[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHlWFdPFi6VyM7ik2fKpK4jTLuQ8e1B905emm377wZQ8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":54,"analysis":156,"fingerprints":194},"lh-copy-media-file","LH Copy Media File","1.11","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>This plugin allows you to create duplicate images in the media library, rather than having to create a new copy of the image and upload it to WordPress again.\u003C\u002Fp>\n\u003Cp>It works by copying the post and its metadata into a totally new file in the media manager. Any changes you make to the new copy of the attachment — updating the caption or cropping, for example, will only be applied to the new attachment, not to the original.\u003C\u002Fp>\n\u003Cp>This is useful if you want to edit or crop an existing image without effecting the original\u003C\u002Fp>\n\u003Cp>To use, go to the Library tab and you will see a copy file link below each media (this will only appear in list view, see faq)\u003C\u002Fp>\n","Allows you to create duplicate images in the media library.",900,15294,80,7,"2024-10-01T10:26:00.000Z","6.6.5","4.1","",[20,21,22,23,24],"attachment","download","media","media-manager","upload","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-copy-media-file\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-copy-media-file.zip",91,1,0,"2024-09-30 19:31:03","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-9220","lh-copy-media-file-reflected-cross-site-scripting","LH Copy Media File \u003C= 1.08 - Reflected Cross-Site Scripting","The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.08","1.09","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-10-04 12:33:45",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9911e99e-0b3b-4be1-b8cd-28593b6d12ad?source=api-prod",4,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":14,"trust_score":27,"computed_at":53},77,14650,87,"2026-04-03T21:33:08.471Z",[55,76,97,115,135],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":73,"download_link":74,"security_score":75,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"media-deduper","Media Deduper","1.5.9","cornershop","https:\u002F\u002Fprofiles.wordpress.org\u002Fcornershop\u002F","\u003Cp>Media Deduper will find and eliminate duplicate images and attachments from your WordPress media library. After installing, you’ll have a new “Manage Duplicates” option in your Media section.\u003C\u002Fp>\n\u003Cp>Before Media Deduper can identify duplicate assets, it will build an index of all the files in your media library, which can take some time. Once that’s done, however, Media Deduper automatically adds new uploads to its index, so you shouldn’t have to generate the index again.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need faster indexing? \u003Ca href=\"https:\u002F\u002Fwww.mediadeduper.com\u002F\" rel=\"nofollow ugc\">Check out Media Deduper Pro\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once up and running, Media Deduper provides you with a “Manage Duplicates” page listing all of your duplicate media files. The list makes it easy to see and delete duplicate files: delete one and its twin will disappear from the list because it’s then no longer a duplicate. Easy! By default, the list is sorted by file size, so you can focus on deleting the files that will free up the most space.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use this plugin at your own risk. The plugin developers are not responsible for any lost data or site issues as a result of using this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Media Deduper comes with a “Smart Delete” option that prevents a post’s Featured Image from being deleted, even if that image is found to be a duplicate elsewhere on the site.\u003C\u002Fp>\n\u003Cp>If a post has a featured image that’s a duplicate file, Smart Delete will re-assign that post’s image to an already-in-use copy of the image before deleting the duplicate so that the post’s appearance is unaffected. This feature only tracks Featured Images, and not images used in galleries, post bodies, shortcodes, meta fields, or anywhere else.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for more features? \u003Ca href=\"https:\u002F\u002Fwww.mediadeduper.com\u002F\" rel=\"nofollow ugc\">Media Deduper Pro\u003C\u002Fa> includes features for image fields from several popular plugins as well.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Note that duplicate identification is based on the data of the files themselves, not any titles, captions or other metadata you may have provided in the WordPress admin.\u003C\u002Fp>\n\u003Cp>Media Deduper can differentiate between 1.) media items that are duplicates because the media files they link to have the same data and 2.) those that actually point to the same data file, which can happen with a plugin like WP Job Manager or Duplicate Post.\u003C\u002Fp>\n\u003Cp>As with any plugin that can perform destructive operations on your database and\u002For files, using Media Deduper can result in permanent data loss if you’re not careful. \u003Cstrong>Back up your data before you try out Media Deduper! Please!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use this plugin at your own risk. The plugin developers are not responsible for any lost data or site issues as a result of using this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more support? \u003Ca href=\"https:\u002F\u002Fwww.mediadeduper.com\u002F\" rel=\"nofollow ugc\">Media Deduper Pro\u003C\u002Fa> includes dedicated support from Cornershop Creative.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>Media Deduper requires PHP 7.0 or later.\u003C\u002Fp>\n","Save disk space and bring some order to the chaos of your media library by removing and preventing duplicate files.",9000,169474,76,43,"2025-12-03T19:24:00.000Z","6.9.4","4.3",[71,72,22,24],"admin","attachments","https:\u002F\u002Fwww.mediadeduper.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-deduper.1.5.9.zip",100,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":94,"download_link":95,"security_score":96,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"bulk-change-media-author","Bulk Change Media Author","1.3.2","Ruslan Mikhno","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikhno\u002F","\u003Cp>This is a very simple plugin that allows you to bulk change author for media files.\u003C\u002Fp>\n\u003Cp>The action is added in the “List” view of the Media Library.\u003C\u002Fp>\n","Bulk change author for multiple media files, using the default WP Media Library.",2000,9695,98,8,"2023-08-31T18:53:00.000Z","6.3.8","4.7",[20,92,93,22,24],"author","bulk","http:\u002F\u002Fwww.mikhno.org\u002Farticles\u002Fen\u002Ffiles\u002Fwp_bulk_change_media_author","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-change-media-author.zip",85,{"slug":98,"name":99,"version":100,"author":7,"author_profile":8,"description":101,"short_description":102,"active_installs":84,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":16,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":111,"download_link":112,"security_score":27,"vuln_count":113,"unpatched_count":29,"last_vuln_date":114,"fetched_at":31},"lh-add-media-from-url","LH Add Media From Url","1.30","\u003Cp>This plugin allow you to grab image from remote url and save into your own word press media library. By doing so, you never worried if the remote image was removed by its owner. This also save you steps to download the image to local computer and upload again to your own WordPress. There is also a JavaScript bookmarklet that helps to automate the process if you are surfing the internet and find something you would like to add to the library\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically downloads and adds the file to the media library.\u003C\u002Fli>\n\u003Cli>After the uploading is successful, you are redirected to the edit screen\u003C\u002Fli>\n\u003Cli>Once the bookmarklet is installed you don’t even need to copy and paste a url (just navigate to the url and select the bookmark).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-add-media-from-url\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-add-media-from-url\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n","Upload files from an url to wordpress media library, either enter file urls in an onsite input box or click a bookmarklet.",37732,84,9,"2024-08-20T14:07:00.000Z","5.0",[20,109,21,22,110],"bookmarklet","post","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-add-media-from-url\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-add-media-from-url.zip",2,"2024-08-20 17:25:05",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":11,"downloaded":123,"rating":75,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":18,"tags":128,"homepage":131,"download_link":132,"security_score":133,"vuln_count":113,"unpatched_count":28,"last_vuln_date":134,"fetched_at":31},"custom-post-type-pdf-attachment","Custom Post Type Attachment","3.4.6","aviplugins.com","https:\u002F\u002Fprofiles.wordpress.org\u002Favimegladon\u002F","\u003Cul>\n\u003Cli>This plugin will allow you to upload files to your post or pages or any other custom post types.\u003C\u002Fli>\n\u003Cli>You can eather use shortcodes or functions to display attachments. \u003C\u002Fli>\n\u003Cli>just install the plugin and update setting from \u003Ccode>Settings-> Custom Post Type Attachment\u003C\u002Fcode>. \u003C\u002Fli>\n\u003Cli>Upload files in your post\u002Fpage edit page.\u003C\u002Fli>\n\u003Cli>Display files in frontend using shortcodes or using custom functions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display all attachments with a single shortcode [pdf_all_attachments]\u003C\u002Fli>\n\u003Cli>Display Single attachment [pdf_attachment file=”file_number” name=”optional file_name”]\u003C\u002Fli>\n\u003Cli>Example: [pdf_attachment file=”1″ name=”PDF File 1″]\u003C\u002Fli>\n\u003Cli>Or\u003C\u002Fli>\n\u003Cli>pdf_attachment_file(“file_number”,”optional file_name”);\u003C\u002Fli>\n\u003Cli>Example: \u003C?php echo pdf_attachment_file(\"1\",\"PDF File 1\"); ?>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom Post Type Attachment PRO\u003C\u002Fh4>\n\u003Cp>There is a PRO version of this plugin that supports unlimited files to upload with multiple file types. You can get it \u003Ca href=\"https:\u002F\u002Fwww.aviplugins.com\u002Fcustom-post-type-attachment-pro\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa> in \u003Cstrong>USD 1.50\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Attachment number can be Increased \u002F Decreased from the post edit page. You can upload other type of files also. Supported files that can be uploaded are PDF, TXT, JPG, JPEG, BMP, GIF, PNG, DOC, DOCX, XLS, CSV, PPT, PPTX, ZIP.\u003C\u002Fli>\n\u003Cli>Every file can be marked as Hidden. These files will be hidden from visitors of the site. Only Logged In users will be able to download these files. For others a message will be displayed in place of the hidden files. This message can be updated from admin panel.\u003C\u002Fli>\n\u003Cli>You can select the user types that you want to give Permission to be able download the attachment files. Only selected user types will have permission to download the attachments.\u003C\u002Fli>\n\u003Cli>More Advanced File Download feature.\u003C\u002Fli>\n\u003Cli>Users can be asked to enter basic details like Name, Email & Phone Number before they can download the Attachments.\u003C\u002Fli>\n\u003Cli>Files Attachment option can be enabled in the WordPress default comments section as well.\u003C\u002Fli>\n\u003Cli>Files can be embedded in the page content. Users can view the content of the file before download.\u003C\u002Fli>\n\u003Cli>Supported document files that can be embedded are Adobe Acrobat (PDF), Microsoft Word (DOC), Microsoft PowerPoint (PPT), Microsoft Excel (XLS)\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.aviplugins.com\u002Fcustom-post-type-attachment-pro\u002F\" rel=\"nofollow ugc\">Click here to find out in details\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>Post your plugin related queries at \u003Ca href=\"https:\u002F\u002Fwww.aviplugins.com\u002Fsupport.php\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.aviplugins.com\u002Fsupport.php\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","This plugin will allow you to upload files to your post or pages or any other custom post types.",93957,3,"2024-12-31T09:40:00.000Z","6.7.5","2.0.2",[20,21,129,130,24],"file","file-attachment","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-post-type-pdf-attachment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-post-type-pdf-attachment.3.4.6.zip",69,"2025-09-29 00:00:00",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":145,"num_ratings":146,"last_updated":147,"tested_up_to":148,"requires_at_least":149,"requires_php":18,"tags":150,"homepage":154,"download_link":155,"security_score":96,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"media-vault","Media Vault","0.8.12","Max GJ Panas","https:\u002F\u002Fprofiles.wordpress.org\u002Fmax-gjp\u002F","\u003Ch4>Protected Attachment Files\u003C\u002Fh4>\n\u003Cp>Media Vault cordons off a section of your WordPress uploads folder and secures it, protecting all files within by passing requests for them through a \u003Cem>powerful, flexible and completely customizable\u003C\u002Fem> set of permission checks.\u003C\u002Fp>\n\u003Cp>After activating the plugin, to protect attachment files with Media Vault you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>use the \u003Cem>Media Uploader admin page\u003C\u002Fem> to upload new protected attachments,\u003C\u002Fli>\n\u003Cli>use the \u003Cem>Media Vault metabox\u003C\u002Fem> to toggle file protection on the ‘Edit Media’ admin page,\u003C\u002Fli>\n\u003Cli>use the the \u003Cem>Media Vault Protection Settings\u003C\u002Fem> fields in the new Media Modal, or, \u003C\u002Fli>\n\u003Cli>using \u003Cem>bulk actions\u003C\u002Fem> in your Media Library page, you can change file protection on multiple pre-existing attachments at once.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default the only permission check that the plugin does on media files is that the user requesting them be logged in. You can change this \u003Cem>default\u003C\u002Fem> behavior from the ‘Media Settings’ page in the ‘Settings’ menu of the WordPress Admin. You can also change the restrictions set on attachments on an individual basis by means of either the Media Vault metabox on the ‘Edit Media’ page or the Media Vault Protection Settings fields in the new Media Modal.\u003C\u002Fp>\n\u003Cp>You can also write your own custom restrictions using the \u003Ccode>mgjp_mv_add_permission()\u003C\u002Fcode> function. See \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Frestrict-only-for-subscribers?replies=5\" rel=\"ugc\">this support question\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Ch4>Safe Download Links\u003C\u002Fh4>\n\u003Cp>Creating a cross-browser compatible download link for a file is a harder task than might be expected. Media Vault handles this for you, and it does so while preserving all the file security features discussed earlier like blocking downloads to people who should not have access to the file.\u003C\u002Fp>\n\u003Cp>The download links are available through a simple shortcode that you can use in your post\u002Fpage editor screen:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[mv_dl_links ids=\"1,2,3\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>where ‘ids’ are the comma separated list of attachment ids you would like to make available for download in the list.\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> Plugin comes with styles ready for WordPress 3.8+!\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem>  \u003Cstrong>Now supports WordPress MultiSite!\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect attachment files from direct access using powerful and flexible restrictions. Offer safe download links for any file in your uploads folder.",800,17132,88,27,"2014-02-18T16:48:00.000Z","3.7.41","3.5.0",[72,151,22,152,153],"downloads","protection","security","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-vault\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-vault.0.8.12.zip",{"attackSurface":157,"codeSignals":179,"taintFlows":186,"riskAssessment":187,"analyzedAt":193},{"hooks":158,"ajaxHandlers":175,"restRoutes":176,"shortcodes":177,"cronEvents":178,"entryPointCount":29,"unprotectedCount":29},[159,166,171],{"type":160,"name":161,"callback":162,"priority":163,"file":164,"line":165},"filter","media_row_actions","media_row_action",10,"lh-copy-media-file.php",138,{"type":167,"name":168,"callback":169,"file":164,"line":170},"action","admin_init","duplicate_file_v2",139,{"type":167,"name":172,"callback":173,"file":164,"line":174},"plugins_loaded","plugin_init",164,[],[],[],[],{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":183,"fileOperations":29,"externalRequests":113,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":185},[],{"prepared":29,"raw":29,"locations":182},[],{"escaped":124,"rawEcho":29,"locations":184},[],[],[],{"summary":188,"deductions":189},"The static analysis of the \"lh-copy-media-file\" plugin version 1.11 reveals a generally strong security posture, with no identified dangerous functions, all SQL queries using prepared statements, and all output properly escaped.  Furthermore, the plugin exhibits a limited attack surface, with zero AJAX handlers, REST API routes, shortcodes, or cron events.  This indicates good development practices in minimizing potential entry points. The presence of one external HTTP request and one nonce check suggests some interaction with external resources or internal WordPress security mechanisms, which is generally acceptable. Taint analysis shows no critical or high severity issues, reinforcing the internal code safety.\n\nHowever, the plugin's vulnerability history presents a significant concern. A single known CVE exists, and while it is currently patched, its past occurrence and classification as improper neutralization of input during web page generation (Cross-site Scripting) is a notable pattern. While the current version may be secure, this historical incident suggests a potential for vulnerabilities of this type, especially if future updates introduce new features or modifications without rigorous security testing. The plugin's strengths lie in its clean code practices and minimal attack surface, but the historical XSS vulnerability warrants continued vigilance. Overall, the current version appears safe based on the static analysis, but the past vulnerability history should not be overlooked.",[190],{"reason":191,"points":192},"Known CVE in history",15,"2026-03-16T19:15:40.563Z",{"wat":195,"direct":200},{"assetPaths":196,"generatorPatterns":197,"scriptPaths":198,"versionParams":199},[],[],[],[],{"cssClasses":201,"htmlComments":203,"htmlAttributes":204,"restEndpoints":206,"jsGlobals":207,"shortcodeOutput":208},[202],"lh_copy_media_file_link",[],[205],"data-lh-copy-media-file-hander-postid",[],[],[]]