[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPBDJYEIeq5MtUlDwRqMGH7NrffH-Z7k-aqjWwY4dHzU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":33,"fingerprints":100},"codedrill-single-image-upload","CodeDrill Single Image Upload","1.0","Codedrill Infotech Pvt. Ltd.","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodedrill\u002F","\u003Cp>This plugin will allow to upload an image as attachment. And you will get attachment id of the image.  Shortcode: [CD_Single_IMAGE_UPLOAD]. It will create thumbnails as defined in wordpress configuration.\u003C\u002Fp>\n","This plugin will allow to upload an image as attachment. And you will get attachment id of the image.  Shortcode: [CD_Single_IMAGE_UPLOAD].",0,1102,"2017-04-25T11:19:00.000Z","4.7.32","3.7","",[18,19,20],"add-attachment","codedrill","single-image-upload","http:\u002F\u002Fwww.codedrillinfotech.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcodedrill-single-image-upload.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":19,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,84,"2026-04-04T11:04:08.476Z",[],{"attackSurface":34,"codeSignals":45,"taintFlows":54,"riskAssessment":82,"analyzedAt":99},{"hooks":35,"ajaxHandlers":36,"restRoutes":37,"shortcodes":38,"cronEvents":44,"entryPointCount":28,"unprotectedCount":11},[],[],[],[39],{"tag":40,"callback":41,"file":42,"line":43},"CD_Single_IMAGE_UPLOAD","CD_single_image_upload","singleimageupload.php",95,[],{"dangerousFunctions":46,"sqlUsage":47,"outputEscaping":49,"fileOperations":28,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":53},[],{"prepared":11,"raw":11,"locations":48},[],{"escaped":11,"rawEcho":28,"locations":50},[51],{"file":42,"line":30,"context":52},"raw output",[],[55,73],{"entryPoint":56,"graph":57,"unsanitizedCount":28,"severity":72},"CD_single_image_upload (singleimageupload.php:44)",{"nodes":58,"edges":69},[59,64],{"id":60,"type":61,"label":62,"file":42,"line":63},"n0","source","$_FILES",50,{"id":65,"type":66,"label":67,"file":42,"line":30,"wp_function":68},"n1","sink","echo() [XSS]","echo",[70],{"from":60,"to":65,"sanitized":71},false,"medium",{"entryPoint":74,"graph":75,"unsanitizedCount":28,"severity":81},"\u003Csingleimageupload> (singleimageupload.php:0)",{"nodes":76,"edges":79},[77,78],{"id":60,"type":61,"label":62,"file":42,"line":63},{"id":65,"type":66,"label":67,"file":42,"line":30,"wp_function":68},[80],{"from":60,"to":65,"sanitized":71},"low",{"summary":83,"deductions":84},"The 'codedrill-single-image-upload' plugin version 1.0 exhibits a mixed security posture. On the positive side, it has a very small attack surface, with only one entry point identified (a shortcode) and no AJAX handlers, REST API routes, or cron events exposed. Furthermore, it demonstrates good practices by exclusively using prepared statements for its SQL queries and has no known historical vulnerabilities, suggesting a generally well-maintained codebase or low historical exposure. \n\nHowever, significant concerns arise from the code analysis. The lack of output escaping on all identified outputs represents a critical weakness, potentially exposing users to cross-site scripting (XSS) attacks. The presence of two taint flows with unsanitized paths further amplifies this risk, indicating that user-supplied data might be processed in a way that could lead to security vulnerabilities if not properly handled before output or further processing. The complete absence of nonce checks and capability checks on its limited entry points means that any user, regardless of their role or authenticated status, could potentially trigger the shortcode's functionality, leading to unintended actions or information disclosure if the shortcode's implementation is insecure. The single file operation without further context also warrants caution. \n\nIn conclusion, while the plugin's small attack surface and lack of historical CVEs are encouraging, the identified lack of output escaping, unsanitized taint flows, and missing authentication\u002Fauthorization checks on its shortcode create substantial security risks. These issues, if exploited, could lead to severe vulnerabilities such as XSS or unauthorized actions.",[85,88,91,94,96],{"reason":86,"points":87},"No output escaping",8,{"reason":89,"points":90},"Unsanitized paths in taint flows",12,{"reason":92,"points":93},"No nonce checks",7,{"reason":95,"points":93},"No capability checks",{"reason":97,"points":98},"File operation without context",3,"2026-03-17T06:28:58.575Z",{"wat":101,"direct":106},{"assetPaths":102,"generatorPatterns":103,"scriptPaths":104,"versionParams":105},[],[],[],[],{"cssClasses":107,"htmlComments":108,"htmlAttributes":109,"restEndpoints":113,"jsGlobals":114,"shortcodeOutput":115},[],[],[110,111,112],"name=\"up_image\"","name=\"upload\"","value=\"Upload\"",[],[],[116],"\u003Cform method=\"post\" enctype=\"multipart\u002Fform-data\" action=\"\">\n\t\t\t\t\t\t\u003Clable>Select Image\u003C\u002Flable>\n\t\t\t\t\t\t\u003Cinput type=\"file\" name=\"up_image\" \u002F>\n\t\t\t\t\t\t\u003Cinput type=\"submit\" name=\"upload\" value=\"Upload\" \u002F>\n\t\u003C\u002Fform>"]