[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJTf3JdF-LXpe7vibt6bC-x4yfJY4Y4CGZwcCoBuHbnw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":127,"fingerprints":186},"image-uploader-for-welcart","Image Uploader for Welcart","1.4.6","Mizuho Ogino","https:\u002F\u002Fprofiles.wordpress.org\u002Ffishpie\u002F","\u003Cp>As the name suggests it will create the metabox with the media uploader for Welcart. It allows user to upload and sort product images directory from each edit page. It would be suitable for a small webshop which is updated manually.\u003Cbr \u002F>\nBy uploading the image through the uploader, this plugin will rename a file to Welcart format.\u003C\u002Fp>\n\u003Ch4>Attension\u003C\u002Fh4>\n\u003Cp>Available only for WordPress 4.0+ and for ‘Welcart e-Commerce‘ plugin.\u003Cbr \u002F>\nIf using WordPress 4.5.4+, you need to install Welcart 1.9+ and Image Uploader 1.4+.\u003C\u002Fp>\n","Create metabox with image uploader for ‘Welcart e-Commerce’. It allows user to upload and sort images directory from each edit page.",3000,31249,100,2,"2020-02-13T05:58:00.000Z","5.3.21","4.0","",[20,21,22,23,24],"image","media-uploader","uploader","welcart","welcart-e-commerce","http:\u002F\u002Fweb.contempo.jp\u002Fweblog\u002Ftips\u002Fp636","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-uploader-for-welcart.1.4.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"fishpie",3400,30,84,"2026-04-04T00:43:28.149Z",[39,57,73,87,106],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":13,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":18,"download_link":55,"security_score":56,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"delete-unscaled-images","Delete Unscaled Images","1.2.4","swinggraphics","https:\u002F\u002Fprofiles.wordpress.org\u002Fswinggraphics\u002F","\u003Cp>WordPress 5.3 added \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2019\u002F10\u002F09\u002Fintroducing-handling-of-big-images-in-wordpress-5-3\u002F\" rel=\"nofollow ugc\">“big image handling”\u003C\u002Fa> that scales uploaded images to a maximum size of 2560 pixels for use on the website. WP adds “-scaled” to the full size image file name. The original, unscaled images are kept on the server. This can mean that many large images are stored on the server that aren’t ever actually going to be displayed on the website. In my case, users are uploading 15MB files from their cameras.\u003C\u002Fp>\n\u003Cp>After the scaled version and intermediate\u002Fthumbnail images are generated, the originals are no longer needed and just taking up storage space. \u003Cem>Delete Unscaled Images\u003C\u002Fem> will remove those unneeded files.\u003C\u002Fp>\n\u003Cp>First, original images are deleted immediately after the resized versions are created for all new uploads.\u003C\u002Fp>\n\u003Cp>Second, there is a bulk deletion tool in the Media submenu to process existing images.\u003C\u002Fp>\n","Deletes original image files if they have been resized",600,3529,5,"2024-04-15T21:59:00.000Z","6.5.8","5.3",[54,21],"images","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdelete-unscaled-images.1.2.4.zip",92,{"slug":58,"name":59,"version":60,"author":7,"author_profile":8,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":14,"last_updated":65,"tested_up_to":66,"requires_at_least":17,"requires_php":18,"tags":67,"homepage":71,"download_link":72,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"my-upload-images","My Upload Images","1.4.1","\u003Cp>This plugin create the metabox with the media uploader into any post types. In the metabox, You can drag images into any order you like. The IDs and the order of images will put on record in the customfield of your posts as array.\u003C\u002Fp>\n\u003Ch4>Attention\u003C\u002Fh4>\n\u003Cp>Available only for WordPress 4.0+.\u003C\u002Fp>\n","Create metabox with media uploader. It allows to upload and sort images in any post_type.",400,6109,"2017-03-14T09:03:00.000Z","4.7.32",[68,69,20,21,70],"cms","custom-field","upload","http:\u002F\u002Fweb.contempo.jp\u002Fweblog\u002Ftips\u002Fp617","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-upload-images.1.4.1.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":35,"downloaded":81,"rating":28,"num_ratings":28,"last_updated":82,"tested_up_to":51,"requires_at_least":17,"requires_php":18,"tags":83,"homepage":18,"download_link":86,"security_score":56,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"qbank-dam-connector","QBank Connector","1.1.1","QBank DAM","https:\u002F\u002Fprofiles.wordpress.org\u002Fqbank\u002F","\u003Cp>By using QBank’s Connector to WordPress you gain access to all your files in QBank that you can\u003Cbr \u002F>\npublish directly from WordPress without leaving their interface.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search and filter media\u003C\u002Fli>\n\u003Cli>Edit media\u003C\u002Fli>\n\u003Cli>Uploading and publishing\u003C\u002Fli>\n\u003Cli>Responsive design and multi-sites\u003C\u002Fli>\n\u003C\u002Ful>\n","Gain access to all your files in QBank that you can publish directly from Wordpress without leaving their interface.",4540,"2025-01-21T18:24:00.000Z",[84,20,54,85,21],"gallery","media-library","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqbank-dam-connector.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":28,"num_ratings":28,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":18,"download_link":105,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"image-photoroll-creator-for-photographers","Image Photoroll Creator For Photographers","1.5","CyberSpy","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberspy\u002F","\u003Cp>Plugin adds aditional buttons to media upload module:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Add alt text to all uploaded photos,\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Insert all photos into post at cursor position with clear markup.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Plugin adds aditional buttons to media upload module allowing of faster images edit and add to post.",10,2943,"2012-08-06T15:00:00.000Z","3.4.2","2.7",[101,102,21,103,104],"addon","automatic","one-button-add-all-images","photoroll","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-photoroll-creator-for-photographers.1.5.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":28,"downloaded":114,"rating":13,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":125,"download_link":126,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"additional-featured-images-and-media-uploader-anywhere","Additional Featured Images and Media Uploader Anywhere","1.0.0","metawebdevelopment","https:\u002F\u002Fprofiles.wordpress.org\u002Fmetawebdevelopment\u002F","\u003Cp>Add additional featured images to any post type and display using either a built in image gallery\u002Fslideshow shortcode or by using a single image shortcode. Most plugins or developers use the non Javasript API media uploader, which is notorious for being glitchy and slow.  This leverages the not well known WordPress Javascript API to mimic the built in media uploader.  Great for end users or developers.\u003C\u002Fp>\n","Add additional featured images to any post type and display using either a built in image gallery\u002Fslideshow shortcode or by using a single image short …",1029,1,"2020-08-21T05:21:00.000Z","5.5.18","5.4.2","7.0",[121,122,123,124,21],"additional-featured-image","additional-featured-images","featured-image","javascript-media-uploader","https:\u002F\u002Fmetawebdevelopment.com\u002Fproduct\u002Fadditional-featured-images-and-media-upload-anywhere\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadditional-featured-images-and-media-uploader-anywhere.zip",{"attackSurface":128,"codeSignals":150,"taintFlows":177,"riskAssessment":178,"analyzedAt":185},{"hooks":129,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":28,"unprotectedCount":28},[130,136,141],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","add_meta_boxes","iu4w_add_metabox","image-uploader-for-welcart.php",24,{"type":131,"name":137,"callback":138,"priority":139,"file":134,"line":140},"save_post","iu4w_save_images",11,25,{"type":142,"name":143,"callback":144,"priority":139,"file":134,"line":145},"filter","attachment_fields_to_edit","iu4w_attachment_fields_to_edit",26,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":159,"fileOperations":28,"externalRequests":28,"nonceChecks":115,"capabilityChecks":115,"bundledLibraries":176},[],{"prepared":28,"raw":14,"locations":153},[154,157],{"file":134,"line":155,"context":156},299,"$wpdb->get_results() with variable interpolation",{"file":134,"line":158,"context":156},397,{"escaped":115,"rawEcho":160,"locations":161},8,[162,165,167,169,171,173,174,175],{"file":134,"line":163,"context":164},78,"raw output",{"file":134,"line":166,"context":164},88,{"file":134,"line":168,"context":164},205,{"file":134,"line":170,"context":164},239,{"file":134,"line":172,"context":164},241,{"file":134,"line":172,"context":164},{"file":134,"line":172,"context":164},{"file":134,"line":172,"context":164},[],[],{"summary":179,"deductions":180},"The plugin \"image-uploader-for-welcart\" v1.4.6 presents a generally positive security posture, with no recorded vulnerabilities in its history and a clean static analysis report regarding critical code signals like dangerous functions, file operations, and external requests. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the presence of nonce and capability checks, even if only one instance each, suggests some attention to security fundamentals. The taint analysis showing no unsanitized paths or critical\u002Fhigh severity flows is also reassuring.\n\nHowever, there are notable areas for improvement. The most significant concern is the SQL query handling. With two SQL queries identified and 0% using prepared statements, there is a clear risk of SQL injection vulnerabilities. Additionally, the output escaping is very poor, with only 11% of outputs properly escaped, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities. While the plugin has no known CVEs, the lack of robust security practices in data handling (SQL and output) means that vulnerabilities could easily be introduced in future updates or through user-supplied data.\n\nIn conclusion, the plugin benefits from a very small attack surface and no prior vulnerability history. These are strong points. Nevertheless, the significant deficiencies in SQL query preparation and output escaping represent substantial security risks that need immediate attention. Addressing these issues would dramatically improve the plugin's overall security.",[181,183],{"reason":182,"points":95},"Raw SQL queries without prepared statements",{"reason":184,"points":160},"Low percentage of properly escaped output","2026-03-16T18:23:52.765Z",{"wat":187,"direct":196},{"assetPaths":188,"generatorPatterns":191,"scriptPaths":192,"versionParams":193},[189,190],"\u002Fwp-content\u002Fplugins\u002Fimage-uploader-for-welcart\u002Fjs\u002Fiu4w-admin.js","\u002Fwp-content\u002Fplugins\u002Fimage-uploader-for-welcart\u002Fcss\u002Fiu4w-admin.css",[],[189],[194,195],"image-uploader-for-welcart\u002Fjs\u002Fiu4w-admin.js?ver=","image-uploader-for-welcart\u002Fcss\u002Fiu4w-admin.css?ver=",{"cssClasses":197,"htmlComments":206,"htmlAttributes":207,"restEndpoints":229,"jsGlobals":230,"shortcodeOutput":239},[198,199,200,201,202,203,204,205],"iu4w-li","iu4w-wrap","iu4w-remove","iu4w-img","iu4w-editor","iu4w-open","iu4w-editor-open","iu4w-editor-close",[],[208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,221,210,211,212,213,214,215,216,217],"id=\"iu4w-ul\"","name=\"iu4w_attr\"","name=\"_iu4w_images[]\"","id=\"iu4w-media\"","class=\"iu4w-open\"","id=\"iu4w_view\"","name=\"iu4w_view\"","id=\"iu4w_tempo_ids\"","name=\"iu4w_tempo_ids\"","name=\"iu4w_nonce\"","id=\"iu4w_images\"","class=\"editor\"","name=\"at","name=\"iu4w_attr","name=\"_iu4w_images[]","class=\"iu4w-li\"","id=\"iu4w-li-","class=\"iu4w-wrap\"","class=\"iu4w-remove button\"","class=\"iu4w-img\"","class=\"iu4w-editor\"",[],[231,232,233,234,235,236,237,238],"iu4w_li","iu4w_wrap","iu4w_remove","iu4w_img","iu4w_editor","iu4w_open","iu4w_editor_open","iu4w_editor_close",[]]