[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7HI4dlm6OV6KXblox4TDR0ZQqTCfxP2stXsmt_DuaI4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":52,"analysis":153,"fingerprints":258},"croprefine","CropRefine","1.2.1","ERA404","https:\u002F\u002Fprofiles.wordpress.org\u002Fera404\u002F","\u003Cp>Extends the WordPress Media Library to allow individual control over each media item size’s crop.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For those particular about their imagery…\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WordPress’s Media Library already gives authors strong, intuitive organization over their web site’s images. But some users are a little more particular than others over the individual crop sizes of each media item. CropRefine is for the keen-eyed, visual types who want something fast and fastidious.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CropRefine provides quick-links from the Media Library to refine each item.\u003C\u002Fli>\n\u003Cli>A full catalog of existing crops and sizes are made available for refinement.\u003C\u002Fli>\n\u003Cli>If you prefer a different\u002Fbetter thumbnail but want to leave the other sizes untouched, CropRefine gives you that level of granularity over your imagery.\u003C\u002Fli>\n\u003Cli>Packaged with cropper.js, adjusting a crop is a smooth, draggable, precise refinement experience.\u003C\u002Fli>\n\u003Cli>Iterative backups are stored alongside each adjustment, so nothing is ever lost&mdash;only gained!\u003C\u002Fli>\n\u003Cli>If a re-crop just won’t achieve the results you’re after, a quick-upload tool is also offered for each media item size, so that you can replace that (and only that) size.\u003C\u002Fli>\n\u003Cli>No additional database is needed, no exhaustive setup process, no hidden license costs.\u003C\u002Fli>\n\u003C\u002Ful>\n","Giving you greater control over how each of your media item sizes are cropped.",100,5231,5,"2021-06-14T23:57:00.000Z","5.3.21","3.2.1","",[19,20,21,22,23],"image","media","resize","thumbnail","upload","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcroprefine\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcroprefine.zip",63,1,"2025-07-23 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-52734","croprefine-reflected-cross-site-scripting","CropRefine \u003C= 1.2.1 - Reflected Cross-Site Scripting","The CropRefine plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.2.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-10-29 21:01:57",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff10a49ae-d58f-4244-ba10-330e04c1946e?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"era404",320,70,314,58,"2026-04-04T14:39:04.231Z",[53,73,95,113,133],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":11,"num_ratings":13,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":17,"tags":66,"homepage":69,"download_link":70,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"sharpen-resized-images","Sharpen Resized Images","2.1.3","Unsal Korkmaz","https:\u002F\u002Fprofiles.wordpress.org\u002Funsalkorkmaz\u002F","\u003Cp>This plugin sharpening resized jpg image uploads in your WordPress. You can check screenshot as an example of difference. No settings required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> This plugin does NOT affect to uploaded images. It will affect to new uploads after you enabled it. You can use \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fregenerate-thumbnails\u002F\" rel=\"ugc\">Regenerate Thumbnails\u003C\u002Fa> plugin for old images.\u003C\u002Fp>\n\u003Cp>You can check some examples in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fplugin-sharpen-resized-images-examples?replies=1\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Published by: \u003Ca href=\"https:\u002F\u002Ffirmasite.com\u002F\" rel=\"nofollow ugc\">FirmaSite\u003C\u002Fa>\u003C\u002Fp>\n","Do you realize your resized images looks blur? This plugin fixing it. Sharpening resized jpg image uploads in your WordPress.",1000,28476,"2022-08-06T19:15:00.000Z","6.0.11","4.0",[19,67,68,22,23],"resized","sharpen","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsharpen-resized-images\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsharpen-resized-images.2.1.3.zip",85,0,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":93,"download_link":94,"security_score":11,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"crop-thumbnails","Crop-Thumbnails","1.9.7","Volkmar Kantor","https:\u002F\u002Fprofiles.wordpress.org\u002Fvolkmar-kantor\u002F","\u003Cp>The plugin provides the functionality to adjust the crop region of cropped images. It add buttons to the edit-pages and media-dialog to access a crop-editor.\u003Cbr \u002F>\nIn the crop-editor you can choose one or more (if they have the same ratio) imagesizes and cut-off the part of the image you want.\u003C\u002Fp>\n\u003Cp>The plugin is especially useful for theme developers who want to keep full control over cropped image sizes. If you want to dive even deeper, you can get informations about the hooks and filters on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fvollyimnetz\u002Fcrop-thumbnails\" rel=\"nofollow ugc\">github page of the plugin\u003C\u002Fa>.\u003C\u002Fp>\n","\"Crop Thumbnails\" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.",40000,836379,92,67,"2025-12-03T10:59:00.000Z","6.8.5","5.0","7.4.0",[90,91,92],"images","media-library","post-thumbnails","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcrop-thumbnails\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrop-thumbnails.1.9.7.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":83,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":17,"tags":109,"homepage":17,"download_link":112,"security_score":11,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"clean-image-filenames","Clean Image Filenames","1.5","Upperdog","https:\u002F\u002Fprofiles.wordpress.org\u002Fupperdog\u002F","\u003Cp>This plugin automatically converts language accent characters in filenames when uploading to the media library. Characters are converted into browser and server friendly, non-accent characters.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Converts accent characters to non-accent, latin equivalents in Swedish, Danish, German, and more.\u003C\u002Fli>\n\u003Cli>Removes special characters like exclamation marks, periods, hashtags, and more.\u003C\u002Fli>\n\u003Cli>Lets you choose if you want to convert only image files, or all file types.\u003C\u002Fli>\n\u003Cli>Makes site and server migrations easier thanks to non-accent character filenames.\u003C\u002Fli>\n\u003Cli>Provides filter hook for developers who want to specify which file types to convert.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Examples\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Räksmörgås.jpg \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> raksmorgas.jpg\u003C\u002Fli>\n\u003Cli>Æblegrød_FTW!.gif \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> aeblegrod-ftw.gif\u003C\u002Fli>\n\u003Cli>Château de Ferrières.png \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> chateau-de-ferrieres.png\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Worth noting\u003C\u002Fh3>\n\u003Cp>The plugin only converts filenames when the files are being uploaded. It can not convert existing files.\u003C\u002Fp>\n\u003Ch3>Filter for developers\u003C\u002Fh3>\n\u003Cp>This filter provides developers a way to specify which file types the plugin should convert. This filter overrides the plugin settings on the media settings page. For a complete list of mime types, see \u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FInternet_media_type\" rel=\"nofollow ugc\">Wikipedia\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The following example will convert PDF, JPEG and PNG files only:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_clean_image_filenames_mime_types() {\n    $mime_types = array(\n        'application\u002Fpdf',\n        'image\u002Fjpeg',\n        'image\u002Fpng',\n    );\n    return $mime_types;\n}\nadd_filter( 'clean_image_filenames_mime_types', 'my_clean_image_filenames_mime_types' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This plugin automatically converts language accent characters to non-accent characters in filenames when uploading to the media library.",30000,335219,21,"2026-01-14T09:45:00.000Z","6.9.4","2.9",[110,90,20,111,23],"files","sanitize","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-image-filenames.1.5.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":11,"num_ratings":123,"last_updated":124,"tested_up_to":107,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":131,"download_link":132,"security_score":11,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"disable-media-sizes","Disable Media Sizes","2.5","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>Easily disable any extra image sizes\u003C\u002Fp>\n\u003Cp>This plugin provides options to disable the extra images generated by WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Options include\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Thumbnail Size\u003C\u002Fli>\n\u003Cli>Disable Medium Size\u003C\u002Fli>\n\u003Cli>Disable Large Size\u003C\u002Fli>\n\u003Cli>Disable Medium Large (768px)\u003C\u002Fli>\n\u003Cli>Disable 1536×1536 Size\u003C\u002Fli>\n\u003Cli>Disable 2048×2048 Size\u003C\u002Fli>\n\u003Cli>Disable Big\u002FScaled Size\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin settings screen does a good job of explaining the different image sizes. Should all be self-explanatory, let me know if anything can be improved.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Lightweight and secure\u003C\u002Fli>\n\u003Cli>Built with the WP API and standards\u003C\u002Fli>\n\u003Cli>Simple to use – anyone can do it\u003C\u002Fli>\n\u003Cli>One-click restore default options\u003C\u002Fli>\n\u003Cli>Easy peasy.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Why is this useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fdisable-wordpress-generated-images\u002F\" rel=\"nofollow ugc\">This article\u003C\u002Fa> explains everything you need to know about the “hows” and the “whys” and such.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please understand that this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Does not affect any existing images\u003C\u002Fli>\n\u003Cli>Only works while the plugin is active\u003C\u002Fli>\n\u003Cli>Does not delete any images\u003C\u002Fli>\n\u003Cli>Only prevents WordPress from generating extra sized images\u003C\u002Fli>\n\u003Cli>If all extra sizes are disabled, only original images will be uploaded\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fdisable-wordpress-generated-images\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa> about the techniques and code used in this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>Disable Media Sizes is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Provides options to disable the extra images generated by WordPress.",10000,72308,22,"2026-01-28T23:37:00.000Z","5.3","5.6.20",[128,129,90,20,130],"disable","disable-image-sizes","uploads","https:\u002F\u002Fperishablepress.com\u002Fwordpress-disable-media-sizes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-media-sizes.2.5.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":83,"num_ratings":143,"last_updated":144,"tested_up_to":145,"requires_at_least":146,"requires_php":17,"tags":147,"homepage":151,"download_link":152,"security_score":83,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"ios-images-fixer","iOS images fixer","1.3.0","Bishoy.A","https:\u002F\u002Fprofiles.wordpress.org\u002Fbishoya\u002F","\u003Cp>By default, thumbnails of photos taken by an iOS device (iPhone or iPad) are flipped 90 degrees to the left, it’s a long image EXIF information story. This plugin takes care of this and fixes the uploaded images orientation’s (if needed, based on EXIF data) using ImageMagic Library if available or PHP GD as a fallback.\u003C\u002Fp>\n\u003Cp>No settings editing required, just activate the plugin and try uploading an image from your idevice!\u003C\u002Fp>\n","Automatically fix iOS-taken images' orientation using ImageMagic\u002FPHP GD upon upload.",7000,59114,30,"2024-06-12T17:02:00.000Z","6.5.8","4.0.0",[90,148,149,20,150],"ios","iphone","thumbnails","http:\u002F\u002Fbishoy.me\u002Fwp-plugins\u002Fios-images-fixer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fios-images-fixer.1.3.0.zip",{"attackSurface":154,"codeSignals":199,"taintFlows":225,"riskAssessment":244,"analyzedAt":257},{"hooks":155,"ajaxHandlers":185,"restRoutes":195,"shortcodes":196,"cronEvents":197,"entryPointCount":198,"unprotectedCount":198},[156,162,166,172,176,180],{"type":157,"name":158,"callback":159,"file":160,"line":161},"action","admin_init","croprefine_admin_init","croprefine.php",34,{"type":157,"name":163,"callback":164,"file":160,"line":165},"admin_menu","croprefine_admin_menu",35,{"type":167,"name":168,"callback":169,"priority":170,"file":160,"line":171},"filter","media_row_actions","croprefine_media_edit_link",10,228,{"type":157,"name":173,"callback":174,"priority":170,"file":160,"line":175},"attachment_fields_to_edit","croprefine_media_modal_edit_link",240,{"type":157,"name":177,"callback":178,"file":160,"line":179},"print_media_templates","closure",255,{"type":157,"name":181,"callback":182,"priority":183,"file":160,"line":184},"attachment_submitbox_misc_actions","add_refinebutton_to_media_edit_page",90,510,[186,191],{"action":187,"nopriv":188,"callback":189,"hasNonce":188,"hasCapCheck":188,"file":160,"line":190},"getimage",false,"croprefine_getimage",46,{"action":192,"nopriv":188,"callback":193,"hasNonce":188,"hasCapCheck":188,"file":160,"line":194},"cropimage","croprefine_cropimage",47,[],[],[],2,{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":203,"fileOperations":72,"externalRequests":72,"nonceChecks":72,"capabilityChecks":27,"bundledLibraries":224},[],{"prepared":72,"raw":72,"locations":202},[],{"escaped":204,"rawEcho":205,"locations":206},23,8,[207,210,212,214,216,218,220,222],{"file":160,"line":208,"context":209},107,"raw output",{"file":160,"line":211,"context":209},125,{"file":160,"line":213,"context":209},189,{"file":160,"line":215,"context":209},202,{"file":160,"line":217,"context":209},270,{"file":160,"line":219,"context":209},473,{"file":160,"line":221,"context":209},506,{"file":160,"line":223,"context":209},517,[],[226],{"entryPoint":227,"graph":228,"unsanitizedCount":72,"severity":243},"\u003Ccroprefine> (croprefine.php:0)",{"nodes":229,"edges":240},[230,235],{"id":231,"type":232,"label":233,"file":160,"line":234},"n0","source","$_GET",93,{"id":236,"type":237,"label":238,"file":160,"line":217,"wp_function":239},"n1","sink","echo() [XSS]","echo",[241],{"from":231,"to":236,"sanitized":242},true,"low",{"summary":245,"deductions":246},"The \"croprefine\" v1.2.1 plugin exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a reasonable rate of output escaping (74%), significant concerns arise from its attack surface and vulnerability history.  The presence of two AJAX handlers, both entirely lacking authentication checks, represents a direct and easily exploitable entry point for attackers.  This, combined with the absence of nonce checks, indicates a high risk of unauthorized actions being performed through these handlers.\n\nThe vulnerability history reveals a pattern of past security weaknesses, specifically a known medium-severity Cross-Site Scripting (XSS) vulnerability that remains unpatched. The fact that the last vulnerability was recorded as \"2025-07-23 00:00:00\" suggests a potential for ongoing or recurring security issues, especially given the unpatched status.  While no critical taint flows or dangerous functions were detected in the static analysis, the combination of unprotected entry points and a history of exploitable vulnerabilities points to a moderate to high-risk plugin that requires immediate attention and patching.",[247,249,251,254],{"reason":248,"points":170},"Unprotected AJAX handlers",{"reason":250,"points":13},"Missing nonce checks on AJAX",{"reason":252,"points":253},"Unpatched medium vulnerability",15,{"reason":255,"points":256},"Lower than ideal output escaping",3,"2026-03-16T21:12:09.268Z",{"wat":259,"direct":272},{"assetPaths":260,"generatorPatterns":263,"scriptPaths":264,"versionParams":267},[261,262],"\u002Fwp-content\u002Fplugins\u002Fcroprefine\u002Fcroprefine.css","\u002Fwp-content\u002Fplugins\u002Fcroprefine\u002Fcropper\u002Fcropper.css",[],[265,266],"\u002Fwp-content\u002Fplugins\u002Fcroprefine\u002Fcroprefine.js","\u002Fwp-content\u002Fplugins\u002Fcroprefine\u002Fcropper\u002Fcropper.js",[268,269,270,271],"croprefine\u002Fcroprefine.css?ver=","croprefine\u002Fcropper\u002Fcropper.css?ver=","croprefine\u002Fcroprefine.js?ver=","croprefine\u002Fcropper\u002Fcropper.js?ver=",{"cssClasses":273,"htmlComments":296,"htmlAttributes":307,"restEndpoints":313,"jsGlobals":314,"shortcodeOutput":317},[274,275,276,277,278,279,280,281,282,283,22,284,285,286,287,288,289,290,291,292,293,294,295],"croprefine-administration","croprefine-styles","croprefine-cropper-styles","modal-cropper","modal-cropper-hide","edit-attachment-frame","media-frame-title","media-frame-content","attachment-details","attachment-media-view","thumbnail-image","container","cropperimage","available-sizes","settings-save-status","missing","details","compat-meta","actions","results","popover","popover-preview",[297,298,299,300,301,302,303,304,305,306],"custom wrapper","successful uploads","requesting an image be refined","does this operation come from a post?","form url ","javascript to fetch image from uploads directory","path to wp-admin styles","return to post button \u002F close window","build modals","150 x 150 (native: 190 x 190)",[308,309,310,311,312],"data-id='10'","aria-label='Embedded Image'","aria-checked='false'","role='checkbox'","tabindex='0'",[],[315,316],"ajax_object","mediaitem",[]]