[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fP0VaIBdNfMk901Gy_JLSdvoZL6kHqRk-PcIcnRFzedc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":127,"fingerprints":245},"my-upload-images","My Upload Images","1.4.1","Mizuho Ogino","https:\u002F\u002Fprofiles.wordpress.org\u002Ffishpie\u002F","\u003Cp>This plugin create the metabox with the media uploader into any post types. In the metabox, You can drag images into any order you like. The IDs and the order of images will put on record in the customfield of your posts as array.\u003C\u002Fp>\n\u003Ch4>Attention\u003C\u002Fh4>\n\u003Cp>Available only for WordPress 4.0+.\u003C\u002Fp>\n","Create metabox with media uploader. It allows to upload and sort images in any post_type.",400,6109,100,2,"2017-03-14T09:03:00.000Z","4.7.32","4.0","",[20,21,22,23,24],"cms","custom-field","image","media-uploader","upload","http:\u002F\u002Fweb.contempo.jp\u002Fweblog\u002Ftips\u002Fp617","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-upload-images.1.4.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"fishpie",3400,30,84,"2026-04-04T07:10:48.804Z",[39,55,73,87,106],{"slug":40,"name":41,"version":42,"author":7,"author_profile":8,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":14,"last_updated":47,"tested_up_to":48,"requires_at_least":17,"requires_php":18,"tags":49,"homepage":53,"download_link":54,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"image-uploader-for-welcart","Image Uploader for Welcart","1.4.6","\u003Cp>As the name suggests it will create the metabox with the media uploader for Welcart. It allows user to upload and sort product images directory from each edit page. It would be suitable for a small webshop which is updated manually.\u003Cbr \u002F>\nBy uploading the image through the uploader, this plugin will rename a file to Welcart format.\u003C\u002Fp>\n\u003Ch4>Attension\u003C\u002Fh4>\n\u003Cp>Available only for WordPress 4.0+ and for ‘Welcart e-Commerce‘ plugin.\u003Cbr \u002F>\nIf using WordPress 4.5.4+, you need to install Welcart 1.9+ and Image Uploader 1.4+.\u003C\u002Fp>\n","Create metabox with image uploader for ‘Welcart e-Commerce’. It allows user to upload and sort images directory from each edit page.",3000,31249,"2020-02-13T05:58:00.000Z","5.3.21",[22,23,50,51,52],"uploader","welcart","welcart-e-commerce","http:\u002F\u002Fweb.contempo.jp\u002Fweblog\u002Ftips\u002Fp636","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-uploader-for-welcart.1.4.6.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":18,"download_link":71,"security_score":72,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"delete-unscaled-images","Delete Unscaled Images","1.2.4","swinggraphics","https:\u002F\u002Fprofiles.wordpress.org\u002Fswinggraphics\u002F","\u003Cp>WordPress 5.3 added \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2019\u002F10\u002F09\u002Fintroducing-handling-of-big-images-in-wordpress-5-3\u002F\" rel=\"nofollow ugc\">“big image handling”\u003C\u002Fa> that scales uploaded images to a maximum size of 2560 pixels for use on the website. WP adds “-scaled” to the full size image file name. The original, unscaled images are kept on the server. This can mean that many large images are stored on the server that aren’t ever actually going to be displayed on the website. In my case, users are uploading 15MB files from their cameras.\u003C\u002Fp>\n\u003Cp>After the scaled version and intermediate\u002Fthumbnail images are generated, the originals are no longer needed and just taking up storage space. \u003Cem>Delete Unscaled Images\u003C\u002Fem> will remove those unneeded files.\u003C\u002Fp>\n\u003Cp>First, original images are deleted immediately after the resized versions are created for all new uploads.\u003C\u002Fp>\n\u003Cp>Second, there is a bulk deletion tool in the Media submenu to process existing images.\u003C\u002Fp>\n","Deletes original image files if they have been resized",600,3529,5,"2024-04-15T21:59:00.000Z","6.5.8","5.3",[70,23],"images","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdelete-unscaled-images.1.2.4.zip",92,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":35,"downloaded":81,"rating":28,"num_ratings":28,"last_updated":82,"tested_up_to":67,"requires_at_least":17,"requires_php":18,"tags":83,"homepage":18,"download_link":86,"security_score":72,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"qbank-dam-connector","QBank Connector","1.1.1","QBank DAM","https:\u002F\u002Fprofiles.wordpress.org\u002Fqbank\u002F","\u003Cp>By using QBank’s Connector to WordPress you gain access to all your files in QBank that you can\u003Cbr \u002F>\npublish directly from WordPress without leaving their interface.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search and filter media\u003C\u002Fli>\n\u003Cli>Edit media\u003C\u002Fli>\n\u003Cli>Uploading and publishing\u003C\u002Fli>\n\u003Cli>Responsive design and multi-sites\u003C\u002Fli>\n\u003C\u002Ful>\n","Gain access to all your files in QBank that you can publish directly from Wordpress without leaving their interface.",4540,"2025-01-21T18:24:00.000Z",[84,22,70,85,23],"gallery","media-library","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqbank-dam-connector.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":28,"num_ratings":28,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":18,"download_link":105,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"image-photoroll-creator-for-photographers","Image Photoroll Creator For Photographers","1.5","CyberSpy","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberspy\u002F","\u003Cp>Plugin adds aditional buttons to media upload module:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Add alt text to all uploaded photos,\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Insert all photos into post at cursor position with clear markup.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Plugin adds aditional buttons to media upload module allowing of faster images edit and add to post.",10,2943,"2012-08-06T15:00:00.000Z","3.4.2","2.7",[101,102,23,103,104],"addon","automatic","one-button-add-all-images","photoroll","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-photoroll-creator-for-photographers.1.5.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":28,"downloaded":114,"rating":13,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":125,"download_link":126,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"additional-featured-images-and-media-uploader-anywhere","Additional Featured Images and Media Uploader Anywhere","1.0.0","metawebdevelopment","https:\u002F\u002Fprofiles.wordpress.org\u002Fmetawebdevelopment\u002F","\u003Cp>Add additional featured images to any post type and display using either a built in image gallery\u002Fslideshow shortcode or by using a single image shortcode. Most plugins or developers use the non Javasript API media uploader, which is notorious for being glitchy and slow.  This leverages the not well known WordPress Javascript API to mimic the built in media uploader.  Great for end users or developers.\u003C\u002Fp>\n","Add additional featured images to any post type and display using either a built in image gallery\u002Fslideshow shortcode or by using a single image short …",1029,1,"2020-08-21T05:21:00.000Z","5.5.18","5.4.2","7.0",[121,122,123,124,23],"additional-featured-image","additional-featured-images","featured-image","javascript-media-uploader","https:\u002F\u002Fmetawebdevelopment.com\u002Fproduct\u002Fadditional-featured-images-and-media-upload-anywhere\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadditional-featured-images-and-media-uploader-anywhere.zip",{"attackSurface":128,"codeSignals":161,"taintFlows":210,"riskAssessment":238,"analyzedAt":244},{"hooks":129,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":28,"unprotectedCount":28},[130,136,140,144,147,152,155],{"type":131,"name":132,"callback":133,"priority":95,"file":134,"line":135},"action","upgrader_process_complete","mui_upgrader_process_complete","my-upload-images.php",22,{"type":131,"name":137,"callback":138,"priority":115,"file":134,"line":139},"admin_menu","mui_admin_menu",23,{"type":131,"name":141,"callback":142,"priority":13,"file":134,"line":143},"save_post","mui_save_images",24,{"type":131,"name":145,"callback":142,"priority":13,"file":134,"line":146},"new_to_publish",25,{"type":131,"name":148,"callback":149,"priority":150,"file":134,"line":151},"wp_insert_post","mui_save_preview_postmeta",11,26,{"type":131,"name":153,"callback":154,"file":134,"line":27},"edit_form_after_title","mui_edit_form_after_title",{"type":131,"name":153,"callback":154,"file":134,"line":156},91,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":28,"externalRequests":28,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":209},[],{"prepared":28,"raw":28,"locations":164},[],{"escaped":166,"rawEcho":139,"locations":167},4,[168,171,173,175,177,179,181,183,184,186,188,190,192,194,196,198,200,201,202,203,204,205,207],{"file":134,"line":169,"context":170},118,"raw output",{"file":134,"line":172,"context":170},175,{"file":134,"line":174,"context":170},180,{"file":134,"line":176,"context":170},241,{"file":134,"line":178,"context":170},296,{"file":134,"line":180,"context":170},299,{"file":134,"line":182,"context":170},302,{"file":134,"line":182,"context":170},{"file":134,"line":185,"context":170},303,{"file":134,"line":187,"context":170},304,{"file":134,"line":189,"context":170},307,{"file":134,"line":191,"context":170},347,{"file":134,"line":193,"context":170},348,{"file":134,"line":195,"context":170},414,{"file":134,"line":197,"context":170},454,{"file":134,"line":199,"context":170},458,{"file":134,"line":199,"context":170},{"file":134,"line":199,"context":170},{"file":134,"line":199,"context":170},{"file":134,"line":199,"context":170},{"file":134,"line":199,"context":170},{"file":134,"line":206,"context":170},465,{"file":134,"line":208,"context":170},471,[],[211,230],{"entryPoint":212,"graph":213,"unsanitizedCount":28,"severity":229},"mui_options_page (my-upload-images.php:104)",{"nodes":214,"edges":226},[215,220],{"id":216,"type":217,"label":218,"file":134,"line":219},"n0","source","$_POST",115,{"id":221,"type":222,"label":223,"file":134,"line":224,"wp_function":225},"n1","sink","update_option() [Settings Manipulation]",117,"update_option",[227],{"from":216,"to":221,"sanitized":228},true,"low",{"entryPoint":231,"graph":232,"unsanitizedCount":28,"severity":229},"\u003Cmy-upload-images> (my-upload-images.php:0)",{"nodes":233,"edges":236},[234,235],{"id":216,"type":217,"label":218,"file":134,"line":219},{"id":221,"type":222,"label":223,"file":134,"line":224,"wp_function":225},[237],{"from":216,"to":221,"sanitized":228},{"summary":239,"deductions":240},"The plugin \"my-upload-images\" v1.4.1 exhibits a generally strong security posture based on the static analysis.  The absence of identified attack surface points like unprotected AJAX handlers, REST API routes, shortcodes, or cron events is a significant positive.  Furthermore, the code adheres to good practices regarding SQL queries, utilizing prepared statements exclusively, and the presence of nonce and capability checks indicates an effort to secure critical operations.  Taint analysis also shows no critical or high severity unsanitized flows, which is reassuring.\n\nHowever, a notable concern arises from the output escaping. With only 15% of the 27 identified outputs being properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. While no specific XSS vulnerabilities were flagged in the taint analysis, this high percentage of unescaped output represents a substantial potential attack vector that could be exploited if user-supplied data is not handled carefully in the remaining outputs. The lack of any recorded vulnerabilities in its history is positive, suggesting a history of stable security, but this should not overshadow the identified output escaping issues.\n\nIn conclusion, while the plugin has strengths in its limited attack surface and secure data handling for SQL, the widespread issue with output escaping presents a tangible risk that requires immediate attention. Addressing these unescaped outputs is crucial to prevent potential XSS attacks, even in the absence of historical vulnerability reports.",[241],{"reason":242,"points":243},"Low percentage of properly escaped output (15%)",8,"2026-03-16T19:46:08.545Z",{"wat":246,"direct":255},{"assetPaths":247,"generatorPatterns":250,"scriptPaths":251,"versionParams":252},[248,249],"\u002Fwp-content\u002Fplugins\u002Fmy-upload-images\u002Fcss\u002Fmui-style.css","\u002Fwp-content\u002Fplugins\u002Fmy-upload-images\u002Fjs\u002Fmui-script.js",[],[249],[253,254],"my-upload-images\u002Fcss\u002Fmui-style.css?ver=","my-upload-images\u002Fjs\u002Fmui-script.js?ver=",{"cssClasses":256,"htmlComments":257,"htmlAttributes":258,"restEndpoints":260,"jsGlobals":261,"shortcodeOutput":263},[],[],[259],"id=\"mui_images\"",[],[262],"mui_options",[]]