[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faSnaWbnWEH3AqvLwDiVAiiTkiiNWu_0DaRkd96Bavkc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":137,"fingerprints":185},"personal-library","Personal Library","1.0.0","derekheld","https:\u002F\u002Fprofiles.wordpress.org\u002Fderekheld\u002F","\u003Cp>Personal Library allows you to restrict users to seeing their own media uploads. The plugin works by filtering all requests for attachments.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Administrators will always see all attachments\u003C\u002Fli>\n\u003Cli>Enable or disable access to all uploads for the following roles: contributor, author, editor.\u003C\u002Fli>\n\u003C\u002Ful>\n","Restricts users to managing\u002Fusing their own attachments only.",10,1414,0,"2015-12-12T17:45:00.000Z","4.4.34","2.8.0","",[19,20,21,22,23],"attachments","filter","media","roles","unique","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpersonal-library\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpersonal-library.1.0.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,20,30,84,"2026-04-04T05:06:10.501Z",[37,60,80,97,114],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":55,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":13,"last_vuln_date":59,"fetched_at":28},"f4-media-taxonomies","F4 Media Taxonomies","1.1.6","FAKTOR VIER","https:\u002F\u002Fprofiles.wordpress.org\u002Ffaktorvier\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.f4dev.ch\" rel=\"nofollow ugc\">F4 Media Taxonomies\u003C\u002Fa> provides the ability to filter the media library by categories, tags and\u002For custom taxonomies.\u003Cbr \u002F>\nYou can use the built-in taxonomies (category or post_tag) or any custom taxonomy.\u003C\u002Fp>\n\u003Cp>If a taxonomy is enabled for attachments, you can assign as many of their terms to an attachment as you need.\u003Cbr \u002F>\nYou can assign them directly in the media library or in every media-selector overlay.\u003Cbr \u002F>\nThere is also a nifty bulk function in the media library, which allows you to assign a single term to multiple attachments at once.\u003C\u002Fp>\n\u003Cp>Attachments can then be filtered by these terms. The filters are available in the media library and in every media-selector overlay.\u003C\u002Fp>\n\u003Cp>Different than other similar plugins, \u003Cstrong>F4 Media Taxonomies is 100% free!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>See FAQ for a guide how to enable categories, tags and custom taxonomies.\u003C\u002Fp>\n\u003Ch4>Features overview\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use any taxonomy (built-in or custom)\u003C\u002Fli>\n\u003Cli>Assign one or more terms to an attachment in media library\u002Foverlay\u003C\u002Fli>\n\u003Cli>Bulk assign terms to multiple attachments at once in media library\u003C\u002Fli>\n\u003Cli>Filter attachments by terms in media library\u002Foverlay\u003C\u002Fli>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Lightweight and optimized\u003C\u002Fli>\n\u003Cli>100% free!\u003C\u002Fli>\n\u003C\u002Ful>\n","Add filters and bulk actions for attachment categories, tags and custom taxonomies.",1000,25008,100,13,"2025-12-15T16:04:00.000Z","6.9.4","4.5.0",[19,53,20,54,21],"bulk-action","library","https:\u002F\u002Fgithub.com\u002Ffaktorvier\u002Ff4-media-taxonomies","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ff4-media-taxonomies.1.1.6.zip",99,1,"2025-09-03 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":48,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":78,"download_link":79,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"default-media-uploader-view","Default Media Uploader View","1.0.8","leemon","https:\u002F\u002Fprofiles.wordpress.org\u002Fleemon\u002F","\u003Cp>WordPress 3.5 introduced an entirely new media uploader which streamlined the way one handles and uploads images to posts. Unfortunately,\u003Cbr \u002F>\nsince then, the default view for the media library is “All media items” instead of “Uploaded to this post”. This plugin sets “Uploaded to this post” as the default view.\u003C\u002Fp>\n","Sets \"Uploaded to this post\" instead of \"All media items\" as the default view in the media uploader.",600,15387,96,"2019-05-16T09:55:00.000Z","5.2.24","3.5","5.3",[76,19,20,21,77],"admin","upload","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdefault-media-uploader-view\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdefault-media-uploader-view.1.0.8.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":11,"downloaded":88,"rating":13,"num_ratings":13,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":95,"download_link":96,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"rbam-media","Role Based Access Manager: Media Protector","1.1.3","muis IT","https:\u002F\u002Fprofiles.wordpress.org\u002Fmuisit\u002F","\u003Cp>Role Base Access Manager: Media Protector\u003C\u002Fp>\n\u003Cp>WordPress plugin to assign access roles to individual files.\u003C\u002Fp>\n\u003Cp>This simple plugin allows administrators (anyone with access to the edit-post form for attachments\u002Fmedia) to set access based on roles.\u003Cbr \u002F>\nThe plugin provides a ‘Security’ meta-box on the right hand side where you can type in role names and select them (much like you add tags\u003Cbr \u002F>\nto regular posts). Whenever a visitor wants to download or view a file or image from the uploads directory, his\u002Fher current roles are checked\u003Cbr \u002F>\nagainst the configured roles.\u003C\u002Fp>\n\u003Cp>This plugin tries to look for originals of resized and rescaled images by making a rough search in the meta data table. This allows you to\u003Cbr \u002F>\nmark the original image of a blog entry for specific access and have all thumbnails and other derived images be protected as well. Please note\u003Cbr \u002F>\nthat this plugin does not clean up after you. If for some reason left-over thumbnails remain in the upload directory, the plugin cannot find\u003Cbr \u002F>\nthem in the database and will allow access.\u003C\u002Fp>\n\u003Ch3>Roles\u003C\u002Fh3>\n\u003Cp>This plugin works based on role access management. That means it will try to match the specified roles on the media with the available roles of a user. However, the capabilities system of \u003Ccode>WordPress\u003C\u002Fcode> is cumulative: an \u003Ccode>Administrator\u003C\u002Fcode> has more privileges as an \u003Ccode>Editor\u003C\u002Fcode>, but at least the\u003Cbr \u002F>\nsame. Usually, people only have one Role in this system. As this plugin does not check on capabilities, but on roles, you will need to specify\u003Cbr \u002F>\n\u003Cem>all\u003C\u002Fem> the roles that should have access to this file (including the ‘administrator’ role).\u003C\u002Fp>\n\u003Cp>Alternatively, you can add secondary roles to a User, allowing \u003Ccode>Administrator\u003C\u002Fcode> to also be a \u003Ccode>Subscriber\u003C\u002Fcode>. In this way, you only need to add the\u003Cbr \u002F>\n    Subscriber role to media files to allow it to be downloaded by all registered members. However, adding secondary roles is a manual task. If you have many users and few files, it can be easier to specifiy all roles with the media. If you have many files and few users, you had better use secondary role assignments. If you have many files and many users, you should look into a way to automatically assign roles to people using some sort of on-boarding method. If you need a plugin for that, send me a message.\u003C\u002Fp>\n\u003Ch3>Redirections\u003C\u002Fh3>\n\u003Cp>The plugin works by inserting a redirection script in your \u003Ccode>.htaccess\u003C\u002Fcode> file on activation. This does not work properly for \u003Ccode>NGinX\u003C\u002Fcode>, in which\u003Cbr \u002F>\ncase you have to insert a redirection manually. Freely copied from the [https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faam-protected-media-files\u002F](AAM Protected Media Files) description:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>location ~* ^\u002Fwp-content\u002Fuploads\u002F {\u003Cbr \u002F>\n   rewrite (?i)^(\u002Fwp-content\u002Fuploads\u002F.*)$ \u002Findex.php?rbam-media=1 last;\u003Cbr \u002F>\n   return 307;\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Cp>The plugin will try to read the accessed file from the original request and apply role based access management on it.\u003C\u002Fp>\n","Role Based Access Management for Media files (attachments).",1231,"2021-06-17T13:34:00.000Z","5.7.15","5.4","7.2",[19,21,22,94],"security","https:\u002F\u002Fgithub.com\u002Fmuisit\u002Frbam-media","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frbam-media.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":50,"requires_at_least":110,"requires_php":17,"tags":111,"homepage":112,"download_link":113,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"media-deduper","Media Deduper","1.5.9","cornershop","https:\u002F\u002Fprofiles.wordpress.org\u002Fcornershop\u002F","\u003Cp>Media Deduper will find and eliminate duplicate images and attachments from your WordPress media library. After installing, you’ll have a new “Manage Duplicates” option in your Media section.\u003C\u002Fp>\n\u003Cp>Before Media Deduper can identify duplicate assets, it will build an index of all the files in your media library, which can take some time. Once that’s done, however, Media Deduper automatically adds new uploads to its index, so you shouldn’t have to generate the index again.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need faster indexing? \u003Ca href=\"https:\u002F\u002Fwww.mediadeduper.com\u002F\" rel=\"nofollow ugc\">Check out Media Deduper Pro\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once up and running, Media Deduper provides you with a “Manage Duplicates” page listing all of your duplicate media files. The list makes it easy to see and delete duplicate files: delete one and its twin will disappear from the list because it’s then no longer a duplicate. Easy! By default, the list is sorted by file size, so you can focus on deleting the files that will free up the most space.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use this plugin at your own risk. The plugin developers are not responsible for any lost data or site issues as a result of using this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Media Deduper comes with a “Smart Delete” option that prevents a post’s Featured Image from being deleted, even if that image is found to be a duplicate elsewhere on the site.\u003C\u002Fp>\n\u003Cp>If a post has a featured image that’s a duplicate file, Smart Delete will re-assign that post’s image to an already-in-use copy of the image before deleting the duplicate so that the post’s appearance is unaffected. This feature only tracks Featured Images, and not images used in galleries, post bodies, shortcodes, meta fields, or anywhere else.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for more features? \u003Ca href=\"https:\u002F\u002Fwww.mediadeduper.com\u002F\" rel=\"nofollow ugc\">Media Deduper Pro\u003C\u002Fa> includes features for image fields from several popular plugins as well.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Note that duplicate identification is based on the data of the files themselves, not any titles, captions or other metadata you may have provided in the WordPress admin.\u003C\u002Fp>\n\u003Cp>Media Deduper can differentiate between 1.) media items that are duplicates because the media files they link to have the same data and 2.) those that actually point to the same data file, which can happen with a plugin like WP Job Manager or Duplicate Post.\u003C\u002Fp>\n\u003Cp>As with any plugin that can perform destructive operations on your database and\u002For files, using Media Deduper can result in permanent data loss if you’re not careful. \u003Cstrong>Back up your data before you try out Media Deduper! Please!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use this plugin at your own risk. The plugin developers are not responsible for any lost data or site issues as a result of using this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more support? \u003Ca href=\"https:\u002F\u002Fwww.mediadeduper.com\u002F\" rel=\"nofollow ugc\">Media Deduper Pro\u003C\u002Fa> includes dedicated support from Cornershop Creative.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>Media Deduper requires PHP 7.0 or later.\u003C\u002Fp>\n","Save disk space and bring some order to the chaos of your media library by removing and preventing duplicate files.",9000,169474,76,43,"2025-12-03T19:24:00.000Z","4.3",[76,19,21,77],"https:\u002F\u002Fwww.mediadeduper.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-deduper.1.5.9.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":50,"requires_at_least":127,"requires_php":17,"tags":128,"homepage":134,"download_link":135,"security_score":57,"vuln_count":31,"unpatched_count":13,"last_vuln_date":136,"fetched_at":28},"wp-media-category-management","WP Media Category Management","2.5.0","DeBAAT","https:\u002F\u002Fprofiles.wordpress.org\u002Fdebaat\u002F","\u003Cp>This WordPress plugin will ease the management of media categories, including bulk actions.\u003Cbr \u002F>\nIt supports categories for media using either the existing post categories or a dedicated media_category custom taxonomy.\u003Cbr \u002F>\nThe plugin supports easy category toggling on the media list page view and also bulk toggling for multiple media at once.\u003Cbr \u002F>\nIt now also supports post tags and media taxonomies defined by other plugins.\u003C\u002Fp>\n\u003Ch4>Main Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use post categories or dedicated MCM media categories.\u003C\u002Fli>\n\u003Cli>Control your media categories via admin the same way as post categories.\u003C\u002Fli>\n\u003Cli>Bulk toggle any media taxonomy assignment from Media Library via admin.\u003C\u002Fli>\n\u003Cli>Filter media files in Media Library by your custom taxonomies, both in List and Grid view.\u003C\u002Fli>\n\u003Cli>Use new or existing shortcode to filter the media on galleries in posts and pages.\u003C\u002Fli>\n\u003Cli>Use a default category while uploading (see FAQ section). \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use functionality to manage whether users are allowed or disallowed to manage media.\u003C\u002Fli>\n\u003Cli>Use WPMCM Gallery block to filter the media on galleries in posts and pages.\u003C\u002Fli>\n\u003Cli>Filter media per user on several places like List or Grid view and showing media with block or shortcode.\u003C\u002Fli>\n\u003Cli>Export MCM Categories and \u002F or attachment information filtered by user.\u003C\u002Fli>\n\u003Cli>Use WP Importer functionality for exported information, even on sites without WP MCM Premium installed.\u003C\u002Fli>\n\u003Cli>Use WPMCM Gallery block layout when using wp-mcm shortcode to filter the media in posts and pages.\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin to provide bulk category management functionality for media in WordPress sites.",6000,242644,94,35,"2025-12-14T11:08:00.000Z","5.9",[129,130,131,132,133],"bulk-toggle","media-category","media-filter","toggle-category","user-media-management","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-media-category-management\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-media-category-management.2.5.0.zip","2025-02-18 19:23:39",{"attackSurface":138,"codeSignals":158,"taintFlows":173,"riskAssessment":174,"analyzedAt":184},{"hooks":139,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":13,"unprotectedCount":13},[140,145,150],{"type":20,"name":141,"callback":142,"file":143,"line":144},"parse_query","restrict_media_to_user","personal-library.php",37,{"type":146,"name":147,"callback":148,"file":143,"line":149},"action","admin_menu","personal_library_options_menu",51,{"type":146,"name":151,"callback":152,"file":143,"line":153},"admin_init","settings_init",86,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":162,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":172},[],{"prepared":13,"raw":13,"locations":161},[],{"escaped":13,"rawEcho":163,"locations":164},3,[165,168,170],{"file":143,"line":166,"context":167},59,"raw output",{"file":143,"line":169,"context":167},63,{"file":143,"line":171,"context":167},67,[],[],{"summary":175,"deductions":176},"The \"personal-library\" plugin v1.0.0 exhibits a strong security posture in several key areas. The static analysis reveals a minimal attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events exposed. Crucially, all SQL queries identified are correctly using prepared statements, mitigating the risk of SQL injection. The absence of file operations and external HTTP requests further reduces potential vulnerabilities. The plugin also reports no known CVEs, and its vulnerability history is clean, suggesting a diligent approach to security by the developers or a lack of exploitation attempts, which is a positive sign.\n\nHowever, a significant concern arises from the output escaping signals. With 3 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users without proper sanitization can be manipulated by attackers to inject malicious scripts, potentially leading to session hijacking, defacement, or redirection to malicious sites. The lack of explicit capability checks and nonce checks, while not directly linked to a current exploit in the static analysis, is a weakness that could be exploited if the attack surface were to expand in future versions or if other vulnerabilities allowed an attacker to trigger code execution.\n\nIn conclusion, while \"personal-library\" v1.0.0 demonstrates good practices in attack surface reduction and secure database interaction, the complete lack of output escaping is a critical flaw that severely undermines its overall security. The absence of known vulnerabilities is encouraging but should not overshadow the present risk of XSS. Developers should prioritize addressing the output escaping issue to improve the plugin's security.",[177,180,182],{"reason":178,"points":179},"No output escaping detected",8,{"reason":181,"points":163},"No nonce checks",{"reason":183,"points":163},"No capability checks","2026-03-17T01:21:09.719Z",{"wat":186,"direct":192},{"assetPaths":187,"generatorPatterns":189,"scriptPaths":190,"versionParams":191},[188],"\u002Fwp-content\u002Fplugins\u002Fpersonal-library\u002Fpersonal-library.php",[],[],[],{"cssClasses":193,"htmlComments":194,"htmlAttributes":195,"restEndpoints":196,"jsGlobals":197,"shortcodeOutput":198},[],[],[],[],[],[]]