[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fT4tlbTWug8hqHU752SpaTjrjgyY6FiBU8-h2boTge1k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":42,"crawl_stats":33,"alternatives":49,"analysis":166,"fingerprints":257},"download-media-library","Download Media Library","0.2.1","marcelotorres","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcelotorres\u002F","\u003Cp>Download the files from the Media Library in ZIP format, \u003Cstrong>organized by post type > post name > media type > file extension\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Github: https:\u002F\u002Fgithub.com\u002Fmarcelotorres\u002Fdownload-media-library\u002F\u003C\u002Fli>\n\u003Cli>Donate: https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=G85Z9XFXWWHCY\u003C\u002Fli>\n\u003C\u002Ful>\n","Download the files from the Media Library in ZIP format.",1000,62996,64,18,"2016-11-04T00:32:00.000Z","4.6.30","2.6","",[4,20],"media","https:\u002F\u002Fgithub.com\u002Fmarcelotorres\u002Fdownload-media-library\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-media-library.0.2.1.zip",60,1,"2025-12-31 00:00:00","2026-03-15T15:16:48.613Z",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":33,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":25,"updated_date":39,"references":40,"days_to_patch":33},"CVE-2025-62114","download-media-library-unauthenticated-sensitive-information-exposure","Download Media Library \u003C= 0.2.1 - Unauthenticated Sensitive Information Exposure","The Download Media Library plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.2.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.",null,"\u003C=0.2.1","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2026-01-05 20:17:20",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F894080c3-f00a-491b-bebf-469e35118965?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":43,"total_installs":44,"avg_security_score":45,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},2,1020,73,30,75,"2026-04-04T07:18:02.411Z",[50,74,93,117,142],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":70,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":33,"fetched_at":26},"export-media-library","Export Media Library","4.0.2","Andrej Pavlovic","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrejpavlovic\u002F","\u003Cp>Allows users to export media library files as a compressed zip archive.\u003C\u002Fp>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmassedge\u002Fwordpress-plugin-export-media-library\" rel=\"nofollow ugc\">Website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmassedge\u002Fwordpress-plugin-export-media-library\u002Fissues\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows users to export media library files as a compressed zip archive. Links Website Support",40000,486254,98,48,"2023-04-05T15:30:00.000Z","6.2.9","4.7.10","7.4",[67,4,68,51,69],"download","export","media-library","https:\u002F\u002Fgithub.com\u002Fmassedge\u002Fwordpress-plugin-export-media-library","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-media-library.4.0.2.zip",85,0,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":11,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":63,"requires_at_least":86,"requires_php":65,"tags":87,"homepage":18,"download_link":90,"security_score":91,"vuln_count":24,"unpatched_count":24,"last_vuln_date":92,"fetched_at":26},"media-download","Media Library File Download","1.4","wpmediadownload","https:\u002F\u002Fprofiles.wordpress.org\u002Fandyabelow\u002F","\u003Cp>Tired of right clicking to save images from Media Library? This plugin allows you to download and replace files directly from your Media Library. It adds a button to download the original, saving you time and clicks! As of 2023, you can now export the entire Media Library in a single click.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>NEW FEATURE!!! One click download export of entire Media Library to zip file. \u003C\u002Fli>\n\u003Cli>Download image or file to your computer while in Media Library Modal or Attachment View (doesn’t open file in browser)\u003C\u002Fli>\n\u003Cli>Download image or file to your computer while in Media Library List View (doesn’t open file in browser)\u003C\u002Fli>\n\u003Cli>Replace Same File Type\u003C\u002Fli>\n\u003Cli>Tiny footprint\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PRO Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Compress and select multiple files for bulk download (downloads a zip file of selected images)\u003C\u002Fli>\n\u003Cli>Download single files in one click while in Thumbnail View hover\u003C\u002Fli>\n\u003Cli>Download single files in one click while in List View\u003C\u002Fli>\n\u003C\u002Ful>\n","A lightweight plugin that adds one-click download and export functionality to your Media Library.",21198,86,7,"2023-03-29T05:24:00.000Z","4.7",[88,4,89,51,69],"download-image","easy-file-download","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-download.zip",63,"2025-10-27 00:00:00",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":60,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":65,"tags":107,"homepage":112,"download_link":113,"security_score":114,"vuln_count":115,"unpatched_count":73,"last_vuln_date":116,"fetched_at":26},"safe-svg","Safe SVG","2.4.0","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Safe SVG is the best way to Allow SVG Uploads in WordPress!\u003C\u002Fp>\n\u003Cp>It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG\u002FXML vulnerabilities affecting your site.  It also gives you the ability to preview your uploaded SVGs in the media library in all views.\u003C\u002Fp>\n\u003Ch4>Current Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sanitised SVGs\u003C\u002Fstrong> – Don’t open up security holes in your WordPress site by allowing uploads of unsanitised files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SVGO Optimisation\u003C\u002Fstrong> – Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: \u003Ccode>add_filter( 'safe_svg_optimizer_enabled', '__return_true' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View SVGs in the Media Library\u003C\u002Fstrong> – Gone are the days of guessing which SVG is the correct one, we’ll enable SVG previews in the WordPress media library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose Who Can Upload\u003C\u002Fstrong> – Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Initially a proof of concept for \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F24251\" rel=\"nofollow ugc\">#24251\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Sanitization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdarylldoyle\u002Fsvg-sanitizer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>SVG Optimization is done through the following library: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsvg\u002Fsvgo\u003C\u002Fa>.\u003C\u002Fp>\n","Enable SVG uploads and sanitize them to stop XML\u002FSVG vulnerabilities in your WordPress website.",1000000,12729263,77,"2026-01-04T21:05:00.000Z","6.9.4","6.6",[20,108,109,110,111],"mime","security","svg","vector","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsafe-svg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-svg.2.4.0.zip",94,6,"2024-10-17 00:00:00",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":105,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":138,"download_link":139,"security_score":140,"vuln_count":84,"unpatched_count":73,"last_vuln_date":141,"fetched_at":26},"enable-media-replace","Enable Media Replace","4.1.8","ShortPixel","https:\u002F\u002Fprofiles.wordpress.org\u002Fshortpixel\u002F","\u003Cp>\u003Cstrong>A free, lightweight and easy to use plugin that allows you to seamlessly replace an image or file in your Media Library by uploading a new file in its place. No more deleting, renaming and re-uploading files! Now fully compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Famazon-s3-and-cloudfront\u002F\" rel=\"ugc\">WP Offload Media!\u003C\u002Fa>\u003Cbr \u002F>\nNew beta feature! You can now remove the background of your images for better integration with eCommerce solutions!\u003Cbr \u002F>\nSupported by the friendly team that created \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-image-optimiser\u002F\" rel=\"ugc\">ShortPixel\u003C\u002Fa>  🙂\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>A real timesaver\u003C\u002Fh4>\n\u003Cp>Don’t you find it tedious and complicated to first delete a file and then upload another one with the exact same name every time you want to update an image or other uploaded file in the WordPress media library?\u003C\u002Fp>\n\u003Cp>Well, no longer!\u003C\u002Fp>\n\u003Cp>Now you can replace any uploaded file in the Edit Media view, where it should be. Replacing Media can be done in two ways:\u003C\u002Fp>\n\u003Ch4>It’s simple to replace a file\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Simply replace the file. This option requires you to upload a file of the same type as the file you want to replace. The attachment name remains the same regardless of what the file you upload is called.\u003C\u002Fli>\n\u003Cli>Replace the file, use the new file name, and update all links. If you check this option, the old file will be replaced with the name and type of the file you are uploading. All links pointing to the current file will be updated to point to the new file name. Additional options for the folder to put the new file in or the date of the new file are also available on the replace screen.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This plugin is very powerful and a must-have for all major websites built with WordPress. It also offers a preview of the replaced image!\u003C\u002Fp>\n\u003Ch4>New beta feature: You can now remove the background of any image!\u003C\u002Fh4>\n\u003Cp>Similar to replacing media, you can also remove the background of the images from the Media Library! The background removal feature sends the images to ShortPixel’s API, removes the background and sends them back in a preview window. If everything looks good, just replace the image with the one that has the background removed! If the source image is a PNG file, you will get a transparent background, while the other images default to a solid white background. You also have the option to choose a different color with an embedded color picker.\u003Cbr \u002F>\nThe background removal feature is still in beta and will be free of charge for a reasonable usage.\u003C\u002Fp>\n\u003Cp>If you don’t want to use the background removal feature, add this line to your theme’s functions.php file, or use a plugin like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-snippets\u002F\" rel=\"ugc\">Code Snippets\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter( 'emr\u002Ffeature\u002Fbackground', '__return_false' );```\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>A similar filter, for the remote notification system is:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter( 'emr\u002Ffeature\u002Fremote_notice', '__return_false' );```\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To shorten the wait time before redirecting to the media editing screen, use the following filter and specify the wait time in seconds (0 means that redirection is immediate, but may cause problems in certain configurations):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter('emr\u002Fsuccess\u002Ftimeout', function () { return 3; });```\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Show file modification time\u003C\u002Fh4>\n\u003Cp>There is a shortcode that takes the file modification date and displays it in a post or on a page. The code is:\u003Cbr \u002F>\n    [file_modified id=XX format=XXXX] where the “id” is required and the “format” is optional and defaults to your current WordPress settings for date and time format.\u003C\u002Fp>\n\u003Cp>So \u003Ccode>[file_modified id=870]\u003C\u002Fcode> would show the last time the file with ID 870 was updated on your site. To get the ID for a file, check the URL when editing a file in the media library (see screenshot #4)\u003C\u002Fp>\n\u003Cp>If you want more control over the format in which the time is shown, you can use the format option. So \u003Ccode>[file_modified id=870 format=Y-m-d]\u003C\u002Fcode> would show the date the file was modified but not the time. The format string uses \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.date.php\" rel=\"nofollow ugc\">the standard PHP date() formatting tags\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Other plugins by \u003Ca href=\"https:\u002F\u002Fshortpixel.com\" rel=\"nofollow ugc\">ShortPixel\u003C\u002Fa>:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffastpixel-website-accelerator\u002F\" rel=\"ugc\">FastPixel Caching\u003C\u002Fa> – WP Optimization made easy\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-image-optimiser\u002F\" rel=\"ugc\">ShortPixel Image Optimizer\u003C\u002Fa> – Image optimization & compression for all the images on your website, including WebP & AVIF delivery\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-adaptive-images\u002F\" rel=\"ugc\">ShortPixel Adaptive Images\u003C\u002Fa> – On-the-fly image optimization & CDN delivery\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresize-image-after-upload\u002F\" rel=\"ugc\">Resize Image After Upload\u003C\u002Fa> – Automatically resize each uploaded image\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fregenerate-thumbnails-advanced\u002F\" rel=\"ugc\">reGenerate Thumbnails Advanced\u003C\u002Fa> – Easily regenerate thumbnails\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-svg-images\u002F\" rel=\"ugc\">WP SVG Images\u003C\u002Fa> – Secure upload of SVG files to Media Library\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get in touch!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Fcontact\" rel=\"nofollow ugc\">https:\u002F\u002Fshortpixel.com\u002Fcontact\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Twitter \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fshortpixel\" rel=\"nofollow ugc\">https:\u002F\u002Ftwitter.com\u002Fshortpixel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Facebook \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002FShortPixel\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.facebook.com\u002FShortPixel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>LinkedIn \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fshortpixel\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fshortpixel\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Wishlist \u002F Coming attractions\u003C\u002Fh3>\n\u003Cp>Do you have suggestions? Feel free to contact ShortPixel \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Fcontact\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>Want to help us improve the plugin feel free to submit PRs via GitHub \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshort-pixel-optimizer\u002Fenable-media-replace\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Easily replace any attached image\u002Ffile by simply uploading a new file in the Media Library edit view - a real time saver!",600000,12497216,88,300,"2026-03-03T10:21:00.000Z","4.9.7","5.6",[133,134,135,136,137],"change-media","remove-background","replace","replace-image","replace-jpg","https:\u002F\u002Fshortpixel.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenable-media-replace.4.1.8.zip",92,"2026-03-03 18:17:08",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":114,"num_ratings":152,"last_updated":153,"tested_up_to":105,"requires_at_least":154,"requires_php":131,"tags":155,"homepage":161,"download_link":162,"security_score":163,"vuln_count":164,"unpatched_count":73,"last_vuln_date":165,"fetched_at":26},"add-to-any","AddToAny Share Buttons","1.8.16","micropat","https:\u002F\u002Fprofiles.wordpress.org\u002Fmicropat\u002F","\u003Cp>The AddToAny Share Buttons plugin for WordPress increases traffic & engagement by helping people share your posts and pages to any service. Services include Facebook, Bluesky, Mastodon, Pinterest, WhatsApp, LinkedIn, Threads, Tumblr, Reddit, X, WeChat, and many more sharing and social media sites & apps.\u003C\u002Fp>\n\u003Cp>AddToAny is the home of universal sharing, and the AddToAny plugin is the most popular share plugin for WordPress, making sites social media ready since 2006.\u003C\u002Fp>\n\u003Ch4>Share Buttons\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002Fcustomize\u002Fwordpress\u002Fstandalone_services\" rel=\"nofollow ugc\">\u003Cstrong>Standard\u003C\u002Fstrong>\u003C\u002Fa> share buttons — share each piece of content\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002Fcustomize\u002Fwordpress\u002Ffloating_share_buttons\" rel=\"nofollow ugc\">\u003Cstrong>Floating\u003C\u002Fstrong>\u003C\u002Fa> share buttons — responsive & customizable, vertical & horizontal\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Counters\u003C\u002Fstrong> — fast & official \u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002Fcustomize\u002Fwordpress\u002Fshare_counters\" rel=\"nofollow ugc\">share counts\u003C\u002Fa> in the same style\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Follow\u003C\u002Fstrong> buttons — \u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002Fcustomize\u002Fwordpress\u002Ffollow_buttons\" rel=\"nofollow ugc\">social media links\u003C\u002Fa> to your Instagram, YouTube, Discord, Snapchat\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image\u003C\u002Fstrong> sharing buttons – share buttons for \u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002Fcustomize\u002Fwordpress\u002Fimage_sharing\" rel=\"nofollow ugc\">sharing images\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vector\u003C\u002Fstrong> share buttons & follow buttons — \u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002Fcustomize\u002Fwordpress\u002Ficon_color\" rel=\"nofollow ugc\">custom color\u003C\u002Fa> SVG icons\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom\u003C\u002Fstrong> share icons — use your own if you prefer\u003C\u002Fli>\n\u003Cli>Official buttons including the Facebook Like Button, Pinterest Save Button, and LinkedIn Share Button\u003C\u002Fli>\n\u003Cli>Universal email sharing makes it easy to share via Gmail, Yahoo Mail, Outlook.com (Hotmail), AOL Mail, and any other web or native apps\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom Placement & Appearance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Before content, after content, or before & after content\u003C\u002Fli>\n\u003Cli>Vertical Floating Share Bar, and Horizontal Floating Share Bar\u003C\u002Fli>\n\u003Cli>As a shortcode, or a widget within a theme’s layout\u003C\u002Fli>\n\u003Cli>Programmatically with template tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Analytics Integration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Google Analytics integration (\u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fext\u002Fgoogle_analytics\u002F\" rel=\"nofollow ugc\">access guide\u003C\u002Fa>) for sharing analytics\u003C\u002Fli>\n\u003Cli>Track shared links with Bitly and custom URL shorteners\u003C\u002Fli>\n\u003Cli>Display share counts on posts and pages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress Optimized\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Loads asynchronously so your content always loads before or in parallel with AddToAny\u003C\u002Fli>\n\u003Cli>Supports theme features such as HTML5, widgets, infinite scroll, post formats\u003C\u002Fli>\n\u003Cli>Supports WooCommerce, multilingual sites, multisite networks, and accessibility standards\u003C\u002Fli>\n\u003Cli>AddToAny is free — no signup, no login, no accounts to manage\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Mobile Optimized & Retina Ready\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>AddToAny gives users the choice in sharing from a service’s native app or from a web app\u003C\u002Fli>\n\u003Cli>Responsive Floating Share Buttons are mobile ready by default, and configurable breakpoints make floating buttons work with any theme\u003C\u002Fli>\n\u003Cli>AddToAny’s SVG icons are super-lightweight and pixel-perfect at any size, and AddToAny’s responsive share menu fits on all displays\u003C\u002Fli>\n\u003Cli>Automatic \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Famp\u002F\" rel=\"ugc\">AMP\u003C\u002Fa> (Accelerated Mobile Pages) support for social share buttons on AMP pages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customizable & Extensible\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose exactly where you want AddToAny to appear\u003C\u002Fli>\n\u003Cli>Easily \u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002Fcustomize\u002Fwordpress\" rel=\"nofollow ugc\">customize sharing\u003C\u002Fa> on your WordPress site\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadd-to-any\u002F#faq\" rel=\"ugc\">Highly extensible\u003C\u002Fa> for developers and designers\u003C\u002Fli>\n\u003Cli>Custom icons let you use any icons from any location (media uploads directory, CDN, etc.)\u003C\u002Fli>\n\u003Cli>Many more publisher and user features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Wide Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Over 10 years of development\u003C\u002Fli>\n\u003Cli>Over 18 million downloads\u003C\u002Fli>\n\u003Cli>Translated into dozens of languages\u003C\u002Fli>\n\u003Cli>Ongoing support from the community\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin always strives to be the best WordPress plugin for sharing. Development is fueled by your kind words and feedback.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fshare#url=https%3A%2F%2Fwordpress.org%2Fplugins%2Fadd-to-any%2F&title=AddToAny%20Sharing%20Plugin%20for%20WordPress\" title=\"Share\" rel=\"nofollow ugc\">Share\u003C\u002Fa> this plugin\u003C\u002Fp>\n\u003Cp>See also:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002F\" rel=\"nofollow ugc\">share buttons\u003C\u002Fa> for all platforms\u003C\u002Fli>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002Ffor\u002Fwordpress_com\" rel=\"nofollow ugc\">share buttons for WordPress.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fblog\u002F\" rel=\"nofollow ugc\">AddToAny Blog\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Share buttons for WordPress including the AddToAny button, Facebook, Bluesky, Mastodon, WhatsApp, Pinterest, Reddit, many more, and follow icons too.",300000,18518979,1111,"2026-01-09T05:34:00.000Z","4.5",[156,157,158,159,160],"share","share-buttons","share-icons","social","social-media","https:\u002F\u002Fwww.addtoany.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-to-any.1.8.16.zip",99,3,"2021-08-10 00:00:00",{"attackSurface":167,"codeSignals":189,"taintFlows":204,"riskAssessment":239,"analyzedAt":256},{"hooks":168,"ajaxHandlers":185,"restRoutes":186,"shortcodes":187,"cronEvents":188,"entryPointCount":73,"unprotectedCount":73},[169,174,181],{"type":170,"name":171,"callback":172,"file":173,"line":84},"action","admin_menu","mtdml_menu","download-media-library-admin.php",{"type":175,"name":176,"callback":177,"priority":178,"file":179,"line":180},"filter","plugin_row_meta","mtdml_custom_plugin_row_meta",10,"download-media-library.php",26,{"type":170,"name":182,"callback":183,"file":179,"line":184},"admin_init","mtdml_scripts",43,[],[],[],[],{"dangerousFunctions":190,"sqlUsage":191,"outputEscaping":196,"fileOperations":43,"externalRequests":73,"nonceChecks":73,"capabilityChecks":73,"bundledLibraries":203},[],{"prepared":73,"raw":24,"locations":192},[193],{"file":173,"line":194,"context":195},110,"$wpdb->get_results() with variable interpolation",{"escaped":24,"rawEcho":43,"locations":197},[198,201],{"file":173,"line":199,"context":200},102,"raw output",{"file":173,"line":202,"context":200},147,[],[205,223],{"entryPoint":206,"graph":207,"unsanitizedCount":24,"severity":222},"mtdml_setting (download-media-library-admin.php:96)",{"nodes":208,"edges":219},[209,214],{"id":210,"type":211,"label":212,"file":173,"line":213},"n0","source","$_SERVER",117,{"id":215,"type":216,"label":217,"file":173,"line":202,"wp_function":218},"n1","sink","echo() [XSS]","echo",[220],{"from":210,"to":215,"sanitized":221},false,"medium",{"entryPoint":224,"graph":225,"unsanitizedCount":43,"severity":222},"\u003Cdownload-media-library-admin> (download-media-library-admin.php:0)",{"nodes":226,"edges":236},[227,229,232,234],{"id":210,"type":211,"label":228,"file":173,"line":127},"$_SERVER['HTTP_HOST']",{"id":215,"type":216,"label":230,"file":173,"line":127,"wp_function":231},"header() [Header Injection]","header",{"id":233,"type":211,"label":212,"file":173,"line":213},"n2",{"id":235,"type":216,"label":217,"file":173,"line":202,"wp_function":218},"n3",[237,238],{"from":210,"to":215,"sanitized":221},{"from":233,"to":235,"sanitized":221},{"summary":240,"deductions":241},"The \"download-media-library\" plugin v0.2.1 exhibits a concerning security posture, despite having no directly exploitable entry points identified in the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events without authentication checks is a positive sign. However, this limited attack surface also means fewer opportunities to assess its security controls in practice.\n\nThe code analysis reveals significant weaknesses, particularly in its handling of SQL queries, with 100% of them not using prepared statements, a major security risk that could lead to SQL injection vulnerabilities. Furthermore, only 33% of output is properly escaped, leaving room for cross-site scripting (XSS) attacks. The presence of two unsanitized path flows in the taint analysis, while not resulting in critical or high severity issues in this scan, indicates a potential for directory traversal or insecure file access, especially given the file operation functions present.\n\nThe plugin's vulnerability history is alarming. With one known high-severity CVE that remains unpatched, and its last vulnerability dated at the end of 2025, it strongly suggests a pattern of security flaws. The common vulnerability type being \"Exposure of Sensitive Information to an Unauthorized Actor\" directly correlates with the identified issues in output escaping and potentially file operations. While the current static analysis didn't find exploitable vulnerabilities, the historical data and code signals point to a plugin that has had and likely continues to have significant security weaknesses.",[242,245,247,250,252,254],{"reason":243,"points":244},"Unpatched high-severity CVE",20,{"reason":246,"points":178},"100% of SQL queries unprepared",{"reason":248,"points":249},"Only 33% of output properly escaped",5,{"reason":251,"points":178},"Taint flow with unsanitized paths",{"reason":253,"points":249},"No capability checks found",{"reason":255,"points":249},"No nonce checks found","2026-03-16T18:55:59.086Z",{"wat":258,"direct":265},{"assetPaths":259,"generatorPatterns":261,"scriptPaths":262,"versionParams":263},[260],"\u002Fwp-content\u002Fplugins\u002Fdownload-media-library\u002Fassets\u002Fjs\u002Fadmin.js",[],[260],[264],"download-media-library\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":266,"htmlComments":267,"htmlAttributes":268,"restEndpoints":269,"jsGlobals":270,"shortcodeOutput":271},[],[],[],[],[],[]]