[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2RVXzvXArmM42ozKSJciZ4C-FMWqD15F7qRaVyRfwTs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":97,"crawl_stats":37,"alternatives":105,"analysis":203,"fingerprints":475},"elisqlreports","EZ SQL Reports Shortcode Widget and DB Backup","5.25.25","Eli","https:\u002F\u002Fprofiles.wordpress.org\u002Fscheeeli\u002F","\u003Cp>Just place some SQL on in the box and save it as a report. You can save multiple reports and they will be listed on the Admin Menu so you can quickly run them again anytime with just one click. You can place your reports on the User’s Dashboard based on Roles. You can also put a report on a Page or Post using a shortcode like [SQLREPORT name=”My Report” style=”padding: 6px;” \u002F]\u003C\u002Fp>\n\u003Cp>There is also an shortcode for the wpdb::get_var function that you can use to display a single value from your database. For example, this will display the number of users on your site:\u003Cbr \u002F>\n[sqlgetvar]SELECT COUNT(*) FROM wp_users[\u002Fsqlgetvar]\u003Cbr \u002F>\nNote: because of a known exploit in the WordPress shortcode functionality it is required that an admin user create an SQL Report with the exact query that will be used in the sqlgetvar shotcode, otherwise any subscriber could white their own shortcode query.\u003C\u002Fp>\n\u003Cp>If you want to include an “Export to CSV” button on your page or post then use the additional shortcode [SQLEXPORTCSV] once on any page or post that contains a report you want visitors to be able to download. Thanks to @loristictok and @rob66bnu for posting the suggestion with the JavaScript that I used to make this new Shortcode.\u003Cbr \u002F>\nNote: Adding this shortcode to the just one time will insert the “Export to CSV” button at the top of every HTML Table on the page.\u003C\u002Fp>\n\u003Ch4>Automatic Database Backups\u003C\u002Fh4>\n\u003Cp>Your database can be automatically saved and archived every hour and\u002For every day, and backups can be emailed to the address you specify. You can also restore the data to your WP DB or an external DB, which makes copying your database to another server and easy task.\u003C\u002Fp>\n","Create and save SQL Reports in your WP Admin and place them on pages and posts with a shortcode. Keep your database safe with automatic backups.",500,24491,94,15,"2025-06-26T21:27:00.000Z","6.8.5","2.6","",[20,21,22,23,24],"backup","database","reports","shortcode","sql","http:\u002F\u002Fwordpress.ieonly.com\u002Fcategory\u002Fmy-plugins\u002Fsql-reports\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Felisqlreports.5.25.25.zip",5,0,"2025-06-28 16:21:52","2026-03-15T15:16:48.613Z",[32,47,62,72,85],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-6462","ez-sql-reports-shortcode-widget-and-db-backup-authenticated-contributor-stored-cross-site-scripting-via-sqlreport-shortc","EZ SQL Reports Shortcode Widget and DB Backup \u003C= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode","The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SQLREPORT shortcode in all versions up to, and including, 5.25.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=5.25.11","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-06-29 04:24:07",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa6811f19-07fb-4c05-977f-90f9c5d89bb4?source=api-prod",1,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2025-30787","ez-sql-reports-shortcode-widget-and-db-backup-cross-site-request-forgery-to-stored-cross-site-scripting","EZ SQL Reports Shortcode Widget and DB Backup \u003C= 5.25.08 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.25.08. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=5.25.08","5.25.10",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-03-27 00:00:00","2025-04-02 14:43:12",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fae44ad5c-de2a-4217-978f-3c52c0bac55b?source=api-prod",7,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":67,"cvss_vector":68,"vuln_type":56,"published_date":57,"updated_date":69,"references":70,"days_to_patch":61},"CVE-2025-30788","ez-sql-reports-shortcode-widget-and-db-backup-cross-site-request-forgery","EZ SQL Reports Shortcode Widget and DB Backup \u003C= 5.25.08 - Cross-Site Request Forgery","The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.25.08. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject SQL queries granted they can trick a site administrator into performing an action such as clicking on a link.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2025-04-02 14:42:09",[71],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcf6e5800-9885-4258-87a5-0e0de75f955d?source=api-prod",{"id":73,"url_slug":74,"title":75,"description":76,"plugin_slug":4,"theme_slug":37,"affected_versions":77,"patched_in_version":53,"severity":78,"cvss_score":79,"cvss_vector":80,"vuln_type":56,"published_date":81,"updated_date":82,"references":83,"days_to_patch":46},"CVE-2025-2319","ez-sql-reports-shortcode-widget-and-db-backup-cross-site-request-forgery-to-remote-code-execution","EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution","The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only.",">=4.11.13 \u003C=5.25.08","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","2025-03-24 19:32:54","2025-03-25 18:50:45",[84],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Feade6ab0-ff79-4107-83ce-e85b37d97442?source=api-prod",{"id":86,"url_slug":87,"title":88,"description":89,"plugin_slug":4,"theme_slug":37,"affected_versions":90,"patched_in_version":91,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":92,"updated_date":93,"references":94,"days_to_patch":96},"CVE-2025-26887","ez-sql-reports-shortcode-widget-and-db-backup-authenticated-contributor-stored-cross-site-scripting","EZ SQL Reports Shortcode Widget and DB Backup \u003C= 5.21.35 - Authenticated (Contributor+) Stored Cross-Site Scripting","The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.21.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=5.21.35","5.25.08","2025-02-22 00:00:00","2025-03-03 16:59:51",[95],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7486289b-3cb7-4f8b-abcb-9bfb4b82a95b?source=api-prod",10,{"slug":98,"display_name":7,"profile_url":8,"plugin_count":99,"total_installs":100,"avg_security_score":101,"avg_patch_time_days":102,"trust_score":103,"computed_at":104},"scheeeli",9,101170,90,782,72,"2026-04-05T17:03:06.233Z",[106,129,148,167,186],{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":101,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":124,"download_link":125,"security_score":126,"vuln_count":127,"unpatched_count":28,"last_vuln_date":128,"fetched_at":30},"wp-db-backup","Database Backup for WordPress","2.5.2","WP Engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpengine\u002F","\u003Cp>Backup your database instantly, send the backup via email, or schedule backups to run automatically.\u003C\u002Fp>\n\u003Cp>Database Backup for WordPress allows you to quickly back up your core WordPress database tables, and either download the backup as a gzipped file, or send it via email to an address you choose.\u003C\u002Fp>\n\u003Cp>By default, the plugin will always back up all the core WordPress database tables. However, you may also selectively back up any custom tables that might be created by other plugins\u003C\u002Fp>\n\u003Cp>Additional options include the ability to exclude spam comments from the comments table, or post revisions from the posts table, saving you space and bandwidth.\u003C\u002Fp>\n\u003Cp>You can also enable scheduled backups to run automatically at set intervals, and configure the email address to send the scheduled backups to.\u003C\u002Fp>\n\u003Ch4>Backup Before You Mess Up\u003C\u002Fh4>\n\u003Cp>Backups are the one thing you don’t think of until you need them. You might have the best web host, the most secure server, and a tried and tested process for running plugin, theme, or core updates. But all it takes is one little thing to go wrong, and you lose your entire website.\u003C\u002Fp>\n\u003Cp>You need a reliable and automated solution which backs up your WordPress data and sends it to an off-site location. Database Backup for WordPress is that solution.\u003C\u002Fp>\n\u003Ch4>Why You Should Back Up Your Website\u003C\u002Fh4>\n\u003Cp>As much planning as you do, any CMS like WordPress that stores its data in a database is vulnerable. Hardware, software, and security hiccups are rare, but they do happen. Even the best enterprise systems in the world have multiple levels of backup in place.\u003C\u002Fp>\n\u003Cp>Think about the data you store in your WordPress site. Your blog posts since the day you launched the site. Your customers, products, and order history if you run an ecommerce site. Backups are like implementing an insurance policy for your data. With backups, you have a reliable way of restoring that data if anything goes wrong.\u003C\u002Fp>\n\u003Cp>Simple, automated backups save you time and give you peace of mind that you are prepared for the worst case scenario, even if you never need it. Better to have it and not need it, than to not have it and suddenly need it.\u003C\u002Fp>\n\u003Ch4>Scheduled Backups\u003C\u002Fh4>\n\u003Cp>Depending on your needs, you might want to back up your database every few minutes, hourly, daily, weekly, or monthly. You’ll want to automate this process, or it becomes another possible point of failure.\u003C\u002Fp>\n\u003Cp>Scheduled backups give you peace of mind that your data is being backed up as much or as little as you need, without your intervention. By emailing the backups to an email address you choose, you can verify that the backup has run, and store it in a safe location.\u003C\u002Fp>\n\u003Ch3>Translators\u003C\u002Fh3>\n\u003Cp>Thanks to the following people for providing translation files for Database Backup for WordPress:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Abel Cheung\u003C\u002Fli>\n\u003Cli>Alejandro Urrutia\u003C\u002Fli>\n\u003Cli>Alexander Kanakaris\u003C\u002Fli>\n\u003Cli>Angelo Andrea Iorio\u003C\u002Fli>\n\u003Cli>Calle\u003C\u002Fli>\n\u003Cli>Daniel Erb\u003C\u002Fli>\n\u003Cli>Daniel Villoldo\u003C\u002Fli>\n\u003Cli>Diego Pierotto\u003C\u002Fli>\n\u003Cli>Eilif Nordseth\u003C\u002Fli>\n\u003Cli>Eric Lassauge\u003C\u002Fli>\n\u003Cli>Friedlich\u003C\u002Fli>\n\u003Cli>Gilles Wittezaele\u003C\u002Fli>\n\u003Cli>Icemanpro\u003C\u002Fli>\n\u003Cli>İzzet Emre Erkan\u003C\u002Fli>\n\u003Cli>Jong-In Kim\u003C\u002Fli>\n\u003Cli>Kaveh\u003C\u002Fli>\n\u003Cli>Kessia Pinheiro\u003C\u002Fli>\n\u003Cli>Kuratkoo\u003C\u002Fli>\n\u003Cli>Majed Alotaibi\u003C\u002Fli>\n\u003Cli>Michał Gołuński\u003C\u002Fli>\n\u003Cli>Michele Spagnuolo\u003C\u002Fli>\n\u003Cli>Paopao\u003C\u002Fli>\n\u003Cli>Philippe Galliard\u003C\u002Fli>\n\u003Cli>Robert Buj\u003C\u002Fli>\n\u003Cli>Roger\u003C\u002Fli>\n\u003Cli>Rune Gulbrandsøy\u003C\u002Fli>\n\u003Cli>Serge Rauber\u003C\u002Fli>\n\u003Cli>Sergey Biryukov\u003C\u002Fli>\n\u003Cli>Tai\u003C\u002Fli>\n\u003Cli>Timm Severin\u003C\u002Fli>\n\u003Cli>Tzafrir Rehan\u003C\u002Fli>\n\u003Cli>吴曦\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Past Contributors\u003C\u002Fh3>\n\u003Cp>filosofo, skippy, Firas, LaughingLizard, MtDewVirus, Podz, Ringmaster\u003C\u002Fp>\n","Database Backup for WordPress is your one-stop database backup solution for WordPress.",70000,3731269,66,"2022-05-26T11:49:00.000Z","6.0.11","3.6.0","5.3",[20,21,122,123],"database-backup","mysql","https:\u002F\u002Fgithub.com\u002Fdeliciousbrains\u002Fwp-db-backup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-db-backup.2.5.2.zip",82,4,"2022-05-11 00:00:00",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":28,"num_ratings":28,"last_updated":139,"tested_up_to":140,"requires_at_least":141,"requires_php":18,"tags":142,"homepage":145,"download_link":146,"security_score":147,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"dbc-backup-2","DBC Backup 2","2.3.25","Damien Saunders","https:\u002F\u002Fprofiles.wordpress.org\u002Fdamiensaunders-1\u002F","\u003Cp>DBC Backup 2 can give you the confidence that your WordPress database is backed-up and securely stored on your server.\u003C\u002Fp>\n\u003Cp>You select when and where your backup will be generated. The backup file is saved to directory on your web server which for many people is free storage and more reliable then saving to your home computer.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Secure – The file name includes some random characters which makes it impossible for someone to guess the backup name and download it.\u003C\u002Fli>\n\u003Cli>Safe – the backup directory is protected with a .htaccess and an empty index.html file which means no-one can browse or download the file via the web\u003C\u002Fli>\n\u003Cli>Storage – If your server has supports it, you can select between three different compression formats: none, Gzip and Bzip2. \u003C\u002Fli>\n\u003Cli>Schedule – you can set hourly, daily, weekly or monthly backup\u003C\u002Fli>\n\u003Cli>Manual backup – anytime you want to save a backup before updating WordPress or installing a plugin you can.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Info\u003C\u002Fh4>\n\u003Cp>The plugin will try to auto create the export directory.\u003C\u002Fp>\n\u003Cp>This plugin creates it’s own sql file and does not use mysqldump like most other plugins.\u003C\u002Fp>\n\u003Cp>During backup, a log is created that includes, the generation date, file, filesize, status and the duration of the generation.\u003C\u002Fp>\n\u003Cp>The backup files are identical to what phpmyadmin would produce because DBC Backup is using the key procedures of phpmyadmin.\u003C\u002Fp>\n\u003Cp>DBC Backup was built to be fast, flexible and as simple as possible.\u003C\u002Fp>\n\u003Ch4>Checkout my other work\u003C\u002Fh4>\n\u003Ch3>CHANGE YOUR WEBSITE NOT YOUR THEME == responsive visual grid layout with Isotope.js & visual animation. [Free to download](http:\u002F\u002Fwordpress.damien.co\u002Fshop\u002Fisotope\u002F?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=readme)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdamien.co\u002Fblog?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=readme\" rel=\"nofollow ugc\">Damien\u003C\u002Fa> – digital marketing strategy, technical development and digital marketing\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwordpress.damien.co\u002F?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=readme\" rel=\"nofollow ugc\">Ideas for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwordpress.damien.co\u002Fplugins?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=readme\" rel=\"nofollow ugc\">Plugins for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","DBC Backup 2 is a safe & simple way to schedule regular WordPress database backups using the wp-cron batch jobs.",100,15625,"2014-01-05T15:16:00.000Z","3.7.41","3.6",[20,143,21,144,24],"cron","schedule","http:\u002F\u002Fwordpress.damien.co\u002Fplugins?utm_source=WordPress&utm_medium=dbc-backup&utm_campaign=WordPress-Plugin&utm_keyword=source","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdbc-backup-2.2.3.25.zip",85,{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":137,"downloaded":156,"rating":137,"num_ratings":157,"last_updated":158,"tested_up_to":159,"requires_at_least":160,"requires_php":18,"tags":161,"homepage":163,"download_link":164,"security_score":165,"vuln_count":46,"unpatched_count":46,"last_vuln_date":166,"fetched_at":30},"wp-database-optimizer-tools","WP-Database-Optimizer-Tools","0.2","pl4g4","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoyo\u002F","\u003Cp>WP-Database-Optimizer helps you to optimize your database by performing some actions for example optimizing tables, deleting revisions and data that can slow that your database. Also\u003Cbr \u002F>\nyou can perform backups.\u003C\u002Fp>\n\u003Cp>WP Database Optimizer Tools es un plugin el cual ayuda a mejorar el rendimiento de nuestra base de datos, esto es de mucha ayuda cuando sabemos que tenemos muchas visitas y necesitamos aligerar el sitio para un mejor funcionamiento.\u003C\u002Fp>\n\u003Cp>Con WP Database Optimizer Tools se puede hacer\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Limpiar las revisiones de post\nLimpiar los autodraft\nLimpiar spam\nLimpiar comentarios no aprovados\nLimpiar la trash de wordpress\nOptimizar las tablas en la base de datos\nReparar las tablas en la base de datos\nSe puede hacer un backup de la base de datos ( mas adelante pondra opcion para enviar por email el backup)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Click the DB optmizer menu in your WordPress admin area.\u003C\u002Fli>\n\u003Cli>Select any option to perform to your database\u003C\u002Fli>\n\u003Cli>\n\u003Cp>To backup your database select DB Backup, select the tables you want to backup and download the SQL file.\u003C\u002Fp>\n\u003Cp>*** SECURITY WARNING ***\u003Cbr \u002F>\nYour database backup contains sensitive information,\u003Cbr \u002F>\nand should not be left on the server for any extended\u003Cbr \u002F>\nperiod of time.  The “Save to server” delivery method is provided\u003Cbr \u002F>\nas a convenience only.  I will not accept any responsibility\u003Cbr \u002F>\nif other people obtain your backup file.\u003Cbr \u002F>\n*** SECURITY WARNING ***\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Past Contributors\u003C\u002Fh3>\n\u003Cp>None\u003C\u002Fp>\n","WP-Database-Optimizer helps you to optimize your database by performing some actions for example optimizing tables, deleting revisions and data that c &hellip;",9257,3,"2011-08-09T18:17:00.000Z","3.2.1","3.1",[20,21,123,162],"optimize","http:\u002F\u002Fxtremenews.info\u002Fwordpress-plugins\u002Fwp-database-optimizer-tools\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-database-optimizer-tools.0.2.zip",63,"2025-08-14 00:00:00",{"slug":168,"name":169,"version":170,"author":171,"author_profile":172,"description":173,"short_description":174,"active_installs":96,"downloaded":175,"rating":28,"num_ratings":28,"last_updated":176,"tested_up_to":177,"requires_at_least":178,"requires_php":179,"tags":180,"homepage":183,"download_link":184,"security_score":185,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"inx-all-backup","inx All Backup","1.0.3","TAKAHIRO","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrooveline\u002F","\u003Cp>inx All Backupは、WordPressの全てのデータ（SQLダンプもWordPressも）をバックアップするプラグインです。セキュリティ対策として、SQLクエリの安全性を保証するためにテーブル名は静的に管理されています。ユーザーが直接入力することはありません。\u003C\u002Fp>\n","WordPressサイト全体のバックアップと復元が簡単に行えるプラグイン",910,"2024-11-13T23:23:00.000Z","6.7.5","6.2","7.4",[20,122,181,182,24],"inexio","restore","https:\u002F\u002Finexio.jp\u002Finxresults\u002Finx-all-backup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finx-all-backup.1.0.3.zip",92,{"slug":187,"name":188,"version":189,"author":190,"author_profile":191,"description":192,"short_description":193,"active_installs":96,"downloaded":194,"rating":137,"num_ratings":46,"last_updated":195,"tested_up_to":196,"requires_at_least":197,"requires_php":18,"tags":198,"homepage":201,"download_link":202,"security_score":147,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"pitta-migration","Pitta Migration","0.4.2","icc97","https:\u002F\u002Fprofiles.wordpress.org\u002Ficc97\u002F","\u003Cp>This plugin is aimed at developers that need to migrate their databases from\u003Cbr \u002F>\nproduction to test or local domains.\u003C\u002Fp>\n\u003Cp>This is the simplest way I’ve found to migrate databases quickly.\u003C\u002Fp>\n\u003Cp>You only have to set the \u003Ccode>WP_HOME\u003C\u002Fcode>\u003Cbr \u002F>\n(\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FEditing_wp-config.php#WordPress_address_.28URL.29\" rel=\"nofollow ugc\">WordPress address URL\u003C\u002Fa>)\u003Cbr \u002F>\nand \u003Ccode>WP_SITEURL\u003C\u002Fcode>\u003Cbr \u002F>\n(\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FEditing_wp-config.php#Blog_address_.28URL.29\" rel=\"nofollow ugc\">Blog address URL\u003C\u002Fa>)\u003Cbr \u002F>\nconstants once for each environment and then the database is automatically\u003Cbr \u002F>\nupgraded when you import a database and login to the admin area.\u003C\u002Fp>\n\u003Cp>This stands on the shoulders of the constants and fills the hole for when\u003Cbr \u002F>\nplugins don’t follow the rules and use the database directly.\u003C\u002Fp>\n\u003Cp>This plugin is designed to be the most lightweight way to migrate your database\u003Cbr \u002F>\nand stay out the way of your own processes.\u003C\u002Fp>\n\u003Cp>It works with WordPress to use WordPress’ own constants to update the database\u003Cbr \u002F>\nusing the\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FClass_Reference\u002Fwpdb\" rel=\"nofollow ugc\">WordPress Database Object\u003C\u002Fa>.\u003Cbr \u002F>\nIt avoids search and replaces in text files. It uses database queries to update\u003Cbr \u002F>\nthe database as should be done.\u003C\u002Fp>\n\u003Cp>Most developers have their own methods for exporting\u002Fimporting the database –\u003Cbr \u002F>\nif you can use \u003Ccode>mysqldump\u003C\u002Fcode> then you probably don’t want a WordPress plugin to\u003Cbr \u002F>\ndo it for you.\u003C\u002Fp>\n\u003Cp>It makes no assumptions about your database and it’s cross platform.\u003C\u002Fp>\n\u003Cp>P.S. Pitta is taken from the start of an \u003Ca href=\"http:\u002F\u002Fwordpress.stackexchange.com\u002Fa\u002F182\u002F5433\" rel=\"nofollow ugc\">answer from WordPress SE\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Deployment of a WordPress site from one box to another has been a PITA since\u003Cbr \u002F>\n  day one I started working with WordPress. (Truth-be-told it was a PITA with\u003Cbr \u002F>\n  Drupal for 2 years before I started with WordPress so the problem is\u003Cbr \u002F>\n  certainly not exclusively with WordPress.)\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>So this plugin aims to make things less PITA and more yummy Pitta (pedants will\u003Cbr \u002F>\nmention that Pitta can also be spelled pita).\u003C\u002Fp>\n\u003Cp>Its inspiration actually comes from the \u003Ca href=\"http:\u002F\u002Fwordpress.stackexchange.com\u002Fq\u002F119\u002F5433\" rel=\"nofollow ugc\">second answer\u003C\u002Fa>\u003Cbr \u002F>\nfrom the same \u003Ca href=\"http:\u002F\u002Fwordpress.stackexchange.com\u002Fq\u002F119\u002F5433\" rel=\"nofollow ugc\">WordPress SE question\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Coincidentally there is a migratory bird called a \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FPitta\" rel=\"nofollow ugc\">Pitta\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>The fairy pitta migrates from Korea, Japan, Taiwan and coastal China to Borneo.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>P.P.S. This plugin is based off the excellent \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftheantichris\u002FWordPress-Plugin-Boilerplate\" rel=\"nofollow ugc\">WordPress Plugin Boilerplate\u003C\u002Fa> from antichris on Github\u003C\u002Fp>\n","Migrate WordPress databases using WP_HOME and WP_SITEURL constants.",1723,"2015-08-24T21:27:00.000Z","4.3.34","2.2",[20,21,199,200,123],"developer","migrate","https:\u002F\u002Fwww.vsni.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpitta-migration.0.4.2.zip",{"attackSurface":204,"codeSignals":268,"taintFlows":354,"riskAssessment":457,"analyzedAt":474},{"hooks":205,"ajaxHandlers":244,"restRoutes":245,"shortcodes":246,"cronEvents":259,"entryPointCount":157,"unprotectedCount":28},[206,212,215,219,223,227,231,235,240],{"type":207,"name":208,"callback":209,"priority":96,"file":210,"line":211},"action","ELISQLREPORTS_daily_backup","ELISQLREPORTS_make_Backup","index.php",700,{"type":207,"name":213,"callback":209,"priority":96,"file":210,"line":214},"ELISQLREPORTS_hourly_backup",701,{"type":207,"name":216,"callback":217,"file":210,"line":218},"admin_menu","ELISQLREPORTS_menu",832,{"type":207,"name":220,"callback":221,"file":210,"line":222},"admin_enqueue_scripts","ELISQLREPORTS_enqueue_scripts",837,{"type":207,"name":224,"callback":225,"file":210,"line":226},"wp_dashboard_setup","ELISQLREPORTS_dashboard_setup",854,{"type":207,"name":228,"callback":229,"file":210,"line":230},"widgets_init","closure",889,{"type":207,"name":232,"callback":233,"file":210,"line":234},"init","ELISQLREPORTS_init",906,{"type":236,"name":237,"callback":238,"priority":46,"file":210,"line":239},"filter","plugin_action_links","ELISQLREPORTS_set_plugin_action_links",921,{"type":236,"name":241,"callback":242,"priority":46,"file":210,"line":243},"plugin_row_meta","ELISQLREPORTS_set_plugin_row_meta",928,[],[],[247,251,255],{"tag":248,"callback":249,"file":210,"line":250},"SQLREPORT","ELISQLREPORTS_shortcode",939,{"tag":252,"callback":253,"file":210,"line":254},"SQLEXPORTCSV","ELISQLREPORTS_CSV_script",962,{"tag":256,"callback":257,"file":210,"line":258},"sqlgetvar","ELISQLREPORTS_get_var",991,[260,262,264,266],{"hook":208,"callback":208,"file":210,"line":261},714,{"hook":213,"callback":213,"file":210,"line":263},716,{"hook":208,"callback":208,"file":210,"line":265},771,{"hook":213,"callback":213,"file":210,"line":267},778,{"dangerousFunctions":269,"sqlUsage":282,"outputEscaping":284,"fileOperations":351,"externalRequests":28,"nonceChecks":127,"capabilityChecks":352,"bundledLibraries":353},[270,274,277,280],{"fn":271,"file":210,"line":272,"context":273},"passthru",183,"passthru($backup_command.escapeshellarg($backup_file), $errors);",{"fn":271,"file":210,"line":275,"context":276},631,"passthru('gunzip -c '.escapeshellarg(trailingslashit($GLOBALS[\"ELISQLREPORTS\"][\"settings_array\"]['ba",{"fn":271,"file":210,"line":278,"context":279},640,"passthru($backup_command.' -e '.escapeshellarg(\"source $file_sql\"), $errors);",{"fn":271,"file":210,"line":281,"context":279},663,{"prepared":99,"raw":28,"locations":283},[],{"escaped":285,"rawEcho":286,"locations":287},23,31,[288,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333,335,337,339,341,343,345,347,349],{"file":210,"line":289,"context":290},62,"raw output",{"file":210,"line":292,"context":290},95,{"file":210,"line":294,"context":290},104,{"file":210,"line":296,"context":290},128,{"file":210,"line":298,"context":290},455,{"file":210,"line":300,"context":290},471,{"file":210,"line":302,"context":290},502,{"file":210,"line":304,"context":290},517,{"file":210,"line":306,"context":290},521,{"file":210,"line":308,"context":290},539,{"file":210,"line":310,"context":290},549,{"file":210,"line":312,"context":290},553,{"file":210,"line":314,"context":290},556,{"file":210,"line":316,"context":290},560,{"file":210,"line":318,"context":290},561,{"file":210,"line":320,"context":290},563,{"file":210,"line":322,"context":290},566,{"file":210,"line":324,"context":290},603,{"file":210,"line":326,"context":290},605,{"file":210,"line":328,"context":290},613,{"file":210,"line":330,"context":290},632,{"file":210,"line":332,"context":290},655,{"file":210,"line":334,"context":290},657,{"file":210,"line":336,"context":290},659,{"file":210,"line":338,"context":290},664,{"file":210,"line":340,"context":290},670,{"file":210,"line":342,"context":290},676,{"file":210,"line":344,"context":290},698,{"file":210,"line":346,"context":290},869,{"file":210,"line":348,"context":290},882,{"file":210,"line":350,"context":290},885,19,2,[],[355,401,420],{"entryPoint":356,"graph":357,"unsanitizedCount":28,"severity":400},"ELISQLREPORTS_settings (index.php:541)",{"nodes":358,"edges":393},[359,363,368,371,374,378,380,384,389,391],{"id":360,"type":361,"label":362,"file":210,"line":328},"n0","source","$_POST['DB_NAME']",{"id":364,"type":365,"label":366,"file":210,"line":328,"wp_function":367},"n1","sink","echo() [XSS]","echo",{"id":369,"type":361,"label":370,"file":210,"line":275},"n2","$_POST['db_date']",{"id":372,"type":365,"label":373,"file":210,"line":275,"wp_function":271},"n3","passthru() [RCE]",{"id":375,"type":361,"label":376,"file":210,"line":377},"n4","$_POST (x2)",629,{"id":379,"type":365,"label":373,"file":210,"line":278,"wp_function":271},"n5",{"id":381,"type":361,"label":382,"file":210,"line":383},"n6","$_POST",639,{"id":385,"type":365,"label":386,"file":210,"line":387,"wp_function":388},"n7","file_get_contents() [SSRF\u002FLFI]",642,"file_get_contents",{"id":390,"type":361,"label":370,"file":210,"line":340},"n8",{"id":392,"type":365,"label":366,"file":210,"line":340,"wp_function":367},"n9",[394,396,397,398,399],{"from":360,"to":364,"sanitized":395},true,{"from":369,"to":372,"sanitized":395},{"from":375,"to":379,"sanitized":395},{"from":381,"to":385,"sanitized":395},{"from":390,"to":392,"sanitized":395},"low",{"entryPoint":402,"graph":403,"unsanitizedCount":28,"severity":400},"ELISQLREPORTS_menu (index.php:720)",{"nodes":404,"edges":417},[405,408,411,414],{"id":360,"type":361,"label":406,"file":210,"line":407},"$_GET['Download_SQL_Backup']",726,{"id":364,"type":365,"label":409,"file":210,"line":407,"wp_function":410},"fopen() [File Access]","fopen",{"id":369,"type":361,"label":412,"file":210,"line":413},"$_GET['Download_SQL_Backup'] (x2)",728,{"id":372,"type":365,"label":415,"file":210,"line":413,"wp_function":416},"header() [Header Injection]","header",[418,419],{"from":360,"to":364,"sanitized":395},{"from":369,"to":372,"sanitized":395},{"entryPoint":421,"graph":422,"unsanitizedCount":28,"severity":400},"\u003Cindex> (index.php:0)",{"nodes":423,"edges":448},[424,427,428,429,430,431,432,433,434,435,436,438,440,442,444,446],{"id":360,"type":361,"label":425,"file":210,"line":426},"$_SERVER['REQUEST_URI']",79,{"id":364,"type":365,"label":366,"file":210,"line":289,"wp_function":367},{"id":369,"type":361,"label":362,"file":210,"line":328},{"id":372,"type":365,"label":366,"file":210,"line":328,"wp_function":367},{"id":375,"type":361,"label":370,"file":210,"line":275},{"id":379,"type":365,"label":373,"file":210,"line":275,"wp_function":271},{"id":381,"type":361,"label":376,"file":210,"line":377},{"id":385,"type":365,"label":373,"file":210,"line":278,"wp_function":271},{"id":390,"type":361,"label":382,"file":210,"line":383},{"id":392,"type":365,"label":386,"file":210,"line":387,"wp_function":388},{"id":437,"type":361,"label":370,"file":210,"line":340},"n10",{"id":439,"type":365,"label":366,"file":210,"line":340,"wp_function":367},"n11",{"id":441,"type":361,"label":406,"file":210,"line":407},"n12",{"id":443,"type":365,"label":409,"file":210,"line":407,"wp_function":410},"n13",{"id":445,"type":361,"label":412,"file":210,"line":413},"n14",{"id":447,"type":365,"label":415,"file":210,"line":413,"wp_function":416},"n15",[449,450,451,452,453,454,455,456],{"from":360,"to":364,"sanitized":395},{"from":369,"to":372,"sanitized":395},{"from":375,"to":379,"sanitized":395},{"from":381,"to":385,"sanitized":395},{"from":390,"to":392,"sanitized":395},{"from":437,"to":439,"sanitized":395},{"from":441,"to":443,"sanitized":395},{"from":445,"to":447,"sanitized":395},{"summary":458,"deductions":459},"The plugin elisqlreports v5.25.25 exhibits a mixed security posture. While it demonstrates strengths in using prepared statements for all SQL queries and performing nonce checks on entry points, there are significant concerns. The static analysis reveals a considerable number of dangerous functions, specifically `passthru`, which can lead to arbitrary code execution if not handled with extreme care and strict input validation. Furthermore, the output escaping is only 43% properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might be rendered directly in the browser without proper sanitization. The historical vulnerability data reveals a concerning pattern of past security issues, including one high and four medium severity vulnerabilities, primarily related to CSRF and XSS. Although there are no currently unpatched CVEs, the recurring nature of these vulnerability types suggests potential ongoing weaknesses in input sanitization and output encoding practices. The plugin has a total of 5 known CVEs, which is a notable number for a single plugin, indicating a history of security flaws. The last vulnerability was also very recent, suggesting that new issues may still be discovered or introduced.",[460,462,464,467,469,472],{"reason":461,"points":14},"Presence of dangerous function `passthru`",{"reason":463,"points":96},"Low output escaping rate (43%)",{"reason":465,"points":466},"High historical vulnerability count (5 CVEs)",8,{"reason":468,"points":61},"Past high severity vulnerability (1)",{"reason":470,"points":471},"Past medium severity vulnerabilities (4)",6,{"reason":473,"points":27},"Recent vulnerability discovery (2025-06-28)","2026-03-16T19:36:16.243Z",{"wat":476,"direct":484},{"assetPaths":477,"generatorPatterns":479,"scriptPaths":480,"versionParams":481},[478],"\u002Fwp-content\u002Fplugins\u002Felisqlreports\u002Fimages\u002Fbtn_donateCC_WIDE.gif",[],[],[482,483],"elisqlreports\u002Findex.php?ver=","elisqlreports\u002Fjs\u002Felisqlreports.js?ver=",{"cssClasses":485,"htmlComments":491,"htmlAttributes":493,"restEndpoints":507,"jsGlobals":508,"shortcodeOutput":511},[486,487,488,489,490],"metabox-holder","stuffbox","hndle","inside","button-primary",[492]," Silence is golden.",[494,495,496,497,498,499,500,501,502,503,504,505,506],"id=\"top_title\"","id=\"admin-page-container\"","id=\"ELISQLREPORTS-right-sidebar\"","id=\"ELISQLREPORTS-main-section\"","id=\"ELISQLREPORTS-metabox-container\"","id=\"SQLFormDel\"","id=\"SQLForm\"","name=\"SQLForm\"","id=\"pp_button\"","onclick=\"showhide('SQLFormEdit', true); this.style.display='none'; document.SQLForm.rSQL.focus();\"","onclick=\"stuffbox_showhide('inside_\\'' + md5(bTitle) + '\\'');\"","id=\"title_\\'' + md5(bTitle) + '\\'\"","id=\"inside_\\'' + md5(bTitle) + '\\'\"",[],[509,510],"window.ELISQLREPORTS","var func",[512],"[ELISQLREPORTS]"]