[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGKePv2PevNKO71CyfK-9Yn6ImzFJuk7JqDvfIlO7F2g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":40,"fingerprints":99},"hiweb-image-orient","hiWeb Image Orient","1.1","Den Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fden-media\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>The plugin processes images in two cases:\u003Cbr \u002F>\n1. At the time of loading on the site\u003Cbr \u002F>\n2. The batch processing\u003Cbr \u002F>\nImages overturned on the basis of reading EXIF meta data, namely the value “Orientation”\u003C\u002Fp>\n\u003Ch4>Русский\u003C\u002Fh4>\n\u003Cp>Плагин обрабатывает изображения в двух случаях:\u003Cbr \u002F>\n1. В момент загрузки на сайт\u003Cbr \u002F>\n2. В пакетной обработке\u003Cbr \u002F>\nИзображения переворачиваються на основании чтения EXIF мета данных, а именно значения “Orientation”\u003C\u002Fp>\n","The plugin automatically turns photos taken on a smartphone, reading EXIF information from jpeg file. Плагин автоматически поворачивает фотографии, сд …",10,1337,60,2,"2018-02-23T11:08:00.000Z","4.5.33","4.0","",[20,21,22,23,24],"automatic-photo","automatic-picture","change-images-angle","change-photo-angle","free-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhiweb-image-orient.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"den-media",9,100,83,30,82,"2026-04-05T09:10:53.065Z",[],{"attackSurface":41,"codeSignals":69,"taintFlows":87,"riskAssessment":88,"analyzedAt":98},{"hooks":42,"ajaxHandlers":57,"restRoutes":66,"shortcodes":67,"cronEvents":68,"entryPointCount":14,"unprotectedCount":14},[43,48,53],{"type":44,"name":45,"callback":46,"file":47,"line":11},"action","admin_menu","_hw_io_add_submenu_page","inc\\adminmenu.php",{"type":49,"name":50,"callback":51,"file":52,"line":33},"filter","wp_handle_upload_prefilter","_hw_io_hook_wp_handle_upload_prefilter","inc\\hooks.php",{"type":44,"name":54,"callback":55,"file":56,"line":33},"admin_enqueue_scripts","_hw_io_wp_enqueue_scripts","inc\\scripts.php",[58,63],{"action":59,"nopriv":60,"callback":61,"hasNonce":60,"hasCapCheck":60,"file":62,"line":11},"hiweb_image_orient",false,"_hw_io_ajax","inc\\ajax.php",{"action":59,"nopriv":64,"callback":61,"hasNonce":60,"hasCapCheck":60,"file":62,"line":65},true,11,[],[],[],{"dangerousFunctions":70,"sqlUsage":71,"outputEscaping":73,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":86},[],{"prepared":27,"raw":27,"locations":72},[],{"escaped":74,"rawEcho":75,"locations":76},1,3,[77,81,84],{"file":78,"line":79,"context":80},"inc\\functions.php",103,"raw output",{"file":82,"line":83,"context":80},"template\\_hw_io_tool_template.php",20,{"file":82,"line":85,"context":80},33,[],[],{"summary":89,"deductions":90},"The \"hiweb-image-orient\" plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and it has no recorded history of vulnerabilities or known CVEs, suggesting a relatively stable and secure codebase to date.  There are no instances of dangerous functions, file operations, external HTTP requests, or bundled libraries to raise immediate concerns. However, the plugin presents significant security weaknesses due to its unprotected entry points.  The presence of two AJAX handlers without any authentication or capability checks creates a substantial attack surface. This means that any user, even unauthenticated ones, can trigger these AJAX actions, potentially leading to unintended consequences or exploitation if the handler logic is flawed.  The absence of taint analysis results in the provided data means we cannot assess the risk of unsanitized input leading to vulnerabilities within these handlers.  While the vulnerability history is clean, the unprotected AJAX handlers are a critical oversight that could be easily exploited if a vulnerability exists within them. The lack of nonce checks further exacerbates this risk. Therefore, while the plugin's core logic appears sound in certain areas, the exposed AJAX endpoints represent a critical vulnerability that must be addressed.",[91,93,96],{"reason":92,"points":11},"Unprotected AJAX handlers (2)",{"reason":94,"points":95},"Missing nonce checks on AJAX",5,{"reason":97,"points":95},"Low output escaping coverage (25%)","2026-03-17T00:38:57.300Z",{"wat":100,"direct":107},{"assetPaths":101,"generatorPatterns":104,"scriptPaths":105,"versionParams":106},[102,103],"\u002Fwp-content\u002Fplugins\u002Fhiweb-image-orient\u002Fcss\u002Fbackend.css","\u002Fwp-content\u002Fplugins\u002Fhiweb-image-orient\u002Fjs\u002Fhw-io-tool.js",[],[103],[],{"cssClasses":108,"htmlComments":110,"htmlAttributes":111,"restEndpoints":112,"jsGlobals":113,"shortcodeOutput":115},[109],"hw_io_message_done",[],[],[],[114],"hw_io_tool",[]]