[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffkKatdFa930OvFqQxZYT7fLXNkCsgK6YZnlwCFr2P_0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":106,"fingerprints":198},"gp-download-name","GP Download Name","0.6","Greg Ross","https:\u002F\u002Fprofiles.wordpress.org\u002Fgregross\u002F","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fglotpress\" rel=\"ugc\">GlotPress\u003C\u002Fa> that uses a customizable template for the download file name.\u003C\u002Fp>\n\u003Cp>Simply install, activate and configure via the WordPress settings menu.\u003C\u002Fp>\n\u003Cp>Note: this plugin requires GlotPress 2.3 or above.\u003C\u002Fp>\n","A plugin for GlotPress that uses a customizable template for the download file name.",20,1869,100,1,"2023-12-03T02:48:00.000Z","6.4.8","4.4","",[20,21],"glotpress","translation","http:\u002F\u002Fglot-o-matic.com\u002Fgp-download-name","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-download-name.0.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"gregross",34,7510,88,39,80,"2026-04-04T09:20:50.739Z",[38,60,75,86,96],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":58,"download_link":59,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"localize","Localize WordPress","0.4","S","https:\u002F\u002Fprofiles.wordpress.org\u002Fsushkov\u002F","\u003Cp>This plugin allows you to switch your WordPress installation to use any of the\u003Cbr \u002F>\nlanguages available on \u003Ca href=\"http:\u002F\u002Ftranslate.wordpress.org\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Some of the features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No gettext compiler required!\u003C\u002Fli>\n\u003Cli>Does all the dirty work from editing \u003Ccode>wp-config.php\u003C\u002Fcode> to downloading the right files\u003C\u002Fli>\n\u003Cli>Can switch between versions. Available: stable and dev\u003C\u002Fli>\n\u003Cli>Uses GlotPress api!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F19433386\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Easily switch to any localization from GlotPress",200,23338,90,2,"2011-07-06T00:08:00.000Z","3.2.1","2.9",[20,54,55,56,57],"locale","localization","switch","translations","https:\u002F\u002Fgithub.com\u002Fstas\u002Flocalize","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocalize.0.4.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":13,"downloaded":68,"rating":25,"num_ratings":25,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":73,"download_link":74,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"wp-translation","WP Translation Status","0.1","Pascal Casier","https:\u002F\u002Fprofiles.wordpress.org\u002Fcasiepa\u002F","\u003Cp>Let admins have a direct way to the translation of a plugin with an action link on the plugins page.\u003C\u002Fp>\n\u003Cp>Current features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It verifies the local site language and points you to the plugins central translation on GlotPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","Make a link to GlotPress centralised translation so contributor can help translating the plugin that do not have yet a translation in the local site l …",843,"2016-09-05T07:58:00.000Z","4.6.30","4.0",[20,21],"http:\u002F\u002Fcasier.eu\u002Fwp-dev","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-translation.zip",{"slug":76,"name":77,"version":78,"author":7,"author_profile":8,"description":79,"short_description":80,"active_installs":35,"downloaded":81,"rating":25,"num_ratings":25,"last_updated":82,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":83,"homepage":84,"download_link":85,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"gp-removed-powered-by","GP Remove Powered By","1.0","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGlotPress\u002FGlotPress-WP\" rel=\"nofollow ugc\">GlotPress as a WordPress plugin\u003C\u002Fa> that removes the “Powered By” in the footer.\u003C\u002Fp>\n","A plugin for GlotPress as a WordPress plugin that removes the \"Powered By\" in the footer.",6393,"2023-12-03T02:50:00.000Z",[20,21],"http:\u002F\u002Fglot-o-matic.com\u002Fgp-remove-powered-by","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-removed-powered-by.1.0.zip",{"slug":87,"name":88,"version":78,"author":7,"author_profile":8,"description":89,"short_description":90,"active_installs":11,"downloaded":91,"rating":13,"num_ratings":14,"last_updated":92,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":93,"homepage":94,"download_link":95,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"gp-additional-links","GP Additional Links","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGlotPress\u002FGlotPress-WP\" rel=\"nofollow ugc\">GlotPress as a WordPress plugin\u003C\u002Fa> that adds a link to the WordPress dashboard for admins in the GlotPress page as well as a link to the GlotPress page in the WordPress admin menu.\u003C\u002Fp>\n","A plugin for GlotPress as a WordPress plugin that adds a link to the WordPress dashboard for admins in the GlotPress page as well as a link to the Glo …",2044,"2023-12-03T02:47:00.000Z",[20,21],"http:\u002F\u002Fglot-o-matic.com\u002Fgp-additional-links","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-additional-links.1.0.zip",{"slug":97,"name":98,"version":78,"author":7,"author_profile":8,"description":99,"short_description":100,"active_installs":11,"downloaded":101,"rating":13,"num_ratings":14,"last_updated":18,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":102,"homepage":103,"download_link":104,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":105},"gp-single-click-edit","GP Single Click Edit","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGlotPress\u002FGlotPress-WP\" rel=\"nofollow ugc\">GlotPress as a WordPress plugin\u003C\u002Fa> that allows you to single click a translation row to open the editor.\u003C\u002Fp>\n","A plugin for GlotPress as a WordPress plugin that allows you to single click a translation row to open the editor.",2544,[20,21],"http:\u002F\u002Fglot-o-matic.com\u002Fgp-single-click-edit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-single-click-edit.1.1.zip","2026-03-15T10:48:56.248Z",{"attackSurface":107,"codeSignals":126,"taintFlows":138,"riskAssessment":188,"analyzedAt":197},{"hooks":108,"ajaxHandlers":122,"restRoutes":123,"shortcodes":124,"cronEvents":125,"entryPointCount":25,"unprotectedCount":25},[109,115,118],{"type":110,"name":111,"callback":111,"priority":112,"file":113,"line":114},"action","gp_export_translations_filename",10,"gp-download-name.php",23,{"type":110,"name":116,"callback":116,"priority":112,"file":113,"line":117},"admin_menu",27,{"type":110,"name":119,"callback":120,"file":113,"line":121},"gp_init","gp_download_name_init",153,[],[],[],[],{"dangerousFunctions":127,"sqlUsage":128,"outputEscaping":130,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":14,"bundledLibraries":137},[],{"prepared":25,"raw":25,"locations":129},[],{"escaped":49,"rawEcho":49,"locations":131},[132,135],{"file":113,"line":133,"context":134},66,"raw output",{"file":113,"line":136,"context":134},76,[],[139,173],{"entryPoint":140,"graph":141,"unsanitizedCount":25,"severity":172},"admin_page (gp-download-name.php:36)",{"nodes":142,"edges":167},[143,148,153,157,160,162],{"id":144,"type":145,"label":146,"file":113,"line":147},"n0","source","$_POST['gp-download-name']",46,{"id":149,"type":150,"label":151,"file":113,"line":147,"wp_function":152},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":154,"type":145,"label":155,"file":113,"line":156},"n2","$_POST",43,{"id":158,"type":150,"label":151,"file":113,"line":159,"wp_function":152},"n3",57,{"id":161,"type":145,"label":155,"file":113,"line":156},"n4",{"id":163,"type":150,"label":164,"file":113,"line":165,"wp_function":166},"n5","echo() [XSS]",74,"echo",[168,170,171],{"from":144,"to":149,"sanitized":169},true,{"from":154,"to":158,"sanitized":169},{"from":161,"to":163,"sanitized":169},"low",{"entryPoint":174,"graph":175,"unsanitizedCount":25,"severity":172},"\u003Cgp-download-name> (gp-download-name.php:0)",{"nodes":176,"edges":184},[177,178,179,181,182,183],{"id":144,"type":145,"label":146,"file":113,"line":147},{"id":149,"type":150,"label":151,"file":113,"line":147,"wp_function":152},{"id":154,"type":145,"label":180,"file":113,"line":156},"$_POST (x2)",{"id":158,"type":150,"label":151,"file":113,"line":159,"wp_function":152},{"id":161,"type":145,"label":155,"file":113,"line":156},{"id":163,"type":150,"label":164,"file":113,"line":165,"wp_function":166},[185,186,187],{"from":144,"to":149,"sanitized":169},{"from":154,"to":158,"sanitized":169},{"from":161,"to":163,"sanitized":169},{"summary":189,"deductions":190},"The 'gp-download-name' plugin v0.6 exhibits a generally strong security posture based on the provided static analysis.  The absence of identified dangerous functions, SQL injection vulnerabilities due to prepared statements, and file operation risks are commendable. Taint analysis also revealed no critical or high severity flows, suggesting the plugin is likely not susceptible to common injection attacks. The limited attack surface and the presence of at least one capability check are positive indicators.\n\nHowever, a significant concern arises from the 50% of output operations that are not properly escaped. This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is incorporated into these unescaped outputs. The complete lack of nonce checks, while not immediately detrimental given the zero entry points, could become a weakness if new entry points are added in future versions without corresponding security measures. The plugin's vulnerability history is currently clean, which is a positive sign, but this doesn't negate the identified code-level risks.\n\nIn conclusion, while the plugin has a clean history and good practices in critical areas like SQL and file handling, the unescaped output represents a tangible risk that needs immediate attention. The lack of nonce checks, though minor now, should be monitored for future development. The overall security is decent but has a specific, exploitable weakness.",[191,194],{"reason":192,"points":193},"Half of output operations are not properly escaped",6,{"reason":195,"points":196},"No nonce checks present",3,"2026-03-16T23:03:17.149Z",{"wat":199,"direct":204},{"assetPaths":200,"generatorPatterns":201,"scriptPaths":202,"versionParams":203},[],[],[],[],{"cssClasses":205,"htmlComments":211,"htmlAttributes":212,"restEndpoints":215,"jsGlobals":216,"shortcodeOutput":217},[206,207,208,209,210],"wrap","notice","notice-success","is-dismissible","notice-error",[],[213,214],"id=\"gp-download-name\"","name=\"gp-download-name\"",[],[],[]]