[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUPT-rp2ajYlAIOxMVWKEnMbLBQiMJzXPSCm-nw5QQ4Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":144,"fingerprints":185},"find-posts-using-attachment","Find Posts Using Attachment","1.0","Sergey Biryukov","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeybiryukov\u002F","\u003Cp>Allows to find all posts where a particular attachment (image, video, etc.) is used.\u003C\u002Fp>\n\u003Cp>Adds a “Used In” column to the list view in Media Library, as well as to the attachment details modal.\u003C\u002Fp>\n\u003Cp>Finds posts that use the image (including any of its intermediate sizes) in post content, or as a featured image. Works with custom post types too.\u003C\u002Fp>\n\u003Cp>Inspired by a \u003Ca href=\"http:\u002F\u002Fwptavern.com\u002Fthe-problem-with-image-attachments-in-wordpress\" rel=\"nofollow ugc\">WP Tavern post\u003C\u002Fa> on image attachments.\u003C\u002Fp>\n","Allows to find all posts where a particular attachment is used.",1000,12609,88,27,"2021-06-01T20:21:00.000Z","5.8.13","3.5","5.2.4",[20,21,22,23],"attachment","image","media","posts","http:\u002F\u002Fwptavern.com\u002Fthe-problem-with-image-attachments-in-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffind-posts-using-attachment.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"sergeybiryukov",23,312630,86,30,84,"2026-04-04T00:36:29.580Z",[40,61,85,103,124],{"slug":41,"name":42,"version":6,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":11,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"disable-media-permalink-by-hardweb-it","Disable Media Permalink by Hardweb.it","giangel84","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiangel84\u002F","\u003Cp>Completely disable the Media Permalink generated by WP.\u003Cbr \u002F>\nIt’s useful for websites who doesn’t need the attachment’s page, it reduce Cookiebot crawled pages and more over.\u003Cbr \u002F>\nIt’s easy to use, no options, just activate the plugin and it will work as expected.\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>If you like this plugin and want to support my work, you can make a donation at this address: https:\u002F\u002Fwww.paypal.com\u002Fdonate?hosted_button_id=DEFQGNU2RNQ4Y – Thank you very much!\u003C\u002Fp>\n","Completely disable the Media Permalink generated by WP.",7902,82,7,"2026-03-04T15:49:00.000Z","6.9.4","6.0","7.4",[20,55,22,56,57],"images","permalink","remove-url","https:\u002F\u002Fhardweb.it\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-media-permalink-by-hardweb-it.1.0.zip",100,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":81,"download_link":82,"security_score":37,"vuln_count":83,"unpatched_count":27,"last_vuln_date":84,"fetched_at":29},"wp-attachment-export","WP Attachment Export","0.3.3","Pete","https:\u002F\u002Fprofiles.wordpress.org\u002Fhelvetian\u002F","\u003Cp>\u003Cstrong>Note: Obsolete since WordPress 4.4\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F32230\" rel=\"nofollow ugc\">This feature has been added into the core of WordPress 4.4\u003C\u002Fa>. You can now export your attachments by going to Tools->Export and select ‘Media’ as the export type.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Original Description\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Attachment Export allows you to export your media library into a WordPress eXtended RSS or WXR file. You can then use the Tools->Import function in another WordPress installation to import the media library.\u003C\u002Fp>\n\u003Ch4>Issues \u002F Bug reporting\u003C\u002Fh4>\n\u003Cp>Found a bug? Please use the issue tracker at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthehelvetian\u002Fwp-attachment-export\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fthehelvetian\u002Fwp-attachment-export\u002Fissues\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>User \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fphilho\" rel=\"ugc\">PhiLho\u003C\u002Fa> has put together a good summary on how to use the plugin at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgood-but-could-use-more-explanations\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgood-but-could-use-more-explanations\u003C\u002Fa>. Thanks PhiLho!\u003C\u002Fp>\n","Exports only posts of type 'attachment', i.e. your media library",700,53108,92,19,"2017-11-28T21:33:00.000Z","4.3.34","3.0","",[78,79,80,21,22],"admin","attachments","export","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-attachment-export","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-attachment-export.zip",1,"2015-07-15 00:00:00",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":83,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":76,"tags":99,"homepage":76,"download_link":102,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"recent-featured-posts-widget","Recent & Featured Posts Widget","1.1.0","graysea","https:\u002F\u002Fprofiles.wordpress.org\u002Fgraysea\u002F","\u003Cp>Recent & Featured Posts Widget adds a list of recent posts or posts of your choosing with thumbnail images, post titles, dates, times, and excerpts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Excerpt Length.\u003C\u002Fstrong> Change the number of words in the post excerpt.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Excerpt Display.\u003C\u002Fstrong> Show the excerpt as a dropdown when someone hovers over a section or display the excerpt directly on the page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSS Modification.\u003C\u002Fstrong> Modify certain CSS values including image width, text position, and border.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Featured Posts.\u003C\u002Fstrong> Don’t want to show recent posts? Enter a list of post IDs. The number of posts shown will depend on the total number of IDs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Thumbnail Images.\u003C\u002Fstrong> Choose to show featured image, or the oldest image attached to a post is shown by default.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Images of your Choosing.\u003C\u002Fstrong> Enter a list of image IDs to replace the default images. Images are shown in the order listed.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Date and Time.\u003C\u002Fstrong> Show or hide the post date and\u002For time.  Choose a separator that goes between date and time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Include Sticky Posts.\u003C\u002Fstrong> If you include sticky posts, an extra post is added. I.e. if the ‘Number of posts to show’ is 5 and you select ‘Include Sticky Posts’, 6 posts will be shown.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rectangular or Circular Image.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n","Display recent posts or manually selected posts with thumbnail images. Show the excerpt directly on the page or as a dropdown.",600,6182,80,"2016-02-12T15:02:00.000Z","4.4.34","3.6",[100,101,21,55,22],"featured","featured-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-featured-posts-widget.1.1.0.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":95,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":76,"tags":117,"homepage":120,"download_link":121,"security_score":122,"vuln_count":83,"unpatched_count":83,"last_vuln_date":123,"fetched_at":29},"gallery-widget","Gallery Widget","1.2.1","cybio","https:\u002F\u002Fprofiles.wordpress.org\u002Fcybio\u002F","\u003Cp>Gallery Widget is a simple plugin that let you show the latest\u002Frandom images of\u003Cbr \u002F>\nthe wordpress media gallery inside a widget, directly in your templates (it is\u003Cbr \u002F>\npossible to choose some categories to be included\u002Fexcluded) or in posts\u002Fpages\u003Cbr \u002F>\nusing a shortcode (see faq on how to use them).\u003C\u002Fp>\n\u003Cp>For more information on how to use this plugin see \u003Ca href=\"http:\u002F\u002Fblog.splash.de\u002Fplugins\u002F\" rel=\"nofollow ugc\">splash 😉\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please report bugs and\u002For feature-request to the ticket-system: \u003Ca href=\"http:\u002F\u002Ftrac.splash.de\u002Fgallerywidget\" rel=\"nofollow ugc\">TicketSystem\u002FWiki\u003C\u002Fa>.\u003Cbr \u002F>\nFor Support, please use the \u003Ca href=\"http:\u002F\u002Fboard.splash.de\u002Fforumdisplay.php?f=102\" rel=\"nofollow ugc\">forum\u003C\u002Fa>.\u003Cbr \u002F>\nLatest development news: \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fcybiox9\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>.\u003C\u002Fp>\n","Simple widget to show the latest\u002Frandom images of the WordPress media library as a Widget, using a shortcode or directly with a php-function.",500,83367,2,"2011-03-18T20:44:00.000Z","3.1.0","2.8",[20,118,21,22,119],"gallery","widget","http:\u002F\u002Fblog.splash.de\u002Fplugins\u002Fgallery-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgallery-widget.1.2.1.zip",63,"2025-07-04 00:00:00",{"slug":125,"name":126,"version":6,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":76,"tags":138,"homepage":142,"download_link":143,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"automatic-featured-image-posts","Automatic Featured Image Posts","Jeremy Felt","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeremyfelt\u002F","\u003Cp>Automatic Featured Image Posts creates a new post with a Featured Image every time an image is uploaded. Through the plugin settings page, you can set the image to publish and assign itself to one of your other existing custom post types and\u002For post formats.\u003C\u002Fp>\n\u003Cp>The imagined use case is to make managing a large number of photos through WordPress a little more interesting and a little more fun.\u003C\u002Fp>\n\u003Cp>After uploading 10, 100, or 1000 pictures from an event or vacation, you and other users can go through and spend the majority of your time adding content, tags, and titles to your photographs rather than going through a monotonous process creating new posts over and over again.\u003C\u002Fp>\n\u003Cp>Settings are available for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Default Post Status (draft, pending, published, private)\u003C\u002Fli>\n\u003Cli>Default Post Type\n\u003Cul>\n\u003Cli>Default is the WordPress post.\u003C\u002Fli>\n\u003Cli>Can choose any custom post type registered in your WordPress installation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Default Post Format\n\u003Cul>\n\u003Cli>Default is ‘standard’, which equates to none.\u003C\u002Fli>\n\u003Cli>Other options are provided if registered by your theme\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Filters are available for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>afip_new_post_title\u003C\u002Fcode> = Allow other functions or themes to change the post title before creation.\u003C\u002Fli>\n\u003Cli>\u003Ccode>afip_new_post_category\u003C\u002Fcode> = Allow other functions or themes to change the post categories before creation.\u003C\u002Fli>\n\u003Cli>\u003Ccode>afip_new_post_content\u003C\u002Fcode> = Allow other functions or themes to change the post content before creation.\u003C\u002Fli>\n\u003Cli>\u003Ccode>afip_new_post_date\u003C\u002Fcode> = Allow other functions or themes to change the post date before creation.\u003C\u002Fli>\n\u003Cli>\u003Ccode>afip_post_parent_continue\u003C\u002Fcode> = Allow creation of a new post when an image is inserted in an existing post.\u003C\u002Fli>\n\u003Cli>\u003Ccode>afip_continue_new_post\u003C\u002Fcode> = Allow other functions or themes to skip creation of a post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Actions are available for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>afip_pre_create_post\u003C\u002Fcode> = Runs immediately before each post is created for an image.\u003C\u002Fli>\n\u003Cli>\u003Ccode>afip_created_post\u003C\u002Fcode> = Runs after each image load is processed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjeremyfelt\u002FAutomatic-Featured-Image-Posts\" rel=\"nofollow ugc\">fork, submit issues, and\u002For contribute on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Automatic Featured Image Posts creates a new post with a Featured Image every time an image is uploaded.",300,55211,96,12,"2013-11-02T06:11:00.000Z","3.7.41","3.2.1",[139,22,140,141,23],"featured-image","photo","pictures","http:\u002F\u002Fjeremyfelt.com\u002Fwordpress\u002Fplugins\u002Fautomatic-featured-image-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-featured-image-posts.1.0.zip",{"attackSurface":145,"codeSignals":167,"taintFlows":177,"riskAssessment":178,"analyzedAt":184},{"hooks":146,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":27,"unprotectedCount":27},[147,153,158,160],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","plugins_loaded","load_plugin_textdomain","find-posts-using-attachment.php",15,{"type":154,"name":155,"callback":155,"priority":156,"file":151,"line":157},"filter","attachment_fields_to_edit",10,17,{"type":154,"name":159,"callback":159,"file":151,"line":72},"manage_media_columns",{"type":148,"name":161,"callback":161,"priority":156,"file":151,"line":162},"manage_media_custom_column",20,[],[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":83,"bundledLibraries":176},[],{"prepared":27,"raw":27,"locations":170},[],{"escaped":27,"rawEcho":83,"locations":172},[173],{"file":151,"line":174,"context":175},160,"raw output",[],[],{"summary":179,"deductions":180},"Based on the provided static analysis, the \"find-posts-using-attachment\" v1.0 plugin exhibits a generally strong security posture. The plugin has no identified CVEs in its history and demonstrates good practices by not utilizing dangerous functions, avoiding raw SQL queries in favor of prepared statements, and having no external HTTP requests or file operations. The attack surface is zero, meaning there are no direct entry points like AJAX handlers, REST API routes, or shortcodes, which significantly reduces the potential for exploitation.\n\nHowever, there are a couple of areas that warrant attention. The static analysis reports one output that is not properly escaped. While the taint analysis shows no unsanitized paths, unescaped output can still lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is reflected directly in the output without sanitization. Additionally, the plugin has one capability check but no nonce checks are identified. While the lack of direct entry points mitigates the risk of direct nonce bypass, the absence of nonce checks on any potential (even if not immediately apparent) administrative actions could be a weakness if the plugin were to evolve or if unexpected interactions occurred.\n\nOverall, the plugin is in a good state, with the primary concern being the unescaped output. The absence of historical vulnerabilities and a minimal attack surface are significant strengths. The lack of identified taint flows and dangerous functions further bolsters its security. The recommendations would be to address the unescaped output to prevent potential XSS and to consider implementing nonce checks if any administrative functionalities are present or planned.",[181],{"reason":182,"points":183},"Unescaped output found",5,"2026-03-16T19:06:16.243Z",{"wat":186,"direct":191},{"assetPaths":187,"generatorPatterns":188,"scriptPaths":189,"versionParams":190},[],[],[],[],{"cssClasses":192,"htmlComments":193,"htmlAttributes":194,"restEndpoints":195,"jsGlobals":196,"shortcodeOutput":197},[],[],[],[],[],[198,199,200,201,202,203,204],"\u003Cstrong>","\u003C\u002Fstrong>, ","\u003Cbr \u002F>","(as Featured Image and in content)","(as Featured Image)","(in content)","(Unused)"]