[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMXl4-y0qFaog8HeSI7Cha2chS2wI5AwqDcx76lEONlE":3,"$fQtDdUdSfqPF5cBpUnTV7hcRh5K7_Ncv6G8B01xWmsIs":206,"$f9FTK4tf8OM5VZroOs_1Y3Ay6kg52g3zXZS4SrEkg5ns":211},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":48,"crawl_stats":36,"alternatives":56,"analysis":158,"fingerprints":193},"media-author","Media Author","1.0.4","John Luetke","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnl1479\u002F","\u003Cp>Allows you to change the author of a piece of media by adding a drop-down list of all your blog’s users to the “Edit Attachment” screen in the Media Library.\u003C\u002Fp>\n","Allows you to change the author of a piece of media",100,5480,2,"2013-01-19T03:41:00.000Z","3.4.2","2.8.6","",[19,20,21,22],"attachment","author","media","post","http:\u002F\u002Fwordpress.com\u002Fextend\u002Fplugins\u002Fmedia-author","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-author.1.0.4.zip",63,1,"2025-09-05 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":36,"patch_diff_files":45,"patch_trac_url":36,"research_status":36,"research_verified":46,"research_rounds_completed":47,"research_plan":36,"research_summary":36,"research_vulnerable_code":36,"research_fix_diff":36,"research_exploit_outline":36,"research_model_used":36,"research_started_at":36,"research_completed_at":36,"research_error":36,"poc_status":36,"poc_video_id":36,"poc_summary":36,"poc_steps":36,"poc_tested_at":36,"poc_wp_version":36,"poc_php_version":36,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":46,"poc_model_used":36,"poc_verification_depth":36},"CVE-2025-58841","media-author-missing-authorization","Media Author \u003C= 1.0.4 - Missing Authorization","The Media Author plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Author-level access and above, to perform an unauthorized action.",null,"\u003C=1.0.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Missing Authorization","2025-09-09 19:38:51",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F10724b12-fbe4-4da1-b3f5-157b2702996d?source=api-prod",[],false,0,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"johnl1479",3,120,78,30,79,"2026-05-20T08:02:51.960Z",[57,78,97,115,135],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":74,"download_link":75,"security_score":76,"vuln_count":13,"unpatched_count":47,"last_vuln_date":77,"fetched_at":28},"dx-delete-attached-media","DX Delete Attached Media","2.0.6","Mario Peshev","https:\u002F\u002Fprofiles.wordpress.org\u002Fnofearinc\u002F","\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fx51scLO71U0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>DX Delete Attached Media deletes all of the attached media files to your posts once they get deleted from the system. The standard core behavior deletes posts alone without taking care of related images. Now you can maintain your install and get rid of all solo attachments getting into your posts via the Media button and used nowhere else.\u003C\u002Fp>\n\u003Cp>\u003Cem>The plugin works with WooCommerce and Easy Digital Downloads.\u003C\u002Fem>\u003C\u002Fp>\n","Automatically deletes attached media from posts and custom post types added via the Media button.",4000,54918,98,28,"2023-12-19T08:51:00.000Z","6.3.8","4.5","7.4",[19,21,22],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdx-delete-attached-media\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdx-delete-attached-media.2.0.6.zip",84,"2023-10-16 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":11,"num_ratings":88,"last_updated":89,"tested_up_to":70,"requires_at_least":90,"requires_php":72,"tags":91,"homepage":94,"download_link":95,"security_score":96,"vuln_count":47,"unpatched_count":47,"last_vuln_date":36,"fetched_at":28},"autoremove-attachments","Autoremove Attachments","1.3.1","Polygon Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fpolygonthemes\u002F","\u003Cp>Autoremove Attachments helps you keep the Media Library clean by deleting all media files attached as child attachments to a post, page, or custom post type when the parent is deleted.\u003C\u002Fp>\n\u003Cp>By default, when you delete content from your website, regardless if it’s a post, a page, a product, or any kind of post type, WordPress keeps the media files previously associated with it, even if after the removal of your content they are not used anywhere else.\u003C\u002Fp>\n\u003Cp>Autoremove Attachments tries to solve this problem by automating the removal of all media files that have a child-parent relationship with the removed content. (so you don’t have to manually track and remove orphan files left on your server)\u003C\u002Fp>\n\u003Ch3>Important Considerations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A soft delete that places your post, page, or custom post type in Trash will not trigger the removal of its child attachments. The purge happens when you empty your trash.\u003C\u002Fli>\n\u003Cli>When you delete a post, page or custom post type, we try to determine if its child attachments are used anywhere else on your website. If they are, we do not remove them, to prevent broken links.\u003C\u002Fli>\n\u003Cli>The additional checks before the automatic removal can be disabled from the Media Settings for improved performance on large websites with thousands of posts and media files.\u003C\u002Fli>\n\u003Cli>The plugin only removes files tracked by WordPress. Some poorly coded themes generate additional thumbnail sizes that are not tracked by WordPress and this always leads to orphan files left on your server.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility and Third-Party Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\" rel=\"ugc\">WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-digital-downloads\" rel=\"ugc\">Easy Digital Downloads\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>All themes and plugins that do things the WordPress way\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you use a plugin to optimize and clean your database of revisions, trashed posts, etc, make sure you use one that relies on native WordPress functions to perform the maintenance tasks. We recommend \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-sweep\" rel=\"ugc\">WP-Sweep\u003C\u002Fa>.\u003C\u002Fp>\n","Remove child attachments when parent post, page or custom post type is deleted.",3000,35128,15,"2023-08-12T00:30:00.000Z","5.8",[19,92,21,93,22],"custom-post-type","page","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautoremove-attachments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautoremove-attachments.zip",85,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":67,"num_ratings":107,"last_updated":108,"tested_up_to":70,"requires_at_least":109,"requires_php":17,"tags":110,"homepage":113,"download_link":114,"security_score":96,"vuln_count":47,"unpatched_count":47,"last_vuln_date":36,"fetched_at":28},"bulk-change-media-author","Bulk Change Media Author","1.3.2","Ruslan Mikhno","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikhno\u002F","\u003Cp>This is a very simple plugin that allows you to bulk change author for media files.\u003C\u002Fp>\n\u003Cp>The action is added in the “List” view of the Media Library.\u003C\u002Fp>\n","Bulk change author for multiple media files, using the default WP Media Library.",2000,9874,8,"2023-08-31T18:53:00.000Z","4.7",[19,20,111,21,112],"bulk","upload","http:\u002F\u002Fwww.mikhno.org\u002Farticles\u002Fen\u002Ffiles\u002Fwp_bulk_change_media_author","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-change-media-author.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":105,"downloaded":123,"rating":76,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":17,"tags":128,"homepage":131,"download_link":132,"security_score":133,"vuln_count":13,"unpatched_count":47,"last_vuln_date":134,"fetched_at":28},"lh-add-media-from-url","LH Add Media From Url","1.30","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>This plugin allow you to grab image from remote url and save into your own word press media library. By doing so, you never worried if the remote image was removed by its owner. This also save you steps to download the image to local computer and upload again to your own WordPress. There is also a JavaScript bookmarklet that helps to automate the process if you are surfing the internet and find something you would like to add to the library\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically downloads and adds the file to the media library.\u003C\u002Fli>\n\u003Cli>After the uploading is successful, you are redirected to the edit screen\u003C\u002Fli>\n\u003Cli>Once the bookmarklet is installed you don’t even need to copy and paste a url (just navigate to the url and select the bookmark).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-add-media-from-url\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-add-media-from-url\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n","Upload files from an url to wordpress media library, either enter file urls in an onsite input box or click a bookmarklet.",37988,9,"2024-08-20T14:07:00.000Z","6.6.5","5.0",[19,129,130,21,22],"bookmarklet","download","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-add-media-from-url\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-add-media-from-url.zip",91,"2024-08-20 17:25:05",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":105,"downloaded":143,"rating":67,"num_ratings":144,"last_updated":145,"tested_up_to":146,"requires_at_least":147,"requires_php":148,"tags":149,"homepage":155,"download_link":156,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":157,"fetched_at":28},"wow-media-library-fix","Fix Media Library","2.0","wowpress.host","https:\u002F\u002Fprofiles.wordpress.org\u002Fwowpresshost\u002F","\u003Cp>Fix Media Library fixes inconsistency between wp-content\u002Fuploads folder and\u003Cbr \u002F>\ndatabase.\u003Cbr \u002F>\nFixes corrupted Media Library database records.\u003Cbr \u002F>\nDesigned to run smoothly against huge Media Libraries containing hundreds of thousands of images.\u003C\u002Fp>\n\u003Cp>Useful when:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Really old database is used and there are a lot of problems with Media Library found\u003C\u002Fli>\n\u003Cli>New thumbnail sizes are registered\u003C\u002Fli>\n\u003Cli>Some thumbnail sizes are not used anymore (theme change, upgrade), but image files are still exists\u003C\u002Fli>\n\u003Cli>There are Media Library entries present pointing to image files that don’t exist anymore\u003C\u002Fli>\n\u003Cli>Some entries in Media Library are not displayed, while image files are present (_wp_attachment_metadata meta field corrupted)\u003C\u002Fli>\n\u003Cli>There are a lot of images in wp-content\u002Fuploads folder that are no longer used\u003C\u002Fli>\n\u003Cli>There are duplicate attachments pointing to the same image file\u003C\u002Fli>\n\u003Cli>Images are used by website, but you can’t find them in Media Library\u003C\u002Fli>\n\u003Cli>You want to update attachments GUID fields containing old\u002Fstaging urls\u003C\u002Fli>\n\u003Cli>Detects major database corruptions affecting media library functionality\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>At \u003Ca href=\"https:\u002F\u002Fwowpress.host\u002F\" rel=\"nofollow ugc\">WowPress.host\u003C\u002Fa> company we regularly migrate very old databases and clean it up to make sure website using it is running smoothly. Those databases have all different kinds of inconsistencies collected during years or even decades of usage, and Media Library is the most common problematic piece of data here.\u003Cbr \u002F>\nThat plugin helps to solve most common problems related to Media Library data.\u003C\u002Fp>\n\u003Cp>We use a lot of open-source tools in our work, and therefore decided publish our own tools so that those can be used by the community too.\u003C\u002Fp>\n\u003Ch4>Need Help? Found A Bug? Want To Contribute Code?\u003C\u002Fh4>\n\u003Cp>Support for this plugin is provided via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwow-media-library-fix\" rel=\"ugc\">WordPress.org forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The source code for this plugin is available on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwowpress-host\u002Fwow-media-library-fix\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Paid support at \u003Ca href=\"https:\u002F\u002Fwowpress.host\u002Fprofessional-services\u002F\" rel=\"nofollow ugc\">WowPress.host\u003C\u002Fa>.\u003C\u002Fp>\n","Fix Media Library inconsistency between database and wp-content\u002Fuploads folder contents. Unused image files, broken media library entries, missing att …",37434,32,"2018-12-18T10:26:00.000Z","5.0.25","4.6","5.3",[150,151,152,153,154],"attachments","media-library","post-thumbnail","thumbnail","thumbnails","https:\u002F\u002Fwowpress.host\u002Fplugins\u002Fwow-","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwow-media-library-fix.2.0.zip","2025-12-12 00:00:00",{"attackSurface":159,"codeSignals":176,"taintFlows":183,"riskAssessment":184,"analyzedAt":192},{"hooks":160,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":47,"unprotectedCount":47},[161,168],{"type":162,"name":163,"callback":164,"priority":165,"file":166,"line":167},"filter","attachment_fields_to_save","media_author_plugin_save",5,"media_author.php",93,{"type":162,"name":169,"callback":170,"priority":165,"file":166,"line":171},"attachment_fields_to_edit","media_author_plugin_dropdown_2",94,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":180,"fileOperations":47,"externalRequests":47,"nonceChecks":47,"capabilityChecks":47,"bundledLibraries":182},[],{"prepared":47,"raw":47,"locations":179},[],{"escaped":47,"rawEcho":47,"locations":181},[],[],[],{"summary":185,"deductions":186},"The static analysis of the 'media-author' plugin v1.0.4 reveals a generally strong security posture, with no identified dangerous functions, all SQL queries using prepared statements, and all output being properly escaped. The absence of an attack surface and taint analysis findings further suggests that the core code implementation is robust against common code-level vulnerabilities.  However, the plugin has a history of known vulnerabilities, with one currently unpatched medium-severity CVE related to Missing Authorization. This indicates a recurring pattern where authorization checks might be insufficient or absent in certain scenarios, which could be exploited by authenticated users.",[187,189],{"reason":188,"points":88},"Currently unpatched medium severity CVE",{"reason":190,"points":191},"Potential for missing authorization in historical vulns",10,"2026-03-16T20:35:14.687Z",{"wat":194,"direct":199},{"assetPaths":195,"generatorPatterns":196,"scriptPaths":197,"versionParams":198},[],[],[],[],{"cssClasses":200,"htmlComments":201,"htmlAttributes":202,"restEndpoints":203,"jsGlobals":204,"shortcodeOutput":205},[],[],[],[],[],[],{"error":207,"url":208,"statusCode":209,"statusMessage":210,"message":210},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmedia-author\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":165,"versions":212},[213,219,227,235,243],{"version":6,"download_url":24,"svn_tag_url":214,"released_at":36,"has_diff":46,"diff_files_changed":215,"diff_lines":36,"trac_diff_url":216,"vulnerabilities":217,"is_current":207},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmedia-author\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmedia-author%2Ftags%2F1.0.3&new_path=%2Fmedia-author%2Ftags%2F1.0.4",[218],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":220,"download_url":221,"svn_tag_url":222,"released_at":36,"has_diff":46,"diff_files_changed":223,"diff_lines":36,"trac_diff_url":224,"vulnerabilities":225,"is_current":46},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-author.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmedia-author\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmedia-author%2Ftags%2F1.0.2&new_path=%2Fmedia-author%2Ftags%2F1.0.3",[226],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":228,"download_url":229,"svn_tag_url":230,"released_at":36,"has_diff":46,"diff_files_changed":231,"diff_lines":36,"trac_diff_url":232,"vulnerabilities":233,"is_current":46},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-author.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmedia-author\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmedia-author%2Ftags%2F1.0.1&new_path=%2Fmedia-author%2Ftags%2F1.0.2",[234],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":236,"download_url":237,"svn_tag_url":238,"released_at":36,"has_diff":46,"diff_files_changed":239,"diff_lines":36,"trac_diff_url":240,"vulnerabilities":241,"is_current":46},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-author.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmedia-author\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmedia-author%2Ftags%2F1.0&new_path=%2Fmedia-author%2Ftags%2F1.0.1",[242],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36},{"version":244,"download_url":245,"svn_tag_url":246,"released_at":36,"has_diff":46,"diff_files_changed":247,"diff_lines":36,"trac_diff_url":36,"vulnerabilities":248,"is_current":46},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-author.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmedia-author\u002Ftags\u002F1.0\u002F",[],[249],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":36}]