[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f08vN0QrSVlNr2uo9KO4zWjNjNdzImhis3dbXkYsWZI4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":62,"crawl_stats":38,"alternatives":66,"analysis":160,"fingerprints":389},"copyscape-premium","Copyscape Premium","1.4.2","Copyscape","https:\u002F\u002Fprofiles.wordpress.org\u002Fcopyscape\u002F","\u003Cp>The Copyscape Premium plugin lets you check if a WordPress post is original before it’s published, by using the Copyscape Premium API to check for duplicate content on the web.\u003C\u002Fp>\n\u003Cp>The plugin will add a ‘Copyscape Check’ button to your WordPress interface, allowing you to check your posts whenever you wish. You may also set the plugin to automatically check your posts when you click ‘Publish’ and\u002For ‘Update’.\u003C\u002Fp>\n\u003Cp>When duplicate content is found, a report of matching pages is shown. You may also see a detailed comparison that highlights your content on the found page.\u003C\u002Fp>\n\u003Cp>If you do not already have a Copyscape Premium account, please \u003Ca href=\"http:\u002F\u002Fwww.copyscape.com\u002Fredirect\u002F?to=prosignup\" title=\"Copyscape Premium sign up\" rel=\"nofollow ugc\">sign up\u003C\u002Fa>,  \u003Ca href=\"http:\u002F\u002Fwww.copyscape.com\u002Fredirect\u002F?to=propurchase\" title=\"Purchase Copyscape Premium Credits\" rel=\"nofollow ugc\">purchase some credits\u003C\u002Fa>, and enable your \u003Ca href=\"http:\u002F\u002Fwww.copyscape.com\u002Fredirect\u002F?to=apiconfigure#key\" title=\"Copyscape Premium API page\" rel=\"nofollow ugc\">API access\u003C\u002Fa>. You may then begin using the plugin.\u003C\u002Fp>\n","The Copyscape Premium plugin lets you check if a WordPress post is unique before it's published, by searching for duplicate content on the web.",1000,53159,64,10,"2025-12-24T18:07:00.000Z","6.9.4","3.0.1","",[20,21,22,23,24],"copyscape","duplicate-content","original","plagiarism","unique","http:\u002F\u002Fwww.copyscape.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcopyscape-premium.1.4.2.zip",98,2,0,"2026-01-10 00:00:00","2026-03-15T15:16:48.613Z",[33,48],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2026-24966","copyscape-premium-cross-site-request-forgery-2","Copyscape Premium \u003C= 1.4.1 - Cross-Site Request Forgery","The Copyscape Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.4.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-02-10 19:31:11",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff5419189-692f-4966-9baf-016188cf133c?source=api-prod",32,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2024-47644","copyscape-premium-cross-site-request-forgery","Copyscape Premium \u003C= 1.3.8 - Cross-Site Request Forgery","The Copyscape Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the copyscape_post() function. This makes it possible for unauthenticated attackers to update plugin settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.3.8","1.4.0",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-09-30 00:00:00","2024-11-01 13:11:53",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9370c320-b3bc-4965-9cc7-b2bf3a24e251?source=api-prod",33,{"slug":20,"display_name":7,"profile_url":8,"plugin_count":63,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":61,"trust_score":64,"computed_at":65},1,87,"2026-04-04T03:50:59.922Z",[67,88,103,122,142],{"slug":23,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":76,"num_ratings":77,"last_updated":78,"tested_up_to":79,"requires_at_least":80,"requires_php":18,"tags":81,"homepage":85,"download_link":86,"security_score":87,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"Plagiarism","1.1.0","Free plug in by SEO Roma","https:\u002F\u002Fprofiles.wordpress.org\u002Fseoroma\u002F","\u003Cp>The Plagiarism plugin keeps you from being penalized by Google (Panda) for inadvertent duplicate content.\u003C\u002Fp>\n\u003Cp>The plugin searches online for phrases in your posts that may duplicate content already on the web (even in different context or on sites you don’t know).\u003C\u002Fp>\n\u003Cp>After you save a post or page click the “Check for Duplicate Content” button. Plagiarism will show a list of duplicate phrases.\u003C\u002Fp>\n\u003Cp>A link is provided for every problematic phrase, showing its related search results.\u003C\u002Fp>\n\u003Cp>You can also use Plagiarism to check for websites scraping your content after it’s published. Just come back to your posts, clear the Plagiarism box results and check again for duplicate content.\u003C\u002Fp>\n\u003Ch4>Options Provided\u003C\u002Fh4>\n\u003Cp>Several search engines are supported:\u003Cbr \u002F>\n* Google Search (default)\u003Cbr \u002F>\n* Google Blog Search\u003Cbr \u002F>\n* Bing Search\u003Cbr \u002F>\n* Bing Blog Search\u003Cbr \u002F>\n* Yahoo Search\u003C\u002Fp>\n\u003Cp>You can also list some excluded websites (e.g. your website itself), to avoid duplicates originating from sources you own (or participate in).\u003C\u002Fp>\n\u003Cp>Public and private proxies support is available.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>The plugin initial release is based on previous work of \u003Ca href=\"http:\u002F\u002Fwebwrights.com\u002F\" title=\"WebwRights\" rel=\"nofollow ugc\">WebwRights\u003C\u002Fa>‘s WP Plagiarism Pal plugin.\u003C\u002Fp>\n\u003Ch4>Upcoming features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Translations\u003C\u002Fli>\n\u003Cli>Alerts in post\u002Fpage list\u003C\u002Fli>\n\u003Cli>Better option storage\u003C\u002Fli>\n\u003Cli>Uninstall function\u003C\u002Fli>\n\u003Cli>Restore default setting\u003C\u002Fli>\n\u003C\u002Ful>\n","Checks your contents (posts and pages) against the web for inadvertant duplicate content before postings. Detects online copies of your older posts.",70,13400,60,7,"2013-11-08T16:15:00.000Z","3.7.41","3.0",[82,21,83,84,23],"admin","page","panda","http:\u002F\u002Fwww.freeplugin.org\u002Fplagiarism-wordpress-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplagiarism.1.1.0.zip",85,{"slug":20,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":28,"last_updated":98,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":99,"homepage":101,"download_link":102,"security_score":87,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"Copyscape Post Checker","1.1","lerietaylor","https:\u002F\u002Fprofiles.wordpress.org\u002Flerietaylor\u002F","\u003Cp>This plugin will allow administrators to chek posts against copyscape via the copyscape API. The plugin allows for the selection of several different plagiarism searches. Copyscape currently supports two kinds of searches. A URL search and a Text search. Both options are implemented in this plugin.\u003C\u002Fp>\n\u003Ch3>Functionality\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>URL Searching\u003C\u002Fli>\n\u003Cli>Text Searching\u003C\u002Fli>\n\u003Cli>Credit Balance Checking\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin will allow administrators to chek posts against copyscape via the copyscape API.",40,4573,20,"2010-07-22T20:24:00.000Z",[20,23,100],"post","http:\u002F\u002Ffusecurity.com\u002Fcopyscape\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcopyscape.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":29,"downloaded":111,"rating":112,"num_ratings":63,"last_updated":18,"tested_up_to":16,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":112,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":121},"contenttrace","ContentTrace","1.0.1","Md Saddam Hossain Shakil","https:\u002F\u002Fprofiles.wordpress.org\u002Fshakilsaddamwp\u002F","\u003Ch4>External Services\u003C\u002Fh4>\n\u003Cp>This plugin relies on external services for features that require server-side processing which cannot be performed locally within WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ContentTrace API (api.contenttrace.app)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purpose: Web scanning, similarity analysis, and takedown report generation.\u003C\u002Fli>\n\u003Cli>Why external: These features require large-scale web crawling, CPU-intensive content comparison algorithms, and structured legal document generation that cannot run within a WordPress installation.\u003C\u002Fli>\n\u003Cli>Data sent: Your site domain (for identification), post content excerpts (for similarity comparison), and URLs (for analysis). Content is processed in memory and immediately discarded.\u003C\u002Fli>\n\u003Cli>Privacy Policy: \u003Ca href=\"https:\u002F\u002Fcontenttrace.app\u002Fprivacy.html\" rel=\"nofollow ugc\">https:\u002F\u002Fcontenttrace.app\u002Fprivacy.html\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Terms of Service: \u003Ca href=\"https:\u002F\u002Fcontenttrace.app\u002Fterms.html\" rel=\"nofollow ugc\">https:\u002F\u002Fcontenttrace.app\u002Fterms.html\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Archive.org Wayback Machine (web.archive.org)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purpose: Creating timestamped snapshots of your published posts as proof of original authorship.\u003C\u002Fli>\n\u003Cli>Why external: Archive.org provides independently verifiable, timestamped archives that serve as legal evidence of publication date. This cannot be replicated locally.\u003C\u002Fli>\n\u003Cli>Data sent: The public URL of your post.\u003C\u002Fli>\n\u003Cli>Terms of Use: \u003Ca href=\"https:\u002F\u002Farchive.org\u002Fabout\u002Fterms.php\" rel=\"nofollow ugc\">https:\u002F\u002Farchive.org\u002Fabout\u002Fterms.php\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Google Search (via browser)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purpose: One-click manual search for your content fingerprints or titles.\u003C\u002Fli>\n\u003Cli>Data sent: Opens a search in the user’s own browser. No server-side requests are made by the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About ContentTrace\u003C\u002Fh4>\n\u003Cp>ContentTrace helps WordPress content creators protect their work from theft by embedding invisible tracking tokens and providing tools to detect unauthorized copies.\u003C\u002Fp>\n\u003Cp>All plugin features are fully functional for all users. The external API service may apply usage limits based on your service tier.\u003C\u002Fp>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Invisible Token Injection\u003C\u002Fstrong> – Unique fingerprints embedded in every post\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Dashboard\u003C\u002Fstrong> – View all protected posts and their tokens\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quick Google Search\u003C\u002Fstrong> – One-click search to find potential copies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Archive.org Integration\u003C\u002Fstrong> – Create timestamped proof of publication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Compare (URL & Text)\u003C\u002Fstrong> – Compare your content with suspected copies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Takedown Notice Generator\u003C\u002Fstrong> – DMCA\u002FEU\u002FInternational notices via API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Export\u003C\u002Fstrong> – Export all tokens for backup\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Category Exclusion\u003C\u002Fstrong> – Skip token injection for specific categories\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Styling Options\u003C\u002Fstrong> – Customize how visible tokens appear\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS Feed Protection\u003C\u002Fstrong> – Add tokens to feed content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contact Information Storage\u003C\u002Fstrong> – Pre-fill takedown notice details\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Protect\u003C\u002Fstrong> – ContentTrace adds unique invisible tokens to your posts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detect\u003C\u002Fstrong> – Use manual search or API scanning to find copies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prove\u003C\u002Fstrong> – Archive.org snapshots prove you published first\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Act\u003C\u002Fstrong> – Generate takedown notices to remove stolen content\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Tokens are stored locally in your WordPress database\u003C\u002Fli>\n\u003Cli>Content sent for analysis is processed and immediately discarded\u003C\u002Fli>\n\u003Cli>No personal data is stored on external servers beyond basic usage tracking\u003C\u002Fli>\n\u003Cli>Archive.org submissions use the public Wayback Machine service\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect your WordPress content with invisible fingerprints and dual detection technology. Find who copied your posts and prove ownership.",157,100,"5.0","7.4",[116,117,118,21,23],"content-protection","copyright","dmca","https:\u002F\u002Fcontenttrace.app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontenttrace.1.0.1.zip","2026-03-15T10:48:56.248Z",{"slug":123,"name":124,"version":125,"author":123,"author_profile":126,"description":127,"short_description":128,"active_installs":29,"downloaded":129,"rating":29,"num_ratings":29,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":139,"download_link":140,"security_score":141,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"quetext","Quetext","1.0.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fquetext\u002F","\u003Cp>Quetext’s WordPress Plugin uses DeepSearch™ technology to identify any content throughout your work that might be plagiarized.\u003C\u002Fp>\n\u003Ch3>Use of 3rd party\u002Fmain app services\u003C\u002Fh3>\n\u003Cp>We make use of services available at QueText (www.quetext.com). These services include:\u003Cbr \u002F>\n1. https:\u002F\u002Fwww.quetext.com\u002Fapi\u002Fauth\u002Flogin for authentication\u003Cbr \u002F>\n2. https:\u002F\u002Fwww.quetext.com\u002Fapi\u002Fwordpress\u002Fdownload-report to download report\u003Cbr \u002F>\n3. https:\u002F\u002Fwww.quetext.com\u002Fapi\u002Fwordpress\u002Fcheck-status to check plagiarism status\u003Cbr \u002F>\n4. https:\u002F\u002Fwww.quetext.com\u002Fapi\u002Fwordpress\u002Freport – get plagiarism report\u003Cbr \u002F>\n5. JQuery knob 1.2.12 (https:\u002F\u002Fplugins.jquery.com\u002Fknob)\u003Cbr \u002F>\n6. Fontawesome Kit (https:\u002F\u002Ffontawesome.com\u002Fv6\u002Fdownload)\u003Cbr \u002F>\n7. Boostrap 5.2 (https:\u002F\u002Fgetbootstrap.com\u002Fdocs\u002F5.2\u002Fgetting-started\u002Fdownload)\u003C\u002Fp>\n\u003Ch3>QueText Terms of Service:\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fwww.quetext.com\u002Fterms-of-service\u003C\u002Fp>\n\u003Ch3>QueText Privacy Policy:\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fwww.quetext.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please visit https:\u002F\u002Fhelp.quetext.com\u002Fhc\u002Fen-us\u003C\u002Fp>\n","Quetext’s Wordpress Plugin uses DeepSearch™ technology to identify any content throughout your work that might be plagiarized.",1852,"2024-06-27T21:19:00.000Z","6.4.8","4.9","7.0",[135,136,123,137,138],"content-originality","plagiarism-checker","quetext-plagiarism-checker","text-analysis","https:\u002F\u002Fquetext.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquetext.1.0.zip",92,{"slug":143,"name":144,"version":125,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":149,"downloaded":150,"rating":112,"num_ratings":151,"last_updated":152,"tested_up_to":153,"requires_at_least":154,"requires_php":18,"tags":155,"homepage":158,"download_link":159,"security_score":87,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"acf-unique-id-field","Advanced Custom Fields: Unique ID Field","KLicheR","https:\u002F\u002Fprofiles.wordpress.org\u002Fklicher\u002F","\u003Cp>Create a unique ID to easily identify repeater field’s rows. The field is fulfill on the first “save” of the post.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatibility\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This ACF field type is compatible with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>ACF 5\u003C\u002Fli>\n\u003C\u002Ful>\n","Create a unique ID to easily identify repeater field's rows.",3000,19946,6,"2014-12-05T19:14:00.000Z","4.0.38","3.5",[156,157,24],"acf","id","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-unique-id-field","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-unique-id-field.1.0.0.zip",{"attackSurface":161,"codeSignals":210,"taintFlows":294,"riskAssessment":378,"analyzedAt":388},{"hooks":162,"ajaxHandlers":200,"restRoutes":207,"shortcodes":208,"cronEvents":209,"entryPointCount":63,"unprotectedCount":29},[163,169,173,178,182,186,190,194,197],{"type":164,"name":165,"callback":166,"priority":167,"file":168,"line":167},"filter","post_updated_messages","copyscape_updated_messages",30,"copyscape.php",{"type":170,"name":171,"callback":172,"file":168,"line":61},"action","admin_enqueue_scripts","copyscape_init",{"type":170,"name":174,"callback":175,"priority":176,"file":168,"line":177},"transition_post_status","copyscape_post",130,34,{"type":170,"name":179,"callback":180,"file":168,"line":181},"admin_menu","copyscape_menu",35,{"type":170,"name":183,"callback":184,"file":168,"line":185},"admin_notices","copyscape_admin_notice",36,{"type":170,"name":187,"callback":188,"file":168,"line":189},"plugins_loaded","copyscape_update_tbl",37,{"type":170,"name":191,"callback":192,"file":168,"line":193},"admin_init","copyscape_redirect",38,{"type":170,"name":191,"callback":195,"file":168,"line":196},"copyscape_roleset",39,{"type":170,"name":198,"callback":199,"file":168,"line":95},"init","copyscape_override",[201],{"action":202,"nopriv":203,"callback":204,"hasNonce":205,"hasCapCheck":205,"file":168,"line":206},"copyscape_check",false,"ajax_copyscape_post",true,41,[],[],[],{"dangerousFunctions":211,"sqlUsage":212,"outputEscaping":236,"fileOperations":29,"externalRequests":63,"nonceChecks":292,"capabilityChecks":77,"bundledLibraries":293},[],{"prepared":213,"raw":214,"locations":215},26,9,[216,219,221,223,225,228,230,232,234],{"file":168,"line":217,"context":218},109,"$wpdb->query() with variable interpolation",{"file":168,"line":220,"context":218},110,{"file":168,"line":222,"context":218},111,{"file":168,"line":224,"context":218},112,{"file":168,"line":226,"context":227},139,"$wpdb->get_var() with variable interpolation",{"file":168,"line":229,"context":218},166,{"file":168,"line":231,"context":218},241,{"file":168,"line":233,"context":218},332,{"file":168,"line":235,"context":218},333,{"escaped":237,"rawEcho":213,"locations":238},11,[239,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290],{"file":168,"line":240,"context":241},66,"raw output",{"file":168,"line":243,"context":241},234,{"file":168,"line":245,"context":241},238,{"file":168,"line":247,"context":241},240,{"file":168,"line":249,"context":241},249,{"file":168,"line":251,"context":241},256,{"file":168,"line":253,"context":241},257,{"file":168,"line":255,"context":241},295,{"file":168,"line":257,"context":241},302,{"file":168,"line":259,"context":241},306,{"file":168,"line":261,"context":241},310,{"file":168,"line":263,"context":241},311,{"file":168,"line":265,"context":241},312,{"file":168,"line":267,"context":241},313,{"file":168,"line":269,"context":241},316,{"file":168,"line":271,"context":241},337,{"file":168,"line":273,"context":241},341,{"file":168,"line":275,"context":241},352,{"file":168,"line":277,"context":241},364,{"file":168,"line":279,"context":241},370,{"file":168,"line":281,"context":241},372,{"file":168,"line":283,"context":241},373,{"file":168,"line":285,"context":241},374,{"file":168,"line":287,"context":241},375,{"file":168,"line":289,"context":241},379,{"file":168,"line":291,"context":241},513,4,[],[295,329,366],{"entryPoint":296,"graph":297,"unsanitizedCount":29,"severity":328},"copyscape_options (copyscape.php:205)",{"nodes":298,"edges":324},[299,304,310,313,317,320],{"id":300,"type":301,"label":302,"file":168,"line":303},"n0","source","$_POST (x2)",229,{"id":305,"type":306,"label":307,"file":168,"line":308,"wp_function":309},"n1","sink","query() [SQLi]",230,"query",{"id":311,"type":301,"label":312,"file":168,"line":303},"n2","$_POST (x4)",{"id":314,"type":306,"label":315,"file":168,"line":251,"wp_function":316},"n3","echo() [XSS]","echo",{"id":318,"type":301,"label":319,"file":168,"line":303},"n4","$_POST (x10)",{"id":321,"type":306,"label":322,"file":168,"line":251,"wp_function":323},"n5","get_var() [SQLi]","get_var",[325,326,327],{"from":300,"to":305,"sanitized":205},{"from":311,"to":314,"sanitized":205},{"from":318,"to":321,"sanitized":205},"low",{"entryPoint":330,"graph":331,"unsanitizedCount":29,"severity":328},"\u003Ccopyscape> (copyscape.php:0)",{"nodes":332,"edges":360},[333,336,338,340,342,343,344,348,353,355],{"id":300,"type":301,"label":334,"file":168,"line":335},"$_POST (x3)",107,{"id":305,"type":306,"label":307,"file":168,"line":337,"wp_function":309},108,{"id":311,"type":301,"label":339,"file":168,"line":335},"$_POST (x15)",{"id":314,"type":306,"label":322,"file":168,"line":341,"wp_function":323},124,{"id":318,"type":301,"label":312,"file":168,"line":303},{"id":321,"type":306,"label":315,"file":168,"line":251,"wp_function":316},{"id":345,"type":301,"label":346,"file":168,"line":347},"n6","$_POST",330,{"id":349,"type":306,"label":350,"file":168,"line":351,"wp_function":352},"n7","get_row() [SQLi]",397,"get_row",{"id":354,"type":301,"label":346,"file":168,"line":347},"n8",{"id":356,"type":306,"label":357,"file":168,"line":358,"wp_function":359},"n9","update_option() [Settings Manipulation]",603,"update_option",[361,362,363,364,365],{"from":300,"to":305,"sanitized":205},{"from":311,"to":314,"sanitized":205},{"from":318,"to":321,"sanitized":205},{"from":345,"to":349,"sanitized":205},{"from":354,"to":356,"sanitized":205},{"entryPoint":367,"graph":368,"unsanitizedCount":28,"severity":377},"copyscape_redirect (copyscape.php:102)",{"nodes":369,"edges":374},[370,371,372,373],{"id":300,"type":301,"label":346,"file":168,"line":335},{"id":305,"type":306,"label":307,"file":168,"line":337,"wp_function":309},{"id":311,"type":301,"label":346,"file":168,"line":335},{"id":314,"type":306,"label":322,"file":168,"line":341,"wp_function":323},[375,376],{"from":300,"to":305,"sanitized":203},{"from":311,"to":314,"sanitized":203},"high",{"summary":379,"deductions":380},"The 'copyscape-premium' v1.4.2 plugin exhibits a mixed security posture.  While it demonstrates strengths in its limited attack surface, particularly with zero unprotected entry points, and a reasonable adoption of prepared statements for SQL queries, significant concerns arise from its output escaping and taint analysis. The low percentage of properly escaped output (30%) suggests a high risk of cross-site scripting (XSS) vulnerabilities across various parts of the plugin. The presence of a single flow with unsanitized paths, even if not classified as critical or high severity in this scan, represents a potential avenue for attackers to exploit the plugin by manipulating input that affects file operations or other sensitive processes.  The vulnerability history, while showing no currently unpatched issues, indicates a past pattern of medium severity vulnerabilities, primarily CSRF, suggesting the developers have addressed issues but the code may have inherent complexities that lead to such vulnerabilities. This highlights a need for continued vigilance and thorough code reviews.",[381,384,386],{"reason":382,"points":383},"Low percentage of properly escaped output",15,{"reason":385,"points":14},"Flow with unsanitized paths",{"reason":387,"points":14},"Past medium severity vulnerabilities","2026-03-16T18:59:18.234Z",{"wat":390,"direct":399},{"assetPaths":391,"generatorPatterns":394,"scriptPaths":395,"versionParams":396},[392,393],"\u002Fwp-content\u002Fplugins\u002Fcopyscape-premium\u002Fcss\u002Fcopyscape-premium.css","\u002Fwp-content\u002Fplugins\u002Fcopyscape-premium\u002Fjs\u002Fcopyscape-premium.js",[],[393],[397,398],"copyscape-premium\u002Fcss\u002Fcopyscape-premium.css?ver=","copyscape-premium\u002Fjs\u002Fcopyscape-premium.js?ver=",{"cssClasses":400,"htmlComments":402,"htmlAttributes":404,"restEndpoints":407,"jsGlobals":409,"shortcodeOutput":411},[401],"copyscape-premium-wrap",[403,403,403],"Copyscape Premium plugin - AJAX request handler.",[405,406],"data-copyscape-nonce","data-copyscape-action",[408],"\u002Fwp-json\u002Fcopyscape-premium\u002Fv1\u002Fcheck",[410],"copyscape_premium_ajax_object",[]]