[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSYeUPNOZATefdPAkb7bkoyAAm1aReVoL6-BAvNCnlbw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":41,"analysis":146,"fingerprints":444},"file-un-attach","File Un-Attach","1.1.3","Hax","https:\u002F\u002Fprofiles.wordpress.org\u002Fhax\u002F","\u003Cp>This plugin will allow you to attach a single file to multiple posts, but will also will allow you to detach any file.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support http:\u002F\u002Fxparkmedia.com\u002Fplugins\u002Ffile-un-attach\u002F\u003C\u002Fli>\n\u003Cli>Languages http:\u002F\u002Fxparkmedia.com\u002Fplugins\u002Ffile-un-attach\u002F#languages\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin will allow you to attach a single file to multiple posts, but will also will allow you to detach any file.",400,33004,88,12,"2015-08-13T05:13:00.000Z","4.2.39","3.0.0","",[20,21,22,23,24],"attach","attached","gallery","image","unattach","http:\u002F\u002Fwww.xparkmedia.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffile-un-attach.1.1.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":34,"profile_url":8,"plugin_count":35,"total_installs":36,"avg_security_score":37,"avg_patch_time_days":38,"trust_score":39,"computed_at":40},"hax","markethax",9,12230,90,30,87,"2026-04-04T21:14:48.727Z",[42,64,85,107,124],{"slug":43,"name":44,"version":45,"author":46,"author_profile":47,"description":48,"short_description":49,"active_installs":38,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":18,"tags":56,"homepage":62,"download_link":63,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"auto-delete-unattached-media","Auto Delete Unattached Media","1.0","Wong Siong Kiat","https:\u002F\u002Fprofiles.wordpress.org\u002Fwongsiongkiat\u002F","\u003Cp>Auto Delete Unattached Media is a plugin that will automatically delete unattached\u002Funused media\u002Fimages\u002Fattachments every minute. It will be supported and maintained until at least 2022, or as long as is necessary.\u003C\u002Fp>\n\u003Cp>Once activated, it will work silently in the background. There is no other configuration, the auto delete unattached media settings screens are enabled or disabled by either enabling or disabling this plugin. I recommend you deactivate this plugin when there are no unused media\u002Fimages\u002Fattachments left.\u003C\u002Fp>\n","Automatically delete unattached\u002Funused media\u002Fimages\u002Fattachments every minute silently in the background.",4408,60,2,"2022-02-03T01:58:00.000Z","5.9.13","4.9",[57,58,59,60,61],"attachments","images","media","unattached","unused","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauto-delete-unattached-media\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-delete-unattached-media.1.0.zip",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":18,"tags":79,"homepage":82,"download_link":83,"security_score":84,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"lightbox-photoswipe","Lightbox with PhotoSwipe","5.8.3","Arno Welzel","https:\u002F\u002Fprofiles.wordpress.org\u002Fawelzel\u002F","\u003Cp>This plugin integrates PhotoSwipe to WordPress. All linked images in a post or page will be displayed using PhotoSwipe, regardless if they are part of a gallery or single images.\u003C\u002Fp>\n\u003Cp>More about the original version of PhotoSwipe see here: \u003Ca href=\"http:\u002F\u002Fphotoswipe.com\" rel=\"nofollow ugc\">http:\u002F\u002Fphotoswipe.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can also display EXIF data from supported image types.\u003C\u002Fp>\n\u003Cp>As of version 4.0.0 this plugin requires at least WordPress 5.3 and PHP 7.0. Older PHP version will cause problems. In this case you have to upgrade your PHP version or ask your hoster to do so. Please note that WordPress itself also recommends at least PHP 7.4 – see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please keep in mind: not the visible thumbnail is relevant, but only the image link. Images should always be linked to the file and not to the attachment page. Since version 5.6.1 there is an option to fix attachment links which can be enabled if needed – however this may slow down your website since then all links on a page will be checked if they are attachment links.\u003C\u002Fp>\n","Integration of PhotoSwipe (http:\u002F\u002Fphotoswipe.com) for WordPress.",20000,937902,98,113,"2026-02-26T16:27:00.000Z","6.9.4","5.3",[57,22,58,80,81],"lightbox","photoswipe","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flightbox-photoswipe\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flightbox-photoswipe.5.8.3.zip",100,{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":103,"download_link":104,"security_score":105,"vuln_count":52,"unpatched_count":52,"last_vuln_date":106,"fetched_at":30},"import-external-attachments","Import external attachments","1.5.12","ryanpcmcquen","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanpcmcquen\u002F","\u003Cp>Makes local copies of all the linked images and pdfs in a post, adding them as gallery attachments.\u003C\u002Fp>\n\u003Cp>Source & support:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fryanpcmcquen\u002Fimport-external-attachments\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is based on the work done in the “Import External Images” plugin by MartyThornley.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002FMartyThornley\u003C\u002Fp>\n\u003Cp>HTTPS support added by IvanDoomer:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FIvanDoomer\u003C\u002Fp>\n\u003Cp>PDF support added by bengreeley:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fbengreeley\u003C\u002Fp>\n\u003Cp>Most of the JavaScript was rewritten from the original plugin, to reduce the\u003Cbr \u002F>\nnumber of global variables.\u003C\u002Fp>\n","Makes local copies of all the linked images and pdfs in a post, adding them as gallery attachments.",2000,24175,86,26,"2017-02-24T14:39:00.000Z","4.4.34","3.2",[57,22,58,101,102],"photo","photobloggers","https:\u002F\u002Fgithub.com\u002Fryanpcmcquen\u002Fimport-external-attachments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimport-external-attachments.zip",41,"2025-12-14 00:00:00",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":37,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":18,"tags":121,"homepage":18,"download_link":123,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"photo-swipe","PhotoSwipe","4.1.1.1","Louy Alakkad","https:\u002F\u002Fprofiles.wordpress.org\u002Flouyx\u002F","\u003Cp>This plugins adds the PhotoSwipe library to your WordPress blog seamlessly. No configuration required.\u003C\u002Fp>\n","A very light implementation of PhotoSwipe javascript plugin for WordPress",1000,31166,11,"2016-03-17T14:51:00.000Z","4.4.0","4.0",[57,122,22,58,80],"fancybox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphoto-swipe.4.1.1.1.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":134,"num_ratings":52,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":18,"tags":138,"homepage":141,"download_link":142,"security_score":143,"vuln_count":144,"unpatched_count":144,"last_vuln_date":145,"fetched_at":30},"gallery-widget","Gallery Widget","1.2.1","cybio","https:\u002F\u002Fprofiles.wordpress.org\u002Fcybio\u002F","\u003Cp>Gallery Widget is a simple plugin that let you show the latest\u002Frandom images of\u003Cbr \u002F>\nthe wordpress media gallery inside a widget, directly in your templates (it is\u003Cbr \u002F>\npossible to choose some categories to be included\u002Fexcluded) or in posts\u002Fpages\u003Cbr \u002F>\nusing a shortcode (see faq on how to use them).\u003C\u002Fp>\n\u003Cp>For more information on how to use this plugin see \u003Ca href=\"http:\u002F\u002Fblog.splash.de\u002Fplugins\u002F\" rel=\"nofollow ugc\">splash 😉\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please report bugs and\u002For feature-request to the ticket-system: \u003Ca href=\"http:\u002F\u002Ftrac.splash.de\u002Fgallerywidget\" rel=\"nofollow ugc\">TicketSystem\u002FWiki\u003C\u002Fa>.\u003Cbr \u002F>\nFor Support, please use the \u003Ca href=\"http:\u002F\u002Fboard.splash.de\u002Fforumdisplay.php?f=102\" rel=\"nofollow ugc\">forum\u003C\u002Fa>.\u003Cbr \u002F>\nLatest development news: \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fcybiox9\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>.\u003C\u002Fp>\n","Simple widget to show the latest\u002Frandom images of the WordPress media library as a Widget, using a shortcode or directly with a php-function.",500,83367,80,"2011-03-18T20:44:00.000Z","3.1.0","2.8",[139,22,23,59,140],"attachment","widget","http:\u002F\u002Fblog.splash.de\u002Fplugins\u002Fgallery-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgallery-widget.1.2.1.zip",63,1,"2025-07-04 00:00:00",{"attackSurface":147,"codeSignals":218,"taintFlows":319,"riskAssessment":432,"analyzedAt":443},{"hooks":148,"ajaxHandlers":214,"restRoutes":215,"shortcodes":216,"cronEvents":217,"entryPointCount":28,"unprotectedCount":28},[149,155,162,167,171,174,178,181,185,189,193,197,200,203,208,211],{"type":150,"name":151,"callback":152,"priority":28,"file":153,"line":154},"action","init","load_text_domain","file-unattach.php",58,{"type":156,"name":157,"callback":158,"priority":159,"file":160,"line":161},"filter","attachment_fields_to_edit","attachment_fields",10,"inc\\admin.php",29,{"type":150,"name":163,"callback":164,"priority":165,"file":160,"line":166},"pre_get_posts","pre_get_images",50,34,{"type":150,"name":168,"callback":169,"priority":165,"file":160,"line":170},"admin_init","init_actions",38,{"type":150,"name":172,"callback":172,"priority":165,"file":160,"line":173},"admin_footer",39,{"type":150,"name":175,"callback":176,"priority":165,"file":160,"line":177},"wp_enqueue_media","enqueue_media",40,{"type":150,"name":179,"callback":180,"priority":144,"file":160,"line":105},"admin_print_scripts","load_admin_scripts",{"type":150,"name":182,"callback":183,"priority":159,"file":160,"line":184},"manage_media_custom_column","custom_column",42,{"type":150,"name":186,"callback":187,"file":160,"line":188},"attachment_submitbox_misc_actions","attachment_submitbox",43,{"type":156,"name":190,"callback":191,"priority":51,"file":160,"line":192},"media_upload_tabs","gallery_tab",45,{"type":156,"name":194,"callback":195,"priority":159,"file":160,"line":196},"manage_upload_columns","add_columns",46,{"type":150,"name":172,"callback":198,"file":160,"line":199},"fun_print_media_templates",66,{"type":150,"name":163,"callback":164,"priority":84,"file":201,"line":202},"inc\\front.php",20,{"type":150,"name":204,"callback":205,"file":206,"line":207},"post-plupload-upload-ui","media_upload_flash_bypass","inc\\media-template.3.9.php",82,{"type":150,"name":204,"callback":205,"file":209,"line":210},"inc\\media-template.4.0.php",96,{"type":150,"name":204,"callback":205,"file":212,"line":213},"inc\\media-template.php",71,[],[],[],[],{"dangerousFunctions":219,"sqlUsage":224,"outputEscaping":232,"fileOperations":28,"externalRequests":28,"nonceChecks":317,"capabilityChecks":144,"bundledLibraries":318},[220],{"fn":221,"file":201,"line":222,"context":223},"unserialize",132,"$attachment = unserialize($attachment);",{"prepared":225,"raw":52,"locations":226},5,[227,230],{"file":160,"line":228,"context":229},254,"$wpdb->get_results() with variable interpolation",{"file":201,"line":231,"context":229},51,{"escaped":233,"rawEcho":234,"locations":235},94,44,[236,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,271,273,275,277,279,281,282,283,285,287,288,290,292,293,295,297,299,301,303,305,306,308,310,312,314,315,316],{"file":237,"line":238,"context":239},"ajax.php",186,"raw output",{"file":237,"line":241,"context":239},187,{"file":237,"line":243,"context":239},188,{"file":237,"line":245,"context":239},191,{"file":237,"line":247,"context":239},192,{"file":160,"line":249,"context":239},76,{"file":160,"line":251,"context":239},77,{"file":160,"line":253,"context":239},146,{"file":160,"line":255,"context":239},372,{"file":206,"line":257,"context":239},31,{"file":206,"line":259,"context":239},445,{"file":206,"line":261,"context":239},707,{"file":206,"line":263,"context":239},708,{"file":206,"line":265,"context":239},709,{"file":206,"line":267,"context":239},713,{"file":206,"line":269,"context":239},714,{"file":206,"line":269,"context":239},{"file":206,"line":272,"context":239},786,{"file":206,"line":274,"context":239},787,{"file":206,"line":276,"context":239},788,{"file":206,"line":278,"context":239},792,{"file":206,"line":280,"context":239},793,{"file":206,"line":280,"context":239},{"file":209,"line":105,"context":239},{"file":209,"line":284,"context":239},265,{"file":209,"line":286,"context":239},266,{"file":209,"line":286,"context":239},{"file":209,"line":289,"context":239},446,{"file":209,"line":291,"context":239},447,{"file":209,"line":291,"context":239},{"file":209,"line":294,"context":239},624,{"file":209,"line":296,"context":239},911,{"file":209,"line":298,"context":239},912,{"file":209,"line":300,"context":239},913,{"file":209,"line":302,"context":239},917,{"file":209,"line":304,"context":239},918,{"file":209,"line":304,"context":239},{"file":209,"line":307,"context":239},993,{"file":209,"line":309,"context":239},994,{"file":209,"line":311,"context":239},995,{"file":209,"line":313,"context":239},999,{"file":209,"line":115,"context":239},{"file":209,"line":115,"context":239},{"file":212,"line":257,"context":239},6,[],[320,339,363,373,385,395,414,424],{"entryPoint":321,"graph":322,"unsanitizedCount":144,"severity":338},"init_actions (inc\\admin.php:283)",{"nodes":323,"edges":335},[324,329],{"id":325,"type":326,"label":327,"file":160,"line":328},"n0","source","$_GET",315,{"id":330,"type":331,"label":332,"file":160,"line":333,"wp_function":334},"n1","sink","wp_redirect() [Open Redirect]",317,"wp_redirect",[336],{"from":325,"to":330,"sanitized":337},false,"medium",{"entryPoint":340,"graph":341,"unsanitizedCount":28,"severity":362},"file_unattach_is_attached (ajax.php:158)",{"nodes":342,"edges":358},[343,346,350,354],{"id":325,"type":326,"label":344,"file":237,"line":345},"$_POST",167,{"id":330,"type":331,"label":347,"file":237,"line":348,"wp_function":349},"get_results() [SQLi]",170,"get_results",{"id":351,"type":326,"label":352,"file":237,"line":353},"n2","$_POST (x5)",168,{"id":355,"type":331,"label":356,"file":237,"line":238,"wp_function":357},"n3","echo() [XSS]","echo",[359,361],{"from":325,"to":330,"sanitized":360},true,{"from":351,"to":355,"sanitized":360},"low",{"entryPoint":364,"graph":365,"unsanitizedCount":28,"severity":362},"file_unattach_find_attached (ajax.php:203)",{"nodes":366,"edges":371},[367,369],{"id":325,"type":326,"label":344,"file":237,"line":368},212,{"id":330,"type":331,"label":347,"file":237,"line":370,"wp_function":349},218,[372],{"from":325,"to":330,"sanitized":360},{"entryPoint":374,"graph":375,"unsanitizedCount":28,"severity":362},"\u003Cajax> (ajax.php:0)",{"nodes":376,"edges":382},[377,379,380,381],{"id":325,"type":326,"label":378,"file":237,"line":345},"$_POST (x2)",{"id":330,"type":331,"label":347,"file":237,"line":348,"wp_function":349},{"id":351,"type":326,"label":352,"file":237,"line":353},{"id":355,"type":331,"label":356,"file":237,"line":238,"wp_function":357},[383,384],{"from":325,"to":330,"sanitized":360},{"from":351,"to":355,"sanitized":360},{"entryPoint":386,"graph":387,"unsanitizedCount":28,"severity":362},"admin_footer (inc\\admin.php:349)",{"nodes":388,"edges":393},[389,392],{"id":325,"type":326,"label":390,"file":160,"line":391},"$_GET['action']",366,{"id":330,"type":331,"label":356,"file":160,"line":391,"wp_function":357},[394],{"from":325,"to":330,"sanitized":360},{"entryPoint":396,"graph":397,"unsanitizedCount":28,"severity":362},"\u003Cadmin> (inc\\admin.php:0)",{"nodes":398,"edges":410},[399,400,401,404,406,408],{"id":325,"type":326,"label":327,"file":160,"line":328},{"id":330,"type":331,"label":332,"file":160,"line":333,"wp_function":334},{"id":351,"type":326,"label":402,"file":160,"line":403},"$_REQUEST",286,{"id":355,"type":331,"label":356,"file":160,"line":405,"wp_function":357},365,{"id":407,"type":326,"label":390,"file":160,"line":391},"n4",{"id":409,"type":331,"label":356,"file":160,"line":391,"wp_function":357},"n5",[411,412,413],{"from":325,"to":330,"sanitized":360},{"from":351,"to":355,"sanitized":360},{"from":407,"to":409,"sanitized":360},{"entryPoint":415,"graph":416,"unsanitizedCount":28,"severity":362},"fun_print_media_templates (inc\\media-template.4.0.php:15)",{"nodes":417,"edges":422},[418,421],{"id":325,"type":326,"label":419,"file":209,"line":420},"$_SERVER['REQUEST_URI'] (x2)",127,{"id":330,"type":331,"label":356,"file":209,"line":420,"wp_function":357},[423],{"from":325,"to":330,"sanitized":360},{"entryPoint":425,"graph":426,"unsanitizedCount":28,"severity":362},"\u003Cmedia-template.4.0> (inc\\media-template.4.0.php:0)",{"nodes":427,"edges":430},[428,429],{"id":325,"type":326,"label":419,"file":209,"line":420},{"id":330,"type":331,"label":356,"file":209,"line":420,"wp_function":357},[431],{"from":325,"to":330,"sanitized":360},{"summary":433,"deductions":434},"The \"file-un-attach\" plugin v1.1.3 exhibits a generally good security posture with no known historical vulnerabilities. The static analysis reveals a limited attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. This indicates a deliberate effort to minimize potential entry points for attackers. Furthermore, the majority of SQL queries utilize prepared statements, and a reasonable percentage of outputs are properly escaped, demonstrating adherence to some secure coding practices.\n\nHowever, the analysis does flag a critical concern with the presence of the `unserialize` function. While the static analysis doesn't explicitly show an unsanitized path leading to this function, the mere use of `unserialize` on potentially untrusted data is a significant risk. It's possible that unsanitized data could be passed to `unserialize`, leading to Remote Code Execution (RCE) or other severe vulnerabilities. The taint analysis also indicates one flow with an unsanitized path, which, while not classified as critical or high, still warrants attention as it represents a potential weakness.\n\nIn conclusion, the plugin's lack of historical vulnerabilities and its minimal attack surface are positive signs. Nevertheless, the identified use of `unserialize` and the single unsanitized taint flow represent critical potential weaknesses that could be exploited. Further investigation into how data is passed to `unserialize` is highly recommended to fully assess and mitigate these risks.",[435,438,441],{"reason":436,"points":437},"Use of unserialize function",15,{"reason":439,"points":440},"Flows with unsanitized paths",7,{"reason":442,"points":225},"Output escaping is not fully proper (68%)","2026-03-16T19:47:40.209Z",{"wat":445,"direct":455},{"assetPaths":446,"generatorPatterns":450,"scriptPaths":451,"versionParams":452},[447,448,449],"\u002Fwp-content\u002Fplugins\u002Ffile-un-attach\u002Fcss\u002Ffile-unattach.css","\u002Fwp-content\u002Fplugins\u002Ffile-un-attach\u002Fjs\u002Ffile-unattach.js","\u002Fwp-content\u002Fplugins\u002Ffile-un-attach\u002Fjs\u002Ffile-unattach.min.js",[],[448,449],[453,454],"file-unattach\u002Fcss\u002Ffile-unattach.css?ver=","file-unattach\u002Fjs\u002Ffile-unattach.js?ver=",{"cssClasses":456,"htmlComments":461,"htmlAttributes":462,"restEndpoints":468,"jsGlobals":469,"shortcodeOutput":472},[457,458,459,460],"fun-attach","attached-list","fun-unattach-row","fun-find-posts",[],[463,464,465,466,467],"id=\"attached-list-","class=\"attached-list\"","id=\"file-unattch-","class=\"fun-unattach-row\"","id=\"fun-find-posts-",[],[470,471],"window.fun_wp_version","window.fun_max_upload_size",[]]