[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOTULauR3cp--Ilp4zpYp34swmGlL4EqsqHy4IVBjHYI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":129,"fingerprints":248},"kontainer-file-picker","Kontainer File Picker","2.0.5","Jesper Sandberg","https:\u002F\u002Fprofiles.wordpress.org\u002Fkontainer\u002F","\u003Cp>Pull assets like images, videos, and product sheets straight from Kontainer into your WordPress media library.\u003C\u002Fp>\n\u003Cp>The app allows downloading templates, which reformat images as they are fetched, and naming templates that can automate SEO optimization. Find out more here at \u003Ca href=\"https:\u002F\u002Fhelpdesk.kontainer.com\u002Farticle\u002Fa-guide-to-download-templates\u002F\" rel=\"nofollow ugc\">Kontainer Helpdesk\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Read more about the WordPress integration on \u003Ca href=\"https:\u002F\u002Fkontainer.com\u002Fintegrations\u002Fwordpress\" rel=\"nofollow ugc\">Kontainer website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you have any questions, feel free to contact us at \u003Ca href=\"mailto:support@kontainer.com\" rel=\"nofollow ugc\">support@kontainer.com\u003C\u002Fa>.\u003C\u002Fp>\n","File picker for Kontainer Dam and Pim platform",20,1520,0,"2025-11-12T15:17:00.000Z","6.8.5","5.2","7.4",[19,20,21,22],"assets","dam","kontainer","media","https:\u002F\u002Fkontainer.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkontainer-file-picker.2.0.5.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":21,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,94,"2026-04-04T13:59:17.026Z",[35,57,76,96,112],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"custom-upload-folder","Custom Upload Folder","1.1.2","Motekar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmotekar\u002F","\u003Cp>Upload files to custom directory in WordPress Media Library.\u003C\u002Fp>\n","Upload files to custom directory in WordPress Media Library.",400,5740,88,5,"2022-09-17T09:21:00.000Z","6.0.11","4.6","5.3",[19,52,22,53],"classicpress","upload","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-upload-folder.1.1.2.zip",85,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":31,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":54,"tags":69,"homepage":73,"download_link":74,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"intelligencebank-connector","IntelligenceBank Connector","1.2.6","IntelligenceBank","https:\u002F\u002Fprofiles.wordpress.org\u002Fintelligencebank\u002F","\u003Cp>The IntelligenceBank Connector for WordPress lets users connect to their IntelligenceBank digital asset management platform content directly from within the WordPress Media management interface. Click \u003Ca href=\"https:\u002F\u002Fhelp.intelligencebank.com\u002Fhc\u002Fen-us\u002Farticles\u002F360000469223-About-the-IntelligenceBank-Connector-for-Wordpress\" rel=\"nofollow ugc\">here\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","The IntelligenceBank Connector for WordPress.",2588,"2024-09-25T12:41:00.000Z","6.6.5","4.4",[70,19,20,71,72],"asset","digital","management","https:\u002F\u002Fhelp.intelligencebank.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintelligencebank-connector.1.2.6.zip",92,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":48,"requires_at_least":87,"requires_php":54,"tags":88,"homepage":94,"download_link":95,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"b2-private-files","B2 Private Files","1.0.2","Darwin Biler","https:\u002F\u002Fprofiles.wordpress.org\u002Fdarwinbiler\u002F","\u003Cp>If you have a digital products (downloadable pdf, mp3, mp4 etc) that is supposedly being accessed by registered\u002Fpaying users, uploading them into the standard media library have problems:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>the files in \u003Ccode>wp-content\u002Fuploads\u003C\u002Fcode> is publicly accessible, and anyone can basically download the file directly there\u003C\u002Fli>\n\u003Cli>huge files like movies or software installers will weigh your entire website down (specially when multiple users is gonna be downloading them)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin allows you to securely share files to your website users by passing a token to the url. For example, here is a file hosted in B2 Backblaze\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Ff001.backblazeb2.com\u002Ffile\u002Fwp-b2-private-files\u002Fkey.jpg?Authorization=4_0018c3b251e15120000000012_01a459bb_2f35e1_acct_QGJ-TljNx-NqgRLi1dff_XGJjlQ=\u003C\u002Fp>\n\u003Cp>note that simply accessing \u003Ccode>https:\u002F\u002Ff001.backblazeb2.com\u002Ffile\u002Fwp-b2-private-files\u002Fkey.jpg\u003C\u002Fcode> wont work, as the file is token-protected.\u003Cbr \u002F>\nthe plugin generates the value for \u003Ccode>Authorization\u003C\u002Fcode> parameter when your post\u002Fpage is rendered. The token can be only generated from your website, thus its impossible for any other site to crawl your site and scrape the files.\u003C\u002Fp>\n\u003Cp>Each token generated can be also configured to expire after N minutes. So if lets say you generated a download link to a big installer, people cant re-use the same link and paste it in public forums, chats etc.\u003Cbr \u002F>\nBecause the link will expire after few minutes, which makes it hard for user to share file to non-registered users.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to Media > Add New (Private)\u003C\u002Fli>\n\u003Cli>Upload any file\u003C\u002Fli>\n\u003Cli>Go to Media > Library (Private)\u003C\u002Fli>\n\u003Cli>Click “Shortcode” for the file you just uploaded\u003C\u002Fli>\n\u003Cli>Paste the shortcode anywhere you wanted to show the link\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Generally the shortcode looks like this:\u003C\u002Fp>\n\u003Cp>[b2-private-file-button filename=”my-installer.zip”]\u003C\u002Fp>\n\u003Cp>the above shortcode will generate a button with caption “Download”, pointing to the Backblaze B2 file with token passed to it.\u003C\u002Fp>\n","Serve token-protected files hosted in Backblaze B2 in your WordPress Site",10,829,"2022-08-18T08:57:00.000Z","3.0.1",[89,90,91,92,93],"digital-rights","download","media-library","premium-content","protect-assets","https:\u002F\u002Fgithub.com\u002Fbuonzz\u002Fb2-private-files","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fb2-private-files.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":84,"downloaded":104,"rating":13,"num_ratings":13,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":54,"download_link":111,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"imageshop-dam-connector","Imageshop DAM Connector","1.5.0","imageshop","https:\u002F\u002Fprofiles.wordpress.org\u002Fimageshop\u002F","\u003Cp>Imageshop is a cloud-based [http:\u002F\u002Fwww.imageshop.org Digital Asset Management system] (image bank \u002FDAM system) that makes it easier than ever to organize, search, share and use your digital files, internally and with the outside world and partners.\u003C\u002Fp>\n\u003Cp>Drag & drop uploading and ultra-efficient image tagging enable your files are always available in the DAM system when and where they are needed, in the right format and the best quality. Read more about Imageshop here: http:\u002F\u002Fwww.imageshop.org\u003C\u002Fp>\n","Cloud based DAM Solution",3013,"2025-12-18T09:21:00.000Z","6.9.4","6.2","7.0",[20,110,91],"media-cdn","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimageshop-dam-connector.1.5.0.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":84,"downloaded":120,"rating":13,"num_ratings":13,"last_updated":121,"tested_up_to":48,"requires_at_least":122,"requires_php":54,"tags":123,"homepage":127,"download_link":128,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"phraseanet-client","Phraseanet WordPress Client","1.3.11","alchemydev","https:\u002F\u002Fprofiles.wordpress.org\u002Falchemydev\u002F","\u003Cp>This plugin creates the possibility to get and add assets from Phraseanet server into your WordPress website.\u003Cbr \u002F>\nThis plugin allows you to create a Phraseanet Gutenberg block with various custom configurations that allows you to customize the block the way you want.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customizations block settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Block title – You can customize the block title by adding a custom title in the block settings.\u003C\u002Fli>\n\u003Cli>Collections – You can choose the collections you want to display in the block.\u003C\u002Fli>\n\u003Cli>Query – You can add your custom query to the block.\u003C\u002Fli>\n\u003Cli>Define displayed facets – You can define the facets you want to display in the block.\u003C\u002Fli>\n\u003Cli>Preview details – Fields that will display on the preview Eg. title,keyword,city.\u003C\u002Fli>\n\u003Cli>Sub defination maping – You can map the sub defination to the fields you want to display on the thumb and preview.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Customizations block UI settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Preview assets UI settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Overlay – This option allows you to preview the asset in a modal .\u003C\u002Fli>\n\u003Cli>Sidebar – This option allows you to preview the asset in a sidebar.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Image Grid layout settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Classic – This option allows you to display the assets in a classic rectangular grid.\u003C\u002Fli>\n\u003Cli>Masonry – This option allows you to display the assets in a masonry grid (like instagram grid).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Masonry style settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Auto  – Auto detect the image layout type (portrait and landscape) and render the image accordingly\u003C\u002Fli>\n\u003Cli>Random – Randomly renders the image layout\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin creates the possibility to get and add assets from Phraseanet server into your Wordpress website.",1844,"2022-06-21T11:38:00.000Z","5.6.0",[19,124,125,22,126],"gallery","images","phraseanet","https:\u002F\u002Fwww.phraseanet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphraseanet-client.1.3.11.zip",{"attackSurface":130,"codeSignals":185,"taintFlows":212,"riskAssessment":239,"analyzedAt":247},{"hooks":131,"ajaxHandlers":165,"restRoutes":174,"shortcodes":182,"cronEvents":183,"entryPointCount":184,"unprotectedCount":13},[132,137,142,146,151,156,160],{"type":133,"name":134,"callback":135,"file":136,"line":84},"action","rest_api_init","closure","includes\\kontainer-rest-api.php",{"type":133,"name":138,"callback":139,"file":140,"line":141},"admin_menu","kontainer_register_options_page","includes\\kontainer-settings.php",21,{"type":133,"name":143,"callback":144,"file":140,"line":145},"admin_init","kontainer_settings_init",137,{"type":133,"name":147,"callback":148,"file":149,"line":150},"admin_enqueue_scripts","kontainer_load_script","kontainer.php",33,{"type":133,"name":152,"callback":153,"priority":154,"file":149,"line":155},"admin_post_custom_action_hook","kontainer_custom_action_callback",1000,58,{"type":133,"name":157,"callback":158,"file":149,"line":159},"add_meta_boxes","kontainer_media_meta_box",171,{"type":161,"name":162,"callback":163,"priority":84,"file":149,"line":164},"filter","attachment_fields_to_edit","kontainer_media_widget_edit_data",216,[166,171],{"action":167,"nopriv":168,"callback":167,"hasNonce":168,"hasCapCheck":169,"file":140,"line":170},"kontainer_generate_token",false,true,219,{"action":172,"nopriv":168,"callback":172,"hasNonce":168,"hasCapCheck":169,"file":140,"line":173},"kontainer_save_settings",240,[175],{"namespace":21,"route":176,"methods":177,"callback":179,"permissionCallback":180,"file":136,"line":181},"\u002Ffile\u002Fusages",[178],"GET","kontainer_get_file_usages","kontainer_authorize",11,[],[],3,{"dangerousFunctions":186,"sqlUsage":187,"outputEscaping":190,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":210,"bundledLibraries":211},[],{"prepared":188,"raw":13,"locations":189},6,[],{"escaped":141,"rawEcho":191,"locations":192},9,[193,196,198,200,201,203,205,207,208],{"file":140,"line":194,"context":195},162,"raw output",{"file":140,"line":197,"context":195},184,{"file":140,"line":199,"context":195},201,{"file":140,"line":164,"context":195},{"file":149,"line":202,"context":195},83,{"file":149,"line":204,"context":195},113,{"file":149,"line":206,"context":195},127,{"file":149,"line":194,"context":195},{"file":149,"line":209,"context":195},213,4,[],[213,231],{"entryPoint":214,"graph":215,"unsanitizedCount":13,"severity":230},"kontainer_save_settings (includes\\kontainer-settings.php:242)",{"nodes":216,"edges":228},[217,222],{"id":218,"type":219,"label":220,"file":140,"line":221},"n0","source","$_POST (x2)",251,{"id":223,"type":224,"label":225,"file":140,"line":226,"wp_function":227},"n1","sink","update_option() [Settings Manipulation]",254,"update_option",[229],{"from":218,"to":223,"sanitized":169},"low",{"entryPoint":232,"graph":233,"unsanitizedCount":13,"severity":230},"\u003Ckontainer-settings> (includes\\kontainer-settings.php:0)",{"nodes":234,"edges":237},[235,236],{"id":218,"type":219,"label":220,"file":140,"line":221},{"id":223,"type":224,"label":225,"file":140,"line":226,"wp_function":227},[238],{"from":218,"to":223,"sanitized":169},{"summary":240,"deductions":241},"The \"kontainer-file-picker\" plugin v2.0.5 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and lack of file operations or external HTTP requests are significant strengths.  Furthermore, the plugin has no recorded vulnerabilities or CVEs, indicating a history of stable and secure development. The attack surface, while present with AJAX and REST API endpoints, is fully protected by authentication and permission checks, which is a crucial good practice.\n\nHowever, the static analysis does reveal some areas for improvement. A notable concern is the absence of nonce checks on AJAX handlers. While capability checks are present, nonces are vital for preventing Cross-Site Request Forgery (CSRF) attacks on these endpoints, especially if they perform any action. Additionally, a 30% rate of unescaped output, while not critical in isolation, presents a potential risk for Cross-Site Scripting (XSS) vulnerabilities, particularly if user-supplied data is involved in these outputs. The analysis of taint flows shows no critical or high-severity issues, which is positive, but the limited number of flows analyzed (2) means this might not be exhaustive.\n\nIn conclusion, \"kontainer-file-picker\" v2.0.5 is a relatively secure plugin with a clean vulnerability history and a well-protected attack surface. The primary weaknesses lie in the missing nonce checks for AJAX endpoints and the percentage of unescaped output, which should be addressed to further harden the plugin against potential threats.",[242,245],{"reason":243,"points":244},"Missing nonce checks on AJAX handlers",7,{"reason":246,"points":46},"Unescaped output (30% of 30 outputs)","2026-03-16T22:52:49.636Z",{"wat":249,"direct":258},{"assetPaths":250,"generatorPatterns":253,"scriptPaths":254,"versionParams":255},[251,252],"\u002Fwp-content\u002Fplugins\u002Fkontainer-file-picker\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fkontainer-file-picker\u002Fassets\u002Fjs\u002Fadmin.js",[],[252],[256,257],"kontainer-file-picker\u002Fassets\u002Fcss\u002Fadmin.css?ver=","kontainer-file-picker\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":259,"htmlComments":263,"htmlAttributes":264,"restEndpoints":268,"jsGlobals":269,"shortcodeOutput":271},[260,261,262],"misc-pub-kontainer","kontainer__padding-bottom","kontainer__edit-link",[],[265,266,267],"data-kontainer-file-id","data-kontainer-folder-id","data-kontainer-edit-url",[],[270],"kontainer_settings",[]]