[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNuFhkkyOMF48s5nEfaqvJFkOv0c8ssdP6u14X5cFVWI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":47,"fingerprints":273},"automatic-wordpress-backup","Automatic WordPress Backup","2.0.3","DanCoulter","https:\u002F\u002Fprofiles.wordpress.org\u002Fdancoulter\u002F","\u003Cp>Using this plugin, you can easily and automatically backup important parts of\u003Cbr \u002F>\nyour WordPress install to Amazon S3.  Amazon S3 is an extremely cheap service\u003Cbr \u002F>\nthat is easy to set up.  For pennies a month, you can make sure that your\u003Cbr \u002F>\nimportant files will be kept safe.\u003C\u002Fp>\n\u003Cp>Important caveat: this plugin currently has to be run on a linux server.\u003Cbr \u002F>\nAlso, the wp-content\u002Fuploads folder has to be server-writable or it won’t be\u003Cbr \u002F>\nable to create the zips for backup.\u003C\u002Fp>\n\u003Cp>For full info and installation instructions, visit http:\u002F\u002Fwww.webdesigncompany.net\u002Fautomatic-wordpress-backup\u002F\u003C\u002Fp>\n","Automatically back up important bits of your WordPress install to Amazon S3.",300,53087,100,2,"2010-08-11T07:37:00.000Z","3.0.5","2.8","",[20],"backup-automatic-s3-zip-backups-scheduled","http:\u002F\u002Fwww.webdesigncompany.net\u002Fautomatic-wordpress-backup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-wordpress-backup.2.0.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":23,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"dancoulter",7,640,30,84,"2026-04-04T11:53:18.501Z",[36],{"slug":37,"name":38,"version":39,"author":7,"author_profile":8,"description":40,"short_description":10,"active_installs":32,"downloaded":41,"rating":24,"num_ratings":24,"last_updated":42,"tested_up_to":43,"requires_at_least":17,"requires_php":18,"tags":44,"homepage":45,"download_link":46,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"wp-s3-backups","WP S3 Backups","0.3.0","\u003Cp>Using this plugin, you can easily and automatically backup important parts of\u003Cbr \u002F>\nyour WordPress install to Amazon S3.  Amazon S3 is an extremely cheap service\u003Cbr \u002F>\nthat is easy to set up.  For pennies a month, you can make sure that your\u003Cbr \u002F>\nimportant files will be kept safe.\u003C\u002Fp>\n\u003Cp>Important caveat: this plugin currently has to be run on a linux server.\u003Cbr \u002F>\nAlso, the wp-content\u002Fuploads folder has to be server-writable or it won’t be\u003Cbr \u002F>\nable to create the zips for backup.\u003C\u002Fp>\n",7638,"2009-12-14T09:17:00.000Z","2.9.2",[20],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-s3-backups\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-s3-backups.0.3.0.zip",{"attackSurface":48,"codeSignals":115,"taintFlows":211,"riskAssessment":252,"analyzedAt":272},{"hooks":49,"ajaxHandlers":97,"restRoutes":108,"shortcodes":109,"cronEvents":110,"entryPointCount":14,"unprotectedCount":65},[50,55,58,62,67,71,74,78,81,85,89,94],{"type":51,"name":52,"callback":53,"file":54,"line":23},"action","admin_notices","accessKeyWarning","automatic-wordpress-backup.php",{"type":51,"name":52,"callback":56,"file":54,"line":57},"newBucketWarning",86,{"type":51,"name":59,"callback":60,"file":54,"line":61},"wdc-menu-pages","add_settings_page",1185,{"type":51,"name":63,"callback":64,"priority":65,"file":54,"line":66},"s3-backup","backup",1,1186,{"type":51,"name":68,"callback":69,"file":54,"line":70},"admin_init","init",1189,{"type":51,"name":72,"callback":72,"file":54,"line":73},"wp_head",1190,{"type":75,"name":76,"callback":76,"file":54,"line":77},"filter","cron_schedules",1192,{"type":75,"name":79,"callback":79,"file":54,"line":80},"wdc_plugins",1194,{"type":75,"name":82,"callback":83,"priority":65,"file":54,"line":84},"wdc-settings-url","wdc_menu_url",1195,{"type":75,"name":86,"callback":87,"priority":65,"file":54,"line":88},"wdc-settings-page","wdc_menu_page",1196,{"type":51,"name":90,"callback":91,"file":92,"line":93},"wp_footer","credits","wdc\\wdc.class.php",80,{"type":51,"name":95,"callback":95,"file":92,"line":96},"admin_menu",81,[98,104],{"action":99,"nopriv":100,"callback":101,"hasNonce":102,"hasCapCheck":100,"file":54,"line":103},"awb_restore",false,"restore",true,1187,{"action":105,"nopriv":100,"callback":106,"hasNonce":100,"hasCapCheck":100,"file":54,"line":107},"awb_running","ajax_manual_is_running",1188,[],[],[111,113],{"hook":63,"callback":63,"file":54,"line":112},59,{"hook":63,"callback":63,"file":54,"line":114},66,{"dangerousFunctions":116,"sqlUsage":144,"outputEscaping":163,"fileOperations":209,"externalRequests":65,"nonceChecks":65,"capabilityChecks":24,"bundledLibraries":210},[117,121,124,127,130,133,137,140],{"fn":118,"file":54,"line":119,"context":120},"shell_exec",243,"if ( is_null(@shell_exec('ls')) ) {",{"fn":118,"file":54,"line":122,"context":123},249,"} elseif ( is_null(shell_exec('which zip')) ) {",{"fn":118,"file":54,"line":125,"context":126},712,"$result = shell_exec('zip -r ' . $file . ' ' . implode(' ', apply_filters('awb_backup_folders', $bac",{"fn":118,"file":54,"line":128,"context":129},723,"$result = shell_exec('zip -u ' . $file . ' awb-database-backup.sql');",{"fn":118,"file":54,"line":131,"context":132},749,"$result = shell_exec('zip -u ' . $file . ' manifest.txt');",{"fn":134,"file":54,"line":135,"context":136},"exec",819,"exec(\"wget --no-check-certificate -O backup.zip '\" . $s3->getObjectURL(get_option('s3b-bucket'), $_P",{"fn":134,"file":54,"line":138,"context":139},820,"exec('unzip backup.zip');",{"fn":141,"file":54,"line":142,"context":143},"unserialize",831,"if ( !(preg_match('|Machine Readable: (.*)|', $manifest, $matches) && ($manifest = unserialize($matc",{"prepared":65,"raw":145,"locations":146},6,[147,150,153,156,159,161],{"file":54,"line":148,"context":149},716,"$wpdb->get_col() with variable interpolation",{"file":54,"line":151,"context":152},898,"$wpdb->get_var() with variable interpolation",{"file":54,"line":154,"context":155},900,"$wpdb->query() with variable interpolation",{"file":54,"line":157,"context":158},1011,"$wpdb->get_results() with variable interpolation",{"file":54,"line":160,"context":158},1034,{"file":54,"line":162,"context":158},1081,{"escaped":24,"rawEcho":164,"locations":165},25,[166,169,171,173,175,177,179,181,182,184,185,187,188,189,190,192,194,195,196,197,199,201,203,205,207],{"file":54,"line":167,"context":168},125,"raw output",{"file":54,"line":170,"context":168},129,{"file":54,"line":172,"context":168},272,{"file":54,"line":174,"context":168},277,{"file":54,"line":176,"context":168},278,{"file":54,"line":178,"context":168},356,{"file":54,"line":180,"context":168},369,{"file":54,"line":180,"context":168},{"file":54,"line":183,"context":168},467,{"file":54,"line":183,"context":168},{"file":54,"line":186,"context":168},499,{"file":54,"line":186,"context":168},{"file":54,"line":186,"context":168},{"file":54,"line":186,"context":168},{"file":54,"line":191,"context":168},508,{"file":54,"line":193,"context":168},516,{"file":54,"line":193,"context":168},{"file":54,"line":193,"context":168},{"file":54,"line":193,"context":168},{"file":54,"line":198,"context":168},547,{"file":54,"line":200,"context":168},548,{"file":54,"line":202,"context":168},549,{"file":54,"line":204,"context":168},550,{"file":54,"line":206,"context":168},596,{"file":92,"line":208,"context":168},53,17,[],[212,229,239],{"entryPoint":213,"graph":214,"unsanitizedCount":65,"severity":228},"init (automatic-wordpress-backup.php:48)",{"nodes":215,"edges":226},[216,221],{"id":217,"type":218,"label":219,"file":54,"line":220},"n0","source","$_POST['s3-new-bucket']",78,{"id":222,"type":223,"label":224,"file":54,"line":220,"wp_function":225},"n1","sink","update_option() [Settings Manipulation]","update_option",[227],{"from":217,"to":222,"sanitized":100},"low",{"entryPoint":230,"graph":231,"unsanitizedCount":24,"severity":228},"restore (automatic-wordpress-backup.php:785)",{"nodes":232,"edges":237},[233,235],{"id":217,"type":218,"label":234,"file":54,"line":135},"$_POST['backup']",{"id":222,"type":223,"label":236,"file":54,"line":135,"wp_function":134},"exec() [RCE]",[238],{"from":217,"to":222,"sanitized":102},{"entryPoint":240,"graph":241,"unsanitizedCount":24,"severity":228},"\u003Cautomatic-wordpress-backup> (automatic-wordpress-backup.php:0)",{"nodes":242,"edges":249},[243,244,245,247],{"id":217,"type":218,"label":219,"file":54,"line":220},{"id":222,"type":223,"label":224,"file":54,"line":220,"wp_function":225},{"id":246,"type":218,"label":234,"file":54,"line":135},"n2",{"id":248,"type":223,"label":236,"file":54,"line":135,"wp_function":134},"n3",[250,251],{"from":217,"to":222,"sanitized":102},{"from":246,"to":248,"sanitized":102},{"summary":253,"deductions":254},"The \"automatic-wordpress-backup\" v2.0.3 plugin exhibits a concerning security posture primarily due to a lack of robust authentication and output escaping mechanisms. While the plugin has no recorded vulnerability history, this is overshadowed by significant risks identified in static and taint analysis.  The presence of an unprotected AJAX handler, coupled with the use of dangerous functions like `shell_exec` and `unserialize`, alongside a complete absence of output escaping, creates a fertile ground for potential attacks. The lack of capability checks is also a major red flag, implying that sensitive operations might be accessible to unauthorized users.  Although the absence of critical taint flows and known CVEs are positive indicators, they do not mitigate the immediate risks posed by the exposed attack surface and insecure coding practices.",[255,258,261,264,266,269],{"reason":256,"points":257},"Unprotected AJAX handler",10,{"reason":259,"points":260},"Dangerous functions used (shell_exec, exec, unserialize)",15,{"reason":262,"points":263},"No output escaping",12,{"reason":265,"points":257},"No capability checks",{"reason":267,"points":268},"SQL queries with low prepared statement usage",5,{"reason":270,"points":271},"Flows with unsanitized paths",8,"2026-03-16T20:07:50.822Z",{"wat":274,"direct":283},{"assetPaths":275,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[276,277],"\u002Fwp-content\u002Fplugins\u002Fautomatic-wordpress-backup\u002Fwdc\u002Fwdc.js","\u002Fwp-content\u002Fplugins\u002Fautomatic-wordpress-backup\u002Fwdc\u002Fwdc.css",[],[],[281,282],"automatic-wordpress-backup\u002Fwdc\u002Fwdc.js?ver=","automatic-wordpress-backup\u002Fwdc\u002Fwdc.css?ver=",{"cssClasses":284,"htmlComments":286,"htmlAttributes":287,"restEndpoints":288,"jsGlobals":289,"shortcodeOutput":291},[285],"awb-warning",[],[],[],[290],"cmAWB",[]]