[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuOEszq6qukhPxRjz9TUxKEDunSrla5TChUJ35NE1EWU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":131,"fingerprints":228},"media-checkboard","Media Checkerboard","1.1.1","Diego Betto","https:\u002F\u002Fprofiles.wordpress.org\u002Fagm65\u002F","\u003Cp>Simple plugin that renders a checkerboard under PNG and GIF images so you can see alpha channel\u003C\u002Fp>\n","Simple backend plugin that renders a checkerboard under PNG and GIF images so you can see alpha channel",10,1845,100,1,"2015-12-07T12:14:00.000Z","4.2.39","3.9","",[20,21,22,23,24],"checkerboard","gif","media","png","transparency","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-checkboard.1.1.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"agm65",30,84,"2026-04-04T21:17:50.661Z",[37,59,78,98,116],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":57,"download_link":58,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"compress-png-for-wp","Compress PNG for WP","1.3.5","geckodesigns","https:\u002F\u002Fprofiles.wordpress.org\u002Fgeckodesigns\u002F","\u003Cp>Compress PNG for WP allows users to shrink JPEG\u002FPNG files using the TinyPNG API. Files can be automatically resized when uploaded as well as manually resized in the Media Library.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>v1.3 Added Support for JPEG Compression via TinyJPEG, Works the same way as PNG files.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How to use Compress PNG for WP\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Visit ‘Settings > Media’ from the admin dashboard.\u003C\u002Fli>\n\u003Cli>Insert your TinyPNG API key and save changes. If you do not yet have a key, get one from \u003Ca href=\"https:\u002F\u002Ftinypng.com\u002Fdevelopers\" rel=\"nofollow ugc\">TinyPNG\u003C\u002Fa>. You can also select to auto compress on upload as well as which additional image sizes will be compressed from this page.\u003C\u002Fli>\n\u003Cli>Start uploading JPEG\u002FPNG files and they will be automatically resized (if you have chosen to allow auto shrinking on upload in the ‘Settings > Media’ page).\u003C\u002Fli>\n\u003Cli>Visit ‘Media > Library’ to see information on your resized files or to manually resize existing JPEG\u002FPNG files.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more information view our \u003Ca href=\"https:\u002F\u002Fwww.geckodesigns.com\u002Fservices\u002Fwebsite-design\u002Fwebsite-plugins\u002Fcompress-png-plugin-wordpress\u002F\" rel=\"nofollow ugc\">Compress PNG for WP page\u003C\u002Fa>.\u003C\u002Fp>\n","Compress PNG files using the TinyPNG API.",200,18648,90,13,"2015-01-21T19:58:00.000Z","4.1.42","3.0.1",[53,54,22,55,56],"image","images","tinyjpeg","tinypng","http:\u002F\u002Fwww.geckodesigns.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcompress-png-for-wp.1.3.5.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":27,"num_ratings":27,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":76,"download_link":77,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-unitpngfix","Wp-UnitPNGfix","0.2.2","Vinnie","https:\u002F\u002Fprofiles.wordpress.org\u002Fnemovrusso\u002F","\u003Cp>This plugin includes the \u003Ccode>unitpngfix.js\u003C\u002Fcode> javascript file if the browser is IE6 or lower. In plain words, it implements the solution for the PNG trasparency provided by Unit Interactive Labs (http:\u002F\u002Flabs.unitinteractive.com\u002Funitpngfix.php). It works on img objects and background-image attributes.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.\u003Cbr \u002F>\nThis program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details.\u003Cbr \u002F>\nYou should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA 02111-1307, USA.\u003C\u002Fp>\n","This plugin includes the unitpngfix.js javascript file if the browser is IE6 or lower. In plain words, it implements the solution for the PNG traspare &hellip;",70,10816,"2019-10-23T10:24:00.000Z","2.6","2.0",[73,74,75,23,24],"filter","fix","ie6","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-unitpngfix\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-unitpngfix.0.2.2.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":47,"num_ratings":88,"last_updated":18,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":95,"download_link":96,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":97},"atec-webp","atec WebP","1.1.29","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>atec-WebP works automatically, no configuration required.\u003Cbr \u002F>\nJust install, activate and switch on the “WebP active” option. That’s all.\u003C\u002Fp>\n\u003Cp>Most other image optimization plugins (such as Smush or LiteSpeed) use batch conversion.\u003Cbr \u002F>\nThese plugins convert ALL images in the upload folder, including thumbnails.\u003Cbr \u002F>\nThis is not necessary, as some of these images might never be requested.\u003Cbr \u002F>\natec-WebP works “on demand”, it converts images only when requested. This saves disk space.\u003C\u002Fp>\n\u003Cp>In case you are using a CDN the rewrite rules to serve .webp files will not be effective – unless you exclude image files from caching.\u003Cbr \u002F>\nPlease check the response header to see whether .webp files are actually handled by your server – or delivered by a CDN.\u003C\u002Fp>\n\u003Ch3>Specifications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Supports IMG_WEBP_LOSSLESS quality.\u003C\u002Fli>\n\u003Cli>Supports BMP, GIF, PNG & JPEG image format.\u003C\u002Fli>\n\u003Cli>Supports transparent GIF & PNG files (plus BMP with ImageMagick).\u003C\u002Fli>\n\u003Cli>Unsupported files (like animated GIFs and transparent BMP with GD-extension) will be skipped automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>atec-WebP requires write permission for the \u002F.htaccess file and a webserver that supports rewrite rules (mod_rewrite).\u003Cbr \u002F>\nRewrite rules will be added to the .htaccess file only if you check the “WebP active” option.\u003Cbr \u002F>\nThe rules will be deleted if you uncheck the option or deactivate the plugin.\u003C\u002Fp>\n\u003Cp>Image requests will be redirected to their WebP counterpart, if the WebP version exists, otherwise the request will be redirected to a script in the .\u002Fuploads\u002Fatec-webp folder. The script converts image files to *.Xwebp.webp files in their respective folder. There will be no extra folders for the converted images, so everythings stays in place. However you can still delete the convert files at any time, as they are easily identified by their .Xwebp.webp extension.\u003C\u002Fp>\n\u003Cp>atec-WebP dashboard also provides a feature to delete these files, with no impact on the original files.\u003C\u002Fp>\n\u003Ch3>Attention\u003C\u002Fh3>\n\u003Cp>DO NOT disallow script execution in wp-content\u002Fuplods folder by a “deny from all” rule, because the conversion script resides in the wp-content\u002Fuplods\u002Fatec-webp.\u003C\u002Fp>\n\u003Ch3>3rd party scripts\u003C\u002Fh3>\n\u003Cp>The plugin uses “basicLightbox” to preview images.\u003Cbr \u002F>\nSource code @ https:\u002F\u002Fgithub.com\u002Felecterious\u002FbasicLightbox\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Ch3>Integrity check\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Ch3>atec-WebP and Cloudflare compatibility\u003C\u002Fh3>\n\u003Cp>The plugin does not replace image files in the media library nor does it alter the image attachments in pages or posts.\u003Cbr \u002F>\nIt works by serving .webp images instead of other images formats by converting those images in the uploads folder and rewriting requests to the original image by the use of .htaccess rewrite rules.\u003Cbr \u002F>\nFor the plugin to be in effect, the browser must send an ‘accept’ header that includes the ‘image\u002Fwebp’ mime type.\u003Cbr \u002F>\nHowever, if you use cloudflare, the cloudflare crawler will not send this header, thus the redirect script will not run the rewrite rule.\u003Cbr \u002F>\nAs a result, the crawler will get the original image and atec-WebP is not interfere.\u003C\u002Fp>\n\u003Ch3>atec-WebP and LiteSpeed web-server compatibility\u003C\u002Fh3>\n\u003Cp>LiteSpeed support for .htaccess files depends on the web-server configuration. LiteSpeed must reload the .htaccess after it has been altered by atec-WebP. It can take several minutes for the changes to have effect.\u003C\u002Fp>\n","Auto convert all BMP, GIF, PNG & JPEG images into the much better WebP format. Supports the GD & ImageMagick libraries.",50,4518,2,"6.9.4","4.9","7.4",[93,21,94],"auto-convert-all-bmp","png-jpeg-images-into-the-much-better-webp-format-supports-the-gd-imagemagick-libraries","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-webp.1.1.29.zip","2026-03-15T10:48:56.248Z",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":11,"downloaded":106,"rating":27,"num_ratings":27,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":18,"download_link":115,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"andw-image-control","andW Image Control","0.5.1","yasuo3o3","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasuo3o3\u002F","\u003Cp>andW Image Control extends WordPress image processing capabilities with comprehensive media management features.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom JPEG Quality:\u003C\u002Fstrong> Set different JPEG quality levels for each image size\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PNG to JPEG Conversion:\u003C\u002Fstrong> Automatic conversion during upload with quality control\u003C\u002Fli>\n\u003Cli>\u003Cstrong>8 Custom Image Sizes:\u003C\u002Fstrong> Pre-configured sizes (360px, 480px, 600px, 720px, 960px, 1200px, 1440px, 1920px)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Media Library:\u003C\u002Fstrong> MIME type labels and improved UI\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure SVG Support:\u003C\u002Fstrong> Upload SVG files with comprehensive security sanitization\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Standards Compliance:\u003C\u002Fstrong> Follows WordPress coding and security standards\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is designed for developers and site administrators who need precise control over image processing and media management.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>日本語説明:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>andW Image Control は WordPress の画像処理を拡張するプラグインです。JPEG品質のカスタマイズ、PNG\u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>JPEG自動変換、独自画像サイズ管理、SVG対応、メディアライブラリUI拡張を提供します。\u003C\u002Fp>\n","Advanced media control plugin with JPEG quality, PNG conversion, SVG safety, and custom image sizes.",159,"2025-10-23T03:04:00.000Z","6.8.5","6.0","8.1",[112,113,114,22,23],"compression","image-quality","jpeg","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fandw-image-control.0.5.1.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":11,"downloaded":124,"rating":27,"num_ratings":27,"last_updated":125,"tested_up_to":126,"requires_at_least":119,"requires_php":18,"tags":127,"homepage":18,"download_link":130,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"disallow-png","Disallow PNG","1.0","dpoakaspine","https:\u002F\u002Fprofiles.wordpress.org\u002Fdpoakaspine\u002F","\u003Cp>Disallows PNG files. Usefor for multi-user environments with restrictive file settings and performance oriented sites.\u003C\u002Fp>\n","Disallows PNG files. Usefor for multi-user environments with restrictive file settings and performance oriented sites.",1251,"2016-09-29T08:54:00.000Z","4.6.30",[128,53,22,23,129],"admin","upload","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisallow-png.zip",{"attackSurface":132,"codeSignals":147,"taintFlows":170,"riskAssessment":214,"analyzedAt":227},{"hooks":133,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":146,"entryPointCount":27,"unprotectedCount":27},[134,140],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","admin_head","addCss","checkboard.php",58,{"type":135,"name":141,"callback":142,"file":138,"line":47},"admin_menu","checkerboard_admin_actions",[],[],[],[],{"dangerousFunctions":148,"sqlUsage":149,"outputEscaping":151,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":169},[],{"prepared":27,"raw":27,"locations":150},[],{"escaped":27,"rawEcho":152,"locations":153},7,[154,157,159,161,163,165,167],{"file":138,"line":155,"context":156},36,"raw output",{"file":138,"line":158,"context":156},67,{"file":138,"line":160,"context":156},69,{"file":138,"line":162,"context":156},71,{"file":138,"line":164,"context":156},72,{"file":138,"line":166,"context":156},73,{"file":138,"line":168,"context":156},75,[],[171,188],{"entryPoint":172,"graph":173,"unsanitizedCount":14,"severity":187},"checkerboard_admin (checkboard.php:61)",{"nodes":174,"edges":184},[175,179],{"id":176,"type":177,"label":178,"file":138,"line":160},"n0","source","$_SERVER['REQUEST_URI']",{"id":180,"type":181,"label":182,"file":138,"line":160,"wp_function":183},"n1","sink","echo() [XSS]","echo",[185],{"from":176,"to":180,"sanitized":186},false,"medium",{"entryPoint":189,"graph":190,"unsanitizedCount":212,"severity":213},"\u003Ccheckboard> (checkboard.php:0)",{"nodes":191,"edges":208},[192,194,198,202,204,206],{"id":176,"type":177,"label":193,"file":138,"line":48},"$_POST (x3)",{"id":180,"type":181,"label":195,"file":138,"line":196,"wp_function":197},"update_option() [Settings Manipulation]",14,"update_option",{"id":199,"type":177,"label":200,"file":138,"line":201},"n2","$_POST (x4)",16,{"id":203,"type":181,"label":182,"file":138,"line":155,"wp_function":183},"n3",{"id":205,"type":177,"label":178,"file":138,"line":160},"n4",{"id":207,"type":181,"label":182,"file":138,"line":160,"wp_function":183},"n5",[209,210,211],{"from":176,"to":180,"sanitized":186},{"from":199,"to":203,"sanitized":186},{"from":205,"to":207,"sanitized":186},8,"low",{"summary":215,"deductions":216},"The \"media-checkboard\" v1.1.1 plugin exhibits a mixed security posture. On the positive side, it has no recorded CVEs and reports zero external HTTP requests, file operations, or SQL queries executed without prepared statements. This indicates a potentially well-contained plugin in these common vulnerability areas.\n\nHowever, significant concerns arise from the static analysis. The plugin has a complete lack of authorization checks (capability checks and nonce checks) for any potential entry points. While the current attack surface appears minimal (0 AJAX, 0 REST API, etc.), this is a major weakness. Crucially, 100% of outputs are not properly escaped, posing a high risk of Cross-Site Scripting (XSS) vulnerabilities if any user-provided data is ever displayed. Furthermore, the taint analysis reveals flows with unsanitized paths, which, even without critical or high severity reported in this specific analysis, suggests a potential for path traversal or local file inclusion if the plugin were to interact with the filesystem or URLs in the future.\n\nThe absence of any vulnerability history is a strength, suggesting the plugin has not been a target for known exploits. However, combined with the significant code-level weaknesses (especially unescaped output and lack of authorization), this might indicate it hasn't been thoroughly tested or subjected to public scrutiny that would uncover such issues. The overall recommendation is cautious, advising immediate attention to output escaping and authorization mechanisms.",[217,220,222,225],{"reason":218,"points":219},"100% of outputs are not properly escaped",15,{"reason":221,"points":11},"No capability checks found",{"reason":223,"points":224},"No nonce checks found",5,{"reason":226,"points":152},"Flows with unsanitized paths found","2026-03-17T00:38:21.217Z",{"wat":229,"direct":235},{"assetPaths":230,"generatorPatterns":232,"scriptPaths":233,"versionParams":234},[231],"\u002Fwp-content\u002Fplugins\u002Fmedia-checkboard\u002Fscript.js",[],[231],[],{"cssClasses":236,"htmlComments":240,"htmlAttributes":241,"restEndpoints":242,"jsGlobals":243,"shortcodeOutput":244},[237,238,239],"checkerboard_color1","checkerboard_color2","checkerboard_size",[],[],[],[],[]]