[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUkLT4U-aswKUp0y8fls3jHT82PeCo9qhtazUXE3oY1w":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":130,"fingerprints":296},"image-annotations","Image Annotations","1.13","M03G","https:\u002F\u002Fprofiles.wordpress.org\u002Fm03gen\u002F","\u003Cp>Image Annotations plugin lets readers to leave annotations to the selected area of the image in comments. Important: for now the plugin works only with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-images\u002F\" rel=\"ugc\">Comment Images\u003C\u002Fa> plugin (by Tom McFarlin).\u003C\u002Fp>\n\u003Cp>Readers can switch off the visibility of the selections as well as control the display of the comments. Only authorized users can leave annotations (also user can delete his own annotations).\u003C\u002Fp>\n\u003Cp>Плагин Image Annotations позволяет читателям оставлять аннотации к выделенной области на изображении в комментариях. Важно: на данный момент плагин работает только с плагином \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-images\u002F\" rel=\"ugc\">Comment Images\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Читатели могут контролировать видимость выделенных областей на изображении и включать и выключать отображение комментариев. Только зарегистрированные пользователи могут оставлять аннотации (также пользователь может удалить свою аннотацию).\u003C\u002Fp>\n","Image Annotations plugin lets readers to leave annotations to the selected area of the image in comments.",10,1877,0,"2015-10-05T19:36:00.000Z","4.3.34","3.8.1","",[19,20,21,22],"annotations","comments","images","note","http:\u002F\u002Fm03g.guriny.ru\u002Fimage-annotations\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-annotations.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"m03gen",1,30,84,"2026-04-04T04:59:17.314Z",[36,58,72,89,110],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":53,"download_link":54,"security_score":55,"vuln_count":56,"unpatched_count":13,"last_vuln_date":57,"fetched_at":27},"demon-image-annotation","demon image annotation","5.4","demonisblack","https:\u002F\u002Fprofiles.wordpress.org\u002Fdemonisblack\u002F","\u003Cp>This plugin allows you to add textual annotations to images by select a region of the image and then attach a textual description, the concept of annotating images with user comments.\u003Cbr \u002F>\nIntegration with JQuery Image Annotation from Chris (http:\u002F\u002Fwww.flipbit.co.uk\u002Fjquery-image-annotation.html) with PHP support from GitHub (http:\u002F\u002Fgithub.com\u002Fstas\u002Fjquery-image-annotate-php-fork).\u003C\u002Fp>\n\u003Ch3>Live Demo:\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin\" title=\"https:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Needs Your Support:\u003C\u002Fh3>\n\u003Cp>It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using demon Image Annotation and find it useful, please consider making a donation. Your donation will help encourage and support the plugin’s continued development and better user support. \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=HBKHFYS86E99Q&lc=MY&item_name=demon%20Image%20Annotation%20Plugin&item_number=dia_plugin&currency_code=MYR&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" title=\"Donate\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Some features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Option to approve, edit and remove image notes in admin page.\u003C\u002Fli>\n\u003Cli>Preview image annotation in admin page.\u003C\u002Fli>\n\u003Cli>Auto insert unique id attribute for all the images for image note.\u003C\u002Fli>\n\u003Cli>Option to allow image annotation for login user who can moderate comment only\u003C\u002Fli>\n\u003Cli>Gravatar in the notes\u003C\u002Fli>\n\u003Cli>Option to sync with wordpress comments.\u003C\u002Fli>\n\u003Cli>Option to show thumbnail in comment list.\u003C\u002Fli>\n\u003Cli>‘Mouseover to load notes’ on top of every image note (editable).\u003C\u002Fli>\n\u003Cli>‘Link’ on top of every image note if hyperlink image (editable).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>There’s a new method to exlcude image annotation after version 3, but previous version method id=”img-exclude” still work. \u003C\u002Fli>\n\u003Cli>Image preview for admin editing is only support version 3 and above, image note added with previous version will not support.\u003C\u002Fli>\n\u003C\u002Fol>\n","Allows you to add textual annotations to images by select a region of the image and then attach a textual description.",17161,100,2,"2026-01-05T09:36:00.000Z","6.9.4","2.5",[51,20,52,21,22],"comment","image","https:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdemon-image-annotation.zip",98,3,"2023-08-10 00:00:00",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":13,"num_ratings":13,"last_updated":67,"tested_up_to":68,"requires_at_least":49,"requires_php":17,"tags":69,"homepage":70,"download_link":71,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"guan-image-notes","Guan Image Notes","2.0","Makoto","https:\u002F\u002Fprofiles.wordpress.org\u002Fwgnwhite\u002F","\u003Cp>This plugin allows you and your visitors to add comment as textual annotations to images by select a region of the image and then attach a textual description, the concept of annotating images with user comments.\u003Cbr \u002F>\nThe text is intergrated with WordPress comment system.\u003Cbr \u002F>\nIntegration with \u003Ca href=\"http:\u002F\u002Fwww.flipbit.co.uk\u002Fjquery-image-annotation.html\" rel=\"nofollow ugc\">JQuery Image Annotation from Chris\u003C\u002Fa> with \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fstas\u002Fjquery-image-annotate-php-fork\" rel=\"nofollow ugc\">PHP support from GitHub\u003C\u002Fa>.\u003Cbr \u002F>\nModified from \u003Ca href=\"http:\u002F\u002Fwww.superwhite.cc\u002Fdemon\u002Fimage-annotation-plugin\" rel=\"nofollow ugc\">Demon Image Annotation version 1.0\u003C\u002Fa>.\u003Cbr \u002F>\nIcons from \u003Ca href=\"http:\u002F\u002Fwww.famfamfam.com\u002Flab\u002Ficons\u002Fsilk\u002F\" rel=\"nofollow ugc\">Fam Fam Fam\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Ability to add notes to your uploaded pictures.\u003C\u002Fli>\n\u003Cli>Show notes on single page, front page, archive page and etc.\u003C\u002Fli>\n\u003Cli>Notes synced with WordPress commenting system but there’s option to turn it off.\u003C\u002Fli>\n\u003Cli>Gravatar in the notes.\u003C\u002Fli>\n\u003Cli>Commentator’s name in the notes.\u003C\u002Fli>\n\u003Cli>Image thumbnail appear at comment area, but there’s option to turn it off.\u003C\u002Fli>\n\u003Cli>No hard coding required.\u003C\u002Fli>\n\u003Cli>Admin page.\u003C\u002Fli>\n\u003Cli>Remove all database if you wish to not using the plugin anymore.\u003C\u002Fli>\n\u003C\u002Fol>\n","Image tagging system sync with WordPress comment system. Or also known as image notes, or image annotation.",3843,"2010-12-18T12:30:00.000Z","3.0.5",[51,20,52,21,22],"http:\u002F\u002Fpangeran.org\u002Fguan-image-notes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguan-image-notes.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":13,"downloaded":80,"rating":45,"num_ratings":46,"last_updated":17,"tested_up_to":48,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":17,"download_link":87,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":88},"dans-annotator","Dan's Annotator","1.2.0","lazardanlucian","https:\u002F\u002Fprofiles.wordpress.org\u002Flazardanlucian\u002F","\u003Cp>Dan’s Annotator lets logged-in users (and email based collaborators) highlight elements on any page and discuss them in threaded comments. It adds a floating UI to create, browse, and close annotation threads, plus @-mentions with email notifications.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>– Custom database tables for threads, comments, tags, and collaborators (created on activation).\u003Cbr \u002F>\n– Admin bar toggle to enable\u002Fdisable annotation mode for logged-in users.\u003Cbr \u002F>\n– Front-end badges showing counts and a side panel UI for reading\u002Fposting comments.\u003Cbr \u002F>\n– @username tagging with autocomplete and email\u002Fadmin-notice notifications.\u003Cbr \u002F>\n– REST API endpoints used by the front-end JavaScript.\u003Cbr \u002F>\n– Support for outside collaborators with email-based or link-based access.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch3>@ Completion (User Tagging)\u003C\u002Fh3>\n\u003Cp>To mention a registered WordPress user in an annotation comment:\u003Cbr \u002F>\n1. Type \u003Ccode>@\u003C\u002Fcode> followed by the username or email\u003Cbr \u002F>\n2. An autocomplete dropdown will appear showing matching users\u003Cbr \u002F>\n3. Select the user from the list or continue typing their username\u003Cbr \u002F>\n4. The tagged user will receive a notification (admin notice for logged-in users)\u003C\u002Fp>\n\u003Cp>Example: \u003Ccode>@john\u003C\u002Fcode> or \u003Ccode>@admin\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>@email Collaborators (Email-Based Access)\u003C\u002Fh3>\n\u003Cp>To invite external collaborators who don’t have WordPress accounts:\u003Cbr \u002F>\n1. In a comment, type \u003Ccode>@\u003C\u002Fcode> followed by their email address\u003Cbr \u002F>\n2. Example: \u003Ccode>@john@doe.com\u003C\u002Fcode>\u003Cbr \u002F>\n3. The collaborator will automatically be created and receive an email with a secure magic link\u003Cbr \u002F>\n4. They can click the link to access and comment on the specific thread without creating an account\u003Cbr \u002F>\n5. Email-based collaborators are scoped to only the threads they’re tagged in\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The magic link is unique and secure, tied to their email address. Enable this feature in Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Annotator \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Outside Collaborators.\u003C\u002Fp>\n\u003Ch3>!@link Collaborators (Link-Based Access)\u003C\u002Fh3>\n\u003Cp>For lightweight collaborator access without requiring an email:\u003Cbr \u002F>\n1. In a comment, type \u003Ccode>!@\u003C\u002Fcode> followed by a name\u002Fidentifier\u003Cbr \u002F>\n2. Example: \u003Ccode>!@mike\u003C\u002Fcode> or \u003Ccode>!@designer\u003C\u002Fcode>\u003Cbr \u002F>\n3. A token-based collaborator is created with a shareable link\u003Cbr \u002F>\n4. Copy the generated link from the comment and share it directly\u003Cbr \u002F>\n5. Anyone with the link can participate using that collaborator identity\u003Cbr \u002F>\n6. Link-based collaborators are also scoped to the threads they’re tagged in\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Enable token-based collaborators in Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Annotator \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Token-based collaborators. This is useful for quick feedback without email verification.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GNU General Public License v2.0 or later.\u003C\u002Fp>\n","Lightweight front-end annotation tool with threads, tagging, and collaborator sessions.",203,"6.2","7.4",[19,84,20,85,86],"collaboration","feedback","page-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdans-annotator.1.2.0.zip","2026-03-15T10:48:56.248Z",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":33,"num_ratings":99,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":103,"tags":104,"homepage":108,"download_link":109,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"comment-image","Comment Image","1.2.3","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Comment Image enables blog readers to attach an image while leaving their comments.\u003Cbr \u002F>\nSupported formats are JPG, PNG, GIF.\u003C\u002Fp>\n\u003Cp>Uploaded images are inserted below the comment text as thumbnail (of configurable max dimensions) and linked to the original pictures.\u003C\u002Fp>\n\u003Cp>File selection field can be injected automatically or added manually.\u003C\u002Fp>\n\u003Cp>Original pictures and their thumbnails are stored in a separate folder for easy management.\u003C\u002Fp>\n\u003Cp>See the official \u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image\" rel=\"nofollow ugc\">Comment Image\u003C\u002Fa> page for more.\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable readers to attach an image to their comments.",1000,40981,6,"2021-08-28T08:40:00.000Z","5.8.13","4.6","5.6",[105,20,106,21,107],"attachments","gif","pictures","http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-image.1.2.3.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":45,"downloaded":118,"rating":119,"num_ratings":99,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":17,"tags":123,"homepage":127,"download_link":128,"security_score":25,"vuln_count":31,"unpatched_count":13,"last_vuln_date":129,"fetched_at":27},"embed-comment-images","Embed Images in Comments","0.6","Dugonja","https:\u002F\u002Fprofiles.wordpress.org\u002Fh3llas\u002F","\u003Cp>This plugins embeds image links in comments with the img tag so the image are visible in your comment timeline.\u003C\u002Fp>\n\u003Cp>Image formats supported:\u003Cbr \u002F>\n1. .jpg\u003Cbr \u002F>\n2. .gif\u003Cbr \u002F>\n3. .png\u003C\u002Fp>\n\u003Cp>You can specify your comment width so the images are fitted nicely. Images are not hosted on your server neither this plugin pickups any data.\u003C\u002Fp>\n\u003Cp>Do note that people can link extremely large images and your page loading can be compromised because of that.\u003C\u002Fp>\n\u003Cp>Demo:\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.ascic.net\u002Fembed-comment-images\u002F\" title=\"Embed Images in Comments\" rel=\"nofollow ugc\">Embed Comment Images\u003C\u002Fa>\u003C\u002Fp>\n","Embed direct image links in your comments with an img tag.",6194,94,"2017-08-16T19:33:00.000Z","4.8.28","3.7.1",[20,124,125,21,126],"convert","embed","links","http:\u002F\u002Fwww.ascic.net\u002Fembed-images-in-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-comment-images.0.6.zip","2017-08-16 00:00:00",{"attackSurface":131,"codeSignals":181,"taintFlows":224,"riskAssessment":283,"analyzedAt":295},{"hooks":132,"ajaxHandlers":163,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":56,"unprotectedCount":13},[133,139,142,147,151,155,159],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","wp_enqueue_scripts","ia_add_scripts","image-annotations.php",17,{"type":134,"name":135,"callback":140,"file":137,"line":141},"ia_add_style",18,{"type":143,"name":144,"callback":145,"file":137,"line":146},"filter","the_content","ia_add_form",19,{"type":134,"name":148,"callback":149,"file":137,"line":150},"plugins_loaded","ia_init",23,{"type":134,"name":152,"callback":153,"file":137,"line":154},"admin_menu","ia_register_menu",25,{"type":134,"name":156,"callback":157,"file":137,"line":158},"admin_init","ia_admin_init",26,{"type":143,"name":160,"callback":161,"file":137,"line":162},"comments_array","ia_display_annotation",28,[164,170,174],{"action":165,"nopriv":166,"callback":167,"hasNonce":168,"hasCapCheck":166,"file":137,"line":169},"add_annotation",false,"ia_add_text",true,20,{"action":171,"nopriv":166,"callback":172,"hasNonce":168,"hasCapCheck":166,"file":137,"line":173},"edit_annotation","ia_edit_text",21,{"action":175,"nopriv":166,"callback":176,"hasNonce":168,"hasCapCheck":166,"file":137,"line":177},"del_annotation","ia_delete_text",22,[],[],[],{"dangerousFunctions":182,"sqlUsage":200,"outputEscaping":216,"fileOperations":13,"externalRequests":13,"nonceChecks":56,"capabilityChecks":13,"bundledLibraries":223},[183,187,188,191,192,195,196,199],{"fn":184,"file":137,"line":185,"context":186},"unserialize",62,"$unsercomm = unserialize(unserialize($annotation->meta_value));",{"fn":184,"file":137,"line":185,"context":186},{"fn":184,"file":137,"line":189,"context":190},235,"$annot_comm = unserialize(unserialize($one_annot->meta_value));",{"fn":184,"file":137,"line":189,"context":190},{"fn":184,"file":137,"line":193,"context":194},381,"$annotation = unserialize(unserialize($annotations->meta_value));",{"fn":184,"file":137,"line":193,"context":194},{"fn":184,"file":137,"line":197,"context":198},406,"$unsercomm = unserialize(unserialize($annotations->meta_value));",{"fn":184,"file":137,"line":197,"context":198},{"prepared":13,"raw":201,"locations":202},5,[203,206,208,211,213],{"file":137,"line":204,"context":205},44,"$wpdb->get_results() with variable interpolation",{"file":137,"line":207,"context":205},230,{"file":137,"line":209,"context":210},380,"$wpdb->get_row() with variable interpolation",{"file":137,"line":212,"context":210},405,{"file":137,"line":214,"context":215},409,"$wpdb->get_var() with variable interpolation",{"escaped":13,"rawEcho":46,"locations":217},[218,221],{"file":137,"line":219,"context":220},45,"raw output",{"file":137,"line":222,"context":220},68,[],[225,249,268],{"entryPoint":226,"graph":227,"unsanitizedCount":13,"severity":248},"ia_edit_text (image-annotations.php:373)",{"nodes":228,"edges":245},[229,234,239,242],{"id":230,"type":231,"label":232,"file":137,"line":233},"n0","source","$_POST",379,{"id":235,"type":236,"label":237,"file":137,"line":209,"wp_function":238},"n1","sink","get_row() [SQLi]","get_row",{"id":240,"type":231,"label":241,"file":137,"line":233},"n2","$_POST (x2)",{"id":243,"type":236,"label":244,"file":137,"line":193,"wp_function":184},"n3","unserialize() [Object Injection]",[246,247],{"from":230,"to":235,"sanitized":168},{"from":240,"to":243,"sanitized":168},"low",{"entryPoint":250,"graph":251,"unsanitizedCount":13,"severity":248},"ia_delete_text (image-annotations.php:397)",{"nodes":252,"edges":264},[253,255,256,257,258,260],{"id":230,"type":231,"label":232,"file":137,"line":254},404,{"id":235,"type":236,"label":237,"file":137,"line":212,"wp_function":238},{"id":240,"type":231,"label":241,"file":137,"line":254},{"id":243,"type":236,"label":244,"file":137,"line":197,"wp_function":184},{"id":259,"type":231,"label":232,"file":137,"line":254},"n4",{"id":261,"type":236,"label":262,"file":137,"line":214,"wp_function":263},"n5","get_var() [SQLi]","get_var",[265,266,267],{"from":230,"to":235,"sanitized":168},{"from":240,"to":243,"sanitized":168},{"from":259,"to":261,"sanitized":168},{"entryPoint":269,"graph":270,"unsanitizedCount":13,"severity":248},"\u003Cimage-annotations> (image-annotations.php:0)",{"nodes":271,"edges":279},[272,273,274,276,277,278],{"id":230,"type":231,"label":241,"file":137,"line":233},{"id":235,"type":236,"label":237,"file":137,"line":209,"wp_function":238},{"id":240,"type":231,"label":275,"file":137,"line":233},"$_POST (x4)",{"id":243,"type":236,"label":244,"file":137,"line":193,"wp_function":184},{"id":259,"type":231,"label":232,"file":137,"line":254},{"id":261,"type":236,"label":262,"file":137,"line":214,"wp_function":263},[280,281,282],{"from":230,"to":235,"sanitized":168},{"from":240,"to":243,"sanitized":168},{"from":259,"to":261,"sanitized":168},{"summary":284,"deductions":285},"The image-annotations plugin v1.13 exhibits a mixed security posture. While the static analysis indicates a contained attack surface with all identified entry points (AJAX handlers) having nonce checks, the absence of capability checks is a significant concern.  The presence of dangerous functions like 'unserialize' combined with a complete lack of prepared statements for SQL queries and no output escaping for any of its outputs presents substantial risks. This suggests that data processed by the plugin, especially if it originates from user input, could be manipulated to execute arbitrary code or extract sensitive information. The vulnerability history is clean, with no recorded CVEs, which is a positive indicator. However, this does not negate the inherent risks identified in the code analysis. The lack of past vulnerabilities might be due to a low discovery rate or the plugin's specific functionalities not attracting malicious attention yet.  Overall, while the plugin has good practices regarding nonces and a clean history, the fundamental lack of input validation, output sanitization, and proper SQL handling makes it vulnerable to serious security exploits.",[286,288,290,293],{"reason":287,"points":11},"Dangerous function 'unserialize' found",{"reason":289,"points":11},"SQL queries lack prepared statements",{"reason":291,"points":292},"Output escaping is completely missing",8,{"reason":294,"points":11},"No capability checks on AJAX handlers","2026-03-17T00:52:13.216Z",{"wat":297,"direct":307},{"assetPaths":298,"generatorPatterns":302,"scriptPaths":303,"versionParams":304},[299,300,301],"\u002Fwp-content\u002Fplugins\u002Fimage-annotations\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fimage-annotations\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fimage-annotations\u002Fjs\u002Fscript.js",[],[301],[305,306],"image-annotations\u002Fcss\u002Fstyle.css?ver=","image-annotations\u002Fjs\u002Fscript.js?ver=",{"cssClasses":308,"htmlComments":321,"htmlAttributes":322,"restEndpoints":326,"jsGlobals":327,"shortcodeOutput":332},[309,310,311,312,313,314,315,316,317,318,319,320],"ia-admin-table","ia-admin-annotation","ia-edited","ia-endedit","ia-edit","ia-del","ia-annotation","ia-date","ia-user","ia-annotation-text","ia-annotation-title","ia-annotation-content",[],[323,324,325],"ia-id","ia-reply-to","data-countdown",[],[136,140,145,167,172,176,149,153,157,328,329,330,331],"ia_admin_page","ia_changepar","ia_getcolor","generateList",[]]