[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feXTRPE66HiLsd1qja4qLWsqse4rNCfuLVpBnIpLHe64":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":37,"fingerprints":133},"nic-photo-editor","NIC Photo Editor","1.1","Kundan Yevale","https:\u002F\u002Fprofiles.wordpress.org\u002Fkundanyevale\u002F","\u003Cp>NIC Photo Editor develop by \u003Ca href=\"http:\u002F\u002Fwww.indianic.com\u002F\" rel=\"nofollow ugc\">IndiaNIC\u003C\u002Fa> allows us to create some absolutely amazing graphics on the web. Merge multiple image and convert in single image. Save your canvas image in media library and you can insert it in any location of your post or page.\u003C\u002Fp>\n\u003Cp>Objects can be easily flipped or rotate in any direction. Or locked in movement, scaling, etc.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Features\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>Ability to create transparent PNG image.\u003C\u002Fli>\n\u003Cli>Option to change canvas background color.\u003C\u002Fli>\n\u003Cli>Feature to re-size your canvas.\u003C\u002Fli>\n\u003Cli>Ability to set object size by scaling it OR by give width\u002Fheight of object.\u003C\u002Fli>\n\u003Cli>Feature to Bring Front or Send Back to any selected object of canvas area.\u003C\u002Fli>\n\u003Cli>Ability to delete any selected object.\u003C\u002Fli>\n\u003Cli>You can preview your image by View Image option.\u003C\u002Fli>\n\u003Cli>Save\u002FAdd your canvas image as media library post.\u003C\u002Fli>\n\u003Cli>No Need Of Knowledge of PHP, HTML or CSS. But for those having knowledge can easly modify or customize.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.indianic.com\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Visit Our Website\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>NOTE\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Admin area supported browsers.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Firefox 2+\u003C\u002Fli>\n\u003Cli>Safari 3+\u003C\u002Fli>\n\u003Cli>Opera 9.64+\u003C\u002Fli>\n\u003Cli>Chrome (all versions should work)\u003C\u002Fli>\n\u003Cli>IE9+\u003C\u002Fli>\n\u003C\u002Ful>\n","Merge multiple images on web page. Not need to open paint brush or other photo editor tools.",30,9951,100,3,"2014-01-20T06:00:00.000Z","3.7.41","3.2","",[20,21,22,23],"indianic-canvas-image","indianic-image-maker","indianic-merge-images","indianic-photo-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnic-photo-editor.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"kundanyevale",2,130,84,"2026-04-05T05:38:01.229Z",[],{"attackSurface":38,"codeSignals":76,"taintFlows":89,"riskAssessment":116,"analyzedAt":132},{"hooks":39,"ajaxHandlers":66,"restRoutes":72,"shortcodes":73,"cronEvents":74,"entryPointCount":75,"unprotectedCount":75},[40,46,50,54,58,62],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_menu","canvas_image_frame_admin_menu","canvas_image_frame.php",26,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_enqueue_scripts","canvas_image_frame_enqueue_styles",27,{"type":41,"name":51,"callback":52,"file":44,"line":53},"wp_print_scripts","canvas_image_frame_enqueue_scripts",28,{"type":41,"name":55,"callback":56,"file":44,"line":57},"admin_print_scripts","wp_gear_manager_admin_scripts",32,{"type":41,"name":59,"callback":60,"file":44,"line":61},"admin_print_styles","wp_gear_manager_admin_styles",33,{"type":41,"name":63,"callback":64,"file":44,"line":65},"init","register_photo_editor_frame",207,[67],{"action":68,"nopriv":69,"callback":70,"hasNonce":69,"hasCapCheck":69,"file":44,"line":71},"my_special_action",false,"save_canvas_ajax",29,[],[],[],1,{"dangerousFunctions":77,"sqlUsage":78,"outputEscaping":80,"fileOperations":14,"externalRequests":75,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":88},[],{"prepared":26,"raw":26,"locations":79},[],{"escaped":26,"rawEcho":32,"locations":81},[82,86],{"file":83,"line":84,"context":85},"add_image_frame.php",347,"raw output",{"file":44,"line":87,"context":85},144,[],[90,108],{"entryPoint":91,"graph":92,"unsanitizedCount":32,"severity":107},"save_canvas_ajax (canvas_image_frame.php:56)",{"nodes":93,"edges":105},[94,99],{"id":95,"type":96,"label":97,"file":44,"line":98},"n0","source","$_POST (x2)",61,{"id":100,"type":101,"label":102,"file":44,"line":103,"wp_function":104},"n1","sink","file_put_contents() [File Write]",66,"file_put_contents",[106],{"from":95,"to":100,"sanitized":69},"medium",{"entryPoint":109,"graph":110,"unsanitizedCount":32,"severity":107},"\u003Ccanvas_image_frame> (canvas_image_frame.php:0)",{"nodes":111,"edges":114},[112,113],{"id":95,"type":96,"label":97,"file":44,"line":98},{"id":100,"type":101,"label":102,"file":44,"line":103,"wp_function":104},[115],{"from":95,"to":100,"sanitized":69},{"summary":117,"deductions":118},"The \"nic-photo-editor\" plugin v1.1 presents a significant security risk due to its unprotected AJAX endpoint. While the plugin shows positive signs like the absence of dangerous functions and the use of prepared statements for SQL queries, the single entry point being an AJAX handler without any authentication or capability checks is a major concern. This makes it an easy target for attackers to trigger arbitrary actions or potentially exploit other weaknesses if they exist within that handler.\n\nThe static analysis also reveals a critical flaw in output escaping, with 0% of the total outputs being properly escaped. This means that any data processed or displayed through the plugin's outputs could be vulnerable to Cross-Site Scripting (XSS) attacks, allowing attackers to inject malicious scripts into the user's browser.\n\nNotably, the plugin has no recorded vulnerability history (CVEs). This could indicate good development practices or simply a lack of past scrutiny. However, it doesn't negate the clear and present dangers identified in the code analysis. The combination of an unprotected AJAX endpoint and unescaped outputs creates a high-risk profile for this plugin.",[119,122,125,128,130],{"reason":120,"points":121},"Unprotected AJAX handler",10,{"reason":123,"points":124},"Unescaped output",8,{"reason":126,"points":127},"No nonce checks on AJAX",5,{"reason":129,"points":127},"No capability checks",{"reason":131,"points":127},"Flows with unsanitized paths","2026-03-16T22:35:51.778Z",{"wat":134,"direct":145},{"assetPaths":135,"generatorPatterns":139,"scriptPaths":140,"versionParams":141},[136,137,138],"\u002Fwp-content\u002Fplugins\u002Fnic-photo-editor\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fnic-photo-editor\u002Fjs\u002Ffabric.js","\u002Fwp-content\u002Fplugins\u002Fnic-photo-editor\u002Fjs\u002Fjscolor.js",[],[137,138],[142,143,144],"nic-photo-editor\u002Fcss\u002Fstyle.css?ver=","nic-photo-editor\u002Fjs\u002Ffabric.js?ver=","nic-photo-editor\u002Fjs\u002Fjscolor.js?ver=",{"cssClasses":146,"htmlComments":147,"htmlAttributes":148,"restEndpoints":149,"jsGlobals":150,"shortcodeOutput":153},[],[],[],[],[151,152],"canvas_image_frame_options","canvas_image_frame_options2",[]]