[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQo1vAD1Ze9uJ3DnfoCfgN7pOFtmYXr2pCGy3SMMn2O4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":75,"crawl_stats":38,"alternatives":83,"analysis":192,"fingerprints":557},"download-attachments","Download Attachments","1.3.2","dFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fdfactory\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.dfactory.co\u002Fproducts\u002Fdownload-attachments\u002F\" rel=\"nofollow ugc\">Download Attachments\u003C\u002Fa> is a new approach to managing downloads in WordPress. Instead of bloated interface it enables simple, drag & drop and AJAX driven metabox where you can insert and manage your Media Library files and automatically or manually display them after, before or inside posts content.\u003C\u002Fp>\n\u003Cp>For more information, check out plugin page at \u003Ca href=\"http:\u002F\u002Fwww.dfactory.co\u002F\" rel=\"nofollow ugc\">dFactory\u003C\u002Fa> site.\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatic or manual download links display\u003C\u002Fli>\n\u003Cli>Select post types where Download Attachments should be used\u003C\u002Fli>\n\u003Cli>Select list, table or sortable, dynamic table display style\u003C\u002Fli>\n\u003Cli>Downloads count\u003C\u002Fli>\n\u003Cli>Advanced attachments sorting\u003C\u002Fli>\n\u003Cli>Most Downloaded Attachments widget\u003C\u002Fli>\n\u003Cli>Drag & drop files ordering\u003C\u002Fli>\n\u003Cli>Based on Media Library attachments\u003C\u002Fli>\n\u003Cli>Easy customisation of Frontend & Backend display\u003C\u002Fli>\n\u003Cli>Pretty URLs for download links\u003C\u002Fli>\n\u003Cli>Encrypt URLs by default\u003C\u002Fli>\n\u003Cli>Customizable tamplates engine\u003C\u002Fli>\n\u003Cli>Custom download slug\u003C\u002Fli>\n\u003Cli>Custom permission for metabox display\u003C\u002Fli>\n\u003Cli>Option to exclude selected attachments from display\u003C\u002Fli>\n\u003Cli>Option to select from all Media Library files or only those attached to a post\u003C\u002Fli>\n\u003Cli>2 shortcodes\u003C\u002Fli>\n\u003Cli>5 functions and multiple filter hooks for developers\u003C\u002Fli>\n\u003Cli>Option to use attachment caption and\u002For description for download links description\u003C\u002Fli>\n\u003Cli>Compatible with WPML & Polylang\u003C\u002Fli>\n\u003Cli>.pot file for translations included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get involved\u003C\u002Fh4>\n\u003Cp>Feel free to contribute to the source code on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdfactoryplugins\" rel=\"nofollow ugc\">dFactory GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Download Attachments is a new approach to managing downloads in WordPress. It allows you to easily add and display download links in any post or page.",9000,214951,90,46,"2025-11-15T13:33:00.000Z","6.8.5","6.0","7.0.0",[20,21,22,23,24],"attachment","attachments","download","file","files","http:\u002F\u002Fwww.dfactory.co\u002Fproducts\u002Fdownload-attachments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-attachments.1.3.2.zip",97,3,0,"2025-06-19 00:00:00","2026-03-15T15:16:48.613Z",[33,48,63],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-49995","download-attachments-unauthenticated-insecure-direct-object-reference","Download Attachments \u003C= 1.3.1 - Unauthenticated Insecure Direct Object Reference","The Download Attachments plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=1.3.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Authorization Bypass Through User-Controlled Key","2025-11-17 21:22:49",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdc18a5c4-6e63-4ad1-a90e-8337b5a86c48?source=api-prod",152,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2024-3230","download-attachments-authenticated-contributor-stored-cross-site-scripting","Download Attachments \u003C= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.3","1.3.1",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-06-03 16:38:52","2024-07-01 14:58:04",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F62475d8f-a0f6-45ab-abd0-ad24e1887c91?source=api-prod",28,{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":70,"updated_date":71,"references":72,"days_to_patch":74},"CVE-2023-0076","download-attachments-authenticated-contributor-stored-cross-site-scripting-via-shortcode","Download Attachments \u003C= 1.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.2.24","1.3","2023-02-13 00:00:00","2024-02-09 19:21:11",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7e977be1-d346-4fcc-89a5-332cbd010d18?source=api-prod",362,{"slug":76,"display_name":7,"profile_url":8,"plugin_count":77,"total_installs":78,"avg_security_score":79,"avg_patch_time_days":80,"trust_score":81,"computed_at":82},"dfactory",12,356510,87,247,70,"2026-04-04T16:27:58.811Z",[84,104,128,150,171],{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":29,"downloaded":92,"rating":29,"num_ratings":29,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":101,"download_link":102,"security_score":103,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"z-authorized-downloads","Zodan Authorized Downloads","1.2.7","martenmoolenaar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmartenmoolenaar\u002F","\u003Cp>This plugin allows site admins to protect specific attachment file types (e.g. Pdf, Doc(x)) from direct access. Instead, the files are served through WordPress, allowing you to check if a user is logged in or has the required permissions before granting access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Adds a checkbox to media attachments to mark them as “Authorized only”.\u003Cbr \u002F>\n* Creates an internal page and rewrite rules to intercept requests to protected file types.\u003Cbr \u002F>\n* Checks user login status (or other custom logic you add) before serving files.\u003Cbr \u002F>\n* Provides a settings page to specify which file types should be protected.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under GPLv2 or later.\u003C\u002Fp>\n","Protect documents from unauthorized download.",508,"2026-01-08T15:59:00.000Z","6.9.4","5.5","",[21,98,99,24,100],"authorization","downloads","protected-downloads","https:\u002F\u002Fplugins.zodan.nl\u002Fwordpress-authorized-downloads","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fz-authorized-downloads.1.2.7.zip",100,{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":95,"requires_php":118,"tags":119,"homepage":123,"download_link":124,"security_score":125,"vuln_count":126,"unpatched_count":29,"last_vuln_date":127,"fetched_at":31},"file-upload-types","File Upload Types by WPForms","1.5.0","Jared Atchison","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaredatch\u002F","\u003Ch3>WordPress File Upload Types Plugin\u003C\u002Fh3>\n\u003Cp>Do you want to let your WordPress website accept uploads from your users for more file types and to freely upload files? We created the File Upload Types plugin to make it simple for anyone to easily add support for any file types with any extension or MIME type.\u003C\u002Fp>\n\u003Ch4>How WordPress File Uploads Work\u003C\u002Fh4>\n\u003Cp>By default, WordPress only allows \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FUploading_Files#About_Uploading_Files_on_Dashboard\" rel=\"nofollow ugc\">certain file types\u003C\u002Fa> to be uploaded to your website’s media library.\u003C\u002Fp>\n\u003Cp>If someone tries to upload a file type outside of these whitelisted WordPress file extensions, this can be the cause of the \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fcommon-wordpress-errors-and-how-to-fix-them\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"common WordPress error\" rel=\"friend nofollow ugc\">common WordPress error\u003C\u002Fa> \u003Ccode>Sorry, this file type is not permitted for security reasons\u003C\u002Fcode> message.\u003C\u002Fp>\n\u003Cp>It can be frustrating if you’ve \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002Fhow-to-create-a-file-upload-form-in-wordpress\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtypes&utm_content=readme\" rel=\"friend\" title=\"\ncreated a file upload form\">created a file upload form\u003C\u002Fa> in WordPress but the file type you want to accept is a file extension that’s not allowed.\u003C\u002Fp>\n\u003Cp>This plugin lets your website upload more file types beyond the limited file extension types that WordPress allows by default.\u003C\u002Fp>\n\u003Ch4>How does the File Upload Types plugin work?\u003C\u002Fh4>\n\u003Cp>The File Upload Types plugin works by letting you adjust the internal file whitelist, letting you manually control which types of file extensions your WordPress website can upload.\u003C\u002Fp>\n\u003Cp>This way, you can accept any file type through your website and\u002For any contact form plugin like \u003Ca href=\"https:\u002F\u002Fwww.wpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtypes&utm_content=readme\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What file types can I upload to WordPress with this plugin?\u003C\u002Fh4>\n\u003Cp>The File Upload Types plugin lets you allow uploads of any file extension, including custom file types.\u003C\u002Fp>\n\u003Cp>Some common file extension types this plugin lets you add that WordPress doesn’t support natively include:\u003C\u002Fp>\n\u003Cp>.ai\u003Cbr \u002F>\n.zip\u003Cbr \u002F>\n.xml\u003Cbr \u002F>\n.svg\u003Cbr \u002F>\n.csv\u003Cbr \u002F>\n.mobi\u003Cbr \u002F>\n.cad\u003Cbr \u002F>\n.dwg\u003Cbr \u002F>\n.dxf\u003C\u002Fp>\n\u003Cp>…and any other file extensions that exist, including custom file types.\u003C\u002Fp>\n\u003Cp>We hope that you find the File Upload Types plugin helpful!\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was created by the team behind \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – the best drag & drop form builder for WordPress.\u003C\u002Fp>\n\u003Ch3>What’s Next\u003C\u002Fh3>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – The best WordPress Contact Form Plugin.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Foptinmonster.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get more email subscribers with the most popular conversion optimization plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – See the stats that matter and grow your business with confidence. Best Google Analytics plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.seedprod.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"SeedProd\" rel=\"friend nofollow ugc\">SeedProd\u003C\u002Fa> – Jumpstart your website with the #1 Coming Soon & Maintenance Mode plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmailsmtp.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" rel=\"nofollow ugc\">WP Mail SMTP\u003C\u002Fa> – Improve email deliverability for your contact form with the most popular SMTP plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frafflepress.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" rel=\"nofollow ugc\">RafflePress\u003C\u002Fa> – The Best WordPress giveaway and contest plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa> to learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">WordPress tutorials\u003C\u002Fa> and find out about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"Best WordPress plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","Easily allow WordPress to accept and upload any file type extension or MIME type, including custom file types.",30000,242227,80,20,"2024-10-23T14:00:00.000Z","6.6.5","7.0",[21,120,24,121,122],"file-upload","mime","upload","https:\u002F\u002Fwpforms.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffile-upload-types.1.5.0.zip",91,1,"2024-10-24 20:07:47",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":138,"num_ratings":139,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":143,"tags":144,"homepage":96,"download_link":148,"security_score":149,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"hotlink-file-prevention","Hotlink File Prevention","2.0.0","swinggraphics","https:\u002F\u002Fprofiles.wordpress.org\u002Fswinggraphics\u002F","\u003Cp>Hotlink File Prevention (HFP) offers simple hotlink protection that can be turned on\u002Foff for individual files in the WordPress media library.\u003C\u002Fp>\n\u003Cp>“Hotlinking” is when a file, such as an image or PDF, is linked to from another website or entered manually in a web browser’s location bar. HFP only allows your file to be viewed on your website.\u003C\u002Fp>\n\u003Cp>Hotlink protection is provided via \u003Ccode>.htaccess\u003C\u002Fcode> rules in the \u003Ccode>wp-content\u002Fuploads\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Ch3>Basic Usage\u003C\u002Fh3>\n\u003Cp>Once the HFP plugin is activated, you will have two new features in the media library:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Within the Screen Options tab (list view only), check box for the “Hotlink Prevention” column.\u003C\u002Fli>\n\u003Cli>To protect a file, edit the file and scroll down to the checkbox labelled “Hotlink Protection”.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Any asset that is checked will have “Yes” displayed in the “Hotlink Prevention” column; otherwise, this column will be blank.\u003C\u002Fp>\n\u003Ch4>Note about “Open in new tab” option\u003C\u002Fh4>\n\u003Cp>When you use the “Open in new tab” option for links, WordPress adds \u003Ccode>rel=\"noreferrer\"\u003C\u002Fcode>, which effectively makes the link act like direct access, and the link will be blocked for files protected using HFP.\u003C\u002Fp>\n","Simple hotlink protection for individual files in the media library.",700,7815,98,7,"2024-04-15T22:00:00.000Z","6.5.8","4.6","5.6",[145,21,24,146,147],"admin","hotlink","images","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotlink-file-prevention.2.0.0.zip",92,{"slug":151,"name":152,"version":153,"author":154,"author_profile":155,"description":156,"short_description":157,"active_installs":158,"downloaded":159,"rating":160,"num_ratings":161,"last_updated":162,"tested_up_to":16,"requires_at_least":163,"requires_php":96,"tags":164,"homepage":166,"download_link":167,"security_score":168,"vuln_count":169,"unpatched_count":126,"last_vuln_date":170,"fetched_at":31},"m1downloadlist","m1.DownloadList","0.24","maennchen1.de","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaennchen1de\u002F","\u003Cp>This plugin easily displays the folders and files from a selected directory. It can be placed by shortcode with the parameters path and target in any post. Uploads must be done by a separate ftp program. No managing options.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>compatible up to PHP 8.3.20\u003C\u002Fli>\n\u003Cli>need PHP extension \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmb_string\" rel=\"nofollow ugc\">mb_string\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>available optional shortcode parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>path = directory path, starting by web root (default: wp-content\u002Fuploads\u002F)\u003C\u002Fli>\n\u003Cli>target = browser window name\u003C\u002Fli>\n\u003Cli>sort = by name ASC\u002FDESC (default: ASC)\u003C\u002Fli>\n\u003Cli>sort-order = filename\u002Ffiletype\u002Fftime\u002Ffiletime\u002Ffoldertime (default: filename)\u003C\u002Fli>\n\u003Cli>label = custom top level label\u003C\u002Fli>\n\u003Cli>nosize = displays no file size\u003C\u002Fli>\n\u003Cli>hidedirs = displays no folders, only files\u003C\u002Fli>\n\u003Cli>filetype = (comma separated list) filter files by their extension\u003C\u002Fli>\n\u003Cli>hidefiletype = (comma separated list) hide files with filetype\u003C\u002Fli>\n\u003Cli>hidefilename = (comma separated list) hide named files and folders\u003C\u002Fli>\n\u003Cli>noext = hide the file extensions\u003C\u002Fli>\n\u003Cli>nobreadcrumb = hide breadcrumb \u002F title\u003C\u002Fli>\n\u003Cli>ftime = display file and folder modification date and time (standard = “1” or use date formatting like “Y-m-d H:i”), see \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fdate\" rel=\"nofollow ugc\">PHP date formatting\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>filetime = same as ftime, just for files\u003C\u002Fli>\n\u003Cli>foldertime = same as ftime, just for folders\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(most of it can be combined together)\u003C\u002Fp>\n\u003Ch4>shortcode examples\u003C\u002Fh4>\n\u003Col>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>: \u003Ccode>[m1dll]\u003C\u002Fcode> \u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>your\u002Ffoldername\u002Fhere\u002F\u003C\u002Fcode>: \u003Ccode>[m1dll path=\"your\u002Ffoldername\u002Fhere\u002F\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>your\u002Ffoldername\u002Fhere\u002F\u003C\u002Fcode> and sort descending: \u003Ccode>[m1dll path=\"your\u002Ffoldername\u002Fhere\u002F\" sort=\"DESC\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>your\u002Ffoldername\u002Fhere\u002F\u003C\u002Fcode>, open files in a new window: \u003Ccode>[m1dll path=\"your\u002Ffoldername\u002Fhere\u002F\" target=\"_blank\"]\u003C\u002Fcode> \u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>your\u002Ffoldername\u002Fhere\u002F\u003C\u002Fcode>, change label ‘downloads’ to ‘our downloads’: \u003Ccode>[m1dll path=\"your\u002Ffoldername\u002Fhere\u002F\" label=\"our downloads\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, displays no file size: \u003Ccode>[m1dll nosize=\"1\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, displays no folders: \u003Ccode>[m1dll hidedirs=\"1\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, displays only pdf- and docx-documents: \u003Ccode>[m1dll filetype=\"pdf,docx\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, do not display pdf- and docx-documents: \u003Ccode>[m1dll hidefiletype=\"pdf,docx\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, do not display file secret.txt and secret.docx: \u003Ccode>[m1dll hidefilename=\"secret.txt,secret.docx\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, displays no file extensions: \u003Ccode>[m1dll noext=\"1\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, displays no breadcrumb: \u003Ccode>[m1dll nobreadcrumb=\"1\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, with file and folder time with own format \u003Ccode>[m1dll ftime=\"Y-m-d, H:i\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, with file and folder date and time (standard from WordPress) \u003Ccode>[m1dll ftime=\"1\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, with file and folder self formated date \u003Ccode>[m1dll ftime=\"Y-m-d\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, with file date and time (standard from WordPress) \u003Ccode>[m1dll filetime=\"1\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>displays content of \u003Ccode>wp-content\u002Fuploads\u002F\u003C\u002Fcode>, with folder date and time (standard from WordPress) \u003Ccode>[m1dll foldertime=\"1\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin easily displays the folders and files from a selected directory. It can be placed by shortcode in any post.",400,17902,94,21,"2025-11-25T14:32:00.000Z","4.0",[20,99,23,165,24],"filemanager","http:\u002F\u002Fmaennchen1.de","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fm1downloadlist.0.24.zip",77,2,"2025-04-04 00:00:00",{"slug":172,"name":173,"version":174,"author":175,"author_profile":176,"description":177,"short_description":178,"active_installs":179,"downloaded":180,"rating":181,"num_ratings":28,"last_updated":182,"tested_up_to":183,"requires_at_least":184,"requires_php":96,"tags":185,"homepage":189,"download_link":190,"security_score":191,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"modify-attachments-meta","Modify Attachments Meta","0.2","Vladimir Vassilev","https:\u002F\u002Fprofiles.wordpress.org\u002Fvloo\u002F","\u003Cp>When embedding a file\u002Fimage\u002Fvideo\u002Fsomething to a page, or you try to edit them in the Library, you’ll be allowed to make changes on some meta data. Currently timestamp for uploading of the file and menu order are configurable, although they are still not well validated for wrong input.\u003C\u002Fp>\n\u003Ch4>TODO\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Metabox like shown here: http:\u002F\u002Fwpsnipp.com\u002Findex.php\u002Ffunctions-php\u002Fstart-date-end-date-metabox-for-events-custom-post-types\u002F;\u003C\u002Fli>\n\u003Cli>Changing file name of the attachment (without the extension, of course);\u003C\u002Fli>\n\u003Cli>Control over which user roles can edit these fields;\u003C\u002Fli>\n\u003Cli>Validation error messages should be displayed;\u003C\u002Fli>\n\u003Cli>Use anonymous functions, instead of worrying what’ll happen if a function is defined by someone else;\u003C\u002Fli>\n\u003Cli>If a user types invalid input, they should be warned. Currently nothing happens – attachment is updated without updating with the wrong data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>As I’m lazy as hell, I’ll need your help to think of new features to implement!\u003C\u002Fp>\n\u003Cp>Contributors are welcome on GitHub: https:\u002F\u002Fgithub.com\u002Fvlood\u002Fmodify-attachments-meta\u003C\u002Fp>\n","Allows modification of meta data of attachments, such as date fields, menu order... (soon to add more, I guess).",300,7749,66,"2016-08-15T12:37:00.000Z","4.5.33","3.8",[21,186,187,188],"change-meta-data","edit-uploaded-files","modify-date","https:\u002F\u002Fgithub.com\u002Fvlood\u002Fmodify-attachments-meta","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmodify-attachments-meta.0.2.zip",85,{"attackSurface":193,"codeSignals":319,"taintFlows":518,"riskAssessment":541,"analyzedAt":556},{"hooks":194,"ajaxHandlers":301,"restRoutes":310,"shortcodes":311,"cronEvents":317,"entryPointCount":318,"unprotectedCount":29},[195,201,205,208,211,215,219,225,229,233,237,241,245,249,252,256,260,262,266,270,273,276,281,285,287,291,294,297],{"type":196,"name":197,"callback":198,"file":199,"line":200},"action","after_setup_theme","load_defaults","download-attachments.php",111,{"type":196,"name":202,"callback":203,"file":199,"line":204},"admin_head","button_init",112,{"type":196,"name":206,"callback":206,"file":199,"line":207},"admin_enqueue_scripts",113,{"type":196,"name":209,"callback":209,"file":199,"line":210},"wp_enqueue_scripts",114,{"type":196,"name":212,"callback":213,"file":199,"line":214},"send_headers","download_redirect",115,{"type":196,"name":216,"callback":217,"file":199,"line":218},"wp","run",118,{"type":220,"name":221,"callback":222,"priority":223,"file":199,"line":224},"filter","plugin_row_meta","plugin_extend_links",10,120,{"type":196,"name":226,"callback":227,"file":199,"line":228},"init","load_textdomain",146,{"type":220,"name":230,"callback":231,"file":199,"line":232},"mce_buttons","filter_mce_button",609,{"type":220,"name":234,"callback":235,"file":199,"line":236},"mce_external_plugins","filter_mce_plugin",610,{"type":196,"name":238,"callback":239,"priority":223,"file":240,"line":115},"manage_media_custom_column","custom_media_column_content","includes\\media.php",{"type":196,"name":242,"callback":243,"priority":244,"file":240,"line":161},"attachment_submitbox_misc_actions","submitbox_views",1000,{"type":196,"name":246,"callback":247,"file":240,"line":248},"edit_attachment","save_post",22,{"type":196,"name":246,"callback":250,"file":240,"line":251},"save_attachment_downloads",23,{"type":220,"name":253,"callback":254,"file":240,"line":255},"manage_media_columns","downloads_media_column_title",26,{"type":220,"name":257,"callback":258,"file":240,"line":259},"manage_upload_sortable_columns","register_sortable_custom_column",27,{"type":220,"name":261,"callback":261,"priority":223,"file":240,"line":62},"attachment_fields_to_edit",{"type":220,"name":263,"callback":264,"file":240,"line":265},"request","sort_custom_columns",29,{"type":196,"name":267,"callback":268,"file":269,"line":115},"add_meta_boxes","add_download_meta_box","includes\\metabox.php",{"type":196,"name":271,"callback":272,"file":269,"line":161},"delete_attachment","remove_attachment",{"type":196,"name":247,"callback":274,"priority":223,"file":269,"line":275},"save_attachments_data",24,{"type":196,"name":277,"callback":278,"file":279,"line":280},"admin_menu","settings_page","includes\\settings.php",30,{"type":196,"name":282,"callback":283,"file":279,"line":284},"admin_init","register_settings",31,{"type":196,"name":197,"callback":198,"file":279,"line":286},32,{"type":196,"name":288,"callback":289,"file":279,"line":290},"wp_loaded","load_post_types",33,{"type":196,"name":226,"callback":292,"file":293,"line":115},"register_download_shortcodes","includes\\shortcodes.php",{"type":196,"name":226,"callback":295,"file":296,"line":115},"check_update","includes\\update.php",{"type":196,"name":298,"callback":299,"file":300,"line":115},"widgets_init","register_widgets","includes\\widgets.php",[302,307],{"action":303,"nopriv":304,"callback":305,"hasNonce":306,"hasCapCheck":306,"file":269,"line":248},"da-save-files",false,"ajax_save_files",true,{"action":308,"nopriv":304,"callback":309,"hasNonce":306,"hasCapCheck":306,"file":269,"line":251},"da-new-file","ajax_update_attachments",[],[312,314],{"tag":4,"callback":313,"file":293,"line":265},"download_attachments_shortcode",{"tag":315,"callback":316,"file":293,"line":280},"download-attachment","download_attachment_shortcode",[],4,{"dangerousFunctions":320,"sqlUsage":321,"outputEscaping":328,"fileOperations":169,"externalRequests":29,"nonceChecks":318,"capabilityChecks":510,"bundledLibraries":511},[],{"prepared":29,"raw":169,"locations":322},[323,326],{"file":199,"line":324,"context":325},198,"$wpdb->get_col() with variable interpolation",{"file":199,"line":327,"context":325},250,{"escaped":329,"rawEcho":103,"locations":330},287,[331,335,337,339,341,343,345,347,348,349,351,353,355,357,359,361,363,365,367,369,371,373,375,377,379,381,383,385,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,443,445,447,449,451,453,455,457,459,461,463,465,467,469,470,472,474,475,477,479,480,481,482,484,485,487,488,490,492,493,495,497,499,500,501,502,503,504,505,506,507,508,509],{"file":332,"line":333,"context":334},"includes\\functions.php",415,"raw output",{"file":332,"line":336,"context":334},598,{"file":332,"line":338,"context":334},862,{"file":332,"line":340,"context":334},1045,{"file":240,"line":342,"context":334},168,{"file":240,"line":344,"context":334},182,{"file":240,"line":346,"context":334},183,{"file":269,"line":200,"context":334},{"file":269,"line":207,"context":334},{"file":269,"line":350,"context":334},229,{"file":269,"line":352,"context":334},231,{"file":269,"line":354,"context":334},272,{"file":269,"line":356,"context":334},294,{"file":269,"line":358,"context":334},306,{"file":269,"line":360,"context":334},319,{"file":269,"line":362,"context":334},327,{"file":279,"line":364,"context":334},128,{"file":279,"line":366,"context":334},138,{"file":279,"line":368,"context":334},225,{"file":279,"line":370,"context":334},244,{"file":279,"line":372,"context":334},248,{"file":279,"line":374,"context":334},265,{"file":279,"line":376,"context":334},269,{"file":279,"line":378,"context":334},274,{"file":279,"line":380,"context":334},278,{"file":279,"line":382,"context":334},297,{"file":279,"line":384,"context":334},301,{"file":279,"line":360,"context":334},{"file":279,"line":387,"context":334},323,{"file":279,"line":389,"context":334},340,{"file":279,"line":391,"context":334},344,{"file":279,"line":393,"context":334},361,{"file":279,"line":395,"context":334},365,{"file":279,"line":397,"context":334},387,{"file":279,"line":399,"context":334},391,{"file":279,"line":401,"context":334},408,{"file":279,"line":403,"context":334},412,{"file":279,"line":405,"context":334},429,{"file":279,"line":407,"context":334},433,{"file":279,"line":409,"context":334},450,{"file":279,"line":411,"context":334},454,{"file":279,"line":413,"context":334},466,{"file":279,"line":415,"context":334},485,{"file":279,"line":417,"context":334},489,{"file":279,"line":419,"context":334},506,{"file":279,"line":421,"context":334},510,{"file":279,"line":423,"context":334},527,{"file":279,"line":425,"context":334},531,{"file":279,"line":427,"context":334},548,{"file":279,"line":429,"context":334},552,{"file":279,"line":431,"context":334},581,{"file":279,"line":433,"context":334},585,{"file":279,"line":435,"context":334},602,{"file":279,"line":437,"context":334},606,{"file":279,"line":439,"context":334},624,{"file":300,"line":441,"context":334},137,{"file":300,"line":352,"context":334},{"file":444,"line":259,"context":334},"templates\\attachments-dynatable.php",{"file":444,"line":446,"context":334},36,{"file":444,"line":448,"context":334},49,{"file":444,"line":450,"context":334},52,{"file":444,"line":452,"context":334},56,{"file":444,"line":454,"context":334},60,{"file":444,"line":456,"context":334},64,{"file":444,"line":458,"context":334},68,{"file":444,"line":460,"context":334},101,{"file":444,"line":462,"context":334},107,{"file":444,"line":464,"context":334},158,{"file":444,"line":466,"context":334},161,{"file":468,"line":259,"context":334},"templates\\attachments-list.php",{"file":468,"line":446,"context":334},{"file":468,"line":471,"context":334},65,{"file":468,"line":473,"context":334},71,{"file":468,"line":191,"context":334},{"file":468,"line":476,"context":334},89,{"file":468,"line":478,"context":334},93,{"file":468,"line":27,"context":334},{"file":468,"line":204,"context":334},{"file":468,"line":214,"context":334},{"file":483,"line":255,"context":334},"templates\\attachments-posts.php",{"file":483,"line":280,"context":334},{"file":483,"line":486,"context":334},59,{"file":483,"line":471,"context":334},{"file":483,"line":489,"context":334},79,{"file":483,"line":491,"context":334},83,{"file":483,"line":79,"context":334},{"file":483,"line":494,"context":334},102,{"file":483,"line":496,"context":334},105,{"file":498,"line":259,"context":334},"templates\\attachments-table.php",{"file":498,"line":446,"context":334},{"file":498,"line":448,"context":334},{"file":498,"line":450,"context":334},{"file":498,"line":452,"context":334},{"file":498,"line":454,"context":334},{"file":498,"line":456,"context":334},{"file":498,"line":458,"context":334},{"file":498,"line":460,"context":334},{"file":498,"line":462,"context":334},{"file":498,"line":464,"context":334},{"file":498,"line":466,"context":334},17,[512,515],{"name":513,"version":38,"knownCves":514},"DataTables",[],{"name":516,"version":38,"knownCves":517},"TinyMCE",[],[519],{"entryPoint":520,"graph":521,"unsanitizedCount":126,"severity":40},"\u003Cdownload> (includes\\download.php:0)",{"nodes":522,"edges":538},[523,528,532],{"id":524,"type":525,"label":526,"file":527,"line":290},"n0","source","$_GET","includes\\download.php",{"id":529,"type":530,"label":531,"file":527,"line":290},"n1","transform","→ da_download_attachment()",{"id":533,"type":534,"label":535,"file":332,"line":536,"wp_function":537},"n2","sink","header() [Header Injection]",881,"header",[539,540],{"from":524,"to":529,"sanitized":304},{"from":529,"to":533,"sanitized":304},{"summary":542,"deductions":543},"The 'download-attachments' plugin version 1.3.2 presents a mixed security profile.  On the positive side, the static analysis indicates a well-defined attack surface with all identified entry points (AJAX handlers, shortcodes) appearing to have some form of authentication or permission checks, and no direct REST API routes are exposed.  The presence of numerous capability checks and nonce checks further suggests an awareness of security best practices in these areas.  However, a significant concern lies in the handling of SQL queries, with 100% of the identified queries not using prepared statements, which is a substantial risk for SQL injection vulnerabilities.  While the taint analysis reported no critical or high severity flows, the presence of one flow with unsanitized paths warrants attention, even if classified as low severity.\n\nThe plugin's vulnerability history reveals three medium-severity CVEs, with common types including Authorization Bypass and Cross-Site Scripting.  The fact that these have been patched and none are currently unpatched is a positive sign, indicating a willingness to address security issues.  However, the recurrence of these vulnerability types in the past suggests potential weaknesses in input validation and authorization mechanisms that may not have been entirely mitigated by previous patches.  The bundled libraries, DataTables and TinyMCE, are also worth noting, as outdated versions of these can introduce their own vulnerabilities.  Overall, while the plugin has a relatively contained attack surface and has addressed past vulnerabilities, the unmitigated SQL query practices and the historical patterns of certain vulnerability types indicate areas that require ongoing vigilance and potential remediation.",[544,546,549,552,554],{"reason":545,"points":223},"100% of SQL queries not using prepared statements",{"reason":547,"points":548},"1 taint flow with unsanitized paths",5,{"reason":550,"points":551},"3 past medium severity CVEs",9,{"reason":553,"points":28},"Bundled DataTables library",{"reason":555,"points":28},"Bundled TinyMCE library","2026-03-16T17:53:54.006Z",{"wat":558,"direct":569},{"assetPaths":559,"generatorPatterns":563,"scriptPaths":564,"versionParams":565},[560,561,562],"\u002Fwp-content\u002Fplugins\u002Fdownload-attachments\u002Fassets\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fdownload-attachments\u002Fassets\u002Fcss\u002Fbackend.css","\u002Fwp-content\u002Fplugins\u002Fdownload-attachments\u002Fassets\u002Fjs\u002Fdownload-attachments.js",[],[562],[566,567,568],"download-attachments\u002Fassets\u002Fcss\u002Ffrontend.css?ver=","download-attachments\u002Fassets\u002Fcss\u002Fbackend.css?ver=","download-attachments\u002Fassets\u002Fjs\u002Fdownload-attachments.js?ver=",{"cssClasses":570,"htmlComments":573,"htmlAttributes":574,"restEndpoints":576,"jsGlobals":577,"shortcodeOutput":579},[571,572],"download-attachments-list","download-attachments-table",[],[575],"data-download_id",[],[578],"download_attachments_params",[580],"[download-attachments]"]