[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7jpY7_6xSteqllsaw18FbffjuxvdHIRpgrVkmydg4go":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":110,"fingerprints":198},"gp-auto-extract","GP Auto Extract","1.1","Greg Ross","https:\u002F\u002Fprofiles.wordpress.org\u002Fgregross\u002F","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fglotpress\" rel=\"ugc\">GlotPress\u003C\u002Fa> that adds an option to extract original strings from a remote source repo directly in to a GlotPress project.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>WordPress, GitHub and custom sources.\u003C\u002Fli>\n\u003Cli>Private GitHub repos with HTTP basic authentication.\u003C\u002Fli>\n\u003Cli>GitHub tags and branches.\u003C\u002Fli>\n\u003Cli>Importing for an existing extract file.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>To set it up, go to Settings->GP Auto Extract in WordPress. You’ll see a list of your projects in GP, you can edit the settings for each one:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Source Type\u003C\u002Fli>\n\u003Cli>Setting\u003C\u002Fli>\n\u003Cli>Branch\u002FTag (for GitHub repos only)\u003C\u002Fli>\n\u003Cli>Use HTTP Basic Authentication (for GitHub repos only)\u003C\u002Fli>\n\u003Cli>Import from existing file\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Each source type has the following settings associated with it:\u003C\u002Fp>\n\u003Col>\n\u003Cli>None – Don’t auto extract this project.\u003C\u002Fli>\n\u003Cli>WordPress.org – the slug for the WordPress.org SVN repo to extract from (for example “gp-auto-extract” for this plugin).\u003C\u002Fli>\n\u003Cli>GitHub – The user name and repo name on GitHub to extract from (for example “toolstack\u002Fgp-auto-extract”).\u003C\u002Fli>\n\u003Cli>Custom – a complete url to a ZIP file containing the source code to extract from.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once the setting has be entered, you can save them with the button to the right and then run an extract which will update the originals in the given project from the source selected.\u003C\u002Fp>\n","A plugin for GlotPress that adds an option to extract original strings from a remote source repo directly in to a GlotPress project.",10,2838,0,"2024-11-07T00:24:00.000Z","6.6.5","4.4","",[19,20],"glotpress","translation","http:\u002F\u002Fglot-o-matic.com\u002Fgp-auto-extract","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-auto-extract.1.1.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"gregross",34,7510,88,39,80,"2026-04-04T03:49:22.115Z",[36,59,75,87,99],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"localize","Localize WordPress","0.4","S","https:\u002F\u002Fprofiles.wordpress.org\u002Fsushkov\u002F","\u003Cp>This plugin allows you to switch your WordPress installation to use any of the\u003Cbr \u002F>\nlanguages available on \u003Ca href=\"http:\u002F\u002Ftranslate.wordpress.org\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Some of the features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No gettext compiler required!\u003C\u002Fli>\n\u003Cli>Does all the dirty work from editing \u003Ccode>wp-config.php\u003C\u002Fcode> to downloading the right files\u003C\u002Fli>\n\u003Cli>Can switch between versions. Available: stable and dev\u003C\u002Fli>\n\u003Cli>Uses GlotPress api!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F19433386\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Easily switch to any localization from GlotPress",200,23338,90,2,"2011-07-06T00:08:00.000Z","3.2.1","2.9",[19,52,53,54,55],"locale","localization","switch","translations","https:\u002F\u002Fgithub.com\u002Fstas\u002Flocalize","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocalize.0.4.zip",85,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":13,"num_ratings":13,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":17,"tags":72,"homepage":73,"download_link":74,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wp-translation","WP Translation Status","0.1","Pascal Casier","https:\u002F\u002Fprofiles.wordpress.org\u002Fcasiepa\u002F","\u003Cp>Let admins have a direct way to the translation of a plugin with an action link on the plugins page.\u003C\u002Fp>\n\u003Cp>Current features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It verifies the local site language and points you to the plugins central translation on GlotPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","Make a link to GlotPress centralised translation so contributor can help translating the plugin that do not have yet a translation in the local site l …",100,843,"2016-09-05T07:58:00.000Z","4.6.30","4.0",[19,20],"http:\u002F\u002Fcasier.eu\u002Fwp-dev","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-translation.zip",{"slug":76,"name":77,"version":78,"author":7,"author_profile":8,"description":79,"short_description":80,"active_installs":33,"downloaded":81,"rating":13,"num_ratings":13,"last_updated":82,"tested_up_to":83,"requires_at_least":16,"requires_php":17,"tags":84,"homepage":85,"download_link":86,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"gp-removed-powered-by","GP Remove Powered By","1.0","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGlotPress\u002FGlotPress-WP\" rel=\"nofollow ugc\">GlotPress as a WordPress plugin\u003C\u002Fa> that removes the “Powered By” in the footer.\u003C\u002Fp>\n","A plugin for GlotPress as a WordPress plugin that removes the \"Powered By\" in the footer.",6393,"2023-12-03T02:50:00.000Z","6.4.8",[19,20],"http:\u002F\u002Fglot-o-matic.com\u002Fgp-remove-powered-by","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-removed-powered-by.1.0.zip",{"slug":88,"name":89,"version":78,"author":7,"author_profile":8,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":67,"num_ratings":94,"last_updated":95,"tested_up_to":83,"requires_at_least":16,"requires_php":17,"tags":96,"homepage":97,"download_link":98,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"gp-additional-links","GP Additional Links","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGlotPress\u002FGlotPress-WP\" rel=\"nofollow ugc\">GlotPress as a WordPress plugin\u003C\u002Fa> that adds a link to the WordPress dashboard for admins in the GlotPress page as well as a link to the GlotPress page in the WordPress admin menu.\u003C\u002Fp>\n","A plugin for GlotPress as a WordPress plugin that adds a link to the WordPress dashboard for admins in the GlotPress page as well as a link to the Glo …",20,2044,1,"2023-12-03T02:47:00.000Z",[19,20],"http:\u002F\u002Fglot-o-matic.com\u002Fgp-additional-links","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-additional-links.1.0.zip",{"slug":100,"name":101,"version":102,"author":7,"author_profile":8,"description":103,"short_description":104,"active_installs":92,"downloaded":105,"rating":67,"num_ratings":94,"last_updated":106,"tested_up_to":83,"requires_at_least":16,"requires_php":17,"tags":107,"homepage":108,"download_link":109,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"gp-download-name","GP Download Name","0.6","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fglotpress\" rel=\"ugc\">GlotPress\u003C\u002Fa> that uses a customizable template for the download file name.\u003C\u002Fp>\n\u003Cp>Simply install, activate and configure via the WordPress settings menu.\u003C\u002Fp>\n\u003Cp>Note: this plugin requires GlotPress 2.3 or above.\u003C\u002Fp>\n","A plugin for GlotPress that uses a customizable template for the download file name.",1869,"2023-12-03T02:48:00.000Z",[19,20],"http:\u002F\u002Fglot-o-matic.com\u002Fgp-download-name","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-download-name.0.6.zip",{"attackSurface":111,"codeSignals":138,"taintFlows":191,"riskAssessment":192,"analyzedAt":197},{"hooks":112,"ajaxHandlers":134,"restRoutes":135,"shortcodes":136,"cronEvents":137,"entryPointCount":13,"unprotectedCount":13},[113,118,122,125,130],{"type":114,"name":115,"callback":115,"priority":11,"file":116,"line":117},"action","admin_menu","gp-auto-extract.php",105,{"type":114,"name":119,"callback":120,"file":116,"line":121},"admin_enqueue_scripts","load_custom_wp_admin_style",106,{"type":114,"name":123,"callback":123,"priority":11,"file":116,"line":124},"gp_project_actions",110,{"type":126,"name":127,"callback":128,"priority":11,"file":116,"line":129},"filter","http_request_args","authenticate_download",313,{"type":114,"name":131,"callback":132,"file":116,"line":133},"gp_init","gp_auto_extract_init",782,[],[],[],[],{"dangerousFunctions":139,"sqlUsage":164,"outputEscaping":166,"fileOperations":189,"externalRequests":13,"nonceChecks":94,"capabilityChecks":94,"bundledLibraries":190},[140,145,148,151,153,156,159,162],{"fn":141,"file":142,"line":143,"context":144},"system","include\\extract\\makepot.php",241,"system( \"msguniq --use-first $output_shell -o $output_shell\" );",{"fn":141,"file":142,"line":146,"context":147},305,"system( \"msguniq $output_shell -o $output_shell\" );",{"fn":141,"file":142,"line":149,"context":150},312,"system( \"msgcat --more-than=1 --use-first $frontend_pot $admin_pot > $common_pot\" );",{"fn":141,"file":142,"line":129,"context":152},"system( \"msgcat -u --use-first $admin_pot $common_pot -o $admin_pot\" );",{"fn":141,"file":142,"line":154,"context":155},350,"system( \"msgcat --more-than=1 --use-first $frontend_pot $admin_pot $net_admin_pot > $common_pot\" );",{"fn":141,"file":142,"line":157,"context":158},351,"system( \"msgcat -u --use-first $net_admin_pot $common_pot -o $net_admin_pot\" );",{"fn":141,"file":142,"line":160,"context":161},510,"system(\"msguniq $output_shell -o $output_shell\");",{"fn":141,"file":142,"line":163,"context":161},565,{"prepared":13,"raw":13,"locations":165},[],{"escaped":167,"rawEcho":11,"locations":168},69,[169,172,174,176,178,180,182,183,185,187],{"file":116,"line":170,"context":171},575,"raw output",{"file":116,"line":173,"context":171},670,{"file":116,"line":175,"context":171},681,{"file":116,"line":177,"context":171},683,{"file":116,"line":179,"context":171},684,{"file":116,"line":181,"context":171},700,{"file":116,"line":181,"context":171},{"file":116,"line":184,"context":171},716,{"file":116,"line":186,"context":171},736,{"file":116,"line":188,"context":171},749,41,[],[],{"summary":193,"deductions":194},"The gp-auto-extract plugin v1.1 exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events, especially without authentication checks, significantly limits the potential attack surface. The plugin also demonstrates good practices in SQL query handling, with 100% of queries using prepared statements, and a high percentage (87%) of output being properly escaped, which mitigates common cross-site scripting (XSS) risks. The lack of external HTTP requests further reduces its exposure to remote code execution or data leakage vulnerabilities.\n\nDespite these strengths, the presence of 8 'dangerous functions' is a notable concern. While the analysis doesn't specify the context of these functions (e.g., if they are used in a secure, controlled manner), their mere presence warrants careful review to ensure they are not exploitable. The taint analysis showing zero flows is positive, but this could also be due to the limited attack surface preventing such flows from being constructed. The vulnerability history is exceptionally clean, with no recorded CVEs, which suggests a history of secure development or at least a lack of publicly disclosed vulnerabilities. However, this absence of past issues does not guarantee future security, and the identified dangerous functions remain a point of potential risk.\n\nIn conclusion, the gp-auto-extract plugin v1.1 appears to be developed with security in mind, particularly regarding common web vulnerabilities like SQL injection and XSS, and it has a clean vulnerability track record. The primary area of caution lies in the use of 'dangerous functions,' which requires further investigation to ascertain their implementation and potential for abuse. The overall risk is assessed as low, but the presence of these functions prevents it from being negligible.",[195],{"reason":196,"points":11},"Presence of dangerous functions","2026-03-17T00:22:25.867Z",{"wat":199,"direct":208},{"assetPaths":200,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[201,202],"\u002Fwp-content\u002Fplugins\u002Fgp-auto-extract\u002Fcss\u002Fgp-auto-extract.css","\u002Fwp-content\u002Fplugins\u002Fgp-auto-extract\u002Fjs\u002Fgp-auto-extract.js",[],[202],[206,207],"gp-auto-extract\u002Fcss\u002Fgp-auto-extract.css?ver=","gp-auto-extract\u002Fjs\u002Fgp-auto-extract.js?ver=",{"cssClasses":209,"htmlComments":210,"htmlAttributes":211,"restEndpoints":212,"jsGlobals":214,"shortcodeOutput":216},[],[],[],[213],"\u002Fauto-extract\u002F(.+?)",[215],"gpae",[217,218],"gp_link_get( gp_url( 'auto-extract\u002F","__('Auto Extract')"]