[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frHl6CzxAAU6hxNPJ2Nyf9nQHsF2X6GAiwJ5rdi1iqc4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":14,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":139,"fingerprints":278},"dd-attachments","DD Attachments","1.0","Mosterd3d","https:\u002F\u002Fprofiles.wordpress.org\u002Fmosterd3d\u002F","\u003Cp>DD-attachments is the replacement of the default ‘featured image’ metabox. In DD-attachments you can manage\u003Cbr \u002F>\nyour attachments and featured images easily by drag and drop or pressing the ‘minus’ to un-attach.\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","Just another DD plugin. DD-attachments is the UI-friendly replacement of the default 'featured image' metabox.",10,1154,0,"","4.9.29","3.3",[18,19,20,21],"attachment","attachments","featured-image","images","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdd-attachments.1.0.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mosterd3d",2,510,93,30,89,"2026-04-05T02:35:52.316Z",[36,58,80,103,120],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":14,"tags":51,"homepage":55,"download_link":56,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":57},"lightbox-photoswipe","Lightbox with PhotoSwipe","5.8.3","Arno Welzel","https:\u002F\u002Fprofiles.wordpress.org\u002Fawelzel\u002F","\u003Cp>This plugin integrates PhotoSwipe to WordPress. All linked images in a post or page will be displayed using PhotoSwipe, regardless if they are part of a gallery or single images.\u003C\u002Fp>\n\u003Cp>More about the original version of PhotoSwipe see here: \u003Ca href=\"http:\u002F\u002Fphotoswipe.com\" rel=\"nofollow ugc\">http:\u002F\u002Fphotoswipe.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can also display EXIF data from supported image types.\u003C\u002Fp>\n\u003Cp>As of version 4.0.0 this plugin requires at least WordPress 5.3 and PHP 7.0. Older PHP version will cause problems. In this case you have to upgrade your PHP version or ask your hoster to do so. Please note that WordPress itself also recommends at least PHP 7.4 – see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please keep in mind: not the visible thumbnail is relevant, but only the image link. Images should always be linked to the file and not to the attachment page. Since version 5.6.1 there is an option to fix attachment links which can be enabled if needed – however this may slow down your website since then all links on a page will be checked if they are attachment links.\u003C\u002Fp>\n","Integration of PhotoSwipe (http:\u002F\u002Fphotoswipe.com) for WordPress.",20000,937902,98,113,"2026-02-26T16:27:00.000Z","6.9.4","5.3",[19,52,21,53,54],"gallery","lightbox","photoswipe","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flightbox-photoswipe\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flightbox-photoswipe.5.8.3.zip","2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":14,"tags":73,"homepage":76,"download_link":77,"security_score":78,"vuln_count":29,"unpatched_count":29,"last_vuln_date":79,"fetched_at":57},"import-external-attachments","Import external attachments","1.5.12","ryanpcmcquen","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanpcmcquen\u002F","\u003Cp>Makes local copies of all the linked images and pdfs in a post, adding them as gallery attachments.\u003C\u002Fp>\n\u003Cp>Source & support:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fryanpcmcquen\u002Fimport-external-attachments\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is based on the work done in the “Import External Images” plugin by MartyThornley.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002FMartyThornley\u003C\u002Fp>\n\u003Cp>HTTPS support added by IvanDoomer:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FIvanDoomer\u003C\u002Fp>\n\u003Cp>PDF support added by bengreeley:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fbengreeley\u003C\u002Fp>\n\u003Cp>Most of the JavaScript was rewritten from the original plugin, to reduce the\u003Cbr \u002F>\nnumber of global variables.\u003C\u002Fp>\n","Makes local copies of all the linked images and pdfs in a post, adding them as gallery attachments.",2000,24175,86,26,"2017-02-24T14:39:00.000Z","4.4.34","3.2",[19,52,21,74,75],"photo","photobloggers","https:\u002F\u002Fgithub.com\u002Fryanpcmcquen\u002Fimport-external-attachments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimport-external-attachments.zip",41,"2025-12-14 00:00:00",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":100,"download_link":101,"security_score":102,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":57},"comment-image","Comment Image","1.2.3","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Comment Image enables blog readers to attach an image while leaving their comments.\u003Cbr \u002F>\nSupported formats are JPG, PNG, GIF.\u003C\u002Fp>\n\u003Cp>Uploaded images are inserted below the comment text as thumbnail (of configurable max dimensions) and linked to the original pictures.\u003C\u002Fp>\n\u003Cp>File selection field can be injected automatically or added manually.\u003C\u002Fp>\n\u003Cp>Original pictures and their thumbnails are stored in a separate folder for easy management.\u003C\u002Fp>\n\u003Cp>See the official \u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image\" rel=\"nofollow ugc\">Comment Image\u003C\u002Fa> page for more.\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable readers to attach an image to their comments.",1000,40981,84,6,"2021-08-28T08:40:00.000Z","5.8.13","4.6","5.6",[19,97,98,21,99],"comments","gif","pictures","http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-image.1.2.3.zip",85,{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":88,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":14,"tags":117,"homepage":14,"download_link":119,"security_score":102,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":57},"photo-swipe","PhotoSwipe","4.1.1.1","Louy Alakkad","https:\u002F\u002Fprofiles.wordpress.org\u002Flouyx\u002F","\u003Cp>This plugins adds the PhotoSwipe library to your WordPress blog seamlessly. No configuration required.\u003C\u002Fp>\n","A very light implementation of PhotoSwipe javascript plugin for WordPress",31166,90,11,"2016-03-17T14:51:00.000Z","4.4.0","4.0",[19,118,52,21,53],"fancybox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphoto-swipe.4.1.1.1.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":46,"num_ratings":130,"last_updated":131,"tested_up_to":132,"requires_at_least":94,"requires_php":95,"tags":133,"homepage":14,"download_link":137,"security_score":138,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":57},"hotlink-file-prevention","Hotlink File Prevention","2.0.0","swinggraphics","https:\u002F\u002Fprofiles.wordpress.org\u002Fswinggraphics\u002F","\u003Cp>Hotlink File Prevention (HFP) offers simple hotlink protection that can be turned on\u002Foff for individual files in the WordPress media library.\u003C\u002Fp>\n\u003Cp>“Hotlinking” is when a file, such as an image or PDF, is linked to from another website or entered manually in a web browser’s location bar. HFP only allows your file to be viewed on your website.\u003C\u002Fp>\n\u003Cp>Hotlink protection is provided via \u003Ccode>.htaccess\u003C\u002Fcode> rules in the \u003Ccode>wp-content\u002Fuploads\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Ch3>Basic Usage\u003C\u002Fh3>\n\u003Cp>Once the HFP plugin is activated, you will have two new features in the media library:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Within the Screen Options tab (list view only), check box for the “Hotlink Prevention” column.\u003C\u002Fli>\n\u003Cli>To protect a file, edit the file and scroll down to the checkbox labelled “Hotlink Protection”.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Any asset that is checked will have “Yes” displayed in the “Hotlink Prevention” column; otherwise, this column will be blank.\u003C\u002Fp>\n\u003Ch4>Note about “Open in new tab” option\u003C\u002Fh4>\n\u003Cp>When you use the “Open in new tab” option for links, WordPress adds \u003Ccode>rel=\"noreferrer\"\u003C\u002Fcode>, which effectively makes the link act like direct access, and the link will be blocked for files protected using HFP.\u003C\u002Fp>\n","Simple hotlink protection for individual files in the media library.",700,7815,7,"2024-04-15T22:00:00.000Z","6.5.8",[134,19,135,136,21],"admin","files","hotlink","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotlink-file-prevention.2.0.0.zip",92,{"attackSurface":140,"codeSignals":192,"taintFlows":234,"riskAssessment":262,"analyzedAt":277},{"hooks":141,"ajaxHandlers":171,"restRoutes":188,"shortcodes":189,"cronEvents":190,"entryPointCount":191,"unprotectedCount":191},[142,148,151,155,159,163,167],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_init","dd_add_style_and_js_dd_attachments","dd-attachments.php",39,{"type":143,"name":144,"callback":149,"file":146,"line":150},"set_metabox_remove_default_featured",40,{"type":152,"name":153,"callback":154,"file":146,"line":78},"filter","manage_upload_columns","upload_columns",{"type":143,"name":156,"callback":157,"priority":13,"file":146,"line":158},"manage_media_custom_column","media_custom_columns",42,{"type":143,"name":160,"callback":161,"file":146,"line":162},"add_meta_boxes","add_dd_attachments_box",53,{"type":143,"name":164,"callback":165,"file":146,"line":166},"do_meta_boxes","dd_attachment_remove_meta_boxes",54,{"type":143,"name":168,"callback":169,"priority":11,"file":146,"line":170},"default_hidden_meta_boxes","hidden_meta_boxes",55,[172,177,181,185],{"action":173,"nopriv":174,"callback":175,"hasNonce":174,"hasCapCheck":174,"file":146,"line":176},"update_media_attach_state",false,"update_media_attach_state_callback",44,{"action":178,"nopriv":174,"callback":179,"hasNonce":174,"hasCapCheck":174,"file":146,"line":180},"dd_set_featured_image","dd_set_featured_image_callback",45,{"action":182,"nopriv":174,"callback":183,"hasNonce":174,"hasCapCheck":174,"file":146,"line":184},"dd_remove_featured_image","dd_remove_featured_image_callback",46,{"action":186,"nopriv":174,"callback":186,"hasNonce":174,"hasCapCheck":174,"file":146,"line":187},"dd_set_attach_order",47,[],[],[],4,{"dangerousFunctions":193,"sqlUsage":194,"outputEscaping":196,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":232,"bundledLibraries":233},[],{"prepared":29,"raw":13,"locations":195},[],{"escaped":197,"rawEcho":198,"locations":199},15,17,[200,203,204,206,208,210,213,215,216,217,219,221,223,225,226,228,230],{"file":146,"line":201,"context":202},118,"raw output",{"file":146,"line":201,"context":202},{"file":146,"line":205,"context":202},120,{"file":146,"line":207,"context":202},124,{"file":146,"line":209,"context":202},138,{"file":211,"line":212,"context":202},"dd_templates\\metabox-attachments.php",18,{"file":211,"line":214,"context":202},22,{"file":211,"line":162,"context":202},{"file":211,"line":162,"context":202},{"file":211,"line":218,"context":202},57,{"file":211,"line":220,"context":202},67,{"file":211,"line":222,"context":202},70,{"file":211,"line":224,"context":202},83,{"file":211,"line":224,"context":202},{"file":211,"line":227,"context":202},87,{"file":211,"line":229,"context":202},94,{"file":211,"line":231,"context":202},106,1,[],[235,252],{"entryPoint":236,"graph":237,"unsanitizedCount":232,"severity":251},"dd_set_featured_image_callback (dd-attachments.php:133)",{"nodes":238,"edges":249},[239,244],{"id":240,"type":241,"label":242,"file":146,"line":243},"n0","source","$_POST",134,{"id":245,"type":246,"label":247,"file":146,"line":209,"wp_function":248},"n1","sink","echo() [XSS]","echo",[250],{"from":240,"to":245,"sanitized":174},"medium",{"entryPoint":253,"graph":254,"unsanitizedCount":13,"severity":261},"\u003Cdd-attachments> (dd-attachments.php:0)",{"nodes":255,"edges":258},[256,257],{"id":240,"type":241,"label":242,"file":146,"line":243},{"id":245,"type":246,"label":247,"file":146,"line":209,"wp_function":248},[259],{"from":240,"to":245,"sanitized":260},true,"low",{"summary":263,"deductions":264},"The \"dd-attachments\" v1.0 plugin exhibits a mixed security posture.  On the positive side, it demonstrates good practices regarding SQL query handling, exclusively using prepared statements and has no recorded vulnerability history, suggesting a generally stable codebase.  However, significant concerns arise from its attack surface.  All four identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated users to interact with potentially sensitive functionalities.  Furthermore, the taint analysis reveals one flow with unsanitized paths, which, while not classified as critical or high severity, warrants attention as it indicates a potential for data manipulation if an attacker can control the input to that flow.\n\nThe absence of any previously recorded vulnerabilities is a positive indicator, suggesting the developers are either diligent or the plugin hasn't been widely targeted.  However, this lack of history should not be seen as a guarantee of future security, especially given the current findings of unprotected AJAX endpoints and unsanitized data flows. The limited capability checks (only 1) also suggest that authorization might not be comprehensively implemented across all functionalities.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL queries and has a clean vulnerability history, the unprotected AJAX endpoints and the unsanitized data flow represent significant risks. These weaknesses could allow for unauthorized actions or data manipulation by attackers.  The low number of capability checks further adds to the potential for privilege escalation or unauthorized access.  Improvements are needed to secure the AJAX handlers and address the unsanitized data flow to significantly enhance the plugin's security.",[265,268,270,273,275],{"reason":266,"points":267},"Unprotected AJAX handlers",20,{"reason":269,"points":11},"Flow with unsanitized paths",{"reason":271,"points":272},"Lack of nonce checks on AJAX",5,{"reason":274,"points":272},"Limited capability checks",{"reason":276,"points":191},"Low output escaping coverage","2026-03-16T23:20:21.220Z",{"wat":279,"direct":288},{"assetPaths":280,"generatorPatterns":283,"scriptPaths":284,"versionParams":285},[281,282],"\u002Fwp-content\u002Fplugins\u002Fdd-attachments\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fdd-attachments\u002Fjs\u002Fdefault.js",[],[282],[286,287],"dd-attachments\u002Fcss\u002Fstyle.css?ver=","dd-attachments\u002Fjs\u002Fdefault.js?ver=",{"cssClasses":289,"htmlComments":291,"htmlAttributes":292,"restEndpoints":294,"jsGlobals":295,"shortcodeOutput":299},[290],"dd_attachments_box",[],[293],"data-parent-id",[],[296,297,298],"dd_attachment_order_update_url","dd_set_featured_image_url","dd_remove_featured_image_url",[]]