[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frGV6f2M6TDDMyQpn1CkZSPt9EduBOtF4-vBmwaMd4g8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":78,"crawl_stats":38,"alternatives":84,"analysis":178,"fingerprints":462},"demon-image-annotation","demon image annotation","5.4","demonisblack","https:\u002F\u002Fprofiles.wordpress.org\u002Fdemonisblack\u002F","\u003Cp>This plugin allows you to add textual annotations to images by select a region of the image and then attach a textual description, the concept of annotating images with user comments.\u003Cbr \u002F>\nIntegration with JQuery Image Annotation from Chris (http:\u002F\u002Fwww.flipbit.co.uk\u002Fjquery-image-annotation.html) with PHP support from GitHub (http:\u002F\u002Fgithub.com\u002Fstas\u002Fjquery-image-annotate-php-fork).\u003C\u002Fp>\n\u003Ch3>Live Demo:\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin\" title=\"https:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Needs Your Support:\u003C\u002Fh3>\n\u003Cp>It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using demon Image Annotation and find it useful, please consider making a donation. Your donation will help encourage and support the plugin’s continued development and better user support. \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=HBKHFYS86E99Q&lc=MY&item_name=demon%20Image%20Annotation%20Plugin&item_number=dia_plugin&currency_code=MYR&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" title=\"Donate\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Some features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Option to approve, edit and remove image notes in admin page.\u003C\u002Fli>\n\u003Cli>Preview image annotation in admin page.\u003C\u002Fli>\n\u003Cli>Auto insert unique id attribute for all the images for image note.\u003C\u002Fli>\n\u003Cli>Option to allow image annotation for login user who can moderate comment only\u003C\u002Fli>\n\u003Cli>Gravatar in the notes\u003C\u002Fli>\n\u003Cli>Option to sync with wordpress comments.\u003C\u002Fli>\n\u003Cli>Option to show thumbnail in comment list.\u003C\u002Fli>\n\u003Cli>‘Mouseover to load notes’ on top of every image note (editable).\u003C\u002Fli>\n\u003Cli>‘Link’ on top of every image note if hyperlink image (editable).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>There’s a new method to exlcude image annotation after version 3, but previous version method id=”img-exclude” still work. \u003C\u002Fli>\n\u003Cli>Image preview for admin editing is only support version 3 and above, image note added with previous version will not support.\u003C\u002Fli>\n\u003C\u002Fol>\n","Allows you to add textual annotations to images by select a region of the image and then attach a textual description.",10,17161,100,2,"2026-01-05T09:36:00.000Z","6.9.4","2.5","",[20,21,22,23,24],"comment","comments","image","images","note","https:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdemon-image-annotation.zip",98,3,0,"2023-08-10 00:00:00","2026-03-15T15:16:48.613Z",[33,48,64],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-40215","demon-image-annotation-authenticated-administrator-sql-injection","Demon image annotation \u003C= 5.3 - Authenticated (Administrator+) SQL Injection","The Demon image annotation plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 5.3 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=5.3","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2024-03-25 18:03:07",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff093dfc8-8a2f-4614-b7c1-4fbf1afa9589?source=api-prod",229,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2022-4171","demon-image-annotation-improper-input-restriction-validation","demon image annotation \u003C= 5.0 - Improper Input Restriction Validation","The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.","\u003C=5.0","5.1","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:L","Improper Validation of Specified Quantity in Input","2022-12-11 00:00:00","2024-01-22 19:56:02",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fac5549ec-f931-4b13-b5f9-0d6f3e53aae4?source=api-prod",408,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":40,"cvss_score":71,"cvss_vector":72,"vuln_type":73,"published_date":74,"updated_date":60,"references":75,"days_to_patch":77},"CVE-2022-2864","demon-image-annotation-cross-site-request-forgery-to-cross-site-scripting","demon image annotation \u003C= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting","The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~\u002Fincludes\u002Fsettings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",">=1.0 \u003C=4.7","4.8",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2022-09-21 00:00:00",[76],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F052dce55-c02d-4e66-b500-bf6160a5b188?source=api-prod",489,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":79,"avg_security_score":80,"avg_patch_time_days":81,"trust_score":82,"computed_at":83},40,99,282,78,"2026-04-05T01:54:33.261Z",[85,100,116,138,159],{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":11,"downloaded":93,"rating":29,"num_ratings":29,"last_updated":94,"tested_up_to":95,"requires_at_least":17,"requires_php":18,"tags":96,"homepage":97,"download_link":98,"security_score":99,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"guan-image-notes","Guan Image Notes","2.0","Makoto","https:\u002F\u002Fprofiles.wordpress.org\u002Fwgnwhite\u002F","\u003Cp>This plugin allows you and your visitors to add comment as textual annotations to images by select a region of the image and then attach a textual description, the concept of annotating images with user comments.\u003Cbr \u002F>\nThe text is intergrated with WordPress comment system.\u003Cbr \u002F>\nIntegration with \u003Ca href=\"http:\u002F\u002Fwww.flipbit.co.uk\u002Fjquery-image-annotation.html\" rel=\"nofollow ugc\">JQuery Image Annotation from Chris\u003C\u002Fa> with \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fstas\u002Fjquery-image-annotate-php-fork\" rel=\"nofollow ugc\">PHP support from GitHub\u003C\u002Fa>.\u003Cbr \u002F>\nModified from \u003Ca href=\"http:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin\" rel=\"nofollow ugc\">Demon Image Annotation version 1.0\u003C\u002Fa>.\u003Cbr \u002F>\nIcons from \u003Ca href=\"http:\u002F\u002Fwww.famfamfam.com\u002Flab\u002Ficons\u002Fsilk\u002F\" rel=\"nofollow ugc\">Fam Fam Fam\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Ability to add notes to your uploaded pictures.\u003C\u002Fli>\n\u003Cli>Show notes on single page, front page, archive page and etc.\u003C\u002Fli>\n\u003Cli>Notes synced with WordPress commenting system but there’s option to turn it off.\u003C\u002Fli>\n\u003Cli>Gravatar in the notes.\u003C\u002Fli>\n\u003Cli>Commentator’s name in the notes.\u003C\u002Fli>\n\u003Cli>Image thumbnail appear at comment area, but there’s option to turn it off.\u003C\u002Fli>\n\u003Cli>No hard coding required.\u003C\u002Fli>\n\u003Cli>Admin page.\u003C\u002Fli>\n\u003Cli>Remove all database if you wish to not using the plugin anymore.\u003C\u002Fli>\n\u003C\u002Fol>\n","Image tagging system sync with WordPress comment system. Or also known as image notes, or image annotation.",3843,"2010-12-18T12:30:00.000Z","3.0.5",[20,21,22,23,24],"http:\u002F\u002Fpangeran.org\u002Fguan-image-notes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguan-image-notes.zip",85,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":11,"downloaded":108,"rating":29,"num_ratings":29,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":18,"tags":112,"homepage":114,"download_link":115,"security_score":99,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"image-annotations","Image Annotations","1.13","M03G","https:\u002F\u002Fprofiles.wordpress.org\u002Fm03gen\u002F","\u003Cp>Image Annotations plugin lets readers to leave annotations to the selected area of the image in comments. Important: for now the plugin works only with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-images\u002F\" rel=\"ugc\">Comment Images\u003C\u002Fa> plugin (by Tom McFarlin).\u003C\u002Fp>\n\u003Cp>Readers can switch off the visibility of the selections as well as control the display of the comments. Only authorized users can leave annotations (also user can delete his own annotations).\u003C\u002Fp>\n\u003Cp>Плагин Image Annotations позволяет читателям оставлять аннотации к выделенной области на изображении в комментариях. Важно: на данный момент плагин работает только с плагином \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-images\u002F\" rel=\"ugc\">Comment Images\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Читатели могут контролировать видимость выделенных областей на изображении и включать и выключать отображение комментариев. Только зарегистрированные пользователи могут оставлять аннотации (также пользователь может удалить свою аннотацию).\u003C\u002Fp>\n","Image Annotations plugin lets readers to leave annotations to the selected area of the image in comments.",1877,"2015-10-05T19:36:00.000Z","4.3.34","3.8.1",[113,21,23,24],"annotations","http:\u002F\u002Fm03g.guriny.ru\u002Fimage-annotations\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-annotations.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":136,"download_link":137,"security_score":99,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"comment-image","Comment Image","1.2.3","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Comment Image enables blog readers to attach an image while leaving their comments.\u003Cbr \u002F>\nSupported formats are JPG, PNG, GIF.\u003C\u002Fp>\n\u003Cp>Uploaded images are inserted below the comment text as thumbnail (of configurable max dimensions) and linked to the original pictures.\u003C\u002Fp>\n\u003Cp>File selection field can be injected automatically or added manually.\u003C\u002Fp>\n\u003Cp>Original pictures and their thumbnails are stored in a separate folder for easy management.\u003C\u002Fp>\n\u003Cp>See the official \u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image\" rel=\"nofollow ugc\">Comment Image\u003C\u002Fa> page for more.\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable readers to attach an image to their comments.",1000,40981,84,6,"2021-08-28T08:40:00.000Z","5.8.13","4.6","5.6",[133,21,134,23,135],"attachments","gif","pictures","http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-image.1.2.3.zip",{"slug":139,"name":140,"version":141,"author":142,"author_profile":143,"description":144,"short_description":145,"active_installs":13,"downloaded":146,"rating":147,"num_ratings":127,"last_updated":148,"tested_up_to":149,"requires_at_least":150,"requires_php":18,"tags":151,"homepage":155,"download_link":156,"security_score":99,"vuln_count":157,"unpatched_count":29,"last_vuln_date":158,"fetched_at":31},"embed-comment-images","Embed Images in Comments","0.6","Dugonja","https:\u002F\u002Fprofiles.wordpress.org\u002Fh3llas\u002F","\u003Cp>This plugins embeds image links in comments with the img tag so the image are visible in your comment timeline.\u003C\u002Fp>\n\u003Cp>Image formats supported:\u003Cbr \u002F>\n1. .jpg\u003Cbr \u002F>\n2. .gif\u003Cbr \u002F>\n3. .png\u003C\u002Fp>\n\u003Cp>You can specify your comment width so the images are fitted nicely. Images are not hosted on your server neither this plugin pickups any data.\u003C\u002Fp>\n\u003Cp>Do note that people can link extremely large images and your page loading can be compromised because of that.\u003C\u002Fp>\n\u003Cp>Demo:\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.ascic.net\u002Fembed-comment-images\u002F\" title=\"Embed Images in Comments\" rel=\"nofollow ugc\">Embed Comment Images\u003C\u002Fa>\u003C\u002Fp>\n","Embed direct image links in your comments with an img tag.",6194,94,"2017-08-16T19:33:00.000Z","4.8.28","3.7.1",[21,152,153,23,154],"convert","embed","links","http:\u002F\u002Fwww.ascic.net\u002Fembed-images-in-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-comment-images.0.6.zip",1,"2017-08-16 00:00:00",{"slug":160,"name":161,"version":162,"author":163,"author_profile":164,"description":165,"short_description":166,"active_installs":167,"downloaded":168,"rating":29,"num_ratings":29,"last_updated":169,"tested_up_to":170,"requires_at_least":171,"requires_php":18,"tags":172,"homepage":176,"download_link":177,"security_score":99,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wordpress-comment-images","Comment-Images","1.5","fitztrev","https:\u002F\u002Fprofiles.wordpress.org\u002Ffitztrev\u002F","\u003Cp>Comment Image Embedder is a very simple plugin that, once installed, lets your visitors add an image to their comments.\u003C\u002Fp>\n\u003Cp>It’s rather common for a WordPress user to ask how visitors can embed images in the comments section of their blogs.\u003C\u002Fp>\n\u003Cp>This plugin will add a link just below the comment box that a user can click on. When clicked, a prompt will appear for the user to enter the URL of the image. It will then be added to their comment.\u003C\u002Fp>\n\u003Cp>Trevor Fitzgerald\u003Cbr \u002F>\nhttp:\u002F\u002Ftrevorfitzgerald.com\u002F\u003C\u002Fp>\n","Comment Image Embedder is a very simple plugin that, once installed, lets your visitors add an image to their comments.",50,14579,"2009-12-02T00:02:00.000Z","2.9.2","2.6",[21,23,173,174,175],"photos","picture","upload","http:\u002F\u002Ftrevorfitzgerald.com\u002Fwordpress-comment-images\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordpress-comment-images.1.5.zip",{"attackSurface":179,"codeSignals":252,"taintFlows":317,"riskAssessment":444,"analyzedAt":461},{"hooks":180,"ajaxHandlers":231,"restRoutes":248,"shortcodes":249,"cronEvents":250,"entryPointCount":251,"unprotectedCount":29},[181,187,192,196,200,204,208,210,214,218,223,227],{"type":182,"name":183,"callback":184,"priority":11,"file":185,"line":186},"filter","comment_text","dia_thumbnail_inserter","demon-image-annotation.php",168,{"type":188,"name":189,"callback":190,"file":185,"line":191},"action","wp_enqueue_scripts","dia_jquery",500,{"type":188,"name":193,"callback":194,"file":185,"line":195},"wp_head","dia_init_js",501,{"type":188,"name":197,"callback":198,"file":185,"line":199},"admin_enqueue_scripts","dia_admin_jquery",507,{"type":188,"name":201,"callback":202,"file":185,"line":203},"admin_init","dia_admin_init",511,{"type":188,"name":205,"callback":206,"file":185,"line":207},"admin_notices","dia_admin_notice",512,{"type":182,"name":183,"callback":184,"priority":11,"file":185,"line":209},513,{"type":188,"name":211,"callback":212,"file":185,"line":213},"admin_head","dia_admin_head",516,{"type":188,"name":215,"callback":216,"file":185,"line":217},"admin_menu","dia_admin_menu",517,{"type":188,"name":219,"callback":220,"priority":221,"file":185,"line":222},"admin_bar_menu","dia_admin_bar",70,518,{"type":182,"name":224,"callback":225,"file":185,"line":226},"the_content","dia_filter_img",519,{"type":182,"name":228,"callback":229,"priority":11,"file":185,"line":230},"plugin_row_meta","dia_plugin_row_meta",522,[232,238,241,244,246],{"action":233,"nopriv":234,"callback":235,"hasNonce":236,"hasCapCheck":234,"file":185,"line":237},"get",false,"dia_wp_ajax_function",true,502,{"action":239,"nopriv":234,"callback":235,"hasNonce":236,"hasCapCheck":234,"file":185,"line":240},"save",503,{"action":242,"nopriv":234,"callback":235,"hasNonce":236,"hasCapCheck":234,"file":185,"line":243},"delete",504,{"action":233,"nopriv":236,"callback":235,"hasNonce":236,"hasCapCheck":234,"file":185,"line":245},505,{"action":239,"nopriv":236,"callback":235,"hasNonce":236,"hasCapCheck":234,"file":185,"line":247},506,[],[],[],5,{"dangerousFunctions":253,"sqlUsage":254,"outputEscaping":257,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":315,"bundledLibraries":316},[],{"prepared":255,"raw":29,"locations":256},74,[],{"escaped":258,"rawEcho":259,"locations":260},257,25,[261,264,266,268,271,273,275,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312],{"file":185,"line":262,"context":263},145,"raw output",{"file":185,"line":265,"context":263},147,{"file":185,"line":267,"context":263},384,{"file":269,"line":270,"context":263},"includes\\admin.php",18,{"file":269,"line":272,"context":263},20,{"file":269,"line":274,"context":263},38,{"file":276,"line":277,"context":263},"includes\\class-image-annotation-list-table.php",259,{"file":276,"line":279,"context":263},261,{"file":276,"line":281,"context":263},263,{"file":276,"line":283,"context":263},265,{"file":276,"line":285,"context":263},267,{"file":276,"line":287,"context":263},269,{"file":276,"line":289,"context":263},376,{"file":276,"line":291,"context":263},383,{"file":276,"line":293,"context":263},387,{"file":276,"line":295,"context":263},452,{"file":276,"line":297,"context":263},456,{"file":276,"line":299,"context":263},461,{"file":276,"line":301,"context":263},465,{"file":276,"line":303,"context":263},469,{"file":276,"line":305,"context":263},473,{"file":276,"line":307,"context":263},477,{"file":276,"line":309,"context":263},482,{"file":311,"line":281,"context":263},"includes\\run.php",{"file":313,"line":314,"context":263},"includes\\settings.php",386,9,[],[318,334,356,380,391,400,423,433],{"entryPoint":319,"graph":320,"unsanitizedCount":28,"severity":55},"editNote (includes\\class-image-annotation-list-table.php:363)",{"nodes":321,"edges":332},[322,327],{"id":323,"type":324,"label":325,"file":276,"line":326},"n0","source","$_REQUEST (x3)",365,{"id":328,"type":329,"label":330,"file":276,"line":289,"wp_function":331},"n1","sink","echo() [XSS]","echo",[333],{"from":323,"to":328,"sanitized":234},{"entryPoint":335,"graph":336,"unsanitizedCount":29,"severity":355},"prepare_items (includes\\class-image-annotation-list-table.php:497)",{"nodes":337,"edges":352},[338,341,345,347],{"id":323,"type":324,"label":339,"file":276,"line":340},"$_GET",536,{"id":328,"type":329,"label":342,"file":276,"line":343,"wp_function":344},"query() [SQLi]",558,"query",{"id":346,"type":324,"label":339,"file":276,"line":340},"n2",{"id":348,"type":329,"label":349,"file":276,"line":350,"wp_function":351},"n3","get_results() [SQLi]",607,"get_results",[353,354],{"from":323,"to":328,"sanitized":236},{"from":346,"to":348,"sanitized":236},"low",{"entryPoint":357,"graph":358,"unsanitizedCount":29,"severity":355},"\u003Cclass-image-annotation-list-table> (includes\\class-image-annotation-list-table.php:0)",{"nodes":359,"edges":375},[360,361,362,365,367,369,371,373],{"id":323,"type":324,"label":325,"file":276,"line":326},{"id":328,"type":329,"label":330,"file":276,"line":289,"wp_function":331},{"id":346,"type":324,"label":363,"file":276,"line":364},"$_POST",278,{"id":348,"type":329,"label":330,"file":276,"line":366,"wp_function":331},437,{"id":368,"type":324,"label":339,"file":276,"line":340},"n4",{"id":370,"type":329,"label":342,"file":276,"line":343,"wp_function":344},"n5",{"id":372,"type":324,"label":339,"file":276,"line":340},"n6",{"id":374,"type":329,"label":349,"file":276,"line":350,"wp_function":351},"n7",[376,377,378,379],{"from":323,"to":328,"sanitized":236},{"from":346,"to":348,"sanitized":236},{"from":368,"to":370,"sanitized":236},{"from":372,"to":374,"sanitized":236},{"entryPoint":381,"graph":382,"unsanitizedCount":29,"severity":355},"dia_get_save (includes\\run.php:30)",{"nodes":383,"edges":389},[384,387],{"id":323,"type":324,"label":385,"file":311,"line":386},"$_REQUEST",31,{"id":328,"type":329,"label":349,"file":311,"line":388,"wp_function":351},60,[390],{"from":323,"to":328,"sanitized":236},{"entryPoint":392,"graph":393,"unsanitizedCount":29,"severity":355},"\u003Crun> (includes\\run.php:0)",{"nodes":394,"edges":398},[395,397],{"id":323,"type":324,"label":396,"file":311,"line":386},"$_REQUEST (x4)",{"id":328,"type":329,"label":349,"file":311,"line":388,"wp_function":351},[399],{"from":323,"to":328,"sanitized":236},{"entryPoint":401,"graph":402,"unsanitizedCount":29,"severity":355},"\u003Csettings> (includes\\settings.php:0)",{"nodes":403,"edges":419},[404,407,411,414,416,418],{"id":323,"type":324,"label":405,"file":313,"line":406},"$_POST (x16)",26,{"id":328,"type":329,"label":408,"file":313,"line":409,"wp_function":410},"update_option() [Settings Manipulation]",45,"update_option",{"id":346,"type":324,"label":412,"file":313,"line":413},"$_SERVER",121,{"id":348,"type":329,"label":330,"file":313,"line":415,"wp_function":331},122,{"id":368,"type":324,"label":363,"file":313,"line":417},32,{"id":370,"type":329,"label":330,"file":313,"line":314,"wp_function":331},[420,421,422],{"from":323,"to":328,"sanitized":236},{"from":346,"to":348,"sanitized":236},{"from":368,"to":370,"sanitized":236},{"entryPoint":424,"graph":425,"unsanitizedCount":157,"severity":40},"dia_get_delete (includes\\run.php:169)",{"nodes":426,"edges":431},[427,429],{"id":323,"type":324,"label":385,"file":311,"line":428},170,{"id":328,"type":329,"label":349,"file":311,"line":430,"wp_function":351},179,[432],{"from":323,"to":328,"sanitized":234},{"entryPoint":434,"graph":435,"unsanitizedCount":14,"severity":40},"dia_get_results (includes\\run.php:203)",{"nodes":436,"edges":442},[437,440],{"id":323,"type":324,"label":438,"file":311,"line":439},"$_REQUEST (x2)",204,{"id":328,"type":329,"label":349,"file":311,"line":441,"wp_function":351},209,[443],{"from":323,"to":328,"sanitized":234},{"summary":445,"deductions":446},"The \"demon-image-annotation\" v5.4 plugin exhibits a generally strong security posture with several good practices in place.  It utilizes prepared statements for all SQL queries, has a high percentage of properly escaped output, and implements a good number of nonce and capability checks across its entry points. Furthermore, there are no identified file operations or external HTTP requests, which reduces common attack vectors. The absence of REST API routes and shortcodes also limits the plugin's attack surface.",[447,450,452,454,457,459],{"reason":448,"points":449},"High severity taint flows found",15,{"reason":451,"points":449},"Past high severity vulnerabilities present",{"reason":453,"points":11},"Past medium severity vulnerabilities present",{"reason":455,"points":456},"Taint flow with unsanitized paths found",7,{"reason":458,"points":251},"Low percentage of properly escaped output",{"reason":460,"points":28},"Limited nonce checks","2026-03-17T00:13:02.983Z",{"wat":463,"direct":478},{"assetPaths":464,"generatorPatterns":470,"scriptPaths":471,"versionParams":472},[465,466,467,468,469],"\u002Fwp-content\u002Fplugins\u002Fdemon-image-annotation\u002Fcss\u002Fannotation.css","\u002Fwp-content\u002Fplugins\u002Fdemon-image-annotation\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fdemon-image-annotation\u002Fjs\u002Fjquery.annotate.js","\u002Fwp-content\u002Fplugins\u002Fdemon-image-annotation\u002Fjs\u002Fjquery.annotate.config.js","\u002Fwp-content\u002Fplugins\u002Fdemon-image-annotation\u002Fjs\u002Fadmin.js",[],[467,468,469],[473,474,475,476,477],"demon-image-annotation\u002Fcss\u002Fannotation.css?ver=","demon-image-annotation\u002Fcss\u002Fadmin.css?ver=","demon-image-annotation\u002Fjs\u002Fjquery.annotate.js?ver=","demon-image-annotation\u002Fjs\u002Fjquery.annotate.config.js?ver=","demon-image-annotation\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":479,"htmlComments":482,"htmlAttributes":491,"restEndpoints":503,"jsGlobals":505,"shortcodeOutput":507},[480,481],"annotation-container","annotation-note",[483,484,485,486,487,488,489,490],"\u003C!-- Header function. -->","\u003C!-- Admin header function. -->","\u003C!-- JQuery Init function. -->","\u003C!-- Ajax function. -->","\u003C!-- Comment function. -->","\u003C!-- Thumbnail Inserter function. -->","\u003C!-- Admin Init function. -->","\u003C!-- Admin default option function. -->",[492,493,494,495,496,497,498,499,500,501,502],"container","pageOnly","adminOnly","autoResize","numbering","removeImgTag","mouseoverDesc","maxLength","imgLinkOption","imgLinkDesc","userLevel",[504],"\u002Fwp-json\u002Fdemon-image-annotation\u002Fv1\u002Fnotes",[506],"myAjax",[]]