[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDXTvI3lDuGPe0xCGjEITF-3rwRwBw30Kqfr8DN17bOo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":136,"fingerprints":362},"ez-backup","EZ Backup","4.15.12","Eli","https:\u002F\u002Fprofiles.wordpress.org\u002Fscheeeli\u002F","\u003Cp>Your database can be automatically saved and archived every hour and\u002For every day, and backups can be emailed to the address you specify. You can also restore the data to your WP DB or an external DB, which makes copying your database to another server and easy task.\u003C\u002Fp>\n\u003Cp>Updated March-13th\u003C\u002Fp>\n","Keep your database safe with scheduled backups. Multiple option for off-site backups also available.",10,2341,0,"2015-03-13T20:16:00.000Z","4.1.42","2.6","",[19,20,21,22,23],"cron","db","easy","mysql","sql","http:\u002F\u002Fwordpress.ieonly.com\u002Fcategory\u002Fmy-plugins\u002Fez-backup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fez-backup.4.15.12.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"scheeeli",9,101170,90,782,72,"2026-04-03T23:31:14.561Z",[39,62,83,103,121],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":17,"download_link":59,"security_score":49,"vuln_count":60,"unpatched_count":13,"last_vuln_date":61,"fetched_at":28},"pexlechris-adminer","Database Manager – WP Adminer","4.3.3","Pexle Chris","https:\u002F\u002Fprofiles.wordpress.org\u002Fpexlechris\u002F","\u003Cp>The best database management tool for the best CMS.\u003C\u002Fp>\n\u003Cp>This plugin uses the tool \u003Ca href=\"https:\u002F\u002Fwww.adminer.org\u002F\" rel=\"nofollow ugc\">Adminer\u003C\u002Fa>, in order to give database access to administrators directly from the Dashboard.\u003Cbr \u002F>\nAs simple as the previous sentence!\u003C\u002Fp>\n\u003Cp>I am not the author of Adminer. I am only the author who does the WordPress integration with Adminer.\u003Cbr \u002F>\nAuthor of Adminer is Jakub Vrana and you can donate him from \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fdonate\u002F?item_name=Donation+to+Adminer&cmd=_donations&business=jakub%40vrana.cz\" rel=\"nofollow ugc\">there\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Compatible also with WordPress Multisite installations\u003C\u002Fp>\n\u003Ch3>WP Adminer access positions\u003C\u002Fh3>\n\u003Cp>You can access the WP Adminer from the below positions:\u003Cbr \u002F>\n1. WP Adminer URL in the Admin Bar\u003Cbr \u002F>\n2. WP Adminer Tools Page (Dashboard > Tools > WP Adminer)\u003C\u002Fp>\n\u003Ch3>Explore my other plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pexlechris.dev\u002Flibrary-viewer\u002Fwp-wpadminer\" rel=\"nofollow ugc\">Library Viewer\u003C\u002Fa>: With Library Viewer, you can display the containing files and the containing folders of a “specific folder” of your (FTP) server to your users in the front-end.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgift-wrapping-for-woocommerce\" rel=\"ugc\">Gift Wrapping for WooCommerce\u003C\u002Fa>: This plugin allows customers to select a gift wrapper for their orders, via a checkbox in the checkout page.\u003C\u002Fli>\n\u003C\u002Ful>\n","Manage the database from your WordPress Dashboard using Adminer.",20000,296374,100,27,"2026-03-13T07:59:00.000Z","6.9.4","4.7.0","7.0",[56,57,58,22,23],"adminer","database","mariadb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpexlechris-adminer.4.3.3.zip",1,"2022-08-16 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":17,"tags":77,"homepage":81,"download_link":82,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"sql-executioner","SQL Executioner","1.4","Justin Watt","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustincwatt\u002F","\u003Cp>Instead of needing a tool like \u003Ca href=\"http:\u002F\u002Fwww.phpmyadmin.net\u002Fhome_page\u002Findex.php\" rel=\"nofollow ugc\">phpMyAdmin\u003C\u002Fa>\u003Cbr \u002F>\nor the mysql command line client to view and modify your WordPress database,\u003Cbr \u002F>\nthe SQL Executioner allows you to run arbitrary SQL queries against your\u003Cbr \u002F>\nWordPress database from within the Admin. In many cases this allows you to bypass\u003Cbr \u002F>\nthe inherent limitations of the WordPress Admin interface, and use the full expressive\u003Cbr \u002F>\npower of SQL to analyze and update your blog’s database.\u003C\u002Fp>\n\u003Cp>To use simply install and visit the Tools > SQL Executioner page.\u003C\u002Fp>\n\u003Cp>If you’re interested in contributing to the code behind this plugin, it’s also hosted on GitHub:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fjustincwatt\u002Fwp-sql-executioner\u003C\u002Fp>\n","Execute arbitrary SQL queries against your WordPress database from the Admin.",2000,52946,92,11,"2016-09-28T07:27:00.000Z","4.6.30","3.0",[78,22,79,80,23],"dba","phpmyadmin","query","http:\u002F\u002Fjustinsomnia.org\u002F2008\u002F02\u002Fthe-wordpress-sql-executioner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsql-executioner.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":49,"downloaded":91,"rating":49,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":101,"download_link":102,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"secure-db-connection","Secure DB Connection","1.1.5","hypertextranch","https:\u002F\u002Fprofiles.wordpress.org\u002Fhypertextranch\u002F","\u003Cp>Depending on the MySQL server setup the SSL certs used may not be in the trusted store, if that’s the case \u003Ccode>mysqli_ssl_set()\u003C\u002Fcode> needs to be called to set custom keys and certs before connect. This Plugin adds a custom DB class that allows these settings to be configured via custom constants.\u003C\u002Fp>\n\u003Cp>This plugin will also add a custom item on the “At a Glance” section of the Dashboard to show if the \u003Ccode>$wpdb\u003C\u002Fcode> connection is secure or not.\u003C\u002Fp>\n\u003Cp>Also find me on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fxyu\u002Fsecure-db-connection\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Sets SSL keys and certs for encrypted MySQL database connections.",24763,3,"2018-07-08T13:06:00.000Z","4.9.29","4.9","5.2.4",[20,98,22,99,100],"encrypted","secure","ssl","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecure-db-connection\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-db-connection.1.1.6.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":11,"downloaded":111,"rating":13,"num_ratings":13,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":17,"tags":115,"homepage":119,"download_link":120,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"database-read-replicas","Database Read Replicas","1.0.0","jamesdlow","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamesdlow\u002F","\u003Cp>BETA: Extend WordPress with MySQL database read replica support for greater speed and scalability\u003Cbr \u002F>\nThis is a first release beta, and should only be used at your own risk\u003C\u002Fp>\n","BETA: Extend WordPress with MySQL database read replica support for greater speed and scalability",3994,"2016-11-24T10:29:00.000Z","3.2.1","3.0.0",[116,57,22,117,118],"cache","read","wpdb","http:\u002F\u002Fjameslow.com\u002F2011\u002F10\u002F12\u002Fdatabase-read-replicas\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatabase-read-replicas.1.0.1.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":11,"downloaded":129,"rating":13,"num_ratings":13,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":17,"tags":133,"homepage":17,"download_link":135,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"mysqlist","MySQList","1.2.2","asdasdsadsasasd","https:\u002F\u002Fprofiles.wordpress.org\u002Fvantezzen\u002F","\u003Cp>MySQList ist ein WordPress Plugin, welches das Erstellen einer Liste von Dingen mit einem Ablaufdatum, wie z.B. Anmeldungen oder Termine ganz einfach macht.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Bitte geben Sie Feedback über das Formular unter bennetthollstein.de\u002Fkontakt\u003Cbr \u002F>\nProbleme melden Sie bitte das Formular unter penntetollstein.de\u002Fproblem\u003C\u002Fp>\n","Mit MySQList kann man ganz einfach Listen mit Ablaufdatum und Verlinkungen erstellen.",1878,"2015-09-08T13:59:00.000Z","4.3.34","3.0.1",[21,134,22],"list","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmysqlist.zip",{"attackSurface":137,"codeSignals":181,"taintFlows":234,"riskAssessment":349,"analyzedAt":361},{"hooks":138,"ajaxHandlers":169,"restRoutes":170,"shortcodes":171,"cronEvents":172,"entryPointCount":13,"unprotectedCount":13},[139,145,148,152,156,160,165],{"type":140,"name":141,"callback":142,"priority":11,"file":143,"line":144},"action","ezbackup_db_daily","ezbackup_db2file","index.php",234,{"type":140,"name":146,"callback":142,"priority":11,"file":143,"line":147},"ezbackup_db_hourly",235,{"type":140,"name":149,"callback":150,"file":143,"line":151},"admin_notices","ezbackup_admin_notices",275,{"type":140,"name":153,"callback":154,"file":143,"line":155},"wp_enqueue_scripts","ezbackup_enqueue_scripts",304,{"type":140,"name":157,"callback":158,"file":143,"line":159},"admin_menu","ezbackup_menu",317,{"type":161,"name":162,"callback":163,"priority":60,"file":143,"line":164},"filter","plugin_action_links","ezbackup_set_plugin_action_links",324,{"type":161,"name":166,"callback":167,"priority":60,"file":143,"line":168},"plugin_row_meta","ezbackup_set_plugin_row_meta",331,[],[],[],[173,175,177,179],{"hook":141,"callback":141,"file":143,"line":174},295,{"hook":146,"callback":146,"file":143,"line":176},297,{"hook":141,"callback":141,"file":143,"line":178},460,{"hook":146,"callback":146,"file":143,"line":180},473,{"dangerousFunctions":182,"sqlUsage":195,"outputEscaping":198,"fileOperations":232,"externalRequests":13,"nonceChecks":60,"capabilityChecks":92,"bundledLibraries":233},[183,187,190,193],{"fn":184,"file":143,"line":185,"context":186},"passthru",151,"passthru($backup_command.'\"'.$backup_file.'\"', $errors);",{"fn":184,"file":143,"line":188,"context":189},550,"passthru('gunzip -c \"'.trailingslashit($GLOBALS[\"ez-backup\"][\"settings\"]['backup_dir']).$_REQUEST[\"e",{"fn":184,"file":143,"line":191,"context":192},559,"passthru($backup_command.' -e \"source '.trailingslashit($GLOBALS[\"ez-backup\"][\"settings\"]['backup_di",{"fn":184,"file":143,"line":194,"context":192},583,{"prepared":196,"raw":13,"locations":197},5,[],{"escaped":92,"rawEcho":199,"locations":200},15,[201,204,206,208,210,212,214,216,218,220,222,224,226,228,230],{"file":143,"line":202,"context":203},270,"raw output",{"file":143,"line":205,"context":203},272,{"file":143,"line":207,"context":203},362,{"file":143,"line":209,"context":203},414,{"file":143,"line":211,"context":203},521,{"file":143,"line":213,"context":203},524,{"file":143,"line":215,"context":203},526,{"file":143,"line":217,"context":203},532,{"file":143,"line":219,"context":203},551,{"file":143,"line":221,"context":203},575,{"file":143,"line":223,"context":203},577,{"file":143,"line":225,"context":203},579,{"file":143,"line":227,"context":203},584,{"file":143,"line":229,"context":203},591,{"file":143,"line":231,"context":203},616,21,[],[235,262,314],{"entryPoint":236,"graph":237,"unsanitizedCount":13,"severity":261},"ezbackup_menu (index.php:306)",{"nodes":238,"edges":257},[239,244,249,253],{"id":240,"type":241,"label":242,"file":143,"line":243},"n0","source","$_GET['ez-backup-download']",308,{"id":245,"type":246,"label":247,"file":143,"line":243,"wp_function":248},"n1","sink","fopen() [File Access]","fopen",{"id":250,"type":241,"label":251,"file":143,"line":252},"n2","$_GET['ez-backup-download'] (x2)",310,{"id":254,"type":246,"label":255,"file":143,"line":252,"wp_function":256},"n3","header() [Header Injection]","header",[258,260],{"from":240,"to":245,"sanitized":259},true,{"from":250,"to":254,"sanitized":259},"low",{"entryPoint":263,"graph":264,"unsanitizedCount":60,"severity":313},"ezbackup_settings (index.php:442)",{"nodes":265,"edges":304},[266,268,271,274,276,280,285,287,289,293,295,298,302],{"id":240,"type":241,"label":267,"file":143,"line":217},"$_POST['DB_NAME']",{"id":245,"type":246,"label":269,"file":143,"line":217,"wp_function":270},"echo() [XSS]","echo",{"id":250,"type":241,"label":272,"file":143,"line":273},"$_POST (x3)",548,{"id":254,"type":246,"label":275,"file":143,"line":188,"wp_function":184},"passthru() [RCE]",{"id":277,"type":241,"label":278,"file":143,"line":279},"n4","$_REQUEST",561,{"id":281,"type":246,"label":282,"file":143,"line":283,"wp_function":284},"n5","file_get_contents() [SSRF\u002FLFI]",562,"file_get_contents",{"id":286,"type":241,"label":278,"file":143,"line":279},"n6",{"id":288,"type":246,"label":269,"file":143,"line":223,"wp_function":270},"n7",{"id":290,"type":241,"label":291,"file":143,"line":292},"n8","$_POST",490,{"id":294,"type":246,"label":269,"file":143,"line":231,"wp_function":270},"n9",{"id":296,"type":241,"label":297,"file":143,"line":217},"n10","$_POST['DB_USER']",{"id":299,"type":300,"label":301,"file":143,"line":217},"n11","transform","→ ezbackup_db2file()",{"id":303,"type":246,"label":275,"file":143,"line":185,"wp_function":184},"n12",[305,306,307,308,309,310,312],{"from":240,"to":245,"sanitized":259},{"from":250,"to":254,"sanitized":259},{"from":277,"to":281,"sanitized":259},{"from":286,"to":288,"sanitized":259},{"from":290,"to":294,"sanitized":259},{"from":296,"to":299,"sanitized":311},false,{"from":299,"to":303,"sanitized":311},"critical",{"entryPoint":315,"graph":316,"unsanitizedCount":60,"severity":313},"\u003Cindex> (index.php:0)",{"nodes":317,"edges":339},[318,319,320,321,322,323,324,325,326,327,328,329,330,331,333,335,337],{"id":240,"type":241,"label":242,"file":143,"line":243},{"id":245,"type":246,"label":247,"file":143,"line":243,"wp_function":248},{"id":250,"type":241,"label":251,"file":143,"line":252},{"id":254,"type":246,"label":255,"file":143,"line":252,"wp_function":256},{"id":277,"type":241,"label":267,"file":143,"line":217},{"id":281,"type":246,"label":269,"file":143,"line":217,"wp_function":270},{"id":286,"type":241,"label":272,"file":143,"line":273},{"id":288,"type":246,"label":275,"file":143,"line":188,"wp_function":184},{"id":290,"type":241,"label":278,"file":143,"line":279},{"id":294,"type":246,"label":282,"file":143,"line":283,"wp_function":284},{"id":296,"type":241,"label":278,"file":143,"line":279},{"id":299,"type":246,"label":269,"file":143,"line":223,"wp_function":270},{"id":303,"type":241,"label":291,"file":143,"line":292},{"id":332,"type":246,"label":269,"file":143,"line":231,"wp_function":270},"n13",{"id":334,"type":241,"label":297,"file":143,"line":217},"n14",{"id":336,"type":300,"label":301,"file":143,"line":217},"n15",{"id":338,"type":246,"label":275,"file":143,"line":185,"wp_function":184},"n16",[340,341,342,343,344,345,346,347,348],{"from":240,"to":245,"sanitized":259},{"from":250,"to":254,"sanitized":259},{"from":277,"to":281,"sanitized":259},{"from":286,"to":288,"sanitized":259},{"from":290,"to":294,"sanitized":259},{"from":296,"to":299,"sanitized":259},{"from":303,"to":332,"sanitized":259},{"from":334,"to":336,"sanitized":311},{"from":336,"to":338,"sanitized":311},{"summary":350,"deductions":351},"The \"ez-backup\" plugin v4.15.12 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and generally implementing capability checks for its operations. The absence of known CVEs and a clean vulnerability history are also strong indicators of a relatively secure plugin over time. However, the static analysis reveals significant areas of concern.\n\nThe plugin utilizes the dangerous `passthru` function four times, which can be a vector for command injection if not handled with extreme care and robust sanitization. Furthermore, the taint analysis indicates two flows with unsanitized paths, flagged as critical severity. This is a major red flag, suggesting that user-supplied data could be used to construct file paths or commands without proper validation, potentially leading to unauthorized file access or arbitrary code execution.\n\nWhile the attack surface appears minimal with no directly exposed AJAX handlers, REST API routes, or shortcodes, the internal code signals, particularly the `passthru` usage and unsanitized paths, present a substantial risk. The low percentage of properly escaped output also suggests a potential for cross-site scripting (XSS) vulnerabilities, although no specific flows were highlighted as critical in the taint analysis for this. The presence of multiple file operations without explicit mention of sanitization in the taint analysis further amplifies these concerns.",[352,354,356,359],{"reason":353,"points":199},"Critical taint flows with unsanitized paths",{"reason":355,"points":11},"Usage of dangerous function: passthru",{"reason":357,"points":358},"Low percentage of properly escaped output",8,{"reason":360,"points":196},"File operations without clear sanitization in taint analysis","2026-03-17T00:18:22.032Z",{"wat":363,"direct":372},{"assetPaths":364,"generatorPatterns":367,"scriptPaths":368,"versionParams":369},[365,366],"\u002Fwp-content\u002Fplugins\u002Fez-backup\u002Fez-backup.css","\u002Fwp-content\u002Fplugins\u002Fez-backup\u002Fez-backup.js",[],[366],[370,371],"ez-backup\u002Fez-backup.css?ver=","ez-backup\u002Fez-backup.js?ver=",{"cssClasses":373,"htmlComments":377,"htmlAttributes":385,"restEndpoints":387,"jsGlobals":388,"shortcodeOutput":390},[374,375,376],"ez-backup-wrap","ez-backup-settings","ez-backup-footer",[378,379,380,381,382,383,384],"EZ Backup Main Plugin File","Copyright","This program is free software; you can redistribute it","This program is distributed in the hope that it will be useful","See the GNU General Public License for more details.","You should have received a copy of the GNU General Public License","Silence is golden.",[386],"data-ez-backup-nonce",[],[389],"ez_backup_params",[]]