[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCTuKhKg4Z_e-CYzmQF9yoNsCHp8HMMMpOkHmRO-ZQyc":3,"$fFRBvXKb9BIxlsn5VNjYoyQ3xq4Dg1aRbXZ-pyswzH6w":176,"$fzhMGjElIsi3rxy9LQNjcv8Ia6Eo9VXt4GSfAgKDXOfw":181},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":39,"analysis":133,"fingerprints":163},"disable-real-mime-check","Disable Real MIME Check","1.0","Sergey Biryukov","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeybiryukov\u002F","\u003Cp>With the upgrade to WordPress 4.7.1, some non-image files fail to upload on certain server setups. This will be fixed in 4.7.3, see the \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F39550\" rel=\"nofollow ugc\">Trac ticket\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>In the meantime, this plugin is a workaround that disables the recently introduced strict MIME check to restore the upload functionality.\u003C\u002Fp>\n\u003Cp>Don’t forget to remove the plugin once WordPress 4.7.3 is available!\u003C\u002Fp>\n","Restores the ability to upload non-image files in WordPress 4.7.1 and 4.7.2.",10000,157627,98,34,"2017-11-28T16:06:00.000Z","4.7.33","4.7.1","",[20,21,22],"media","mime","upload","https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F39550","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-real-mime-check.1.0.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"sergeybiryukov",25,312670,86,30,84,"2026-05-19T21:41:39.218Z",[40,60,80,93,111],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":18,"tags":55,"homepage":58,"download_link":59,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"manage-upload-types","Manage Upload Types","1.3","jmadea","https:\u002F\u002Fprofiles.wordpress.org\u002Fjmadea\u002F","\u003Cp>Manage Upload Types enables an administrator to see and change the list of file types that are permitted as file uploads to the media library. This is accomplished by adding an ajax-driven table to a panel on the Media Settings page. Each row has a delete link. Confirmation is required for deletions. There is also a small form to allow additional rows to be added. The form is aligned with the table and contains two text entry boxes. The first is for a file extension or list of file extensions separated by pipe symbols (‘|’) and the second is for a MIME type to be associated with files that match one of those extensions.\u003C\u002Fp>\n","This plugin adds a panel to the Settings->Media page, enabling changes to the file types which are permitted to be uploaded to the media library.",500,14980,74,3,"2015-07-27T01:40:00.000Z","4.2.39","3.3.1",[56,20,57,22],"filetypes","mimetypes","http:\u002F\u002Fwww.madea.net\u002Fprojects\u002Fwordpress-plugins\u002Fmanage-upload-types\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanage-upload-types.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":78,"download_link":79,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"ap-extended-mime-types","AP Extended MIME Types","1.1","Josh Maxwell","https:\u002F\u002Fprofiles.wordpress.org\u002Fhornetok\u002F","\u003Cp>The \u003Ca href=\"http:\u002F\u002Fardentpixels.com\u002F\" rel=\"nofollow ugc\">Ardent Pixels’\u003C\u002Fa> \u003Cem>Extended MIME Types\u003C\u002Fem> plugin was created specifically for WPMS in mind. You can now allow all or only select blogs to upload a WIDE range of file types.\u003C\u002Fp>\n\u003Ch4>Included MIME Types:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ac3\u003C\u002Fli>\n\u003Cli>ai\u003C\u002Fli>\n\u003Cli>aif\u003C\u002Fli>\n\u003Cli>aifc\u003C\u002Fli>\n\u003Cli>aiff\u003C\u002Fli>\n\u003Cli>au\u003C\u002Fli>\n\u003Cli>avi\u003C\u002Fli>\n\u003Cli>bmp\u003C\u002Fli>\n\u003Cli>cat\u003C\u002Fli>\n\u003Cli>clp\u003C\u002Fli>\n\u003Cli>crd\u003C\u002Fli>\n\u003Cli>css\u003C\u002Fli>\n\u003Cli>csv\u003C\u002Fli>\n\u003Cli>csv\u003C\u002Fli>\n\u003Cli>dll\u003C\u002Fli>\n\u003Cli>doc\u003C\u002Fli>\n\u003Cli>docm\u003C\u002Fli>\n\u003Cli>docx\u003C\u002Fli>\n\u003Cli>dot\u003C\u002Fli>\n\u003Cli>dotm\u003C\u002Fli>\n\u003Cli>dotx\u003C\u002Fli>\n\u003Cli>eps\u003C\u002Fli>\n\u003Cli>flv\u003C\u002Fli>\n\u003Cli>gif\u003C\u002Fli>\n\u003Cli>gtar\u003C\u002Fli>\n\u003Cli>gz\u003C\u002Fli>\n\u003Cli>gzip\u003C\u002Fli>\n\u003Cli>ics\u003C\u002Fli>\n\u003Cli>ief\u003C\u002Fli>\n\u003Cli>ifb\u003C\u002Fli>\n\u003Cli>jpe\u003C\u002Fli>\n\u003Cli>jpeg\u003C\u002Fli>\n\u003Cli>jpg\u003C\u002Fli>\n\u003Cli>js\u003C\u002Fli>\n\u003Cli>m13\u003C\u002Fli>\n\u003Cli>m14\u003C\u002Fli>\n\u003Cli>mdb\u003C\u002Fli>\n\u003Cli>mid\u003C\u002Fli>\n\u003Cli>midi\u003C\u002Fli>\n\u003Cli>mny\u003C\u002Fli>\n\u003Cli>mov\u003C\u002Fli>\n\u003Cli>movie\u003C\u002Fli>\n\u003Cli>mp3\u003C\u002Fli>\n\u003Cli>mp4\u003C\u002Fli>\n\u003Cli>mpa\u003C\u002Fli>\n\u003Cli>mpe\u003C\u002Fli>\n\u003Cli>mpeg\u003C\u002Fli>\n\u003Cli>mpg\u003C\u002Fli>\n\u003Cli>mpp\u003C\u002Fli>\n\u003Cli>msg\u003C\u002Fli>\n\u003Cli>mvb\u003C\u002Fli>\n\u003Cli>pdf\u003C\u002Fli>\n\u003Cli>pict\u003C\u002Fli>\n\u003Cli>png\u003C\u002Fli>\n\u003Cli>pot\u003C\u002Fli>\n\u003Cli>potm\u003C\u002Fli>\n\u003Cli>potx\u003C\u002Fli>\n\u003Cli>ppam\u003C\u002Fli>\n\u003Cli>pps\u003C\u002Fli>\n\u003Cli>ppsm\u003C\u002Fli>\n\u003Cli>ppsx\u003C\u002Fli>\n\u003Cli>ppt\u003C\u002Fli>\n\u003Cli>pptm\u003C\u002Fli>\n\u003Cli>pptx\u003C\u002Fli>\n\u003Cli>ps\u003C\u002Fli>\n\u003Cli>pub\u003C\u002Fli>\n\u003Cli>qt\u003C\u002Fli>\n\u003Cli>ra\u003C\u002Fli>\n\u003Cli>ram\u003C\u002Fli>\n\u003Cli>rtf\u003C\u002Fli>\n\u003Cli>rtx\u003C\u002Fli>\n\u003Cli>scd\u003C\u002Fli>\n\u003Cli>snd\u003C\u002Fli>\n\u003Cli>sst\u003C\u002Fli>\n\u003Cli>stl\u003C\u002Fli>\n\u003Cli>swf\u003C\u002Fli>\n\u003Cli>tif\u003C\u002Fli>\n\u003Cli>tiff\u003C\u002Fli>\n\u003Cli>trm\u003C\u002Fli>\n\u003Cli>tsv\u003C\u002Fli>\n\u003Cli>txt\u003C\u002Fli>\n\u003Cli>w6w\u003C\u002Fli>\n\u003Cli>wav\u003C\u002Fli>\n\u003Cli>wmf\u003C\u002Fli>\n\u003Cli>word\u003C\u002Fli>\n\u003Cli>wri\u003C\u002Fli>\n\u003Cli>xla\u003C\u002Fli>\n\u003Cli>xlam\u003C\u002Fli>\n\u003Cli>xlc\u003C\u002Fli>\n\u003Cli>xlm\u003C\u002Fli>\n\u003Cli>xls\u003C\u002Fli>\n\u003Cli>xlsb\u003C\u002Fli>\n\u003Cli>xlsm\u003C\u002Fli>\n\u003Cli>xlsx\u003C\u002Fli>\n\u003Cli>xlt\u003C\u002Fli>\n\u003Cli>xltm\u003C\u002Fli>\n\u003Cli>xltx\u003C\u002Fli>\n\u003Cli>xlw\u003C\u002Fli>\n\u003Cli>zip\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>= Donations =\u003Cbr \u002F>\nFeel free to \u003Ca href=\"http:\u002F\u002Fardentpixels.com\u002Fjosh\u002Fcontact\u002F\" rel=\"nofollow ugc\">donate\u003C\u002Fa> if you liked this plugin.\u003C\u002Fp>\n","This plugin extends the allowed uploadable MIME types to include a WIDE range of file types. Created specifically for WPMS...",300,17973,100,5,"2012-04-18T15:48:00.000Z","3.3.2","2.0",[20,21,76,77,22],"mime-types","multisite","http:\u002F\u002Fardentpixels.com\u002Fjosh\u002Fwordpress\u002Fplugins\u002Fap-extended-mime-types\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fap-extended-mime-types.1.1.zip",{"slug":81,"name":82,"version":63,"author":7,"author_profile":8,"description":83,"short_description":84,"active_installs":36,"downloaded":85,"rating":26,"num_ratings":26,"last_updated":86,"tested_up_to":16,"requires_at_least":87,"requires_php":18,"tags":88,"homepage":91,"download_link":92,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"correct-audio-video-uploads","Correct Audio\u002FVideo Uploads","\u003Cp>Recent minor updates for WordPress introduced a couple of regressions when uploading audio and video files:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>On WordPress 4.3.x and earlier branches, audio\u002Fvideo files cannot be uploaded at all due to a fatal error.\u003C\u002Fp>\n\u003Cp>Full list of affected versions: 3.7.19, 3.8.19, 3.9.17, 4.0.16, 4.1.16, 4.2.13, 4.3.9.\u003C\u002Fp>\n\u003Cp>This will be fixed in the next minor update, see the \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40085\" rel=\"nofollow ugc\">Trac ticket #40085\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On WordPress 4.4.x and later branches, audio\u002Fvideo files are uploaded with corrupted thumbnails.\u003C\u002Fp>\n\u003Cp>Full list of affected versions: 4.4.8, 4.5.7, 4.6.4, 4.7.3.\u003C\u002Fp>\n\u003Cp>This will be fixed in the next minor update, see the \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40075\" rel=\"nofollow ugc\">Trac ticket #40075\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In the meantime, this plugin is a workaround that solves both issues and restores the upload functionality for audio and video files.\u003C\u002Fp>\n\u003Cp>Don’t forget to remove the plugin once the next minor WordPress update is available!\u003C\u002Fp>\n","Restores the ability to upload audio & video files in recent minor WordPress updates.",3121,"2017-04-02T22:31:00.000Z","3.7.19",[89,20,21,22,90],"audio","video","https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40085","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcorrect-audio-video-uploads.1.1.zip",{"slug":94,"name":95,"version":6,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":26,"downloaded":100,"rating":26,"num_ratings":26,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":108,"download_link":109,"security_score":70,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":110},"media-file-limiter","Media File Limiter","teamredfox","https:\u002F\u002Fprofiles.wordpress.org\u002Fteamredfox\u002F","\u003Cp>Media File Limiter is a lightweight and efficient plugin designed to strengthen your WordPress upload security.\u003C\u002Fp>\n\u003Cp>It limits the maximum upload file size (in MB) and blocks specific dangerous file extensions (e.g., .exe, .php, .html, .js), preventing malicious or oversized files from being uploaded to your media library.\u003C\u002Fp>\n\u003Cp>Unlike traditional file validation, this plugin operates at the earliest possible stage of the upload process via the wp_handle_upload_prefilter hook, ensuring that dangerous files are blocked before WordPress processes them.\u003C\u002Fp>\n\u003Cp>Key Features\u003Cbr \u002F>\nSet a custom maximum upload size (in MB).\u003C\u002Fp>\n\u003Cp>Define forbidden file extensions (comma-separated).\u003C\u002Fp>\n\u003Cp>Displays current PHP\u002FWordPress upload limits for reference.\u003C\u002Fp>\n\u003Cp>Early-stage security enforcement — before files reach media processing.\u003C\u002Fp>\n\u003Cp>Fully translatable and internationalized (media-file-limiter text domain).\u003C\u002Fp>\n\u003Cp>Compatible with multisite environments.\u003C\u002Fp>\n\u003Cp>Why This Plugin?\u003Cbr \u002F>\nWordPress allows large files and executable extensions under certain misconfigurations, which can lead to:\u003C\u002Fp>\n\u003Cp>Server performance degradation.\u003C\u002Fp>\n\u003Cp>Potential remote code execution (RCE) risks.\u003C\u002Fp>\n\u003Cp>Media library clutter and upload errors.\u003C\u002Fp>\n\u003Cp>Media File Limiter addresses these issues with a simple, configurable interface under the WordPress “Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Media Limit” page.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version.\u003C\u002Fp>\n\u003Cp>This plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n\u003Ch3>Additional Notes\u003C\u002Fh3>\n\u003Cp>The plugin follows WordPress Coding Standards (WPCS).\u003C\u002Fp>\n\u003Cp>All options use the Settings API (register_setting \u002F add_settings_field).\u003C\u002Fp>\n\u003Cp>Security first: early execution priority (wp_handle_upload_prefilter, priority 1).\u003C\u002Fp>\n\u003Cp>Uninstall hook (register_uninstall_hook) ensures full cleanup.\u003C\u002Fp>\n","Restrict maximum upload file size and block dangerous extensions at upload time. Ensures early-stage validation for enhanced WordPress media security.",187,"2025-11-05T11:12:00.000Z","6.8.5","6.8","7.4",[106,20,21,107,22],"file-size","security","https:\u002F\u002Fp-fox.jp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-file-limiter.1.0.zip","2026-04-06T09:54:40.288Z",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":13,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":104,"tags":125,"homepage":128,"download_link":129,"security_score":130,"vuln_count":131,"unpatched_count":26,"last_vuln_date":132,"fetched_at":28},"safe-svg","Safe SVG","2.4.0","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Safe SVG is the best way to Allow SVG Uploads in WordPress!\u003C\u002Fp>\n\u003Cp>It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG\u002FXML vulnerabilities affecting your site.  It also gives you the ability to preview your uploaded SVGs in the media library in all views.\u003C\u002Fp>\n\u003Ch4>Current Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sanitised SVGs\u003C\u002Fstrong> – Don’t open up security holes in your WordPress site by allowing uploads of unsanitised files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SVGO Optimisation\u003C\u002Fstrong> – Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: \u003Ccode>add_filter( 'safe_svg_optimizer_enabled', '__return_true' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View SVGs in the Media Library\u003C\u002Fstrong> – Gone are the days of guessing which SVG is the correct one, we’ll enable SVG previews in the WordPress media library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose Who Can Upload\u003C\u002Fstrong> – Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Initially a proof of concept for \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F24251\" rel=\"nofollow ugc\">#24251\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Sanitization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Optimization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\u003C\u002Fa>.\u003C\u002Fp>\n","Enable SVG uploads and sanitize them to stop XML\u002FSVG vulnerabilities in your WordPress website.",1000000,12850590,77,"2026-04-14T13:35:00.000Z","7.0","6.6",[20,21,107,126,127],"svg","vector","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsafe-svg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-svg.2.4.0.zip",94,6,"2024-10-17 00:00:00",{"attackSurface":134,"codeSignals":147,"taintFlows":154,"riskAssessment":155,"analyzedAt":162},{"hooks":135,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":146,"entryPointCount":26,"unprotectedCount":26},[136],{"type":137,"name":138,"callback":139,"priority":140,"file":141,"line":142},"filter","wp_check_filetype_and_ext","wp39550_disable_real_mime_check",10,"disable-real-mime-check.php",20,[],[],[],[],{"dangerousFunctions":148,"sqlUsage":149,"outputEscaping":151,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":153},[],{"prepared":26,"raw":26,"locations":150},[],{"escaped":26,"rawEcho":26,"locations":152},[],[],[],{"summary":156,"deductions":157},"The \"disable-real-mime-check\" v1.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, reliance on prepared statements for SQL queries, and proper output escaping are excellent indicators of secure coding practices. Furthermore, the plugin reports zero flows with unsanitized paths or vulnerabilities in its history, suggesting a well-maintained and robust codebase.  The minimal attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events, further contributes to its security.  However, the lack of nonce and capability checks across all identified entry points, while currently not exploitable due to the absence of those entry points, represents a potential future risk. If the plugin were to introduce any user-facing features or endpoints in future versions without implementing proper authentication and authorization, it could expose the site to security vulnerabilities.",[158,160],{"reason":159,"points":71},"Missing nonce checks",{"reason":161,"points":71},"Missing capability checks","2026-03-16T17:41:19.206Z",{"wat":164,"direct":169},{"assetPaths":165,"generatorPatterns":166,"scriptPaths":167,"versionParams":168},[],[],[],[],{"cssClasses":170,"htmlComments":171,"htmlAttributes":172,"restEndpoints":173,"jsGlobals":174,"shortcodeOutput":175},[],[],[],[],[],[],{"error":177,"url":178,"statusCode":179,"statusMessage":180,"message":180},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdisable-real-mime-check\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":182,"versions":183},1,[184],{"version":6,"download_url":24,"svn_tag_url":185,"released_at":27,"has_diff":186,"diff_files_changed":187,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":188,"is_current":177},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdisable-real-mime-check\u002Ftags\u002F1.0\u002F",false,[],[]]