow ugc\">Fat Rat Collect\u003C\u002Fa>) 是一款能够帮助你网站自动化的采集工具. 开源作品, 支持采集所有网站列表及详情页面 它拥有微信、简书、知乎、列表、历史、详情、等多种采集方式、还有自动采集, 自动发布, 自动打标签, 等许多黑科技功能, 一次创建规则, 后续省心省力. 还有许多演示例子，一键可用。如: 微信、简书、知乎、御龙在天、寻仙、虎扑等许多例子、快去享受吧!\u003C\u002Fp>\n\u003Ch4>神奇之处\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>微信公众号文章采集 – 强大的Jquery可以处理各种版权信息, 纵享丝滑.\u003C\u002Fli>\n\u003Cli>简书文章采集 – 强大的Jquery可以处理内容各种图片, 柔顺到底.\u003C\u002Fli>\n\u003Cli>知乎问答采集 – 强大的Jquery可以处理各种你不想要的东西, 一键爽歪歪.\u003C\u002Fli>\n\u003Cli>(独家主打) 列表采集，历史采集 \u003Ca href=\"https:\u002F\u002Fwww.fatrat.cn\u002Fdocs\u002Fv2\u002Flist-paging-collection\" rel=\"nofollow ugc\">视频文字教程\u003C\u002Fa>– 只需轻轻一点. 数不清的文章就来了.\u003C\u002Fli>\n\u003Cli>(独家主打) 详情页面文章采集 – 任何网站十秒搞定\u003C\u002Fli>\n\u003Cli>(独家主打) \u003Ca href=\"https:\u002F\u002Fwww.fatrat.cn\u002Fdocs\u002Fv2\u002Flist-paging-collection\" rel=\"nofollow ugc\">分页爬取\u003C\u002Fa> – 历史数据, 也不放过. 一网打尽\u003C\u002Fli>\n\u003Cli>(胖鼠主打) 自动采集 – 一键启动不放过每一份数据.\u003C\u002Fli>\n\u003Cli>(胖鼠主打) 自动发布 – 您省心省力好帮手.\u003C\u002Fli>\n\u003Cli>(独家主打) 调试模式 – 新建规则好帮手, 采集结果好伙伴.\u003C\u002Fli>\n\u003Cli>(独家主打) 体验例子 – 一键体验胖鼠.\u003C\u002Fli>\n\u003Cli>(主打主打) 文章自动添加, \u003Ca href=\"https:\u002F\u002Fwww.fatrat.cn\u002Fdocs\u002Fv2\u002Fdynamic-content\" rel=\"nofollow ugc\">动态内容\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.fatrat.cn\u002Fdocs\u002Fv2\u002Fauto-tags\" rel=\"nofollow ugc\">自动标签\u003C\u002Fa>, 标签内链, 优化SEO.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 文章滤重 – 支持.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 自动特色图片 – 支持.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 采集图片加入媒体库 – 支持.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 数据处理 – 完美支持Html Jquery\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 内容关键字过滤替换 伪原创 – 支持.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 自定义采集任何可见网站 – 完美支持.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 自定义文章图片链接类型 – 支持.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 内容详情页数据分页采集 – 支持.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 关键词随机插入, 可指定关键词或A标签关键词随机插入文章正文中 – 支持.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 图片本地下载, 支持使用其他插件上传(阿里云OSS、又拍云云存储, 七牛对象存储), 并可突破图片防盗链.\u003C\u002Fli>\n\u003Cli>(胖鼠采集) 相比其它采集器如: 火车头、神箭手、后羿、八爪鱼、以及一些伪原创采集工具, 胖鼠采集简单易用, 功能强大，是您建站的好帮手\u003C\u002Fli>\n\u003Cli>(重磅重磅) 胖鼠采集完全基于Wordpress, 安装即用, 开源作品\u003C\u002Fli>\n\u003Cli>(声明声明) 如你的PHP版本小于PHP71, 请移步胖鼠采集的Github下载使用胖鼠v5版本 分支名: based_php_5.6, 不再更新v5版本，不推荐\u003C\u002Fli>\n\u003Cli>(声明声明) 胖鼠采集初衷为参考学习交流; 请大家遵纪守法. 抵制违法犯罪.\u003C\u002Fli>\n\u003Cli>(声明声明) 胖鼠采集开源可供您查阅代码, 或者二次开发使用供您使用, 但不可修改源码后用于商业行为.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>胖鼠采集系统架构\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>系统分为五大块.\u003C\u002Fli>\n\u003Cli>① 采集中心, 配置各种特色配置来采集数据.\u003C\u002Fli>\n\u003Cli>② 配置中心, 为采集中心提供采集规则.\u003C\u002Fli>\n\u003Cli>③ 数据桶,   数据管理中心 此模块控制采集数据.\u003C\u002Fli>\n\u003Cli>④ Debugging, 此模块用于大家调试规则.\u003C\u002Fli>\n\u003Cli>⑤ 胖鼠工具箱, 此模块是胖鼠特色小功能.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>使用谨记\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>采集是一件极其消耗系统资源的事情，尤其是图片下载。\u003C\u002Fli>\n\u003Cli>新鼠友, 可一键体验例子. 例子运行正确, 那就专心写规则吧.\u003C\u002Fli>\n\u003Cli>本工具仅供学习参考, 作者不承担任何风险.\u003C\u002Fli>\n\u003C\u002Ful>\n","胖鼠采集(Fat Rat Collect) 是一款能够帮助你网站自动化的采集工具. 支持采集、微信、简书、知乎、自定义列表页、自定义详情页面、还有许多特色功能、 还可一键采集历史文章, 一键设置自动采集, 自动发布, 为您节省精力, 快来体验一下吧!",1000,71965,46,"2025-10-30T08:23:00.000Z","4.6","7.2",[67,20,68,69,70],"%e7%9f%a5%e4%b9%8e%e9%87%87%e9%9b%86","%e5%88%97%e8%a1%a8%e9%87%87%e9%9b%86","%e5%be%ae%e4%bf%a1%e5%85%ac%e4%bc%97%e5%8f%b7%e6%96%87%e7%ab%a0%e9%87%87%e9%9b%86","%e6%89%b9%e9%87%8f%e9%87%87%e9%9b%86","https:\u002F\u002Fwww.fatrat.cn","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffat-rat-collect.zip",99,2,"2024-11-12 13:26:04",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":60,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":46,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":96,"vuln_count":74,"unpatched_count":13,"last_vuln_date":97,"fetched_at":27},"keydatas","简数采集器","2.6.4","zhengdon","https:\u002F\u002Fprofiles.wordpress.org\u002Fzhengdon\u002F","\u003Cp>简数(\u003Ca href=\"http:\u002F\u002Fwww.keydatas.com?utm_source=wordpress\" rel=\"nofollow ugc\">keydatas.com\u003C\u002Fa>)是一个通用、简单、智能、在线的网页数据采集器，主要功能特性：\u003Cbr \u002F>\n1.采集不需安装软件，不用研究网页源代码，在线选取、点击，保存，就可以实现采集；\u003Cbr \u002F>\n2.支持按关键词采集，输入关键词即可采集；\u003Cbr \u002F>\n3.智能识别数据和规则，包括：列表页、翻页和详情页（标题、正文、作者、时间等）；\u003Cbr \u002F>\n4.定时自动采集更新；\u003Cbr \u002F>\n5.图片支持下载到（阿里云OSS、七牛对象存储、腾讯云COS、又拍云）；\u003Cbr \u002F>\n6.支持对接多种AI大模型API，轻松进行内容生成创作。AI支持：DeepSeek、百度文心一言、Kimi、豆包、通义千问、5118、讯飞星火大模型等。\u003Cbr \u002F>\n7.相比其它采集器，简数采集器更加简单易用，功能同样强大，且没有繁杂的流程；\u003Cbr \u002F>\n8.其它相关：火车头、八爪鱼、后羿；\u003Cbr \u002F>\n9.realation: caiji,seo,mip,keyword,description,jianshu,weixin,wechat,robot,spider,jinritoutiao,taobaoke,aliyun,qiniu,tengxunyun,baidu,huochetou,houyicaiji,shenjian,CSDN,cnblogs,zhihu,jianshu,wenzhang,gongzhonghao,locoy,bazhuayu,shenjianshou,wpspider,WP-AutoPost(WP-AutoBlog),WP-Jpost,5118,QQWorld.\u003Cbr \u002F>\n10.SEO Plugin,huochetou,google XML sitemap,WP Baidu Map,baiduxzh,Sitemap,baidu-submit-link,AutoTags,Github.\u003Cbr \u002F>\nautospider,fanyi,Translate,LightSNS,collect\u003Cbr \u002F>\n11.wordpress插件推荐：百度熊掌号,百度推送,WordPress HTTPS (SSL),wp encrypt,really simple ssl,WPJAM-Basic,wp-super-cache,WP Rocket,All-in-One SEO Pack,login LockDown,Comments Link Redirect,Add Post URL,BackWPup,DX-auto-publish,Link Manager,No Category Parents,Platinum SEO Pack,WP Keyword Link,Yet Another Related Posts Plugin,Fix image width,Role Manager,Search & Replace,WordPress Database Backup,WP-PostViews,WP PHP widget,Baidu Sitemap Generator,DB Cache Reloaded Fix + Hyper Cache,SEO Friendly Images,BackWPup,Simple URLs,Redirection.\u003C\u002Fp>\n","简数采集器不仅提供网页文章全自动采集、定时采集等基本功能，还创新实现了智能识别和鼠标可视化点选生成采集规则(不用手写规则)、书签一键采集等特色功能，大幅提升了采集配置效率。",88985,86,6,"2025-11-21T11:01:00.000Z","4.1","5.2",[91,20,92,93],"%e7%ae%80%e6%95%b0","%e6%95%b0%e6%8d%ae%e9%87%87%e9%9b%86","%e6%96%87%e7%ab%a0%e9%87%87%e9%9b%86","http:\u002F\u002Fwww.keydatas.com\u002Fcaiji\u002Fwordpress-cms-caiji","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeydatas.zip",93,"2025-11-20 19:31:53",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":32,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":23,"requires_php":23,"tags":111,"homepage":116,"download_link":117,"security_score":25,"vuln_count":108,"unpatched_count":13,"last_vuln_date":118,"fetched_at":27},"wxsync","WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买","2.8.2","cnfang","https:\u002F\u002Fprofiles.wordpress.org\u002Fcnfang\u002F","\u003Cp>微信公众号文章,任意公众号自动采集付费购买,手动采集服务永久免费,付费地址是:http:\u002F\u002Fstd.cloud,插件设置面板将自动提示最新版本,会自动请求第三方服务器地址:http:\u002F\u002Fstd.cloud\u002Fweb\u002Fver\u003C\u002Fp>\n","标准云微信公众号文章采集与自动同步插件,手动采集永久免费,自动同步采集可按月收费",500,30061,1,"2025-03-19T08:12:00.000Z","6.3.8",[112,113,114,115,92],"%e5%85%8d%e8%b4%b9","%e5%85%ac%e4%bc%97%e5%8f%b7%e6%96%87%e7%ab%a0%e9%87%87%e9%9b%86","%e5%be%ae%e4%bf%a1%e5%85%ac%e4%bc%97%e5%8f%b7","%e5%be%ae%e4%bf%a1%e5%85%ac%e4%bc%97%e5%8f%b7%e9%87%87%e9%9b%86","http:\u002F\u002Fstd.cloud","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwxsync.2.8.2.zip","2023-08-09 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":32,"downloaded":127,"rating":13,"num_ratings":13,"last_updated":128,"tested_up_to":46,"requires_at_least":129,"requires_php":17,"tags":130,"homepage":134,"download_link":135,"security_score":32,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"import-articles-from-wechat","导入微信文章 (Import Articles from WeChat)","1.8.6","Y阳胜S君","https:\u002F\u002Fprofiles.wordpress.org\u002Fxiaozhai001\u002F","\u003Cp>Have you ever wanted to back up or share a great article from WeChat to your own WordPress site? “Import Articles from WeChat” makes it incredibly easy.\u003C\u002Fp>\n\u003Cp>Just paste the article’s URL, and this plugin will automatically fetch:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Title\u003C\u002Fstrong> and \u003Cstrong>Publish Date\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full Content\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Featured Image\u003C\u002Fstrong> (set automatically)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>All inline images\u003C\u002Fstrong> (downloaded to your media library)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin simulates a real browser’s behavior, including handling cookies, to reliably fetch images that are usually protected by anti-hotlinking measures. All content will be safely saved as a draft post, ready for you to edit and publish.\u003C\u002Fp>\n\u003Cp>[中文描述]\u003C\u002Fp>\n\u003Cp>您是否曾想过将一篇精彩的微信文章备份或分享到自己的 WordPress 网站上？“导入微信文章”插件让这一切变得无比简单。\u003C\u002Fp>\n\u003Cp>您只需粘贴文章的链接，点击导入，插件便会自动抓取：\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>文章标题\u003C\u002Fstrong>和\u003Cstrong>原始发布时间\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>完整的正文内容\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>封面图\u003C\u002Fstrong> (自动设为特色图片)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>文章内的所有图片\u003C\u002Fstrong> (自动下载到您的媒体库)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>本插件通过模拟真实浏览器的行为（包含Cookie处理），能够可靠地抓取通常受防盗链保护的图片，确保导入内容的完整性。所有内容都会被安全地存为一篇草稿，方便您后续编辑和发布。\u003C\u002Fp>\n","A simple yet powerful tool to import articles from WeChat Official Accounts into your WordPress site, including all content and images.",1225,"2025-11-12T06:21:00.000Z","5.0",[20,131,132,114,133],"wechat","%e5%af%bc%e5%85%a5","%e5%be%ae%e4%bf%a1%e5%85%ac%e4%bc%97%e5%8f%b7%e6%96%87%e7%ab%a0","https:\u002F\u002Fanjir.top\u002F?p=100","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimport-articles-from-wechat.1.8.6.zip",{"attackSurface":137,"codeSignals":159,"taintFlows":174,"riskAssessment":228,"analyzedAt":237},{"hooks":138,"ajaxHandlers":151,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":108,"unprotectedCount":108},[139,145,148],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","plugins_loaded","anonymous","includes\\grabdouyin.php",49,{"type":140,"name":146,"callback":142,"file":143,"line":147},"admin_menu",54,{"type":140,"name":149,"callback":142,"file":143,"line":150},"admin_init",55,[152],{"action":153,"nopriv":154,"callback":142,"hasNonce":154,"hasCapCheck":154,"file":143,"line":155},"apoyl_grabdouyin_ajax",false,56,[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":13,"externalRequests":108,"nonceChecks":74,"capabilityChecks":13,"bundledLibraries":173},[],{"prepared":13,"raw":13,"locations":162},[],{"escaped":164,"rawEcho":74,"locations":165},15,[166,170],{"file":167,"line":168,"context":169},"admin\\admin.php",95,"raw output",{"file":171,"line":172,"context":169},"admin\\partials\\setting.php",29,[],[175,198,215],{"entryPoint":176,"graph":177,"unsanitizedCount":108,"severity":197},"apoyl_grabdouyin_ajax (admin\\admin.php:75)",{"nodes":178,"edges":194},[179,184,188],{"id":180,"type":181,"label":182,"file":167,"line":183},"n0","source","$_POST",82,{"id":185,"type":186,"label":187,"file":167,"line":183},"n1","transform","→ httpGet()",{"id":189,"type":190,"label":191,"file":167,"line":192,"wp_function":193},"n2","sink","wp_remote_get() [SSRF]",108,"wp_remote_get",[195,196],{"from":180,"to":185,"sanitized":154},{"from":185,"to":189,"sanitized":154},"medium",{"entryPoint":199,"graph":200,"unsanitizedCount":108,"severity":197},"\u003Cadmin> (admin\\admin.php:0)",{"nodes":201,"edges":210},[202,204,205,206,208],{"id":180,"type":181,"label":182,"file":167,"line":203},81,{"id":185,"type":190,"label":191,"file":167,"line":192,"wp_function":193},{"id":189,"type":181,"label":182,"file":167,"line":183},{"id":207,"type":186,"label":187,"file":167,"line":183},"n3",{"id":209,"type":190,"label":191,"file":167,"line":192,"wp_function":193},"n4",[211,213,214],{"from":180,"to":185,"sanitized":212},true,{"from":189,"to":207,"sanitized":154},{"from":207,"to":209,"sanitized":154},{"entryPoint":216,"graph":217,"unsanitizedCount":13,"severity":227},"\u003Csetting> (admin\\partials\\setting.php:0)",{"nodes":218,"edges":225},[219,221],{"id":180,"type":181,"label":182,"file":171,"line":220},17,{"id":185,"type":190,"label":222,"file":171,"line":223,"wp_function":224},"update_option() [Settings Manipulation]",22,"update_option",[226],{"from":180,"to":185,"sanitized":212},"low",{"summary":229,"deductions":230},"The \"apoyl-grabdouyin\" plugin v1.1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, avoiding file operations, and having a high percentage of properly escaped output. The absence of known CVEs and a clean vulnerability history further suggest a relatively stable codebase. However, significant concerns arise from the static analysis. The plugin has a single entry point via an AJAX handler that lacks any authentication checks. This unprotected endpoint represents a critical attack vector that could be exploited by unauthenticated users. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating a potential for malicious data to be processed without proper validation, although these are not classified as critical or high severity.",[231,234],{"reason":232,"points":233},"Unprotected AJAX handler",8,{"reason":235,"points":236},"Unsanitized paths in taint flows",5,"2026-03-16T22:52:08.559Z",{"wat":239,"direct":248},{"assetPaths":240,"generatorPatterns":243,"scriptPaths":244,"versionParams":245},[241,242],"\u002Fwp-content\u002Fplugins\u002Fapoyl-grabdouyin\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fapoyl-grabdouyin\u002Fadmin\u002Fjs\u002Fadmin.js",[],[],[246,247],"apoyl-grabdouyin\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","apoyl-grabdouyin\u002Fadmin\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":249,"htmlComments":251,"htmlAttributes":252,"restEndpoints":254,"jsGlobals":256,"shortcodeOutput":258},[250],"apoyl-grabdouyin-editor-url",[],[253],"data-nonce",[255],"\u002Fwp-json\u002Fapoyl-grabdouyin\u002Fv1\u002Fajax",[257],"apoyl_grabdouyin_ajax_object",[]]