[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFuSK_7yZP-Y1xnQo5X-Qby2T1eFkHdeo_CV_aBAG5Mg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":130},"non-latin-attachments","non-latin attachments","1.0","An, Hyeong-woo","https:\u002F\u002Fprofiles.wordpress.org\u002Fmytory\u002F","\u003Cp>Specific web server break non-latin filename. WordPress don’t touch attachment’s filename.\u003C\u002Fp>\n\u003Cp>This plugin change filename to numbers. And when the file is downloaded, the attachment’s title will be set as filename.\u003C\u002Fp>\n\u003Cp>It use html5 download property. It’s all. If you disable the plugin, nothing is break.\u003C\u002Fp>\n","Specific web server break non-latin filename. Wordpress don't touch attachment's filename. This plugin change filename to numbers.",70,1351,100,1,"2022-11-23T16:39:00.000Z","6.1.10","2.9","",[20],"non-latin-filename-attachment","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnon-latin-attachments.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mytory",3,130,90,30,87,"2026-04-04T21:19:22.202Z",[],{"attackSurface":37,"codeSignals":72,"taintFlows":88,"riskAssessment":114,"analyzedAt":129},{"hooks":38,"ajaxHandlers":54,"restRoutes":68,"shortcodes":69,"cronEvents":70,"entryPointCount":71,"unprotectedCount":71},[39,45,50],{"type":40,"name":41,"callback":42,"file":43,"line":44},"filter","wp_handle_upload_prefilter","non_latin_attachments_prefilter","non-latin.php",46,{"type":46,"name":47,"callback":48,"file":43,"line":49},"action","add_attachment","non_latin_attachments_add_attachment",88,{"type":46,"name":51,"callback":52,"file":43,"line":53},"wp_enqueue_scripts","non_latin_attachments_enqueue_script",114,[55,60,63,66],{"action":56,"nopriv":57,"callback":58,"hasNonce":57,"hasCapCheck":57,"file":43,"line":59},"filename_for_download",false,"non_latin_attachments_print_filename_for_download",152,{"action":56,"nopriv":61,"callback":58,"hasNonce":57,"hasCapCheck":57,"file":43,"line":62},true,153,{"action":64,"nopriv":57,"callback":64,"hasNonce":57,"hasCapCheck":57,"file":43,"line":65},"non_latin_attachments_get_download_url",190,{"action":64,"nopriv":61,"callback":64,"hasNonce":57,"hasCapCheck":57,"file":43,"line":67},191,[],[],[],4,{"dangerousFunctions":73,"sqlUsage":74,"outputEscaping":79,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":14,"bundledLibraries":87},[],{"prepared":23,"raw":14,"locations":75},[76],{"file":43,"line":77,"context":78},168,"$wpdb->get_row() with variable interpolation",{"escaped":23,"rawEcho":80,"locations":81},2,[82,85],{"file":43,"line":83,"context":84},148,"raw output",{"file":43,"line":86,"context":84},186,[],[89,105],{"entryPoint":90,"graph":91,"unsanitizedCount":14,"severity":104},"non_latin_attachments_print_filename_for_download (non-latin.php:146)",{"nodes":92,"edges":102},[93,97],{"id":94,"type":95,"label":96,"file":43,"line":83},"n0","source","$_GET['id']",{"id":98,"type":99,"label":100,"file":43,"line":83,"wp_function":101},"n1","sink","echo() [XSS]","echo",[103],{"from":94,"to":98,"sanitized":57},"medium",{"entryPoint":106,"graph":107,"unsanitizedCount":23,"severity":113},"\u003Cnon-latin> (non-latin.php:0)",{"nodes":108,"edges":111},[109,110],{"id":94,"type":95,"label":96,"file":43,"line":83},{"id":98,"type":99,"label":100,"file":43,"line":83,"wp_function":101},[112],{"from":94,"to":98,"sanitized":61},"low",{"summary":115,"deductions":116},"The \"non-latin-attachments\" v1.0 plugin presents a significant security risk due to its unprotected AJAX handlers. The static analysis reveals four AJAX endpoints, all of which lack authentication checks, creating a large and easily exploitable attack surface. Furthermore, the plugin demonstrates poor coding practices regarding data sanitization and output escaping.  With 100% of SQL queries not using prepared statements and 0% of outputs being properly escaped, there's a high probability of SQL injection and cross-site scripting (XSS) vulnerabilities.\n\nThe absence of any recorded vulnerability history might suggest a lack of past exploitation or discovery, but this should not be interpreted as an indicator of inherent security. The current code analysis reveals critical weaknesses that could easily lead to vulnerabilities. The single flow with unsanitized paths, while not flagged as high or critical severity in the taint analysis, points to potential issues if user-supplied data is not handled carefully.\n\nIn conclusion, while the plugin has no known CVEs, the static analysis indicates a fragile security posture. The unprotected AJAX handlers, raw SQL queries, and unescaped output are substantial concerns that require immediate attention. The lack of a robust security foundation in this version makes it susceptible to common web attacks.",[117,120,123,125,127],{"reason":118,"points":119},"AJAX handlers without auth checks",10,{"reason":121,"points":122},"SQL queries not using prepared statements",5,{"reason":124,"points":122},"Output escaping not properly implemented",{"reason":126,"points":122},"Flow with unsanitized paths",{"reason":128,"points":122},"No nonce checks on AJAX handlers","2026-03-16T21:34:25.948Z",{"wat":131,"direct":138},{"assetPaths":132,"generatorPatterns":134,"scriptPaths":135,"versionParams":136},[133],"\u002Fwp-content\u002Fplugins\u002Fnon-latin-attachments\u002Fnon-latin.js",[],[133],[137],"non-latin.js?ver=",{"cssClasses":139,"htmlComments":140,"htmlAttributes":143,"restEndpoints":145,"jsGlobals":146,"shortcodeOutput":147},[],[141,142],"for GD bbPress Attachment","파일명과 줄 번호는 파일 편집 권한이 있는 사람에게만 보입니다. 따로 권한을 변경하지 않았다면 파일 편집 권한은 파일 편집 권한은 관리자에게만 있습니다.",[144],"nlf",[],[144],[]]