[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9qIe4NRUw7DfvO6OaDjyB3div1aUwp7eLJrz44YTB8Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":140,"fingerprints":204},"attributron-2000","Attributron 2000","1.0.0.2","Derrick Tennant","https:\u002F\u002Fprofiles.wordpress.org\u002Femrikol\u002F","\u003Cp>This plugin adds attribution inputs to the media uploader and “edit media” page. It includes a number of creative common license, public domain, fair use, and standard copyright. It will link back to the author’s page at either the end of a post\u002Fpage and\u002For the attachment page. If you have a Flickr API key, it can automatically pull information for Flickr images (copyright, author name, title, description, etc).\u003Cbr \u002F>\nIt adds a few settings to the Media settings page.  You can add a Flickr API key, or display Creative Common logos for their respective licenses.\u003C\u002Fp>\n\u003Cp>To style the attributions, I’ve added these CSS classes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>a2k-container – A div that contains all of the other elements\u003C\u002Fli>\n\u003Cli>a2k-sources – Contains the text “Source:” or “Sources:” depending on the context\u003C\u002Fli>\n\u003Cli>a2k-title – The attachment title\u003C\u002Fli>\n\u003Cli>a2k-copyright – The copyright information.  It may or may not contain an img tag, depending on your settings\u003C\u002Fli>\n\u003Cli>a2k-author – The author information.  If an author link is provded, it will contain an a tag.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Feel free to contact me, emrikol@gmail.com, if you have any problems or questions.\u003C\u002Fp>\n","Easily add attribution to attachments and have them displayed on your posts.",10,2390,80,1,"2012-05-08T19:06:00.000Z","3.3.2","3.3.1","",[20,21,22,23],"attachments","attribution","creative-commons","images","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fattributron-2000.1.0.0.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"emrikol",4,40,30,84,"2026-04-04T17:26:29.485Z",[38,60,83,104,121],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"lightbox-photoswipe","Lightbox with PhotoSwipe","5.8.3","Arno Welzel","https:\u002F\u002Fprofiles.wordpress.org\u002Fawelzel\u002F","\u003Cp>This plugin integrates PhotoSwipe to WordPress. All linked images in a post or page will be displayed using PhotoSwipe, regardless if they are part of a gallery or single images.\u003C\u002Fp>\n\u003Cp>More about the original version of PhotoSwipe see here: \u003Ca href=\"http:\u002F\u002Fphotoswipe.com\" rel=\"nofollow ugc\">http:\u002F\u002Fphotoswipe.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can also display EXIF data from supported image types.\u003C\u002Fp>\n\u003Cp>As of version 4.0.0 this plugin requires at least WordPress 5.3 and PHP 7.0. Older PHP version will cause problems. In this case you have to upgrade your PHP version or ask your hoster to do so. Please note that WordPress itself also recommends at least PHP 7.4 – see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please keep in mind: not the visible thumbnail is relevant, but only the image link. Images should always be linked to the file and not to the attachment page. Since version 5.6.1 there is an option to fix attachment links which can be enabled if needed – however this may slow down your website since then all links on a page will be checked if they are attachment links.\u003C\u002Fp>\n","Integration of PhotoSwipe (http:\u002F\u002Fphotoswipe.com) for WordPress.",20000,937902,98,113,"2026-02-26T16:27:00.000Z","6.9.4","5.3",[20,54,23,55,56],"gallery","lightbox","photoswipe","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flightbox-photoswipe\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flightbox-photoswipe.5.8.3.zip",100,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":81,"last_vuln_date":82,"fetched_at":28},"import-external-attachments","Import external attachments","1.5.12","ryanpcmcquen","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanpcmcquen\u002F","\u003Cp>Makes local copies of all the linked images and pdfs in a post, adding them as gallery attachments.\u003C\u002Fp>\n\u003Cp>Source & support:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fryanpcmcquen\u002Fimport-external-attachments\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is based on the work done in the “Import External Images” plugin by MartyThornley.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002FMartyThornley\u003C\u002Fp>\n\u003Cp>HTTPS support added by IvanDoomer:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FIvanDoomer\u003C\u002Fp>\n\u003Cp>PDF support added by bengreeley:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fbengreeley\u003C\u002Fp>\n\u003Cp>Most of the JavaScript was rewritten from the original plugin, to reduce the\u003Cbr \u002F>\nnumber of global variables.\u003C\u002Fp>\n","Makes local copies of all the linked images and pdfs in a post, adding them as gallery attachments.",2000,24175,86,26,"2017-02-24T14:39:00.000Z","4.4.34","3.2",[20,54,23,76,77],"photo","photobloggers","https:\u002F\u002Fgithub.com\u002Fryanpcmcquen\u002Fimport-external-attachments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimport-external-attachments.zip",41,2,"2025-12-14 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":35,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":102,"download_link":103,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"comment-image","Comment Image","1.2.3","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Comment Image enables blog readers to attach an image while leaving their comments.\u003Cbr \u002F>\nSupported formats are JPG, PNG, GIF.\u003C\u002Fp>\n\u003Cp>Uploaded images are inserted below the comment text as thumbnail (of configurable max dimensions) and linked to the original pictures.\u003C\u002Fp>\n\u003Cp>File selection field can be injected automatically or added manually.\u003C\u002Fp>\n\u003Cp>Original pictures and their thumbnails are stored in a separate folder for easy management.\u003C\u002Fp>\n\u003Cp>See the official \u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image\" rel=\"nofollow ugc\">Comment Image\u003C\u002Fa> page for more.\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable readers to attach an image to their comments.",1000,40981,6,"2021-08-28T08:40:00.000Z","5.8.13","4.6","5.6",[20,99,100,23,101],"comments","gif","pictures","http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-image.1.2.3.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":91,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":18,"download_link":120,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"photo-swipe","PhotoSwipe","4.1.1.1","Louy Alakkad","https:\u002F\u002Fprofiles.wordpress.org\u002Flouyx\u002F","\u003Cp>This plugins adds the PhotoSwipe library to your WordPress blog seamlessly. No configuration required.\u003C\u002Fp>\n","A very light implementation of PhotoSwipe javascript plugin for WordPress",31166,90,11,"2016-03-17T14:51:00.000Z","4.4.0","4.0",[20,119,54,23,55],"fancybox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphoto-swipe.4.1.1.1.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":48,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":96,"requires_php":97,"tags":134,"homepage":18,"download_link":138,"security_score":139,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"hotlink-file-prevention","Hotlink File Prevention","2.0.0","swinggraphics","https:\u002F\u002Fprofiles.wordpress.org\u002Fswinggraphics\u002F","\u003Cp>Hotlink File Prevention (HFP) offers simple hotlink protection that can be turned on\u002Foff for individual files in the WordPress media library.\u003C\u002Fp>\n\u003Cp>“Hotlinking” is when a file, such as an image or PDF, is linked to from another website or entered manually in a web browser’s location bar. HFP only allows your file to be viewed on your website.\u003C\u002Fp>\n\u003Cp>Hotlink protection is provided via \u003Ccode>.htaccess\u003C\u002Fcode> rules in the \u003Ccode>wp-content\u002Fuploads\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Ch3>Basic Usage\u003C\u002Fh3>\n\u003Cp>Once the HFP plugin is activated, you will have two new features in the media library:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Within the Screen Options tab (list view only), check box for the “Hotlink Prevention” column.\u003C\u002Fli>\n\u003Cli>To protect a file, edit the file and scroll down to the checkbox labelled “Hotlink Protection”.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Any asset that is checked will have “Yes” displayed in the “Hotlink Prevention” column; otherwise, this column will be blank.\u003C\u002Fp>\n\u003Ch4>Note about “Open in new tab” option\u003C\u002Fh4>\n\u003Cp>When you use the “Open in new tab” option for links, WordPress adds \u003Ccode>rel=\"noreferrer\"\u003C\u002Fcode>, which effectively makes the link act like direct access, and the link will be blocked for files protected using HFP.\u003C\u002Fp>\n","Simple hotlink protection for individual files in the media library.",700,7815,7,"2024-04-15T22:00:00.000Z","6.5.8",[135,20,136,137,23],"admin","files","hotlink","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotlink-file-prevention.2.0.0.zip",92,{"attackSurface":141,"codeSignals":169,"taintFlows":191,"riskAssessment":192,"analyzedAt":203},{"hooks":142,"ajaxHandlers":165,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":26,"unprotectedCount":26},[143,149,153,157,161],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_menu","action_admin_menu","a2k.php",24,{"type":150,"name":151,"callback":152,"file":147,"line":71},"filter","the_content","filter_the_content",{"type":150,"name":154,"callback":155,"file":147,"line":156},"prepend_attachment","filter_prepend_attachment",27,{"type":150,"name":158,"callback":159,"file":147,"line":160},"attachment_fields_to_edit","filter_attachment_fields_to_edit",28,{"type":150,"name":162,"callback":163,"file":147,"line":164},"attachment_fields_to_save","filter_attachment_fields_to_save",29,[],[],[],[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":173,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":190},[],{"prepared":26,"raw":26,"locations":172},[],{"escaped":26,"rawEcho":11,"locations":174},[175,178,180,181,182,184,185,186,188,189],{"file":147,"line":176,"context":177},164,"raw output",{"file":147,"line":179,"context":177},170,{"file":147,"line":179,"context":177},{"file":147,"line":179,"context":177},{"file":147,"line":183,"context":177},177,{"file":147,"line":183,"context":177},{"file":147,"line":183,"context":177},{"file":147,"line":187,"context":177},184,{"file":147,"line":187,"context":177},{"file":147,"line":187,"context":177},[],[],{"summary":193,"deductions":194},"Based on the static analysis and vulnerability history, the 'attributron-2000' v1.0.0.2 plugin exhibits a generally positive security posture with no immediate critical risks identified. The absence of detected dangerous functions, external HTTP requests, file operations, and SQL injection vulnerabilities is a strong indicator of good development practices in these areas.  Furthermore, the plugin boasts zero known CVEs and a clean vulnerability history, suggesting it has not been a target or a source of past security incidents.\n\nHowever, a significant concern arises from the complete lack of output escaping. With 10 total outputs and 0% properly escaped, this presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users, if not properly sanitized, could be exploited by attackers to inject malicious scripts. Additionally, the absence of nonce checks and capability checks, while not directly indicated as an attack vector in this static analysis, leaves the plugin's entry points potentially vulnerable to unauthorized actions if an attack surface were to be discovered or introduced in future versions.\n\nIn conclusion, while the plugin has demonstrated a commendable lack of critical vulnerabilities and malicious code patterns in this analysis, the unescaped output is a glaring security weakness that requires immediate attention. Developers should prioritize implementing proper output escaping mechanisms to mitigate XSS risks. The lack of comprehensive checks on entry points also suggests a need for more robust security measures, especially if the plugin's functionality were to expand.",[195,198,201],{"reason":196,"points":197},"Unescaped output detected",5,{"reason":199,"points":200},"Missing nonce checks",3,{"reason":202,"points":200},"Missing capability checks","2026-03-17T01:37:15.796Z",{"wat":205,"direct":212},{"assetPaths":206,"generatorPatterns":209,"scriptPaths":210,"versionParams":211},[207,208],"\u002Fwp-content\u002Fplugins\u002Fattributron-2000\u002Fa2k.css","\u002Fwp-content\u002Fplugins\u002Fattributron-2000\u002Fa2k.js",[],[208],[],{"cssClasses":213,"htmlComments":219,"htmlAttributes":220,"restEndpoints":223,"jsGlobals":224,"shortcodeOutput":225},[214,215,216,217,218],"a2k-title","a2k-copyright","a2k-author","a2k-container","a2k-sources",[],[221,222],"data-a2k-title","data-a2k-link",[],[],[]]