[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f--iNzAUHb7qadoBVsEd4xKshJ03ngKThzL6DQEmwC-A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":139,"fingerprints":692},"auto-publish-tumblr","WP Tumblr Auto Publish","1.2.9","f1logic","https:\u002F\u002Fprofiles.wordpress.org\u002Ff1logic\u002F","\u003Cp>Try it out on your free dummy site: Click here => \u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fnew\u002F?pre-installed-plugin-slug=auto-publish-tumblr\" rel=\"nofollow ugc\">https:\u002F\u002Ftastewp.com\u002Fnew\u002F?pre-installed-plugin-slug=auto-publish-tumblr\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>A quick look into WP Tumblr Auto Publish :\u003C\u002Fp>\n\u003Cpre>\u003Ccode>★ Publish simple text message to Tumblr\n★ Publish post to Tumblr with image or link\n★ Filter items  to be published based on categories\n★ Filter items to be published based on custom post types\n★ Enable or disable wordpress page publishing\n★ Customizable  message formats for Tumblr\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WP Tumblr Auto Publish Features in Detail\u003C\u002Fh4>\n\u003Cp>The WP Tumblr Auto Publish lets you publish posts automatically from your blog to Tumblr. You can publish your posts to Tumblr as simple text message, text message with link or image. The plugin supports filtering posts by post-types and categories.\u003C\u002Fp>\n\u003Cp>The prominent features of  the WP Tumblr Auto Publish plugin are highlighted below.\u003C\u002Fp>\n\u003Ch4>Supported Mechanisms\u003C\u002Fh4>\n\u003Cp>The various mechanisms of posting to Tumblr are listed below.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Simple text message\nAttach image to tumblr post\nAttach link to tumblr post\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filter Settings\u003C\u002Fh4>\n\u003Cp>The plugin offers multiple kinds of filters for contents to be published automatically.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Enable or disable publishing of wordpress pages\nFilter posts to be published based on categories\nFiltering based on custom post types\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Message Format Settings\u003C\u002Fh4>\n\u003Cp>The supported post elements which can be published are given below.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Post title\nPost description\nPost excerpt\nPermalink\nBlog title\nUser nicename\nPost ID\nPost publish date\nUser display name\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>About\u003C\u002Fh4>\n\u003Cp>WP Tumblr Auto Publish is developed and maintained by \u003Ca href=\"https:\u002F\u002Fxyzscripts.com\u002F\" title=\"xyzscripts.com\" rel=\"nofollow ugc\">XYZScripts\u003C\u002Fa>. For any support, you may \u003Ca href=\"https:\u002F\u002Fxyzscripts.com\u002Fsupport\u002F\" title=\"XYZScripts Support\" rel=\"nofollow ugc\">contact us\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Ftumblr-auto-publish\u002F\" title=\"WP Tumblr Auto Publish User Guide\" rel=\"nofollow ugc\">WP Tumblr Auto Publish User Guide\u003C\u002Fa>\u003Cbr \u002F>\n★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Ftumblr-auto-publish\u002Ffaq\u002F\" title=\"WP Tumblr Auto Publish FAQ\" rel=\"nofollow ugc\">WP Tumblr Auto Publish FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>More Information\u003C\u002Fh3>\n\u003Cp>★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Ftumblr-auto-publish\u002F\" title=\"WP Tumblr Auto Publish User Guide\" rel=\"nofollow ugc\">WP Tumblr Auto Publish User Guide\u003C\u002Fa>\u003Cbr \u002F>\n★ \u003Ca href=\"http:\u002F\u002Fhelp.xyzscripts.com\u002Fdocs\u002Ftumblr-auto-publish\u002Ffaq\u002F\" title=\"WP Tumblr Auto Publish FAQ\" rel=\"nofollow ugc\">WP Tumblr Auto Publish FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Troubleshooting\u003C\u002Fh4>\n\u003Cp>Please read the FAQ first if you are having problems.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>WordPress 3.0+\nPHP 7.4+\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>We would like to receive your feedback and suggestions about WP Tumblr Auto Publish plugin. You may submit them at our \u003Ca href=\"https:\u002F\u002Fxyzscripts.com\u002Fsupport\u002F\" title=\"XYZScripts Support\" rel=\"nofollow ugc\">support desk\u003C\u002Fa>.\u003C\u002Fp>\n","Publish posts automatically to Tumblr.",80,15768,64,9,"2026-02-18T09:04:00.000Z","6.9.4","3.0","",[20,21,22,23,24],"add-link-to-tumblr","publish-post-to-tumblr","tumblr","tumblr-auto-publish","wp-tumblr-auto-publish","https:\u002F\u002Fxyzscripts.com\u002Fwordpress-plugins\u002Ftumblr-auto-publish\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-publish-tumblr.1.2.9.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},15,142440,92,352,73,"2026-04-04T13:49:29.664Z",[40,58,77,95,119],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":11,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":56,"download_link":57,"security_score":35,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"tumblr-importer","Tumblr Importer","1.2","Samuel Wood (Otto)","https:\u002F\u002Fprofiles.wordpress.org\u002Fotto42\u002F","\u003Cp>Imports a Tumblr blog into a WordPress blog.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Correctly handles post formats\u003C\u002Fli>\n\u003Cli>Background importing: start it up, then come back later to see how far it’s gotten\u003C\u002Fli>\n\u003Cli>Duplicate checking, will not create duplicate imported posts\u003C\u002Fli>\n\u003Cli>Imports posts, drafts, and pages\u003C\u002Fli>\n\u003Cli>Media Side loading (for audio, video, and image posts)\u003C\u002Fli>\n\u003C\u002Ful>\n","Imports a Tumblr blog into a WordPress blog.",10000,917097,48,"2025-01-06T18:25:00.000Z","6.7.5","3.2",[55,22],"import","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftumblr-importer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftumblr-importer.1.2.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":11,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":74,"download_link":75,"security_score":76,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"tumblr-widget-for-wordpress","Tumblr Widget","2.1","gabrielroth","https:\u002F\u002Fprofiles.wordpress.org\u002Fgabrielroth\u002F","\u003Cp>Tumblr Widget allows you to display the contents of a Tumblr in any widget-enabled area of your WordPress blog. You can import all Tumblr posts, or only those posts with a specified tag, or specify certain categories (photo, link, quotation, etc.) to display.\u003C\u002Fp>\n\u003Cp>If you find this plugin useful, I’d love to check out your site. Send me an email and let me know where you’re using it! gabe.roth@gmail.com\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Controls\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cem>Title:\u003C\u002Fem> The title you want to appear above the Tumblr on your WordPress page. Leave blank if you like.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Your Tumblr:\u003C\u002Fem> The URL of the Tumblr you want to import. It doesn’t have to contain ‘tumblr.com’. Leave off the ‘http:\u002F\u002F’ at the beginning.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Tag to show:\u003C\u002Fem> Enter a single tag to display only posts with that tag. Leave blank to show all Tumblr posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Tag to hide:\u003C\u002Fem> Enter a single tag to hide all posts with that tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Maximum number of posts to display:\u003C\u002Fem> This number is a \u003Cem>maximum,\u003C\u002Fem> as the text suggests.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Link title to Tumblr:\u003C\u002Fem> Turns the widget title into a link to your Tumblr’s URL. If you don’t enter a title in the title field, you won’t get a link.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Link to each post on Tumblr:\u003C\u002Fem> When checked, this displays the date of the Tumblr post, linking the date to the original post on the Tumblr site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Images link to Tumblr post:\u003C\u002Fem> By default, images in photo posts link to a large image file. When this box is checked, they link to the Tumblr post instead.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Add inline CSS padding:\u003C\u002Fem> Adds a CSS style rule adding 8 pixels of padding above and below each Tumblr post. Disable to prevent it messing up your own CSS.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Set video width:\u003C\u002Fem> Resizes videos to help them fit in your theme. Enter a value in pixels. 50px is the minimum. Height will be adjusted automatically in proportion to the width you choose.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Show:\u003C\u002Fem> Include or exclude different post types in the feed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Photo size:\u003C\u002Fem> Tumblr provides each photo in six different sizes. Whichever size you choose to display, the image links to the 1,280-pixel version.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows you to import a Tumblr into any widgetized area of a WordPress blog.",400,90495,8,"2015-04-21T17:59:00.000Z","4.2.39","2.8",[22,73],"widget","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftumblr-widget-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftumblr-widget-for-wordpress.zip",85,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":27,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":93,"download_link":94,"security_score":76,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"f2-tumblr-widget","F2 Tumblr Widget","0.2.16","fsquared","https:\u002F\u002Fprofiles.wordpress.org\u002Ffsquared\u002F","\u003Cp>The F2 Tumblr Widget displays recent posts from the provided tumblr blog.\u003C\u002Fp>\n\u003Cp>It allows the user to select how many posts to display, to restrict which\u003Cbr \u002F>\nposts are shown by type and tag, and to render the posts as either a list\u003Cbr \u002F>\nor a slideshow.\u003C\u002Fp>\n\u003Cp>Posts can be displayed in full, as title only, or with an excerpt. Photo,\u003Cbr \u002F>\nvideo and audio posts will have the media displayed when the display type\u003Cbr \u002F>\nis not ‘title only’.\u003C\u002Fp>\n\u003Cp>The audio player in posts can now be automatically resized to match the\u003Cbr \u002F>\nselected media width – this is enabled by default, but can be deselected\u003Cbr \u002F>\nin the widget setup.\u003C\u002Fp>\n","This widget displays recent posts from a tumblr blog.",300,15123,6,"2022-01-05T13:30:00.000Z","5.8.13","3.3",[92,22,73],"feed","http:\u002F\u002Fwww.fsquared.co.uk\u002Fsoftware\u002Ff2-tumblr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ff2-tumblr-widget.0.2.16.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":115,"download_link":116,"security_score":13,"vuln_count":117,"unpatched_count":117,"last_vuln_date":118,"fetched_at":30},"woo-tumblog","WooTumblog","2.1.4","jeffikus","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeffikus\u002F","\u003Cp>Create a tumblr style blog using this plugin. Simply install the plugin, add the easy to use tags to your theme, and your blog will be transformed into a Tumblr-style blog.  Create posts direct from the WordPress dashboard, your iPhone, or the familiar WordPress interface.\u003C\u002Fp>\n","Create a tumblr style blog using this plugin.",90,65344,30,2,"2014-02-07T10:28:00.000Z","3.7.41","3.2.1",[111,112,113,114,22],"custom-taxonomy","post","quickpress","tumblog","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwoo-tumblog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-tumblog.2.1.4.zip",1,"2025-04-02 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":129,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":136,"download_link":137,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":138},"avalicious","Avalicious!","1.3.3","Alis","https:\u002F\u002Fprofiles.wordpress.org\u002Falisdee\u002F","\u003Cp>\u003Cstrong>Avalicious!\u003C\u002Fstrong> is a WordPress plugin that integrates LiveJournal, Dreamwidth, and Tumblr user avatars in WordPress comments. It is a functional re-write of \u003Ca href=\"http:\u002F\u002Falltrees.org\u002FWordpress\u002F#ALA\" title=\"Alltrees' Also LJ Avatar\" rel=\"nofollow ugc\">Also LJ Avatar\u003C\u002Fa> (itself a re-write of some even older plugins), with the following differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>user avatars are downloaded via the cURL library, hopefully avoiding issues with hosts that disable remote URL includes\u003C\u002Fli>\n\u003Cli>the regexps for extracting avatars have been improved\u003C\u002Fli>\n\u003Cli>the user’s journal URL is extracted from a comment’s URL (not the name)\u003C\u002Fli>\n\u003Cli>the user’s name is not re-written.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Version 1.3.3\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Minor fixes. Should not have better compatibility with Dreamwidth icons.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Version 1.3.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Should now work with both HTTP \u003Cem>and\u003C\u002Fem> HTTPS Tumblrs. Magic!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Version 1.3.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Small regexp fixes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Version 1.3\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added support for Tumblr icons.\u003C\u002Fli>\n\u003Cli>Old icons are now cleaned up automatically every month.\u003C\u002Fli>\n\u003Cli>Small bugfixes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Avalicious!\u003C\u002Fstrong> is based off the original \u003Ca href=\"http:\u002F\u002Falltrees.org\u002FWordpress\u002F#ALA\" title=\"Alltrees' Also LJ Avatar\" rel=\"nofollow ugc\">Also LJ Avatar\u003C\u002Fa> by Ravenwood and Irwin. No disrespect is intended towards the original authors; without their great work, this plugin wouldn’t have been possible (or at least would’ve taken a hell of a lot longer to write).\u003C\u002Fp>\n","A WordPress plugin that integrates LiveJournal, Dreamwidth, and Tumblr user avatars in WordPress comments.",10,4343,"5.0.25","2.7.1",[132,133,134,22,135],"dreamwidth","livejournal","social","users","https:\u002F\u002Fgithub.com\u002Falisinfinite\u002Favalicious","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Favalicious.1.3.3.zip","2026-03-15T10:48:56.248Z",{"attackSurface":140,"codeSignals":198,"taintFlows":613,"riskAssessment":680,"analyzedAt":691},{"hooks":141,"ajaxHandlers":188,"restRoutes":195,"shortcodes":196,"cronEvents":197,"entryPointCount":117,"unprotectedCount":28},[142,148,153,157,161,165,169,174,178,182],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_notices","xyz_tbap_admin_notice","admin\\admin-notices.php",70,{"type":143,"name":149,"callback":150,"file":151,"line":152},"admin_menu","xyz_tbap_menu","admin\\menu.php",3,{"type":143,"name":154,"callback":155,"file":151,"line":156},"admin_enqueue_scripts","xyz_tbap_add_admin_scripts",24,{"type":143,"name":158,"callback":159,"file":160,"line":152},"add_meta_boxes","xyz_tbap_add_custom_box","admin\\metabox.php",{"type":143,"name":162,"callback":163,"file":164,"line":152},"save_post","xyz_tbap_save_metabox_meta","admin\\publish.php",{"type":143,"name":166,"callback":167,"priority":127,"file":164,"line":168},"transition_post_status","xyz_link_tbap_future_to_publish",16,{"type":143,"name":170,"callback":171,"file":172,"line":173},"init","plugin_load_tbaptextdomain","wp-tumblr-auto-publish.php",37,{"type":143,"name":175,"callback":176,"file":172,"line":177},"wp_footer","xyz_tbap_credit",57,{"type":143,"name":179,"callback":180,"file":172,"line":181},"admin_init","xyz_tbap_check_and_upgrade_plugin_version",74,{"type":183,"name":184,"callback":185,"priority":127,"file":186,"line":187},"filter","plugin_row_meta","xyz_tbap_links","xyz-functions.php",190,[189],{"action":190,"nopriv":191,"callback":192,"hasNonce":193,"hasCapCheck":193,"file":194,"line":152},"xyz_tbap_ajax_backlink",false,"xyz_tbap_ajax_backlink_call",true,"admin\\ajax-backlink.php",[],[],[],{"dangerousFunctions":199,"sqlUsage":205,"outputEscaping":216,"fileOperations":206,"externalRequests":608,"nonceChecks":68,"capabilityChecks":106,"bundledLibraries":609},[200],{"fn":201,"file":202,"line":203,"context":204},"unserialize","admin\\logs.php",78,"$arrval=unserialize($status);",{"prepared":206,"raw":152,"locations":207},4,[208,212,214],{"file":209,"line":210,"context":211},"admin\\destruction.php",11,"$wpdb->get_col() with variable interpolation",{"file":213,"line":210,"context":211},"admin\\install.php",{"file":186,"line":215,"context":211},45,{"escaped":76,"rawEcho":217,"locations":218},200,[219,223,224,225,227,229,231,233,234,236,238,240,242,244,246,248,250,252,253,255,257,259,260,261,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,454,456,458,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541,543,545,547,549,551,553,555,557,559,561,563,565,566,568,571,573,575,576,577,578,580,582,584,586,588,590,592,594,595,597,599,600,602,604,607],{"file":220,"line":221,"context":222},"admin\\about.php",5,"raw output",{"file":220,"line":210,"context":222},{"file":220,"line":168,"context":222},{"file":220,"line":226,"context":222},29,{"file":220,"line":228,"context":222},36,{"file":220,"line":230,"context":222},38,{"file":220,"line":232,"context":222},40,{"file":220,"line":215,"context":222},{"file":220,"line":235,"context":222},47,{"file":220,"line":237,"context":222},49,{"file":220,"line":239,"context":222},54,{"file":220,"line":241,"context":222},56,{"file":220,"line":243,"context":222},58,{"file":220,"line":245,"context":222},63,{"file":220,"line":247,"context":222},65,{"file":220,"line":249,"context":222},67,{"file":220,"line":251,"context":222},72,{"file":220,"line":181,"context":222},{"file":220,"line":254,"context":222},76,{"file":220,"line":256,"context":222},81,{"file":220,"line":258,"context":222},83,{"file":220,"line":76,"context":222},{"file":220,"line":103,"context":222},{"file":220,"line":35,"context":222},{"file":220,"line":263,"context":222},94,{"file":220,"line":265,"context":222},99,{"file":220,"line":267,"context":222},101,{"file":220,"line":269,"context":222},103,{"file":220,"line":271,"context":222},111,{"file":220,"line":273,"context":222},113,{"file":220,"line":275,"context":222},115,{"file":220,"line":277,"context":222},120,{"file":220,"line":279,"context":222},122,{"file":220,"line":281,"context":222},124,{"file":220,"line":283,"context":222},129,{"file":220,"line":285,"context":222},131,{"file":220,"line":287,"context":222},133,{"file":220,"line":289,"context":222},138,{"file":220,"line":291,"context":222},140,{"file":220,"line":293,"context":222},142,{"file":220,"line":295,"context":222},148,{"file":220,"line":297,"context":222},150,{"file":220,"line":299,"context":222},152,{"file":220,"line":301,"context":222},158,{"file":220,"line":303,"context":222},160,{"file":220,"line":305,"context":222},162,{"file":220,"line":307,"context":222},167,{"file":220,"line":309,"context":222},169,{"file":220,"line":311,"context":222},171,{"file":220,"line":313,"context":222},176,{"file":220,"line":315,"context":222},178,{"file":220,"line":317,"context":222},180,{"file":220,"line":319,"context":222},185,{"file":220,"line":321,"context":222},187,{"file":220,"line":323,"context":222},189,{"file":220,"line":325,"context":222},194,{"file":220,"line":327,"context":222},196,{"file":220,"line":329,"context":222},198,{"file":220,"line":331,"context":222},203,{"file":220,"line":333,"context":222},205,{"file":220,"line":335,"context":222},207,{"file":220,"line":337,"context":222},212,{"file":220,"line":339,"context":222},214,{"file":220,"line":341,"context":222},216,{"file":220,"line":343,"context":222},221,{"file":220,"line":345,"context":222},223,{"file":220,"line":347,"context":222},225,{"file":220,"line":349,"context":222},230,{"file":220,"line":351,"context":222},232,{"file":220,"line":353,"context":222},234,{"file":220,"line":355,"context":222},239,{"file":220,"line":357,"context":222},241,{"file":220,"line":359,"context":222},243,{"file":220,"line":361,"context":222},248,{"file":220,"line":363,"context":222},250,{"file":220,"line":365,"context":222},252,{"file":220,"line":367,"context":222},257,{"file":220,"line":369,"context":222},259,{"file":220,"line":371,"context":222},261,{"file":220,"line":373,"context":222},266,{"file":220,"line":375,"context":222},268,{"file":220,"line":377,"context":222},270,{"file":220,"line":379,"context":222},277,{"file":220,"line":381,"context":222},279,{"file":220,"line":383,"context":222},281,{"file":220,"line":385,"context":222},286,{"file":220,"line":387,"context":222},288,{"file":220,"line":389,"context":222},290,{"file":220,"line":391,"context":222},295,{"file":220,"line":393,"context":222},297,{"file":220,"line":395,"context":222},299,{"file":220,"line":397,"context":222},304,{"file":220,"line":399,"context":222},306,{"file":220,"line":401,"context":222},308,{"file":220,"line":403,"context":222},313,{"file":220,"line":405,"context":222},315,{"file":220,"line":407,"context":222},317,{"file":220,"line":409,"context":222},324,{"file":220,"line":411,"context":222},326,{"file":220,"line":413,"context":222},328,{"file":220,"line":415,"context":222},333,{"file":220,"line":417,"context":222},335,{"file":220,"line":419,"context":222},337,{"file":220,"line":421,"context":222},342,{"file":220,"line":423,"context":222},344,{"file":220,"line":425,"context":222},346,{"file":220,"line":427,"context":222},351,{"file":220,"line":429,"context":222},353,{"file":220,"line":431,"context":222},355,{"file":220,"line":433,"context":222},362,{"file":220,"line":435,"context":222},364,{"file":220,"line":437,"context":222},366,{"file":220,"line":439,"context":222},371,{"file":220,"line":441,"context":222},373,{"file":220,"line":443,"context":222},375,{"file":220,"line":445,"context":222},380,{"file":220,"line":447,"context":222},382,{"file":220,"line":449,"context":222},384,{"file":220,"line":451,"context":222},389,{"file":220,"line":453,"context":222},391,{"file":220,"line":455,"context":222},393,{"file":220,"line":457,"context":222},398,{"file":220,"line":66,"context":222},{"file":220,"line":460,"context":222},402,{"file":220,"line":462,"context":222},407,{"file":220,"line":464,"context":222},409,{"file":220,"line":466,"context":222},411,{"file":220,"line":468,"context":222},416,{"file":220,"line":470,"context":222},418,{"file":220,"line":472,"context":222},420,{"file":220,"line":474,"context":222},425,{"file":220,"line":476,"context":222},427,{"file":220,"line":478,"context":222},429,{"file":220,"line":480,"context":222},434,{"file":220,"line":482,"context":222},436,{"file":220,"line":484,"context":222},438,{"file":220,"line":486,"context":222},445,{"file":220,"line":488,"context":222},447,{"file":220,"line":490,"context":222},449,{"file":220,"line":492,"context":222},454,{"file":220,"line":494,"context":222},456,{"file":220,"line":496,"context":222},458,{"file":220,"line":498,"context":222},463,{"file":220,"line":500,"context":222},465,{"file":220,"line":502,"context":222},467,{"file":220,"line":504,"context":222},472,{"file":220,"line":506,"context":222},474,{"file":220,"line":508,"context":222},476,{"file":220,"line":510,"context":222},483,{"file":220,"line":512,"context":222},485,{"file":220,"line":514,"context":222},487,{"file":220,"line":516,"context":222},492,{"file":220,"line":518,"context":222},494,{"file":220,"line":520,"context":222},496,{"file":220,"line":522,"context":222},501,{"file":220,"line":524,"context":222},503,{"file":220,"line":526,"context":222},505,{"file":220,"line":528,"context":222},510,{"file":220,"line":530,"context":222},512,{"file":220,"line":532,"context":222},514,{"file":220,"line":534,"context":222},521,{"file":220,"line":536,"context":222},523,{"file":220,"line":538,"context":222},525,{"file":220,"line":540,"context":222},530,{"file":220,"line":542,"context":222},532,{"file":220,"line":544,"context":222},534,{"file":220,"line":546,"context":222},541,{"file":220,"line":548,"context":222},543,{"file":220,"line":550,"context":222},545,{"file":220,"line":552,"context":222},550,{"file":220,"line":554,"context":222},552,{"file":220,"line":556,"context":222},554,{"file":220,"line":558,"context":222},559,{"file":220,"line":560,"context":222},561,{"file":220,"line":562,"context":222},563,{"file":146,"line":564,"context":222},42,{"file":146,"line":235,"context":222},{"file":146,"line":567,"context":222},52,{"file":569,"line":570,"context":222},"admin\\footer.php",27,{"file":572,"line":13,"context":222},"admin\\header.php",{"file":202,"line":574,"context":222},61,{"file":202,"line":11,"context":222},{"file":160,"line":337,"context":222},{"file":160,"line":353,"context":222},{"file":160,"line":579,"context":222},244,{"file":160,"line":581,"context":222},336,{"file":160,"line":583,"context":222},377,{"file":585,"line":187,"context":222},"admin\\settings.php",{"file":585,"line":587,"context":222},192,{"file":585,"line":589,"context":222},193,{"file":585,"line":591,"context":222},305,{"file":585,"line":593,"context":222},482,{"file":585,"line":514,"context":222},{"file":585,"line":596,"context":222},495,{"file":585,"line":598,"context":222},542,{"file":585,"line":598,"context":222},{"file":585,"line":601,"context":222},595,{"file":585,"line":603,"context":222},603,{"file":605,"line":606,"context":222},"admin\\suggest_feature.php",18,{"file":172,"line":245,"context":222},7,[610],{"name":611,"version":29,"knownCves":612},"Guzzle",[],[614,637,650,661],{"entryPoint":615,"graph":616,"unsanitizedCount":117,"severity":636},"xyz_tbap_addpostmetatags (admin\\metabox.php:80)",{"nodes":617,"edges":633},[618,623,628,631],{"id":619,"type":620,"label":621,"file":160,"line":622},"n0","source","$_GET",228,{"id":624,"type":625,"label":626,"file":160,"line":353,"wp_function":627},"n1","sink","echo() [XSS]","echo",{"id":629,"type":620,"label":621,"file":160,"line":630},"n2",289,{"id":632,"type":625,"label":626,"file":160,"line":437,"wp_function":627},"n3",[634,635],{"from":619,"to":624,"sanitized":191},{"from":629,"to":632,"sanitized":193},"medium",{"entryPoint":638,"graph":639,"unsanitizedCount":28,"severity":649},"\u003Cheader> (admin\\header.php:0)",{"nodes":640,"edges":647},[641,644],{"id":619,"type":620,"label":642,"file":572,"line":643},"$_POST",17,{"id":624,"type":625,"label":645,"file":572,"line":606,"wp_function":646},"update_option() [Settings Manipulation]","update_option",[648],{"from":619,"to":624,"sanitized":193},"low",{"entryPoint":651,"graph":652,"unsanitizedCount":117,"severity":649},"\u003Cmetabox> (admin\\metabox.php:0)",{"nodes":653,"edges":658},[654,655,656,657],{"id":619,"type":620,"label":621,"file":160,"line":622},{"id":624,"type":625,"label":626,"file":160,"line":353,"wp_function":627},{"id":629,"type":620,"label":621,"file":160,"line":630},{"id":632,"type":625,"label":626,"file":160,"line":437,"wp_function":627},[659,660],{"from":619,"to":624,"sanitized":191},{"from":629,"to":632,"sanitized":193},{"entryPoint":662,"graph":663,"unsanitizedCount":28,"severity":649},"\u003Csettings> (admin\\settings.php:0)",{"nodes":664,"edges":676},[665,667,668,670,671,674],{"id":619,"type":620,"label":666,"file":585,"line":232},"$_GET['tb_auth_err']",{"id":624,"type":625,"label":626,"file":585,"line":232,"wp_function":627},{"id":629,"type":620,"label":669,"file":585,"line":251},"$_POST (x18)",{"id":632,"type":625,"label":645,"file":585,"line":277,"wp_function":646},{"id":672,"type":620,"label":673,"file":585,"line":187},"n4","$_SERVER['HTTP_HOST']",{"id":675,"type":625,"label":626,"file":585,"line":187,"wp_function":627},"n5",[677,678,679],{"from":619,"to":624,"sanitized":193},{"from":629,"to":632,"sanitized":193},{"from":672,"to":675,"sanitized":193},{"summary":681,"deductions":682},"The \"auto-publish-tumblr\" plugin v1.2.9 presents a mixed security posture. On the positive side, the plugin has a small attack surface, with only one AJAX handler and no exposed REST API routes, shortcodes, or cron events. Furthermore, it demonstrates a commitment to security by including a significant number of nonce and capability checks (8 and 2 respectively).\n\nHowever, several concerning aspects warrant attention. The presence of the `unserialize` function is a significant risk, as it can be exploited for remote code execution if attacker-controlled data is unserialized. While taint analysis did not reveal critical or high severity unsanitized paths, the fact that 2 out of 4 analyzed flows had unsanitized paths is still a concern, even if currently at a lower severity. Additionally, the output escaping is only properly implemented for 30% of outputs, suggesting a potential for cross-site scripting (XSS) vulnerabilities. The plugin also makes 7 external HTTP requests, which could be a vector for various attacks if not handled securely.\n\nThe plugin's vulnerability history is a strong positive, with zero recorded CVEs. This indicates a historically stable and well-maintained codebase, or at least one that has not been publicly exploited. In conclusion, while the lack of known vulnerabilities and limited attack surface are strengths, the use of `unserialize` and the low percentage of properly escaped output represent notable weaknesses that could be exploited. The plugin's overall security is decent but could be significantly improved by addressing these specific issues.",[683,685,687,689],{"reason":684,"points":33},"Presence of unserialize function",{"reason":686,"points":68},"Low percentage of properly escaped output",{"reason":688,"points":608},"Unsanitized paths in taint analysis (2\u002F4)",{"reason":690,"points":152},"Bundled library (Guzzle) - potential for outdated versions","2026-03-16T21:29:12.409Z",{"wat":693,"direct":702},{"assetPaths":694,"generatorPatterns":696,"scriptPaths":697,"versionParams":699},[695],"\u002Fwp-content\u002Fplugins\u002Fauto-publish-tumblr\u002Fimages\u002Ftb.png",[],[698],"\u002Fwp-content\u002Fplugins\u002Fauto-publish-tumblr\u002Fjs\u002Fnotice.js",[700,701],"auto-publish-tumblr\u002Fcss\u002Fstyle.css?ver=","auto-publish-tumblr\u002Fjs\u002Fnotice.js?ver=",{"cssClasses":703,"htmlComments":705,"htmlAttributes":710,"restEndpoints":711,"jsGlobals":712,"shortcodeOutput":714},[704],"tbap-settings-body",[706,707,708,709,5],"\u003C!-- WP Tumblr Auto Publish (V","This program is free software; you can redistribute it and\u002For","This program is distributed in the hope that it will be useful,","You should have received a copy of the GNU General Public License",[],[],[713],"xyz_script_tbap_var",[]]