[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqN1xn5zE-Vo1gdqmumPc2LdQG_Bn3cbMY60-TCLCljw":3,"$fhN5Tcfw8SxL-NNisocpkFI6l0zun_kXbRM1uiVuc1nc":344,"$fYB-6F0eFa5Ag57_Lgsq5PuTa32u66xUgKWp9nSmKIMY":348},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":63,"crawl_stats":38,"alternatives":70,"analysis":180,"fingerprints":324},"nmr-strava-activities","NMR Strava activities","1.0.13","mirceatm","https:\u002F\u002Fprofiles.wordpress.org\u002Fmirceatm\u002F","\u003Cp>\u003Cstrong>NMR Strava activities\u003C\u002Fstrong> imports athlete activities into your WordPress site as soon as Strava records them—no slow polling. Data is stored locally; developers can react with actions and filters for custom workflows, leaderboards, or integrations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why webhooks?\u003C\u002Fstrong> Strava can \u003Ca href=\"https:\u002F\u002Fdevelopers.strava.com\u002Fdocs\u002Fwebhooks\u002F\" rel=\"nofollow ugc\">notify your site\u003C\u002Fa> when an activity is created or deleted. This plugin subscribes to those events, then fetches full activity details with OAuth and saves them to custom database tables.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You will need:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A \u003Ca href=\"https:\u002F\u002Fwww.strava.com\u002Fsettings\u002Fapi\" rel=\"nofollow ugc\">Strava API application\u003C\u002Fa> (Client ID and Client Secret)\u003C\u002Fli>\n\u003Cli>A page or post containing the \u003Cstrong>[strava_nmr]\u003C\u002Fstrong> shortcode; its URL must match \u003Cstrong>Redirect URI\u003C\u002Fstrong> in both Strava and this plugin’s settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Configure the plugin:\u003C\u002Fstrong> WordPress admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Strava NMR\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Strava client id\u003C\u002Fstrong> — from your Strava API application\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strava client secret\u003C\u002Fstrong> — from your Strava API application\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirect URI\u003C\u002Fstrong> — full URL of the page\u002Fpost where \u003Cstrong>[strava_nmr]\u003C\u002Fstrong> appears (must match Strava’s Authorization Callback Domain \u002F redirect settings)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Webhook callback url\u003C\u002Fstrong> — filled automatically; should look like \u003Ccode>https:\u002F\u002Fyoursite.com\u002Fwp-admin\u002Fadmin-ajax.php?action=nmr-strava-callback&\u003C\u002Fcode> (keep the trailing \u003Ccode>&\u003C\u002Fcode> if your copy includes it)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Verify token\u003C\u002Fstrong> — a secret string you choose; used when Strava validates your webhook subscription\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>After saving, use \u003Cstrong>Activate Strava Webhook\u003C\u002Fstrong>. On success, \u003Cstrong>Plugin status\u003C\u002Fstrong> shows something like: \u003Ccode>Strava webhook subscription id = 109463\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data and privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Activities and tokens are stored in your WordPress database. See \u003Cstrong>Privacy Notices\u003C\u002Fstrong> below. For GDPR or similar obligations, ensure your site policy explains this processing.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer hooks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When an activity is saved or removed, other code can listen:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>do_action('strava_nmr_activity_changed', 'update', $activity_data);\n\ndo_action('strava_nmr_activity_changed', 'delete', $payload);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Filter which activities are saved\u003C\u002Fstrong> using the activity type (single string, e.g. \u003Ccode>Run\u003C\u002Fcode>):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function nmr_example_save_only_runs( $activity_type ) {\n    if ( strcasecmp( 'Run', $activity_type ) === 0 || strcasecmp( 'VirtualRun', $activity_type ) === 0 ) {\n        return $activity_type;\n    }\n    return false;\n}\nadd_filter( 'nmr_strava_save_activity', 'nmr_example_save_only_runs' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Filter using the full Strava activity array\u003C\u002Fstrong> (return \u003Ccode>false\u003C\u002Fcode> to skip import):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'nmr_strava_save_activity_full', function ( $activity ) {\n    if ( ! empty( $activity['manual'] ) ) {\n        return false;\n    }\n    return $activity;\n} );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Supported Strava activity types include: AlpineSki, BackcountrySki, Canoeing, Crossfit, EBikeRide, Elliptical, Golf, Handcycle, Hike, IceSkate, InlineSkate, Kayaking, Kitesurf, NordicSki, Ride, RockClimbing, RollerSki, Rowing, Run, Sail, Skateboard, Snowboard, Snowshoe, Soccer, StairStepper, StandUpPaddling, Surfing, Swim, Velomobile, VirtualRide, VirtualRun, Walk, WeightTraining, Wheelchair, Windsurf, Workout, Yoga.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcodes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[strava_nmr]\u003C\u002Fcode> — OAuth connect flow (optional attributes for labels and \u003Ccode>require_login\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>\u003Ccode>[strava_nmr_connect]\u003C\u002Fcode> \u002F \u003Ccode>[strava_nmr_disconnect]\u003C\u002Fcode> — logged-in connect\u002Fdisconnect UI\u003C\u002Fli>\n\u003Cli>\u003Ccode>[strava_nmr_table top=\"100\"]\u003C\u002Fcode> — simple HTML table of stored activities (default limit 100)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Official listing\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Install from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnmr-strava-activities\u002F\" rel=\"ugc\">WordPress.org\u002Fplugins\u002Fnmr-strava-activities\u003C\u002Fa>. More info: \u003Ca href=\"https:\u002F\u002Fnamir.ro\u002Fstrava-activities\u002F\" rel=\"nofollow ugc\">Plugin URI\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If this plugin saves you time, consider \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fmirceatm\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Privacy Notices\u003C\u002Fh4>\n\u003Cp>This plugin stores data received from Strava—which may include personal information—in your site’s database. You are responsible for describing this in your privacy policy and for any consent or legal basis required in your jurisdiction.\u003C\u002Fp>\n","Sync Strava to WordPress in real time via webhooks. Local storage and developer hooks. Requires a Strava API app.",100,3138,1,"2026-04-15T21:02:00.000Z","6.8.5","5.2","",[19,20,21,22,23],"activities","fitness","import","strava","webhooks","https:\u002F\u002Fnamir.ro\u002Fstrava-activities\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.13.zip",98,2,0,"2026-05-07 21:24:20","2026-04-16T10:56:18.058Z","no_bundle",[33,50],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":29,"updated_date":45,"references":46,"days_to_patch":13,"patch_diff_files":48,"patch_trac_url":38,"research_status":38,"research_verified":49,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":49,"poc_model_used":38,"poc_verification_depth":38},"CVE-2026-5341","nmr-strava-activities-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes","NMR Strava activities \u003C= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes","The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `strava_nmr_connect` shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0.14","1.0.15","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-05-08 09:26:53",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7e033919-ca00-4789-8635-b4189e1499ef?source=api-prod",[],false,{"id":51,"url_slug":52,"title":53,"description":54,"plugin_slug":4,"theme_slug":38,"affected_versions":55,"patched_in_version":56,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61,"patch_diff_files":62,"patch_trac_url":38,"research_status":38,"research_verified":49,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":49,"poc_model_used":38,"poc_verification_depth":38},"CVE-2024-51603","nmr-strava-activities-authenticated-contributor-stored-cross-site-scripting","NMR Strava activities \u003C= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting","The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.0.7","1.0.8","2024-10-31 00:00:00","2025-01-14 15:31:53",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F34a5649c-8fb0-43ed-9b63-16c798280b75?source=api-prod",76,[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":64,"total_installs":65,"avg_security_score":66,"avg_patch_time_days":67,"trust_score":68,"computed_at":69},4,2100,90,39,81,"2026-05-20T07:50:02.186Z",[71,96,115,138,159],{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":66,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":92,"download_link":93,"security_score":66,"vuln_count":94,"unpatched_count":28,"last_vuln_date":95,"fetched_at":30},"all-in-one-wp-migration","All-in-One WP Migration and Backup","7.105","ServMask","https:\u002F\u002Fprofiles.wordpress.org\u002Fservmask\u002F","\u003Cp>\u003Cstrong>The Most Trusted WordPress Migration & Backup Plugin Since 2013\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All-in-One WP Migration is the gold standard for WordPress site migration and backup, used by over 60 million websites worldwide – from small blogs to Fortune 500 companies and government agencies. Whether you need to migrate WordPress to a new host, create a full site backup, or restore a previous backup, our plugin offers enterprise-grade reliability with beginner-friendly simplicity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Choose All-in-One WP Migration?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Effortless Migration\u003C\u002Fstrong>: Migrate your entire site with a single click – including database, media, themes, and plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Click Backup\u003C\u002Fstrong>: Create a complete WordPress backup before you migrate, so you can restore anytime\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Downtime\u003C\u002Fstrong>: Complete your migration with no service interruptions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal Compatibility\u003C\u002Fstrong>: Migrate between any hosting providers – from budget shared hosting to high-end dedicated servers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Technical Excellence\u003C\u002Fstrong>: Engineered for reliability with memory-efficient processing (512KB chunks), ideal for resource-limited environments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Technical Skills Required\u003C\u002Fstrong>: Intuitive interface lets anyone migrate or backup a WordPress site without technical expertise\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cross-Database Support\u003C\u002Fstrong>: Migrate seamlessly between MySQL, MariaDB, and SQLite databases\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure & Reliable\u003C\u002Fstrong>: Trusted by Boeing, NASA, Harvard, Stanford, Automattic, and government agencies worldwide\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How to Migrate WordPress – Simple as 1-2-3:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Install\u003C\u002Fstrong> the migration plugin on your source and destination sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup & Export\u003C\u002Fstrong> your site to a .wpress backup file with one click\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import & Migrate\u003C\u002Fstrong> using our drag-and-drop importer on your destination site\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>For Developers & Power Users:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Find & Replace\u003C\u002Fstrong>: Control exactly what changes when you migrate\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Selective Migration & Backup\u003C\u002Fstrong>: Include or exclude specific content types from your migration or backup\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP 5.3-8.4 Compatibility\u003C\u002Fstrong>: Works across virtually all hosting environments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom WPress Format\u003C\u002Fstrong>: Our optimized archive format ensures data integrity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hook System\u003C\u002Fstrong>: Extensive API for custom integration and workflows\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Command-Line Support\u003C\u002Fstrong>: Automate migrations and backups via WP-CLI\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Premium Extensions:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enhance your migration and backup workflow with our \u003Ca href=\"https:\u002F\u002Fservmask.com\u002Fproducts\" rel=\"nofollow ugc\">premium extensions\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unlimited Migration Size\u003C\u002Fstrong>: Migrate sites of any size with no file limits\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloud Backup & Migration\u003C\u002Fstrong>: Backup and migrate directly to\u002Ffrom Dropbox, Google Drive, OneDrive, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite Migration\u003C\u002Fstrong>: Migrate complex WordPress multisite networks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scheduled Backups\u003C\u002Fstrong>: Automated, recurring WordPress backups on your schedule\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Filtering\u003C\u002Fstrong>: Exclude specific tables or data from your migration or backup\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features Spotlight:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WCAG 2.1 AA Level accessibility compliance\u003C\u002Fli>\n\u003Cli>Mobile-responsive interface\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftraktor.servmask.com\" rel=\"nofollow ugc\">Browse WPRESS files online\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Ftraktor.wp-migration.com\" rel=\"nofollow ugc\">extract locally\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Automatic URL and path replacement during migration\u003C\u002Fli>\n\u003Cli>WordPress Playground integration – migrate between SQLite and MySQL\u003C\u002Fli>\n\u003Cli>Regular bi-weekly updates ensuring your backup and migration plugin stays compatible\u003C\u002Fli>\n\u003Cli>Available in 50+ languages including Japanese\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Trusted by the Government and Big Corporations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Many enterprise customers, government organizations, and universities use, love, and trust All-in-One WP Migration. Here are some: Boeing, NASA, VW, IBM, Harvard University, Stanford University, Lego, P&G, Automattic, State of California, State of Hawaii.\u003Cbr \u002F>\nThis broad adoption demonstrates how \u003Cstrong>safe, reliable and adaptable\u003C\u002Fstrong> this WordPress migration and backup plugin is for any website migration need.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Update Frequency:\u003C\u002Fstrong>\u003Cbr \u002F>\nOur team is dedicated to keeping this WordPress migration and backup plugin up-to-date and secure. We release updates every two weeks or at least once a month, ensuring your migration and backup workflows remain compatible with the latest WordPress versions, including beta releases. Our proactive testing and feedback to the WordPress core team help in preemptively addressing any potential issues, so you can always migrate and backup with confidence.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Full Compatibility and Support:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All-in-One WP Migration has been extensively tested and confirmed to be compatible with most WordPress plugins and themes, so you can migrate and backup without worrying about conflicts.\u003Cbr \u002F>\nThis means you don’t experience cross-plugin compatibility issues that can slow down or break your WordPress site when you migrate.\u003Cbr \u002F>\nAll-in-One WP Migration has partnered with multiple theme and plugin vendors to distribute their products with us as a single, easy-to-install migration and backup package.\u003Cbr \u002F>\nThese vendors trust our migration plugin to provide their customers with reliable product delivery, support, migrations, and backups.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cloud Storage Supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All-in-One WP Migration supports backup and migration to all major cloud storage services.\u003Cbr \u002F>\nThe plugin comes preinstalled on all Bitnami WordPress sites running on AWS, Google Compute Cloud, and Microsoft Azure – ready to migrate and backup out of the box.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Case Studies:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Small Business Migration: A small online retailer used All-in-One WP Migration to migrate to a more robust hosting solution, creating a full backup before the migration and completing the move without downtime during peak shopping season.\u003C\u002Fli>\n\u003Cli>Educational Migration: A prominent university utilized All-in-One WP Migration to migrate and consolidate multiple departmental sites into a single WordPress network, with automated backups ensuring no data was lost during migration.\u003C\u002Fli>\n\u003Cli>Government Migration: Following a directive to improve digital accessibility, a government agency used our migration plugin to migrate their content to a new, compliant platform without impacting public access to critical information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contact us\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fall-in-one-wp-migration\" rel=\"nofollow ugc\">Report a security vulnerability\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fservmask.com\u002Fhelp\" rel=\"nofollow ugc\">Get free help from us here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fservmask.com\u002Fhelp\" rel=\"nofollow ugc\">Report a bug or request a feature\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fservmask.com\" rel=\"nofollow ugc\">Find out more about us\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FBpWxCeUWBOk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmRp7qTFYKgs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>All-in-One WP Migration is designed to fully respect and protect the personal information of its users. It asks for your consent to collect the user’s email address when filling the plugin’s contact form.\u003Cbr \u002F>\nAll-in-One WP Migration is in full compliance with General Data Protection Regulation (GDPR).\u003Cbr \u002F>\nSee our \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fprivacy-policy\u002F946881\" rel=\"nofollow ugc\">GDPR Compliant Privacy Policy here\u003C\u002Fa>.\u003C\u002Fp>\n","Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.",5000000,177387432,7635,"2026-04-08T17:54:00.000Z","7.0","3.3","5.3",[87,88,89,90,91],"backup","clone","export-import","migrate","move-wordpress","https:\u002F\u002Fservmask.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-wp-migration.7.105.zip",13,"2025-08-26 10:28:31",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":15,"requires_at_least":16,"requires_php":109,"tags":110,"homepage":112,"download_link":113,"security_score":26,"vuln_count":13,"unpatched_count":28,"last_vuln_date":114,"fetched_at":30},"wordpress-importer","WordPress Importer","0.9.5","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>The WordPress Importer will import the following content from a WordPress export file:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Posts, pages and other custom post types\u003C\u002Fli>\n\u003Cli>Comments and comment meta\u003C\u002Fli>\n\u003Cli>Custom fields and post meta\u003C\u002Fli>\n\u003Cli>Categories, tags and terms from custom taxonomies and term meta\u003C\u002Fli>\n\u003Cli>Authors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For further information and instructions please see the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Farticle\u002Fimporting-content\u002F#wordpress\" rel=\"ugc\">documention on Importing Content\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>The importer has a couple of filters to allow you to completely enable\u002Fblock certain features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>import_allow_create_users\u003C\u002Fcode>: return false if you only want to allow mapping to existing users\u003C\u002Fli>\n\u003Cli>\u003Ccode>import_allow_fetch_attachments\u003C\u002Fcode>: return false if you do not wish to allow importing and downloading of attachments\u003C\u002Fli>\n\u003Cli>\u003Ccode>import_attachment_size_limit\u003C\u002Fcode>: return an integer value for the maximum file size in bytes to save (default is 0, which is unlimited)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are also a few actions available to hook into:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>import_start\u003C\u002Fcode>: occurs after the export file has been uploaded and author import settings have been chosen\u003C\u002Fli>\n\u003Cli>\u003Ccode>import_end\u003C\u002Fcode>: called after the last output from the importer\u003C\u002Fli>\n\u003C\u002Ful>\n","Import posts, pages, comments, custom fields, categories, tags and more from a WordPress export file.",2000000,68138402,62,320,"2025-11-05T22:53:00.000Z","7.2",[111],"importer","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-importer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordpress-importer.0.9.5.zip","2025-03-25 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":15,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":135,"download_link":136,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":137,"fetched_at":30},"one-click-demo-import","One Click Demo Import","3.4.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>The best feature of this plugin is, that theme authors can define import files in their themes and so all you (the user of the theme) have to do is click on the “Import Demo Data” button.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Are you a theme author?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Setup One Click Demo Imports for your theme and your users will thank you for it!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fquick-integration-guide\u002F\" rel=\"nofollow ugc\">Follow this easy guide on how to setup this plugin for your themes!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Are you a theme user?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact the author of your theme and \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F\" rel=\"nofollow ugc\">let them know about this plugin\u003C\u002Fa>. Theme authors can make any theme compatible with this plugin in 15 minutes and make it much more user-friendly.\u003C\u002Fp>\n\u003Cp>“\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F#how-can-you-contact-your-theme-author\" rel=\"nofollow ugc\">Where can I find the theme author contact?\u003C\u002Fa>“\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Please take a look at our \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fuser-guide\u002F\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> for more information on how to import your demo content.\u003C\u002Fp>\n\u003Cp>This plugin is using the modified version of the improved WP import 2.0 that is still in development and can be found here: https:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer.\u003C\u002Fp>\n\u003Cp>NOTE: There is no setting to “connect” authors from the demo import file to the existing users in your WP site (like there is in the original WP Importer plugin). All demo content will be imported under the current user.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Do you want to contribute?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please refer to our official \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fawesomemotive\u002Fone-click-demo-import\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.",1000000,20008604,86,79,"2025-09-11T09:36:00.000Z","5.5","7.4",[131,21,132,133,134],"content","settings","theme-options","widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-click-demo-import.3.4.0.zip","2024-05-07 00:00:00",{"slug":139,"name":140,"version":141,"author":142,"author_profile":143,"description":144,"short_description":145,"active_installs":146,"downloaded":147,"rating":148,"num_ratings":149,"last_updated":150,"tested_up_to":151,"requires_at_least":152,"requires_php":153,"tags":154,"homepage":157,"download_link":158,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"widget-importer-exporter","Widget Importer & Exporter","1.6.1","Steven Gliebe","https:\u002F\u002Fprofiles.wordpress.org\u002Fstevengliebe\u002F","\u003Cp>Widget Importer & Exporter is useful for moving widgets from one WordPress site to another, backing up widgets and for theme developers to give users sample widgets. See the \u003Ca href=\"https:\u002F\u002Fchurchthemes.com\u002Fplugins\u002Fwidget-importer-exporter\u002F\" rel=\"nofollow ugc\">details\u003C\u002Fa> on ChurchThemes.com.\u003C\u002Fp>\n\u003Ch4>Importing\u003C\u002Fh4>\n\u003Cp>Importing is done by uploading an export file created by the plugin. The results of an import are shown in a nicely formatted table with an explanation of what happened with each widget area and widget.\u003C\u002Fp>\n\u003Cp>Importation takes into consideration widget areas not existing in the current theme (widgets imported as \u003Cem>Inactive\u003C\u002Fem>), widgets that already exist in the same widget area (widgets not duplicated) and widgets that are not supported by the site (widgets not imported).\u003C\u002Fp>\n\u003Ch4>Exporting\u003C\u002Fh4>\n\u003Cp>Widget Importer & Exporter can create an export file (in JSON format with .wie extension) out of currently active widgets. This file can be imported into other sites using this plugin or used to restore widgets to the same site later.\u003C\u002Fp>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cp>The \u003Ccode>wie_before_import\u003C\u002Fcode> action fires after a file is uploaded but before the data is imported. \u003Ccode>wie_after_import\u003C\u002Fcode> fires after the data is imported. The \u003Ccode>wie_import_data\u003C\u002Fcode> filter can be used to filter data before it is imported. Other filters are used throughout. Make a pull request on GitHub if you need another hook.\u003C\u002Fp>\n\u003Cp>Please jump on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchurchthemes\u002Fwidget-importer-exporter\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> to report issues and follow development.\u003C\u002Fp>\n","Import and export your widgets.",200000,5289669,94,117,"2025-12-01T16:14:00.000Z","6.9.4","3.5","5.2.4",[155,21,111,156,134],"exporter","widget","https:\u002F\u002Fchurchthemes.com\u002Fplugins\u002Fwidget-importer-exporter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-importer-exporter.1.6.1.zip",{"slug":160,"name":161,"version":162,"author":163,"author_profile":164,"description":165,"short_description":166,"active_installs":146,"downloaded":167,"rating":168,"num_ratings":169,"last_updated":170,"tested_up_to":151,"requires_at_least":16,"requires_php":171,"tags":172,"homepage":176,"download_link":177,"security_score":178,"vuln_count":13,"unpatched_count":28,"last_vuln_date":179,"fetched_at":30},"wp-migrate-db","WP Migrate Lite – Migration Made Easy","2.7.7","WP Engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpengine\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeliciousbrains.com\u002Fwp-migrate-db-pro\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=wp-migrate-readme&utm_content=first-description-link\" rel=\"nofollow ugc\">WP Migrate\u003C\u002Fa> is a WordPress migration plugin that makes migrating your database and exporting full sites easy, fast, and stress-free.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"MDB WP Org Plugin Video\" src=\"https:\u002F\u002Ffast.wistia.net\u002Fembed\u002Fiframe\u002Fvahu041lkd?dnt=1\" allow=\"autoplay; fullscreen\" allowtransparency=\"true\" frameborder=\"0\" scrolling=\"no\" class=\"wistia_embed\" name=\"wistia_embed\" msallowfullscreen width=\"750\" height=\"422\">\u003C\u002Fiframe>\u003Cscript src=\"https:\u002F\u002Ffast.wistia.net\u002Fassets\u002Fexternal\u002FE-v1.js\" async>\u003C\u002Fscript>\u003C\u002Fp>\n\u003Ch3>WP Migrate Lite Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Database Migrations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Migrate Lite can help move your WordPress database using an easy-to-follow three-step process.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Find and replace content directly within the user interface.\u003C\u002Fli>\n\u003Cli>Export the SQL.\u003C\u002Fli>\n\u003Cli>Import into your new database using a tool such as phpMyAdmin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Simple, right? WordPress database migrations shouldn’t have to be overly complicated or cumbersome. With WP Migrate Lite, database transfers become so much easier.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Full-Site Exports\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Migrate Lite can now \u003Ca href=\"https:\u002F\u002Fdeliciousbrains.com\u002Fwp-migrate-db-pro\u002Fdoc\u002Ffull-site-exports\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=wp-migrate-readme&utm_content=full-site-exports\" rel=\"nofollow ugc\">export your entire site\u003C\u002Fa>, including the database, media uploads, themes, plugins, and other files required to create an exact copy of your site in a new environment. In the same friendly interface you know, you can configure your export, choose what you want to include or exclude, and then single-click your way to a downloadable ZIP file of your complete site. A perfect solution for simple migrations and site copying.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Import to Local\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Thanks to our good friends at WP Engine, \u003Ca href=\"https:\u002F\u002Flocalwp.com\u002F?utm_source=migrate-wp-plugin-repo&utm_medium=wpmigrate&utm_campaign=local&utm_content=local-cta\" rel=\"nofollow ugc\">Local\u003C\u002Fa>—the #1 local WordPress development tool—can now \u003Ca href=\"https:\u002F\u002Fdeliciousbrains.com\u002Fwp-migrate-db-pro\u002Fdoc\u002Fimporting-wordpress-local-development-environment\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=wp-migrate-readme&utm_content=import-to-local\" rel=\"nofollow ugc\">import full-site ZIP archives\u003C\u002Fa> that have been exported using WP Migrate. Simply drag and drop the downloaded ZIP file into Local and you’re up and running with a complete copy of your site in minutes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Find & Replace\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Migrate can find and replace content anywhere in your WordPress database with support for serialized data. This makes it easier to migrate your database without risk of corruption.\u003C\u002Fp>\n\u003Cp>WP Migrate handles serialized data by first unserializing it, identifying individual strings, and replacing any matches with your desired content. Once this process is complete, the data is once again serialized and placed back in the database.\u003C\u002Fp>\n\u003Cp>Example: \u003Ccode>s:5:\"hello\"\u003C\u002Fcode> becomes \u003Ccode>s:11:\"hello world\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>You can also run a find and replace on the current database even if you have no plans to migrate it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Backups\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Migrate can automatically back up your database before running a find and replace operation or on demand as needed.\u003C\u002Fp>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>We’ve made an impact since launching the first version of WP Migrate with over 300,000 active installs and hundreds of five-star reviews on WordPress.org. WP Migrate is, in our opinion, the best WordPress migration plugin. Don’t just take our word for it though:\u003C\u002Fp>\n\u003Cp>\u003Cem>[WP Migrate] might be the most amazing thing that has happened in a really long time in the #WordPress world\u003C\u002Fem> – Pippin Williamson – Founder, Sandhills Development.\u003C\u002Fp>\n\u003Cp>\u003Cem>Today, I give continued thanks to @dliciousbrains for migrate db pro and the ease at which it offers migrations from dev-to-and-from-staging\u003C\u002Fem> – Tom Mcfarlin – Senior Backend Engineer, WebDevStudios.\u003C\u002Fp>\n\u003Cp>\u003Cem>How did I ever survive without [WP Migrate] before? #winning\u003C\u002Fem> – Jenny Beaumont – Senior Project Manager, Human Made.\u003C\u002Fp>\n\u003Ch3>Migrate More with WP Migrate Pro\u003C\u002Fh3>\n\u003Cp>If you’re in need of a complete, reliable, and fast push\u002Fpull site migration solution with fine-tuned control over the database, media uploads, themes, plugins, and other wp-content files, then WP Migrate Pro is for you.\u003C\u002Fp>\n\u003Cp>The pro features in WP Migrate fit perfectly into any WordPress developer’s toolbox. Here’s what you get when you upgrade:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Priority email support.\u003C\u002Fli>\n\u003Cli>Push and pull migrations that move the database, themes, plugins, media uploads, and other wp-content files directly between two WordPress sites.\u003C\u002Fli>\n\u003Cli>Advanced multisite features like pushing a subsite to single-site install.\u003C\u002Fli>\n\u003Cli>WP-CLI integration for running migrations from the command line.\u003C\u002Fli>\n\u003Cli>Backup your data before starting the migration.\u003C\u002Fli>\n\u003Cli>Targeted WordPress database migration. Select which tables to migrate and exclude post types from migrations.\u003C\u002Fli>\n\u003Cli>And that’s just the tip of the iceberg. We’re always working on adding value to WP Migrate!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All of these features and more are yours when you \u003Ca href=\"https:\u002F\u002Fdeliciousbrains.com\u002Fwp-migrate-db-pro\u002Fupgrade\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=wp-migrate-readme&utm_content=upgrade-to-pro\" rel=\"nofollow ugc\">upgrade to WP Migrate Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"WP Migrate DB Pro in Action Video\" src=\"https:\u002F\u002Ffast.wistia.net\u002Fembed\u002Fiframe\u002F5co63n4jqq?dnt=1\" allow=\"autoplay; fullscreen\" allowtransparency=\"true\" frameborder=\"0\" scrolling=\"no\" class=\"wistia_embed\" name=\"wistia_embed\" msallowfullscreen width=\"750\" height=\"422\">\u003C\u002Fiframe>\u003Cscript src=\"https:\u002F\u002Ffast.wistia.net\u002Fassets\u002Fexternal\u002FE-v1.js\" async>\u003C\u002Fscript>\u003C\u002Fp>\n","Migrate your database. Export full sites including media, themes, and plugins. Find and replace content with support for serialized data.",7892814,84,313,"2025-12-08T16:39:00.000Z","5.6",[88,173,174,90,175],"export-site","import-site","push-pull","https:\u002F\u002Fdeliciousbrains.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-migrate-db.2.7.7.zip",99,"2025-11-17 22:17:25",{"attackSurface":181,"codeSignals":235,"taintFlows":255,"riskAssessment":310,"analyzedAt":323},{"hooks":182,"ajaxHandlers":205,"restRoutes":215,"shortcodes":216,"cronEvents":233,"entryPointCount":234,"unprotectedCount":13},[183,189,193,197,201],{"type":184,"name":185,"callback":186,"file":187,"line":188},"action","plugins_loaded","update_db_check","nmr-strava-activities.php",26,{"type":184,"name":190,"callback":191,"file":187,"line":192},"admin_menu","setup_admin_menu",29,{"type":184,"name":194,"callback":195,"file":187,"line":196},"admin_init","init_admin_menu",30,{"type":184,"name":198,"callback":199,"file":187,"line":200},"admin_enqueue_scripts","scripts_for_admin_page",31,{"type":184,"name":202,"callback":203,"file":187,"line":204},"init","shortcodes_init",32,[206,211],{"action":207,"nopriv":208,"callback":209,"hasNonce":49,"hasCapCheck":49,"file":187,"line":210},"nmr-strava-callback",true,"strava_callback",27,{"action":212,"nopriv":49,"callback":213,"hasNonce":208,"hasCapCheck":49,"file":187,"line":214},"nmr-strava-setup-callback","strava_setup_callback",28,[],[217,221,225,229],{"tag":218,"callback":219,"file":187,"line":220},"strava_nmr_connect","strava_nmr_connect_func",40,{"tag":222,"callback":223,"file":187,"line":224},"strava_nmr_disconnect","strava_nmr_disconnect_func",41,{"tag":226,"callback":227,"file":187,"line":228},"strava_nmr","strava_nmr_func",42,{"tag":230,"callback":231,"file":187,"line":232},"strava_nmr_table","strava_nmr_table_func",43,[],6,{"dangerousFunctions":236,"sqlUsage":237,"outputEscaping":243,"fileOperations":250,"externalRequests":250,"nonceChecks":27,"capabilityChecks":28,"bundledLibraries":251},[],{"prepared":238,"raw":13,"locations":239},10,[240],{"file":187,"line":241,"context":242},300,"$wpdb->query() with variable interpolation",{"escaped":204,"rawEcho":27,"locations":244},[245,248],{"file":187,"line":246,"context":247},459,"raw output",{"file":187,"line":249,"context":247},515,3,[252],{"name":253,"version":38,"knownCves":254},"Guzzle",[],[256,279],{"entryPoint":257,"graph":258,"unsanitizedCount":13,"severity":278},"strava_callback (nmr-strava-activities.php:592)",{"nodes":259,"edges":275},[260,265,269],{"id":261,"type":262,"label":263,"file":187,"line":264},"n0","source","$_GET",605,{"id":266,"type":267,"label":268,"file":187,"line":264},"n1","transform","→ handle_strava_update()",{"id":270,"type":271,"label":272,"file":187,"line":273,"wp_function":274},"n2","sink","get_row() [SQLi]",746,"get_row",[276,277],{"from":261,"to":266,"sanitized":49},{"from":266,"to":270,"sanitized":49},"high",{"entryPoint":280,"graph":281,"unsanitizedCount":27,"severity":278},"\u003Cnmr-strava-activities> (nmr-strava-activities.php:0)",{"nodes":282,"edges":304},[283,286,288,289,291,293,296,299],{"id":261,"type":262,"label":284,"file":187,"line":285},"$_GET (x2)",599,{"id":266,"type":271,"label":272,"file":187,"line":287,"wp_function":274},725,{"id":270,"type":262,"label":263,"file":187,"line":264},{"id":290,"type":267,"label":268,"file":187,"line":264},"n3",{"id":292,"type":271,"label":272,"file":187,"line":273,"wp_function":274},"n4",{"id":294,"type":262,"label":263,"file":187,"line":295},"n5",620,{"id":297,"type":267,"label":298,"file":187,"line":295},"n6","→ update_options()",{"id":300,"type":271,"label":301,"file":187,"line":302,"wp_function":303},"n7","update_option() [Settings Manipulation]",635,"update_option",[305,306,307,308,309],{"from":261,"to":266,"sanitized":208},{"from":270,"to":290,"sanitized":49},{"from":290,"to":292,"sanitized":49},{"from":294,"to":297,"sanitized":49},{"from":297,"to":300,"sanitized":49},{"summary":311,"deductions":312},"The nmr-strava-activities plugin v1.0.11 exhibits a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling, with 91% utilizing prepared statements, and strong output escaping, with 94% of outputs properly escaped. The plugin also includes some nonce checks and avoids dangerous functions. However, significant concerns arise from its attack surface and taint analysis.  The presence of an unprotected AJAX handler, which is a direct entry point, is a critical weakness. Furthermore, the taint analysis revealed two flows with unsanitized paths classified as high severity, indicating potential for input manipulation to lead to vulnerabilities. The plugin's vulnerability history, while currently showing no unpatched CVEs, includes a past medium-severity cross-site scripting vulnerability, suggesting a propensity for certain types of input validation issues. The overall picture is one of a plugin with some solid security foundations but with critical vulnerabilities in its input handling and exposed entry points that require immediate attention.",[313,315,318,321],{"reason":314,"points":238},"Unprotected AJAX handler",{"reason":316,"points":317},"High severity taint flows (unsanitized paths)",15,{"reason":319,"points":320},"No capability checks found",5,{"reason":322,"points":238},"Past medium CVE (XSS)","2026-03-16T21:12:32.739Z",{"wat":325,"direct":334},{"assetPaths":326,"generatorPatterns":329,"scriptPaths":330,"versionParams":331},[327,328],"\u002Fwp-content\u002Fplugins\u002Fnmr-strava-activities\u002Fcss\u002Fnmr-strava-activities.css","\u002Fwp-content\u002Fplugins\u002Fnmr-strava-activities\u002Fjs\u002Fnmr-strava-activities.js",[],[328],[332,333],"nmr-strava-activities\u002Fcss\u002Fnmr-strava-activities.css?ver=","nmr-strava-activities\u002Fjs\u002Fnmr-strava-activities.js?ver=",{"cssClasses":335,"htmlComments":336,"htmlAttributes":337,"restEndpoints":338,"jsGlobals":339,"shortcodeOutput":341},[],[],[218,222,226,230],[],[340],"nmr_strava_activities",[342,343],"\u003Ctable>\u003Ctr>\u003Cth>Type\u003C\u002Fth>\u003Cth>Name\u003C\u002Fth>\u003Cth>Distance\u003C\u002Fth>\u003Cth>Minutes\u003C\u002Fth>\u003C\u002Ftr>","\u003C\u002Ftable>",{"error":208,"url":345,"statusCode":346,"statusMessage":347,"message":347},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fnmr-strava-activities\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":94,"versions":349},[350,356,364,372,380,388,395,404,413,422,431,440,449],{"version":6,"download_url":25,"svn_tag_url":351,"released_at":38,"has_diff":49,"diff_files_changed":352,"diff_lines":38,"trac_diff_url":353,"vulnerabilities":354,"is_current":208},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.13\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.12&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.13",[355],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":357,"download_url":358,"svn_tag_url":359,"released_at":38,"has_diff":49,"diff_files_changed":360,"diff_lines":38,"trac_diff_url":361,"vulnerabilities":362,"is_current":49},"1.0.12","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.12.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.12\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.11&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.12",[363],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":365,"download_url":366,"svn_tag_url":367,"released_at":38,"has_diff":49,"diff_files_changed":368,"diff_lines":38,"trac_diff_url":369,"vulnerabilities":370,"is_current":49},"1.0.11","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.11.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.11\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.10&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.11",[371],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":373,"download_url":374,"svn_tag_url":375,"released_at":38,"has_diff":49,"diff_files_changed":376,"diff_lines":38,"trac_diff_url":377,"vulnerabilities":378,"is_current":49},"1.0.10","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.10.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.9&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.10",[379],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":381,"download_url":382,"svn_tag_url":383,"released_at":38,"has_diff":49,"diff_files_changed":384,"diff_lines":38,"trac_diff_url":385,"vulnerabilities":386,"is_current":49},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.8&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.9",[387],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":56,"download_url":389,"svn_tag_url":390,"released_at":38,"has_diff":49,"diff_files_changed":391,"diff_lines":38,"trac_diff_url":392,"vulnerabilities":393,"is_current":49},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.7&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.8",[394],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":396,"download_url":397,"svn_tag_url":398,"released_at":38,"has_diff":49,"diff_files_changed":399,"diff_lines":38,"trac_diff_url":400,"vulnerabilities":401,"is_current":49},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.6&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.7",[402,403],{"id":51,"url_slug":52,"title":53,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":56},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":405,"download_url":406,"svn_tag_url":407,"released_at":38,"has_diff":49,"diff_files_changed":408,"diff_lines":38,"trac_diff_url":409,"vulnerabilities":410,"is_current":49},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.5&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.6",[411,412],{"id":51,"url_slug":52,"title":53,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":56},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":414,"download_url":415,"svn_tag_url":416,"released_at":38,"has_diff":49,"diff_files_changed":417,"diff_lines":38,"trac_diff_url":418,"vulnerabilities":419,"is_current":49},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.4&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.5",[420,421],{"id":51,"url_slug":52,"title":53,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":56},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":423,"download_url":424,"svn_tag_url":425,"released_at":38,"has_diff":49,"diff_files_changed":426,"diff_lines":38,"trac_diff_url":427,"vulnerabilities":428,"is_current":49},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.3&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.4",[429,430],{"id":51,"url_slug":52,"title":53,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":56},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":432,"download_url":433,"svn_tag_url":434,"released_at":38,"has_diff":49,"diff_files_changed":435,"diff_lines":38,"trac_diff_url":436,"vulnerabilities":437,"is_current":49},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.2&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.3",[438,439],{"id":51,"url_slug":52,"title":53,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":56},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":441,"download_url":442,"svn_tag_url":443,"released_at":38,"has_diff":49,"diff_files_changed":444,"diff_lines":38,"trac_diff_url":445,"vulnerabilities":446,"is_current":49},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnmr-strava-activities%2Ftags%2F1.0.1&new_path=%2Fnmr-strava-activities%2Ftags%2F1.0.2",[447,448],{"id":51,"url_slug":52,"title":53,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":56},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":450,"download_url":451,"svn_tag_url":452,"released_at":38,"has_diff":49,"diff_files_changed":453,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":454,"is_current":49},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnmr-strava-activities.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnmr-strava-activities\u002Ftags\u002F1.0.1\u002F",[],[455,456],{"id":51,"url_slug":52,"title":53,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":56},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40}]