[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frm6ZDSeU9ul37-fLxm5Zy-d9eqgtUUqaaBGuU_HgSF0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":138,"fingerprints":235},"media-post-permalink","Media Post Permalink","0.1","Sami Ahmed Siddiqui","https:\u002F\u002Fprofiles.wordpress.org\u002Fsasiddiqui\u002F","\u003Cp>When Any media is uploaded in WordPress, by default wordpress creates the attachment(post) against it and set it’s permalink using the post name (media name).\u003C\u002Fp>\n\u003Cp>This plugin helps:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To add some prefix in all the Media\u002FAttachments when you added\u002Fupdated it.\u003C\u002Fli>\n\u003Cli>To add some suffix in all the Media\u002FAttachments when you added\u002Fupdated it.\u003C\u002Fli>\n\u003Cli>To add both prefix as well as suffix in all the Media\u002FAttachments when you added\u002Fupdated it.\u003C\u002Fli>\n\u003Cli>Remove Parent Post (Parent Post adds it’s permalink in the Media Permalink so, by this feature, None of the media would contains it’s parent post).\u003C\u002Fli>\n\u003Cli>Make the Permalinks User Friendly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Advantages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adding prefix\u002Fsuffix or both would help you to distinguish your attachment posts from the other posts.\u003C\u002Fli>\n\u003Cli>Your Media doesn’t reserve any permalink. Like, if you upload the image named services.png so, services permalink reserved by the Media\u002FAttachment Post. By using this plugin, it won’t happen anymore.\u003C\u002Fli>\n\u003Cli>Your Permalinks would be user Friendly. Underscore doesn’t be allowed anymore.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can define your own prefix and suffix from the settings page. By default, they are empty(Null). You can also choose whether you want to remove the Parent Post or not and whether you want the user-friendly Permalink or not.\u003C\u002Fp>\n","Media Post Permalink is simply the easiest solution to separate your media\u002Fattachment Permalinks.",100,3001,0,"2017-11-16T20:04:00.000Z","4.9.29","4.0","",[19,20,21,22,23],"attachment","image-permalink","media","permalink","video-permalink","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-post-permalink\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-post-permalink.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"sasiddiqui",7,115500,93,966,74,"2026-04-04T06:45:30.893Z",[39,59,77,96,116],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":32,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disable-media-permalink-by-hardweb-it","Disable Media Permalink by Hardweb.it","1.0","giangel84","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiangel84\u002F","\u003Cp>Completely disable the Media Permalink generated by WP.\u003Cbr \u002F>\nIt’s useful for websites who doesn’t need the attachment’s page, it reduce Cookiebot crawled pages and more over.\u003Cbr \u002F>\nIt’s easy to use, no options, just activate the plugin and it will work as expected.\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>If you like this plugin and want to support my work, you can make a donation at this address: https:\u002F\u002Fwww.paypal.com\u002Fdonate?hosted_button_id=DEFQGNU2RNQ4Y – Thank you very much!\u003C\u002Fp>\n","Completely disable the Media Permalink generated by WP.",1000,7902,82,"2026-03-04T15:49:00.000Z","6.9.4","6.0","7.4",[19,55,21,22,56],"images","remove-url","https:\u002F\u002Fhardweb.it\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-media-permalink-by-hardweb-it.1.0.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":69,"requires_at_least":70,"requires_php":17,"tags":71,"homepage":74,"download_link":75,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":76},"auto-url","Auto URL","1.4","dexxaye","https:\u002F\u002Fprofiles.wordpress.org\u002Fdexxaye\u002F","\u003Cp>\u003Cstrong>Now supports custom post types.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Auto URL generates customized permalinks according to post types, categories and tags.\u003C\u002Fp>\n\u003Cp>You can generate your own customized url for posts, pages and attachments by using different tokens.\u003C\u002Fp>\n\u003Cp>Your posts and pages will still be accessible via your old permalinks.\u003C\u002Fp>\n\u003Cp>WP 3.1 and up only. Beta version. Appreciate any feedback.\u003C\u002Fp>\n\u003Cp>How To Use:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>go to URL Patterns page(wp-admin\u002Fadmin.php?page=au-pattern) to set the patterns for post and page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>you can set patterns base on tags and categories\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>after you have set the patterns, click Bulk Generate URL to generate your custom url.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>to see generated urls, got to url page(wp-admin\u002Fadmin.php?page=au-url).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Screenshots: \u003Ca href=\"http:\u002F\u002Fwww.bunchacode.com\u002Fprogramming\u002Fauto-url\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.bunchacode.com\u002Fprogramming\u002Fauto-url\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Tested On: Firefox 5, Chrome 13, IE 7 and IE 8\u003C\u002Fp>\n\u003Cp>-Available Tokens-\u003C\u002Fp>\n\u003Cp>%id%\u003C\u002Fp>\n\u003Cp>The unique ID # of the post, for example 423\u003C\u002Fp>\n\u003Cp>%name%\u003C\u002Fp>\n\u003Cp>A sanitized version of the title of the post.\u003C\u002Fp>\n\u003Cp>%namepath%\u003C\u002Fp>\n\u003Cp>A sanitized version of the full title path of a page. Similar to %name% but shows the it’s\u003C\u002Fp>\n\u003Cp>title path which includes title of it’s parent. Only available to pages.\u003C\u002Fp>\n\u003Cp>%category%\u003C\u002Fp>\n\u003Cp>A sanitized version of the category name. Uses only the first category.\u003C\u002Fp>\n\u003Cp>%categories%\u003C\u002Fp>\n\u003Cp>A sanitized version of the all the category names.\u003C\u002Fp>\n\u003Cp>%categorypath%\u003C\u002Fp>\n\u003Cp>A sanitized version of the category path name.\u003C\u002Fp>\n\u003Cp>%blogname%\u003C\u002Fp>\n\u003Cp>A sanitized version of the blog name.\u003C\u002Fp>\n\u003Cp>%tag%\u003C\u002Fp>\n\u003Cp>A sanitized version of the tag name. Uses only the first tag\u003C\u002Fp>\n\u003Cp>%tags%\u003C\u002Fp>\n\u003Cp>A sanitized version of all the tag names.\u003C\u002Fp>\n\u003Cp>%author%\u003C\u002Fp>\n\u003Cp>A sanitized version of the author name.\u003C\u002Fp>\n\u003Cp>%year%\u003C\u002Fp>\n\u003Cp>The year of the post, four digits, for example 2004\u003C\u002Fp>\n\u003Cp>%monthnum%\u003C\u002Fp>\n\u003Cp>Month of the year, for example 05\u003C\u002Fp>\n\u003Cp>%day%\u003C\u002Fp>\n\u003Cp>Day of the month, for example 28\u003C\u002Fp>\n\u003Cp>%hour%\u003C\u002Fp>\n\u003Cp>Hour of the day, for example 15\u003C\u002Fp>\n\u003Cp>%minute%\u003C\u002Fp>\n\u003Cp>Minute of the hour, for example 43\u003C\u002Fp>\n\u003Cp>%second%\u003C\u002Fp>\n\u003Cp>Second of the minute, for example 33\u003C\u002Fp>\n","Auto URL generates customized permalinks according to post types, categories and tags",10,5803,"3.2.1","3.1",[19,21,22,72,73],"rewrite","url","http:\u002F\u002Fwww.bunchacode.com\u002Fprogramming\u002Fauto-url","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-url.1.4.zip","2026-03-15T10:48:56.248Z",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":11,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":52,"requires_php":90,"tags":91,"homepage":17,"download_link":95,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disable-media-pages","Disable Media Pages","4.0.0","joppuyo","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoppuyo\u002F","\u003Cp>Completely disable “attachment” pages created by WordPress.\u003C\u002Fp>\n\u003Cp>By default, WordPress creates a page for each of your attachments. This is can be undesirable because of two reasons:\u003C\u002Fp>\n\u003Ch3>Search engine optimization\u003C\u002Fh3>\n\u003Cp>Attachment pages don’t have any content, except an image, so they provide little value and can negatively affect your SEO because they are so-called \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fsearch\u002Fdocs\u002Fadvanced\u002Fguidelines\u002Fthin-content\" rel=\"nofollow ugc\">thin content\u003C\u002Fa>. Even worse, attachment pages may in some cases rank higher than your actual content pages which leads to a poor user experience.\u003C\u002Fp>\n\u003Ch3>Reserved slugs\u003C\u002Fh3>\n\u003Cp>Attachment pages can accidentally reserve slugs on your site. Let’s say you upload an image named \u003Cstrong>contact.jpeg\u003C\u002Fstrong>, an attachment page \u003Ccode>https:\u002F\u002Fexample.com\u002Fcontact\u003C\u002Fcode> is automatically created. If you then try to create a page named \u003Cstrong>Contact\u003C\u002Fstrong>, the URL for that page will be \u003Ccode>https:\u002F\u002Fexample.com\u002Fcontact-2\u003C\u002Fcode> which isn’t that great.\u003C\u002Fp>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cp>This plugin works by automatically setting all attachment slugs to an unique id, so they won’t conflict with your pages. If an attachment page is accessed, the plugin will set a 404 status code and display the “page not found” template.\u003C\u002Fp>\n\u003Cp>You can also mangle any existing attachment slugs so they won’t cause any issues in the future.\u003C\u002Fp>\n\u003Ch3>WP CLI support\u003C\u002Fh3>\n\u003Cp>The plugin supports WP CLI.\u003C\u002Fp>\n\u003Ch4>Mangle existing attachment slugs\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>wp disable-media-pages mangle\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Restore attachment slugs\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>wp disable-media-pages restore\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Note for WordPress 6.4\u003C\u002Fh3>\n\u003Cp>WordPress 6.4 includes \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2023\u002F10\u002F16\u002Fchanges-to-attachment-pages\u002F\" rel=\"nofollow ugc\">a new feature\u003C\u002Fa> that allows you to disable attachment pages. However, this feature redirects attachment pages to the file URL instead of returning a 404 error. To completely disable attachment pages, you should use this plugin instead. The WP 6.4 feature also does not fix the issue where attachment pages reserve slugs for pages.\u003C\u002Fp>\n\u003Cp>Also, there is not user interface to enable or disable media pages, they are automatically disabled for new sites but remain enabled for existing sites.\u003C\u002Fp>\n\u003Cp>Because of these issues, I recommend you to use this plugin instead of the built-in feature. The plugin will be updated in the foreseeable future, at least until attachment pages are completely removed from WordPress core and older WordPress versions are no longer in use.\u003C\u002Fp>\n\u003Ch3>Thanks\u003C\u002Fh3>\n\u003Cp>Special thanks to Greg Schoppe for \u003Ca href=\"https:\u002F\u002Fgschoppe.com\u002Fwordpress\u002Fdisable-attachment-pages\u002F\" rel=\"nofollow ugc\">his research\u003C\u002Fa> and inspiration that helped a lot with developing this plugin.\u003C\u002Fp>\n\u003Ch3>Support the plugin\u003C\u002Fh3>\n\u003Cp>Maintaining a WordPress plugin is a lot of work. If you like the plugin, please consider rating it on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-media-pages\u002Freviews\u002F#new-post\" rel=\"ugc\">WordPress.org\u003C\u002Fa>. You can also support me on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsponsors\u002Fjoppuyo\" rel=\"nofollow ugc\">GitHub sponsors\u003C\u002Fa>. Thank you!\u003C\u002Fp>\n\u003Cp>If you are interested, you can also check out my other WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustomizer-disabler\u002F\" rel=\"ugc\">Disable Customizer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-drop-cap\u002F\" rel=\"ugc\">Disable Drop Cap\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-image-aspect-ratio-crop\u002F\" rel=\"ugc\">ACF Image Aspect Ratio Crop\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Completely remove \"attachment\" pages for WordPress media. Improve SEO and prevent conflicts between page and image permalinks.",10000,86693,17,"2025-08-04T15:04:00.000Z","6.8.5","8.0",[19,92,93,21,94],"disable","hide","remove","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-media-pages.4.0.0.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":51,"requires_at_least":109,"requires_php":17,"tags":110,"homepage":114,"download_link":115,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"media-deduper","Media Deduper","1.5.9","cornershop","https:\u002F\u002Fprofiles.wordpress.org\u002Fcornershop\u002F","\u003Cp>Media Deduper will find and eliminate duplicate images and attachments from your WordPress media library. After installing, you’ll have a new “Manage Duplicates” option in your Media section.\u003C\u002Fp>\n\u003Cp>Before Media Deduper can identify duplicate assets, it will build an index of all the files in your media library, which can take some time. Once that’s done, however, Media Deduper automatically adds new uploads to its index, so you shouldn’t have to generate the index again.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need faster indexing? \u003Ca href=\"https:\u002F\u002Fwww.mediadeduper.com\u002F\" rel=\"nofollow ugc\">Check out Media Deduper Pro\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once up and running, Media Deduper provides you with a “Manage Duplicates” page listing all of your duplicate media files. The list makes it easy to see and delete duplicate files: delete one and its twin will disappear from the list because it’s then no longer a duplicate. Easy! By default, the list is sorted by file size, so you can focus on deleting the files that will free up the most space.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use this plugin at your own risk. The plugin developers are not responsible for any lost data or site issues as a result of using this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Media Deduper comes with a “Smart Delete” option that prevents a post’s Featured Image from being deleted, even if that image is found to be a duplicate elsewhere on the site.\u003C\u002Fp>\n\u003Cp>If a post has a featured image that’s a duplicate file, Smart Delete will re-assign that post’s image to an already-in-use copy of the image before deleting the duplicate so that the post’s appearance is unaffected. This feature only tracks Featured Images, and not images used in galleries, post bodies, shortcodes, meta fields, or anywhere else.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for more features? \u003Ca href=\"https:\u002F\u002Fwww.mediadeduper.com\u002F\" rel=\"nofollow ugc\">Media Deduper Pro\u003C\u002Fa> includes features for image fields from several popular plugins as well.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Note that duplicate identification is based on the data of the files themselves, not any titles, captions or other metadata you may have provided in the WordPress admin.\u003C\u002Fp>\n\u003Cp>Media Deduper can differentiate between 1.) media items that are duplicates because the media files they link to have the same data and 2.) those that actually point to the same data file, which can happen with a plugin like WP Job Manager or Duplicate Post.\u003C\u002Fp>\n\u003Cp>As with any plugin that can perform destructive operations on your database and\u002For files, using Media Deduper can result in permanent data loss if you’re not careful. \u003Cstrong>Back up your data before you try out Media Deduper! Please!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use this plugin at your own risk. The plugin developers are not responsible for any lost data or site issues as a result of using this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more support? \u003Ca href=\"https:\u002F\u002Fwww.mediadeduper.com\u002F\" rel=\"nofollow ugc\">Media Deduper Pro\u003C\u002Fa> includes dedicated support from Cornershop Creative.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>Media Deduper requires PHP 7.0 or later.\u003C\u002Fp>\n","Save disk space and bring some order to the chaos of your media library by removing and preventing duplicate files.",9000,169474,76,43,"2025-12-03T19:24:00.000Z","4.3",[111,112,21,113],"admin","attachments","upload","https:\u002F\u002Fwww.mediadeduper.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-deduper.1.5.9.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":53,"tags":131,"homepage":133,"download_link":134,"security_score":135,"vuln_count":136,"unpatched_count":13,"last_vuln_date":137,"fetched_at":28},"dx-delete-attached-media","DX Delete Attached Media","2.0.6","Mario Peshev","https:\u002F\u002Fprofiles.wordpress.org\u002Fnofearinc\u002F","\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fx51scLO71U0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>DX Delete Attached Media deletes all of the attached media files to your posts once they get deleted from the system. The standard core behavior deletes posts alone without taking care of related images. Now you can maintain your install and get rid of all solo attachments getting into your posts via the Media button and used nowhere else.\u003C\u002Fp>\n\u003Cp>\u003Cem>The plugin works with WooCommerce and Easy Digital Downloads.\u003C\u002Fem>\u003C\u002Fp>\n","Automatically deletes attached media from posts and custom post types added via the Media button.",4000,54695,98,28,"2023-12-19T08:51:00.000Z","6.3.8","4.5",[19,21,132],"post","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdx-delete-attached-media\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdx-delete-attached-media.2.0.6.zip",84,2,"2023-10-16 00:00:00",{"attackSurface":139,"codeSignals":160,"taintFlows":189,"riskAssessment":217,"analyzedAt":234},{"hooks":140,"ajaxHandlers":156,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":13,"unprotectedCount":13},[141,147,151],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","admin_menu","media_post_permalink_menu","admin\\class.media-post-permalink.php",18,{"type":142,"name":148,"callback":148,"file":149,"line":150},"init","media-post-permalink.php",57,{"type":152,"name":153,"callback":154,"file":149,"line":155},"filter","wp_insert_attachment_data","media_post_permalink_change_postname",116,[],[],[],[],{"dangerousFunctions":161,"sqlUsage":168,"outputEscaping":175,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":187,"bundledLibraries":188},[162,166],{"fn":163,"file":145,"line":164,"context":165},"unserialize",50,"$media_post_settings = unserialize( get_option('media_post_permalink_settings') );",{"fn":163,"file":149,"line":167,"context":165},70,{"prepared":13,"raw":136,"locations":169},[170,173],{"file":149,"line":171,"context":172},94,"$wpdb->get_results() with variable interpolation",{"file":149,"line":174,"context":172},99,{"escaped":13,"rawEcho":176,"locations":177},4,[178,181,183,185],{"file":145,"line":179,"context":180},80,"raw output",{"file":145,"line":182,"context":180},87,{"file":145,"line":184,"context":180},97,{"file":145,"line":186,"context":180},106,1,[],[190,209],{"entryPoint":191,"graph":192,"unsanitizedCount":13,"severity":208},"media_post_permalink_settings_page (admin\\class.media-post-permalink.php:32)",{"nodes":193,"edges":205},[194,199],{"id":195,"type":196,"label":197,"file":145,"line":198},"n0","source","$_POST",46,{"id":200,"type":201,"label":202,"file":145,"line":203,"wp_function":204},"n1","sink","update_option() [Settings Manipulation]",48,"update_option",[206],{"from":195,"to":200,"sanitized":207},true,"low",{"entryPoint":210,"graph":211,"unsanitizedCount":13,"severity":208},"\u003Cclass.media-post-permalink> (admin\\class.media-post-permalink.php:0)",{"nodes":212,"edges":215},[213,214],{"id":195,"type":196,"label":197,"file":145,"line":198},{"id":200,"type":201,"label":202,"file":145,"line":203,"wp_function":204},[216],{"from":195,"to":200,"sanitized":207},{"summary":218,"deductions":219},"The \"media-post-permalink\" plugin v0.1 exhibits a mixed security posture. While the static analysis indicates a very small attack surface with zero identified entry points and no known vulnerabilities historically, there are significant concerns within the code itself. The presence of the \"unserialize\" function is a critical red flag, as unserialization of untrusted data is a common vector for remote code execution. Furthermore, all SQL queries are executed without prepared statements, which opens the door to SQL injection vulnerabilities. The lack of proper output escaping on all identified outputs suggests a high risk of cross-site scripting (XSS) attacks.  Despite the lack of known vulnerabilities and a minimal attack surface, these code-level weaknesses represent substantial inherent risks that could be easily exploited if an attacker can influence the data being unserialized or injected into SQL queries, or if user-controlled data is outputted without sanitization. Developers should prioritize addressing these immediate code security issues.",[220,223,225,228,231],{"reason":221,"points":222},"Uses unserialize without proper checks",15,{"reason":224,"points":67},"SQL queries not using prepared statements",{"reason":226,"points":227},"No output escaping on any outputs",8,{"reason":229,"points":230},"No nonce checks found",5,{"reason":232,"points":233},"Only one capability check found",3,"2026-03-16T20:45:33.032Z",{"wat":236,"direct":244},{"assetPaths":237,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[238],"\u002Fwp-content\u002Fplugins\u002Fmedia-post-permalink\u002Fcss\u002Fadmin-style.min.css",[],[],[242,243],"media-post-permalink\u002Fstyle.css?ver=","media-post-permalink\u002Fscript.js?ver=",{"cssClasses":245,"htmlComments":247,"htmlAttributes":248,"restEndpoints":251,"jsGlobals":252,"shortcodeOutput":253},[246],"media-post-admin-table",[],[249,250],"id=\"media-post-permalink\"","id=\"post_prefic_name\"",[],[],[]]