[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f81Se_VZginpr-uKrlzvvTy-5351-5ZqnNcLtrWE5Hv4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":60,"crawl_stats":38,"alternatives":65,"analysis":161,"fingerprints":221},"lh-add-media-from-url","LH Add Media From Url","1.30","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>This plugin allow you to grab image from remote url and save into your own word press media library. By doing so, you never worried if the remote image was removed by its owner. This also save you steps to download the image to local computer and upload again to your own WordPress. There is also a JavaScript bookmarklet that helps to automate the process if you are surfing the internet and find something you would like to add to the library\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically downloads and adds the file to the media library.\u003C\u002Fli>\n\u003Cli>After the uploading is successful, you are redirected to the edit screen\u003C\u002Fli>\n\u003Cli>Once the bookmarklet is installed you don’t even need to copy and paste a url (just navigate to the url and select the bookmark).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-add-media-from-url\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-add-media-from-url\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n","Upload files from an url to wordpress media library, either enter file urls in an onsite input box or click a bookmarklet.",2000,37732,84,9,"2024-08-20T14:07:00.000Z","6.6.5","5.0","",[20,21,22,23,24],"attachment","bookmarklet","download","media","post","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-add-media-from-url\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-add-media-from-url.zip",91,2,0,"2024-08-20 17:25:05","2026-03-15T15:16:48.613Z",[33,48],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-7090","lh-add-media-from-url-reflected-cross-site-scripting","LH Add Media From Url \u003C= 1.23 - Reflected Cross-Site Scripting","The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.23","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-08-27 16:35:47",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb3461327-9195-48ed-b9c3-7b33198e9438?source=api-prod",7,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2024-32533","lh-add-media-from-url-reflected-cross-site-scripting-2","LH Add Media From Url \u003C= 1.22 - Reflected Cross-Site Scripting","The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.22","1.23","2024-04-15 00:00:00","2024-04-25 13:11:42",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe8bc24df-4d95-44b7-a58c-00a1b24f91e9?source=api-prod",11,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":61,"total_installs":62,"avg_security_score":63,"avg_patch_time_days":47,"trust_score":27,"computed_at":64},77,14650,87,"2026-04-04T05:41:29.070Z",[66,84,98,118,137],{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":74,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":18,"tags":80,"homepage":81,"download_link":82,"security_score":83,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"add-media-from-url","Add Media from URL","1.0.2","LordPretender","https:\u002F\u002Fprofiles.wordpress.org\u002Flordpretender\u002F","\u003Cp>This plugin allow you to add files into your media library without having to upload them. So, you will be able to share, for example, your files into your Google Drive.\u003Cbr \u002F>\nThis also save you steps to download the image to local computer and upload again to your own WordPress.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically downloads and adds the file to the media library.\u003C\u002Fli>\n\u003Cli>After the uploading is successful, you are redirected to the edit screen\u003C\u002Fli>\n\u003Cli>A new dropdown list is available in the media library to let you display only uploaded files, not uploaded files, …\u003C\u002Fli>\n\u003C\u002Ful>\n","Let you add media files into your media library without having to upload them.",20,2460,1,"2017-01-01T22:09:00.000Z","4.7.32","3.0",[20,21,22,23,24],"https:\u002F\u002Fwww.duy-pham.fr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-media-from-url.zip",85,{"slug":85,"name":86,"version":87,"author":7,"author_profile":8,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":74,"num_ratings":76,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":18,"tags":95,"homepage":96,"download_link":97,"security_score":83,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"lh-browser-shots","LH Browser Shots","2.00","\u003Cp>This plugin allow you to grab a screenshot of a remote url and save into your own word press media library.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Uses the wordpress.com ‘mshots’ functionality to automatically take screenshots of websites..\u003C\u002Fli>\n\u003Cli>Automatically adds the screenshot to the WordPress media library\u003C\u002Fli>\n\u003Cli>Redirects you to the edit screen once the screenshot is in the media library.\u003C\u002Fli>\n\u003Cli>Once the bookmarklet is installed you don’t even need to copy and paste a url (just navigate to the site you wish to screenshot and select the bookmark).\u003C\u002Fli>\n\u003C\u002Ful>\n","Add screenshots of remote wesbites directly to the wordpress media library, either enter the site url in an onsite input box or click a bookmarklet.",10,2254,"2022-08-01T15:28:00.000Z","6.0.11","4.0",[20,21,22,23,24],"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-browser-shots\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-browser-shots.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":115,"download_link":116,"security_score":13,"vuln_count":28,"unpatched_count":29,"last_vuln_date":117,"fetched_at":31},"dx-delete-attached-media","DX Delete Attached Media","2.0.6","Mario Peshev","https:\u002F\u002Fprofiles.wordpress.org\u002Fnofearinc\u002F","\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fx51scLO71U0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>DX Delete Attached Media deletes all of the attached media files to your posts once they get deleted from the system. The standard core behavior deletes posts alone without taking care of related images. Now you can maintain your install and get rid of all solo attachments getting into your posts via the Media button and used nowhere else.\u003C\u002Fp>\n\u003Cp>\u003Cem>The plugin works with WooCommerce and Easy Digital Downloads.\u003C\u002Fem>\u003C\u002Fp>\n","Automatically deletes attached media from posts and custom post types added via the Media button.",4000,54695,98,28,"2023-12-19T08:51:00.000Z","6.3.8","4.5","7.4",[20,23,24],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdx-delete-attached-media\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdx-delete-attached-media.2.0.6.zip","2023-10-16 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":111,"requires_at_least":131,"requires_php":113,"tags":132,"homepage":135,"download_link":136,"security_score":83,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"autoremove-attachments","Autoremove Attachments","1.3.1","Polygon Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fpolygonthemes\u002F","\u003Cp>Autoremove Attachments helps you keep the Media Library clean by deleting all media files attached as child attachments to a post, page, or custom post type when the parent is deleted.\u003C\u002Fp>\n\u003Cp>By default, when you delete content from your website, regardless if it’s a post, a page, a product, or any kind of post type, WordPress keeps the media files previously associated with it, even if after the removal of your content they are not used anywhere else.\u003C\u002Fp>\n\u003Cp>Autoremove Attachments tries to solve this problem by automating the removal of all media files that have a child-parent relationship with the removed content. (so you don’t have to manually track and remove orphan files left on your server)\u003C\u002Fp>\n\u003Ch3>Important Considerations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A soft delete that places your post, page, or custom post type in Trash will not trigger the removal of its child attachments. The purge happens when you empty your trash.\u003C\u002Fli>\n\u003Cli>When you delete a post, page or custom post type, we try to determine if its child attachments are used anywhere else on your website. If they are, we do not remove them, to prevent broken links.\u003C\u002Fli>\n\u003Cli>The additional checks before the automatic removal can be disabled from the Media Settings for improved performance on large websites with thousands of posts and media files.\u003C\u002Fli>\n\u003Cli>The plugin only removes files tracked by WordPress. Some poorly coded themes generate additional thumbnail sizes that are not tracked by WordPress and this always leads to orphan files left on your server.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility and Third-Party Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\" rel=\"ugc\">WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-digital-downloads\" rel=\"ugc\">Easy Digital Downloads\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>All themes and plugins that do things the WordPress way\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you use a plugin to optimize and clean your database of revisions, trashed posts, etc, make sure you use one that relies on native WordPress functions to perform the maintenance tasks. We recommend \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-sweep\" rel=\"ugc\">WP-Sweep\u003C\u002Fa>.\u003C\u002Fp>\n","Remove child attachments when parent post, page or custom post type is deleted.",3000,34470,100,15,"2023-08-12T00:30:00.000Z","5.8",[20,133,23,134,24],"custom-post-type","page","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautoremove-attachments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautoremove-attachments.zip",{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":11,"downloaded":145,"rating":108,"num_ratings":146,"last_updated":147,"tested_up_to":148,"requires_at_least":149,"requires_php":150,"tags":151,"homepage":157,"download_link":158,"security_score":159,"vuln_count":76,"unpatched_count":76,"last_vuln_date":160,"fetched_at":31},"wow-media-library-fix","Fix Media Library","2.0","wowpress.host","https:\u002F\u002Fprofiles.wordpress.org\u002Fwowpresshost\u002F","\u003Cp>Fix Media Library fixes inconsistency between wp-content\u002Fuploads folder and\u003Cbr \u002F>\ndatabase.\u003Cbr \u002F>\nFixes corrupted Media Library database records.\u003Cbr \u002F>\nDesigned to run smoothly against huge Media Libraries containing hundreds of thousands of images.\u003C\u002Fp>\n\u003Cp>Useful when:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Really old database is used and there are a lot of problems with Media Library found\u003C\u002Fli>\n\u003Cli>New thumbnail sizes are registered\u003C\u002Fli>\n\u003Cli>Some thumbnail sizes are not used anymore (theme change, upgrade), but image files are still exists\u003C\u002Fli>\n\u003Cli>There are Media Library entries present pointing to image files that don’t exist anymore\u003C\u002Fli>\n\u003Cli>Some entries in Media Library are not displayed, while image files are present (_wp_attachment_metadata meta field corrupted)\u003C\u002Fli>\n\u003Cli>There are a lot of images in wp-content\u002Fuploads folder that are no longer used\u003C\u002Fli>\n\u003Cli>There are duplicate attachments pointing to the same image file\u003C\u002Fli>\n\u003Cli>Images are used by website, but you can’t find them in Media Library\u003C\u002Fli>\n\u003Cli>You want to update attachments GUID fields containing old\u002Fstaging urls\u003C\u002Fli>\n\u003Cli>Detects major database corruptions affecting media library functionality\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>At \u003Ca href=\"https:\u002F\u002Fwowpress.host\u002F\" rel=\"nofollow ugc\">WowPress.host\u003C\u002Fa> company we regularly migrate very old databases and clean it up to make sure website using it is running smoothly. Those databases have all different kinds of inconsistencies collected during years or even decades of usage, and Media Library is the most common problematic piece of data here.\u003Cbr \u002F>\nThat plugin helps to solve most common problems related to Media Library data.\u003C\u002Fp>\n\u003Cp>We use a lot of open-source tools in our work, and therefore decided publish our own tools so that those can be used by the community too.\u003C\u002Fp>\n\u003Ch4>Need Help? Found A Bug? Want To Contribute Code?\u003C\u002Fh4>\n\u003Cp>Support for this plugin is provided via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwow-media-library-fix\" rel=\"ugc\">WordPress.org forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The source code for this plugin is available on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwowpress-host\u002Fwow-media-library-fix\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Paid support at \u003Ca href=\"https:\u002F\u002Fwowpress.host\u002Fprofessional-services\u002F\" rel=\"nofollow ugc\">WowPress.host\u003C\u002Fa>.\u003C\u002Fp>\n","Fix Media Library inconsistency between database and wp-content\u002Fuploads folder contents. Unused image files, broken media library entries, missing att …",37302,32,"2018-12-18T10:26:00.000Z","5.0.25","4.6","5.3",[152,153,154,155,156],"attachments","media-library","post-thumbnail","thumbnail","thumbnails","https:\u002F\u002Fwowpress.host\u002Fplugins\u002Fwow-","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwow-media-library-fix.2.0.zip",63,"2025-12-12 00:00:00",{"attackSurface":162,"codeSignals":182,"taintFlows":211,"riskAssessment":212,"analyzedAt":220},{"hooks":163,"ajaxHandlers":178,"restRoutes":179,"shortcodes":180,"cronEvents":181,"entryPointCount":29,"unprotectedCount":29},[164,170,174],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","admin_menu","plugin_menu","lh-add-media-from-url.php",200,{"type":165,"name":171,"callback":172,"file":168,"line":173},"admin_init","add_media_from_url",201,{"type":165,"name":175,"callback":176,"file":168,"line":177},"plugins_loaded","plugins_init",226,[],[],[],[],{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":209,"externalRequests":28,"nonceChecks":76,"capabilityChecks":28,"bundledLibraries":210},[],{"prepared":28,"raw":29,"locations":185},[],{"escaped":187,"rawEcho":90,"locations":188},4,[189,192,194,196,198,200,202,204,206,208],{"file":168,"line":190,"context":191},151,"raw output",{"file":168,"line":193,"context":191},160,{"file":168,"line":195,"context":191},161,{"file":168,"line":197,"context":191},186,{"file":168,"line":199,"context":191},187,{"file":168,"line":201,"context":191},188,{"file":168,"line":203,"context":191},189,{"file":168,"line":205,"context":191},190,{"file":207,"line":187,"context":191},"partials\\upload.php",{"file":207,"line":14,"context":191},8,[],[],{"summary":213,"deductions":214},"The \"lh-add-media-from-url\" plugin version 1.30 exhibits a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries, utilizing prepared statements exclusively, and includes a nonce check and capability checks for some operations. The static analysis found no critical or high severity taint flows, and the attack surface from AJAX handlers, REST API routes, shortcodes, and cron events is reported as zero, with none of these being unprotected. However, a significant concern is the low rate of proper output escaping, with only 29% of outputs being correctly escaped. This indicates a potential for Cross-Site Scripting (XSS) vulnerabilities, which is further corroborated by its vulnerability history.\n\nThe plugin has a history of two medium severity vulnerabilities, both of which were Cross-Site Scripting (XSS) issues. The most recent vulnerability was reported on August 20, 2024, and the good news is that there are currently no unpatched vulnerabilities. Despite the absence of critical or high-severity taint flows in the static analysis and the zero reported unprotected entry points, the historical prevalence of XSS and the low output escaping rate are notable weaknesses. This suggests that while the plugin's core functionalities might be well-protected, user-supplied data might not be sufficiently sanitized before being rendered in the browser, posing a risk to users of the WordPress site.",[215,217],{"reason":216,"points":209},"Low output escaping rate (29%)",{"reason":218,"points":219},"History of medium severity XSS vulnerabilities",6,"2026-03-16T18:38:05.793Z",{"wat":222,"direct":231},{"assetPaths":223,"generatorPatterns":226,"scriptPaths":227,"versionParams":228},[224,225],"\u002Fwp-content\u002Fplugins\u002Flh-add-media-from-url\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Flh-add-media-from-url\u002Fjs\u002Fmain.js",[],[225],[229,230],"lh-add-media-from-url\u002Fcss\u002Fmain.css?ver=","lh-add-media-from-url\u002Fjs\u002Fmain.js?ver=",{"cssClasses":232,"htmlComments":234,"htmlAttributes":235,"restEndpoints":237,"jsGlobals":238,"shortcodeOutput":240},[233],"lh-add-media-from-url-upload-form",[],[236],"data-lh-add-media-from-url-nonce",[],[239],"LH_add_media_from_url",[]]