[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRcj_OCcxv45Rv0i5yOQgmGe2gYxC2JpKahCDDWxtC5U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":82,"crawl_stats":38,"alternatives":89,"analysis":186,"fingerprints":454},"cyan-backup","CYAN Backup","2.5.5","Greg Ross","https:\u002F\u002Fprofiles.wordpress.org\u002Fgregross\u002F","\u003Cp>Backup your entire WordPress site and its database into a zip file on a schedule.  Remote storage options include FTP, SFTP and FTPS.\u003C\u002Fp>\n\u003Cp>CYAN Backup is a fork of the great \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftotal-backup\u002F\" rel=\"ugc\">Total Backup\u003C\u002Fa> by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwokamoto\u002F\" rel=\"nofollow ugc\">wokamoto\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Currently support schedules are hourly, daily, weekly and monthly with intervals for each (for example you could select a schedule of every 4 hours or every 6 weeks, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PHP5 Required\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Localization\u003C\u002Fh4>\n\u003Cp>CYAN Backup is fully ready to be translated in to any supported languages, if you have translated into your language, please let me know.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Configure the archive path which specifies the directory to store your backups to.  This must be writeable by the web server but should not be accessible via the web as a hacker could guess the filename and get a copy copy of your database.  If you must place the backups in a directory inside of the WordPress directory (or web server root) make sure to block extenal access via .htaccess or other means.  The default path is the directory for the temp files returned by sys_get_temp_dir().\u003C\u002Fp>\n\u003Cp>Configure the excluded paths which specify the directories you don’t want to back up.  The default excluded directories are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>wp-content\u002Fcache\u002F : the directory for the cache files used by WP super cache and so on.\u003C\u002Fli>\n\u003Cli>wp-content\u002Ftmp\u002F : the directory for the cache files used by DB Cache Reloaded Fix so on.\u003C\u002Fli>\n\u003Cli>wp-content\u002Fupgrade\u002F : the directory for the temp files used by the WordPress upgrade function.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have configured your archive path below the main WordPress directory you MUST add it to the list of excluded directories as well.\u003C\u002Fp>\n\u003Cp>Activate and configure the scheduler if you want to backup on a regular basis.  Schedule options include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hourly (Backup your site every X hours, an hourly backup with an interval of 12 would run a backup twice a day).\u003C\u002Fli>\n\u003Cli>Daily (Backup your site every X days at a specific time.\u003C\u002Fli>\n\u003Cli>Weekly (Backup your site every X weeks at a specific day and time, for example every second Tuesday at 4am).\u003C\u002Fli>\n\u003Cli>Monthly (Backup your site every X months on a specific day and time, for example the 1st day of the month at 4am).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also enable auto pruning of old backups by setting the number of backup files you want to keep.\u003C\u002Fp>\n\u003Cp>Backing up your site can take a while, you will want to ensure your PHP and webserver are configured to allow for the backup script to run long enough to complete the backup..\u003C\u002Fp>\n\u003Cp>Once a backup is complete you can download the backup files from the links in Backup page.  You can delete old backup files by checking one or more boxes in the backup list and then clicking the Delete button.\u003C\u002Fp>\n\u003Cp>The backup file of DB is included in the zip file as {the directory name of WordPress}.yyyymmdd.hhmmss.sql.\u003C\u002Fp>\n\u003Ch3>Road Map\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>2.5 – Dropbox support\u003C\u002Fli>\n\u003Cli>3.0 – Restore support\u003C\u002Fli>\n\u003C\u002Ful>\n","Backup your entire WordPress site and its database into a zip file on a schedule.  Remote storage options include FTP, SFTP and FTPS.",300,36256,82,11,"2025-11-04T23:46:00.000Z","6.8.5","2.9","",[20,21,22,23,24],"backup","ftp","schedule","scp","sftp","http:\u002F\u002Ftoolstack.com\u002Fcyan-backup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcyan-backup.2.5.5.zip",95,4,0,"2025-11-07 20:49:54","2026-03-15T15:16:48.613Z",[33,48,63,69],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-12092","cyan-backup-authenticated-admin-arbitrary-file-deletion","CYAN Backup \u003C= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion","The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",null,"\u003C=2.5.4","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2025-11-08 09:28:10",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F39972b06-920f-48b0-aa36-bb5caab87cb6?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2024-9662","cyan-backup-authenticated-admin-stored-cross-site-scripting","CYAN Backup \u003C= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting","The CYAN Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=2.5.2","2.5.3",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-03-03 00:00:00","2025-05-29 22:25:00",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F59fa2539-c1df-4c01-b57f-b7b4bde8537f?source=api-prod",88,{"id":64,"url_slug":65,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":66,"references":67,"days_to_patch":62},"CVE-2024-9663","cyan-backup-authenticated-admin-stored-cross-site-scripting-2","2025-05-29 22:25:22",[68],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F61068993-46e2-4ac6-96a4-52c6dcc56b0d?source=api-prod",{"id":70,"url_slug":71,"title":72,"description":73,"plugin_slug":4,"theme_slug":38,"affected_versions":74,"patched_in_version":75,"severity":40,"cvss_score":76,"cvss_vector":77,"vuln_type":43,"published_date":78,"updated_date":79,"references":80,"days_to_patch":14},"CVE-2024-52390","cyan-backup-authenticated-admin-arbitrary-file-download","CYAN Backup \u003C= 2.5.3 - Authenticated (Admin+) Arbitrary File Download","The CYAN Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","\u003C=2.5.3","2.5.4",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","2024-11-11 00:00:00","2024-11-21 13:31:56",[81],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F77c125fd-a954-4523-b415-21bf9e835452?source=api-prod",{"slug":83,"display_name":7,"profile_url":8,"plugin_count":84,"total_installs":85,"avg_security_score":62,"avg_patch_time_days":86,"trust_score":87,"computed_at":88},"gregross",34,7510,39,80,"2026-04-05T02:48:52.542Z",[90,110,130,148,166],{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":18,"download_link":108,"security_score":109,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ssh-sftp-updater-support","SSH SFTP Updater Support","1.1.1","TerraFrost","https:\u002F\u002Fprofiles.wordpress.org\u002Fterrafrost\u002F","\u003Cp>Keeping your WordPress install up-to-date and installing plugins in a hassle-free manner is not so easy if your server uses SFTP. “SSH SFTP Updater Support” for WordPress uses phpseclib to remedy this deficiency.\u003C\u002Fp>\n\u003Cp>To use it, after installing and activating the plugins, add the necessary constants early in the code in your wp-config.php:\u003C\u002Fp>\n\u003Cp>a) \u003Ccode>define('FS_METHOD', 'ssh2');\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>b) Others as \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fapis\u002Fwp-config-php\u002F#wordpress-upgrade-constants\" rel=\"nofollow ugc\">detailed in the official WP codex\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin is offered and maintained as a free service to the WP community. You might also be interested in enhancing your WordPress site with our other top plugins, below.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fupdraftplus.com\u002F?ref=212&source=sshsmtp\" rel=\"nofollow ugc\">UpdraftPlus\u003C\u002Fa>\u003C\u002Fstrong> simplifies backups and restoration. It is the #1 most-used backup\u002Frestore plugin, with over a million currently-active installs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fupdraftplus.com\u002Fupdraftcentral\u002F?ref=212&source=sshsmtp\" rel=\"nofollow ugc\">UpdraftCentral\u003C\u002Fa>\u003C\u002Fstrong> – a highly efficient way to manage, optimize, update and backup multiple websites from one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgetwpo.com\u002F\" rel=\"nofollow ugc\">WP-Optimize\u003C\u002Fa>\u003C\u002Fstrong> helps you to optimize and clean your WordPress database so that it runs at maximum efficiency.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>More quality plugins\u003C\u002Fstrong>: \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.simbahosting.co.uk\u002Fs3\u002Fshop\u002F\" rel=\"nofollow ugc\">Premium WooCommerce extensions\u003C\u002Fa>\u003C\u002Fstrong> | \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson#content-plugins\" rel=\"nofollow ugc\">Other useful plugins\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n","\"SSH SFTP Updater Support\" is the easiest way to keep your WordPress installation up-to-date with SFTP.",10000,536412,96,99,"2026-01-26T23:22:00.000Z","6.9.4","5.0","5.6",[24,107],"ssh","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fssh-sftp-updater-support.1.1.1.zip",100,{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":109,"num_ratings":14,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":18,"tags":123,"homepage":18,"download_link":128,"security_score":129,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"de-updraftplus-backup-exclude-image-thumbnails","Exclude Image Thumbnails From UpdraftPlus Backups","1.0.4","David Baumwald","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidbaumwald\u002F","\u003Cp>A small plugin to exclude WordPress generated image thumbnails from Updraft backups, saving space.  The original, full-sized image is included in backups, so if a restoration from backup is needed, WP CLI or a plugin can be used to regenerate thumbnails using the original, full-size images.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works for all image types and includes both native and custom image sizes added by themes and plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n","An UpdraftPlus extension that excludes image size thumbnails, generated by WordPress, from Updraft backups.",4000,46890,"2025-02-06T14:29:00.000Z","6.7.5","3.5",[20,124,125,126,127],"exclude","image","updraft","updraftplus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fde-updraftplus-backup-exclude-image-thumbnails.zip",92,{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":11,"downloaded":138,"rating":109,"num_ratings":139,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":18,"tags":143,"homepage":145,"download_link":146,"security_score":147,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"automatic-wordpress-backup","Automatic WordPress Backup","2.0.3","DanCoulter","https:\u002F\u002Fprofiles.wordpress.org\u002Fdancoulter\u002F","\u003Cp>Using this plugin, you can easily and automatically backup important parts of\u003Cbr \u002F>\nyour WordPress install to Amazon S3.  Amazon S3 is an extremely cheap service\u003Cbr \u002F>\nthat is easy to set up.  For pennies a month, you can make sure that your\u003Cbr \u002F>\nimportant files will be kept safe.\u003C\u002Fp>\n\u003Cp>Important caveat: this plugin currently has to be run on a linux server.\u003Cbr \u002F>\nAlso, the wp-content\u002Fuploads folder has to be server-writable or it won’t be\u003Cbr \u002F>\nable to create the zips for backup.\u003C\u002Fp>\n\u003Cp>For full info and installation instructions, visit http:\u002F\u002Fwww.webdesigncompany.net\u002Fautomatic-wordpress-backup\u002F\u003C\u002Fp>\n","Automatically back up important bits of your WordPress install to Amazon S3.",53087,2,"2010-08-11T07:37:00.000Z","3.0.5","2.8",[144],"backup-automatic-s3-zip-backups-scheduled","http:\u002F\u002Fwww.webdesigncompany.net\u002Fautomatic-wordpress-backup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-wordpress-backup.2.0.3.zip",85,{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":109,"downloaded":156,"rating":29,"num_ratings":29,"last_updated":157,"tested_up_to":158,"requires_at_least":159,"requires_php":18,"tags":160,"homepage":164,"download_link":165,"security_score":147,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"dbc-backup-2","DBC Backup 2","2.3.25","Damien Saunders","https:\u002F\u002Fprofiles.wordpress.org\u002Fdamiensaunders-1\u002F","\u003Cp>DBC Backup 2 can give you the confidence that your WordPress database is backed-up and securely stored on your server.\u003C\u002Fp>\n\u003Cp>You select when and where your backup will be generated. The backup file is saved to directory on your web server which for many people is free storage and more reliable then saving to your home computer.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Secure – The file name includes some random characters which makes it impossible for someone to guess the backup name and download it.\u003C\u002Fli>\n\u003Cli>Safe – the backup directory is protected with a .htaccess and an empty index.html file which means no-one can browse or download the file via the web\u003C\u002Fli>\n\u003Cli>Storage – If your server has supports it, you can select between three different compression formats: none, Gzip and Bzip2. \u003C\u002Fli>\n\u003Cli>Schedule – you can set hourly, daily, weekly or monthly backup\u003C\u002Fli>\n\u003Cli>Manual backup – anytime you want to save a backup before updating WordPress or installing a plugin you can.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Info\u003C\u002Fh4>\n\u003Cp>The plugin will try to auto create the export directory.\u003C\u002Fp>\n\u003Cp>This plugin creates it’s own sql file and does not use mysqldump like most other plugins.\u003C\u002Fp>\n\u003Cp>During backup, a log is created that includes, the generation date, file, filesize, status and the duration of the generation.\u003C\u002Fp>\n\u003Cp>The backup files are identical to what phpmyadmin would produce because DBC Backup is using the key procedures of phpmyadmin.\u003C\u002Fp>\n\u003Cp>DBC Backup was built to be fast, flexible and as simple as possible.\u003C\u002Fp>\n\u003Ch4>Checkout my other work\u003C\u002Fh4>\n\u003Ch3>CHANGE YOUR WEBSITE NOT YOUR THEME == responsive visual grid layout with Isotope.js & visual animation. [Free to download](http:\u002F\u002Fwordpress.damien.co\u002Fshop\u002Fisotope\u002F?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=readme)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdamien.co\u002Fblog?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=readme\" rel=\"nofollow ugc\">Damien\u003C\u002Fa> – digital marketing strategy, technical development and digital marketing\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwordpress.damien.co\u002F?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=readme\" rel=\"nofollow ugc\">Ideas for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwordpress.damien.co\u002Fplugins?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=readme\" rel=\"nofollow ugc\">Plugins for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","DBC Backup 2 is a safe & simple way to schedule regular WordPress database backups using the wp-cron batch jobs.",15625,"2014-01-05T15:16:00.000Z","3.7.41","3.6",[20,161,162,22,163],"cron","database","sql","http:\u002F\u002Fwordpress.damien.co\u002Fplugins?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=source","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdbc-backup-2.2.3.25.zip",{"slug":167,"name":168,"version":169,"author":170,"author_profile":171,"description":172,"short_description":173,"active_installs":174,"downloaded":175,"rating":29,"num_ratings":29,"last_updated":176,"tested_up_to":177,"requires_at_least":178,"requires_php":18,"tags":179,"homepage":182,"download_link":183,"security_score":184,"vuln_count":47,"unpatched_count":47,"last_vuln_date":185,"fetched_at":31},"xm-backup","XM-Backup","0.9.1","Xavier Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreasbylund\u002F","\u003Cp>This plugin will do a backup of your WordPress database and, or your files in wp-content\u002Fuploads and saves\u003Cbr \u002F>\nit somewhere safe. You can have the backup saved in your \u003Ca href=\"http:\u002F\u002Fdb.tt\u002F9Jo39Xy\" rel=\"nofollow ugc\">Dropbox account\u003C\u002Fa>, a FTP account of your choise, your\u003Cbr \u002F>\naccount with \u003Ca href=\"http:\u002F\u002Fwww.securepaynet.net\u002Femail\u002Fonline-file-storage.aspx?ci=1796&prog_id=xaviermedia&isc=xmbackup\" rel=\"nofollow ugc\">Online File Folder\u003C\u002Fa>, or have the backup emailed to you (not recommended for large files). You can\u003Cbr \u002F>\nselect to have the backups named the same every day or to have a date added to each file name.\u003C\u002Fp>\n\u003Cp>This plugin requires PHP, cURL, PHP compiled with ZIP support, and Oauth (for Dropbox).\u003C\u002Fp>\n\u003Cp>** NO WARRANTY SUPPLIED! **\u003C\u002Fp>\n\u003Cp>** Make sure you test your Backups! **\u003C\u002Fp>\n","Does a backup of your Wordpress database and, or your files in wp-content\u002Fuploads and saves it in a safe location.",60,13425,"2012-05-19T19:24:00.000Z","3.3.2","2.7.0",[20,162,180,181,21],"dropbox","files","http:\u002F\u002Fwww.xaviermedia.com\u002Fwordpress\u002Fplugins\u002Fxm-backup.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxm-backup.zip",63,"2025-08-25 00:00:00",{"attackSurface":187,"codeSignals":230,"taintFlows":434,"riskAssessment":435,"analyzedAt":453},{"hooks":188,"ajaxHandlers":221,"restRoutes":222,"shortcodes":223,"cronEvents":224,"entryPointCount":29,"unprotectedCount":29},[189,195,199,201,207,211,215,218],{"type":190,"name":191,"callback":192,"file":193,"line":194},"action","cyan_backup_hook","cyan_backup_scheduled_run","cyan-backup.php",28,{"type":190,"name":196,"callback":197,"file":193,"line":198},"network_admin_menu","admin_menu",73,{"type":190,"name":197,"callback":197,"file":193,"line":200},76,{"type":202,"name":203,"callback":204,"priority":205,"file":193,"line":206},"filter","plugin_action_links","plugin_setting_links",10,77,{"type":190,"name":208,"callback":209,"file":193,"line":210},"init","file_download",79,{"type":202,"name":212,"callback":212,"file":213,"line":214},"query_vars","includes\\class-addrewriterules.php",13,{"type":190,"name":216,"callback":216,"file":213,"line":217},"generate_rewrite_rules",14,{"type":190,"name":219,"callback":219,"file":213,"line":220},"wp",18,[],[],[],[225,227],{"hook":191,"callback":191,"file":193,"line":226},1455,{"hook":191,"callback":191,"file":228,"line":229},"includes\\page-options.php",289,{"dangerousFunctions":231,"sqlUsage":242,"outputEscaping":252,"fileOperations":431,"externalRequests":29,"nonceChecks":432,"capabilityChecks":29,"bundledLibraries":433},[232,237],{"fn":233,"file":234,"line":235,"context":236},"create_function","includes\\phpseclib\\Crypt\\Base.php",2481,"return create_function('$_action, &$self, $_text', $init_crypt . 'if ($_action == \"encrypt\") { ' . $",{"fn":238,"file":239,"line":240,"context":241},"unserialize","includes\\phpseclib\\Crypt\\RSA.php",641,"extract(unserialize($partial));",{"prepared":243,"raw":139,"locations":244},3,[245,249],{"file":246,"line":247,"context":248},"includes\\class-cyan-wp-backuper.php",277,"$wpdb->get_var() with variable interpolation",{"file":246,"line":250,"context":251},1077,"$wpdb->get_results() with variable interpolation",{"escaped":253,"rawEcho":62,"locations":254},32,[255,258,260,262,264,266,268,270,272,274,275,277,279,280,282,284,286,288,290,292,294,296,298,300,302,303,305,308,310,313,315,316,318,320,323,325,327,329,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,383,384,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,417,420,423,425,428],{"file":193,"line":256,"context":257},592,"raw output",{"file":193,"line":259,"context":257},924,{"file":193,"line":261,"context":257},925,{"file":193,"line":263,"context":257},936,{"file":193,"line":265,"context":257},947,{"file":193,"line":267,"context":257},948,{"file":193,"line":269,"context":257},954,{"file":193,"line":271,"context":257},955,{"file":193,"line":273,"context":257},973,{"file":193,"line":273,"context":257},{"file":193,"line":276,"context":257},977,{"file":193,"line":278,"context":257},979,{"file":193,"line":278,"context":257},{"file":193,"line":281,"context":257},984,{"file":193,"line":283,"context":257},999,{"file":193,"line":285,"context":257},1015,{"file":193,"line":287,"context":257},1020,{"file":193,"line":289,"context":257},1021,{"file":193,"line":291,"context":257},1027,{"file":193,"line":293,"context":257},1028,{"file":193,"line":295,"context":257},1035,{"file":193,"line":297,"context":257},1055,{"file":193,"line":299,"context":257},1056,{"file":193,"line":301,"context":257},1071,{"file":193,"line":250,"context":257},{"file":193,"line":304,"context":257},1602,{"file":306,"line":307,"context":257},"includes\\class-pclzip.php",4105,{"file":306,"line":309,"context":257},4118,{"file":311,"line":312,"context":257},"includes\\page-about.php",12,{"file":311,"line":314,"context":257},17,{"file":311,"line":184,"context":257},{"file":311,"line":317,"context":257},64,{"file":311,"line":319,"context":257},78,{"file":321,"line":322,"context":257},"includes\\page-backups.php",49,{"file":321,"line":324,"context":257},67,{"file":321,"line":326,"context":257},68,{"file":321,"line":328,"context":257},81,{"file":321,"line":13,"context":257},{"file":321,"line":331,"context":257},108,{"file":321,"line":333,"context":257},120,{"file":228,"line":335,"context":257},448,{"file":228,"line":337,"context":257},453,{"file":228,"line":339,"context":257},475,{"file":228,"line":341,"context":257},487,{"file":228,"line":343,"context":257},509,{"file":228,"line":345,"context":257},519,{"file":228,"line":347,"context":257},532,{"file":228,"line":349,"context":257},572,{"file":228,"line":351,"context":257},576,{"file":228,"line":353,"context":257},628,{"file":228,"line":355,"context":257},629,{"file":228,"line":357,"context":257},630,{"file":228,"line":359,"context":257},631,{"file":228,"line":361,"context":257},632,{"file":228,"line":363,"context":257},669,{"file":228,"line":365,"context":257},679,{"file":228,"line":367,"context":257},706,{"file":228,"line":369,"context":257},710,{"file":228,"line":371,"context":257},723,{"file":228,"line":373,"context":257},726,{"file":228,"line":375,"context":257},727,{"file":228,"line":377,"context":257},732,{"file":228,"line":379,"context":257},734,{"file":228,"line":381,"context":257},738,{"file":228,"line":381,"context":257},{"file":228,"line":381,"context":257},{"file":228,"line":381,"context":257},{"file":228,"line":386,"context":257},739,{"file":228,"line":388,"context":257},741,{"file":228,"line":390,"context":257},746,{"file":228,"line":392,"context":257},750,{"file":228,"line":394,"context":257},755,{"file":228,"line":396,"context":257},757,{"file":228,"line":398,"context":257},761,{"file":228,"line":400,"context":257},765,{"file":228,"line":402,"context":257},770,{"file":228,"line":404,"context":257},775,{"file":228,"line":406,"context":257},777,{"file":228,"line":408,"context":257},784,{"file":228,"line":410,"context":257},788,{"file":228,"line":412,"context":257},846,{"file":228,"line":414,"context":257},848,{"file":228,"line":416,"context":257},918,{"file":418,"line":419,"context":257},"includes\\phpseclib\\Net\\SFTP\\Stream.php",786,{"file":421,"line":422,"context":257},"includes\\phpseclib\\Net\\SFTP.php",2724,{"file":421,"line":424,"context":257},2800,{"file":426,"line":427,"context":257},"includes\\phpseclib\\Net\\SSH1.php",1618,{"file":429,"line":430,"context":257},"includes\\phpseclib\\Net\\SSH2.php",3578,292,5,[],[],{"summary":436,"deductions":437},"The \"cyan-backup\" plugin version 2.5.5 presents a mixed security posture. While the static analysis reveals a seemingly small attack surface with no directly exposed AJAX, REST API, or shortcode entry points without authentication, several concerning code signals warrant attention. The presence of dangerous functions like `create_function` and `unserialize` is a significant red flag, as these can be exploited for code execution or deserialization vulnerabilities if not handled with extreme care and proper input validation. Furthermore, a low percentage (27%) of properly escaped outputs indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website. The large number of file operations (292) combined with a low output escaping rate increases the potential for insecure file handling as well.\n\nThe plugin's vulnerability history is also a major concern. With 4 known CVEs, all categorized as medium severity and related to Path Traversal and XSS, this indicates a pattern of past security weaknesses. While there are currently no unpatched CVEs, the recurring nature of these vulnerability types suggests that the development team may struggle with consistently implementing secure coding practices, particularly around input sanitization and output escaping. The last recorded vulnerability date (2025-11-07) is in the future, which might indicate a data anomaly or a placeholder, but it doesn't negate the historical trend.\n\nIn conclusion, despite the lack of immediately obvious unauthenticated entry points in the static analysis, the \"cyan-backup\" plugin has significant potential for vulnerabilities due to the use of dangerous functions, poor output escaping, and a history of XSS and Path Traversal issues. The high volume of file operations and the low rate of proper output escaping are particularly worrying. Users should exercise caution and ensure thorough security audits are performed on this plugin.",[438,441,443,446,449,451],{"reason":439,"points":440},"Presence of dangerous functions (create_function, unserialize)",15,{"reason":442,"points":205},"Low percentage of properly escaped outputs (27%)",{"reason":444,"points":445},"High number of past medium severity CVEs (4)",16,{"reason":447,"points":448},"Vulnerability types indicate insecure input\u002Foutput handling",7,{"reason":450,"points":205},"No capability checks on entry points",{"reason":452,"points":432},"SQL queries not consistently using prepared statements (60%)","2026-03-16T19:56:12.419Z",{"wat":455,"direct":466},{"assetPaths":456,"generatorPatterns":460,"scriptPaths":461,"versionParams":462},[457,458,459],"\u002Fwp-content\u002Fplugins\u002Fcyan-backup\u002Fcss\u002Fcyan-backup.css","\u002Fwp-content\u002Fplugins\u002Fcyan-backup\u002Fjs\u002Fcyan-backup.js","\u002Fwp-content\u002Fplugins\u002Fcyan-backup\u002Fjs\u002Fcyan-backup-admin.js",[],[458,459],[463,464,465],"cyan-backup\u002Fcss\u002Fcyan-backup.css?ver=","cyan-backup\u002Fjs\u002Fcyan-backup.js?ver=","cyan-backup\u002Fjs\u002Fcyan-backup-admin.js?ver=",{"cssClasses":467,"htmlComments":470,"htmlAttributes":481,"restEndpoints":482,"jsGlobals":488,"shortcodeOutput":491},[468,469],"cyan-backup-wrap","cyan-backup-page-title",[471,472,473,474,475,476,477,478,479,480],"\u003C!-- Start CYAN Backup Menu -->","\u003C!-- End CYAN Backup Menu -->","\u003C!-- Start Backup Settings -->","\u003C!-- End Backup Settings -->","\u003C!-- Start Backup Schedule -->","\u003C!-- End Backup Schedule -->","\u003C!-- Start Backup Log -->","\u003C!-- End Backup Log -->","\u003C!-- Start Backup Restore -->","\u003C!-- End Backup Restore -->",[],[483,484,485,486,487],"\u002Fwp-json\u002Fcyan-backup\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fcyan-backup\u002Fv1\u002Fschedule","\u002Fwp-json\u002Fcyan-backup\u002Fv1\u002Fbackup","\u002Fwp-json\u002Fcyan-backup\u002Fv1\u002Frestore","\u002Fwp-json\u002Fcyan-backup\u002Fv1\u002Flog",[489,490],"CYAN_BACKUP_AJAX_URL","CYAN_BACKUP_NONCE",[]]