[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOGgQLiqmMUHI6PhSU049LAbltd8wm9rTPshRtOLJ1eE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":74,"fingerprints":117},"photo-credits","Photo Credits","1.0","Sathya Perumal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsathya12\u002F","\u003Cp>Photo Credits Plugin searches for images in your post and displays the credits, if present, at the bottom left corner of the image.\u003C\u002Fp>\n\u003Cp>Unzip the file, Upload the plugin to your plugins folder and activate.\u003Cbr \u002F>\nYou can enter the photographer name and url on the media editor.\u003C\u002Fp>\n","Photo credits helps to display Author credits for the images on your website",10,1776,20,1,"2014-03-02T07:14:00.000Z","3.7.41","3.3","",[20,21,4],"author-credits","image-credits","http:\u002F\u002Fwww.advitha.com\u002Fphoto-credits","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphoto-credits.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"sathya12",30,84,"2026-04-05T02:51:28.539Z",[35,58],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":18,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":55,"download_link":56,"security_score":57,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"image-credits-nofollow","Image Credits nofollow","1.5","apasionados","https:\u002F\u002Fprofiles.wordpress.org\u002Fapasionados\u002F","Adds credits to the media uploads: Source and source URL. URLs are nofollow by default.",200,8038,70,2,"2026-02-01T16:06:00.000Z","6.9.4","3.0.1","7.4",[51,52,53,21,54],"credit","credits","image","media","http:\u002F\u002Fapasionados.es","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-credits-nofollow.1.5.zip",100,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":57,"downloaded":66,"rating":57,"num_ratings":45,"last_updated":67,"tested_up_to":68,"requires_at_least":18,"requires_php":18,"tags":69,"homepage":18,"download_link":73,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"image-rights","Image Rights","1.2","Christian Leuenberg","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleuenberg\u002F","\u003Cp>This plugin adds new meta fields for images within the WordPress media library. You can display all your images in one place with corresponding copyrights (photographer and platform) via a simple shortcode. Especially the German law forces website owners to display all the copyright holders of graphics and photos used on a website.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>adds new meta fields for media library items\u003C\u002Fli>\n\u003Cli>edit copyright holder \u002F photographer name\u003C\u002Fli>\n\u003Cli>set an optional stock photo platform\u003C\u002Fli>\n\u003Cli>shortcode \u003Ccode>[photo_credits]\u003C\u002Fcode> displays all images with credits set\u003C\u002Fli>\n\u003Cli>optional image overlay with copyright information\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds additional fields for setting image credits in the media library.",2223,"2023-09-08T13:49:00.000Z","6.3.8",[70,71,59,72,4],"copyrights","custom-fields","media-library","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-rights.1.2.zip",{"attackSurface":75,"codeSignals":101,"taintFlows":108,"riskAssessment":109,"analyzedAt":116},{"hooks":76,"ajaxHandlers":97,"restRoutes":98,"shortcodes":99,"cronEvents":100,"entryPointCount":25,"unprotectedCount":25},[77,83,88,92],{"type":78,"name":79,"callback":80,"file":81,"line":82},"action","wp_enqueue_scripts","photo_credits_scripts","photo-credits.php",83,{"type":84,"name":85,"callback":86,"priority":11,"file":81,"line":87},"filter","attachment_fields_to_edit","be_attachment_field_credit",183,{"type":84,"name":89,"callback":90,"priority":11,"file":81,"line":91},"attachment_fields_to_save","be_attachment_field_credit_save",275,{"type":84,"name":93,"callback":94,"priority":95,"file":81,"line":96},"the_content","mh_wrap_image",15,283,[],[],[],[],{"dangerousFunctions":102,"sqlUsage":103,"outputEscaping":105,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":107},[],{"prepared":45,"raw":25,"locations":104},[],{"escaped":14,"rawEcho":25,"locations":106},[],[],[],{"summary":110,"deductions":111},"The \"photo-credits\" plugin v1.0 exhibits a strong security posture based on the static analysis.  There are no identified entry points (AJAX, REST API, shortcodes, cron events) that are exposed without authentication or permission checks. The code also demonstrates excellent practices by using prepared statements for all SQL queries and properly escaping all outputs.  Furthermore, there are no file operations or external HTTP requests, which significantly reduces the attack surface.  The absence of known vulnerabilities in its history, including critical or high-severity ones, further reinforces this positive assessment. This indicates a well-developed and securely coded plugin at version 1.0. \n\nHowever, the analysis does reveal areas where the plugin's security is either unknown or could be further strengthened. The complete lack of identified entry points, while appearing secure, might also suggest a very limited functionality, or that the entry points are not detectable by the static analysis tools. More importantly, the absence of nonce checks and capability checks across any potential interactions is a significant concern. While the static analysis reports zero unprotected entry points, the lack of these fundamental WordPress security mechanisms means that if any interactions are added in the future, they would be immediately vulnerable without these checks. The taint analysis also shows zero flows, which is positive, but this might be due to the absence of complex data handling or limited scope of analysis.\n\nIn conclusion, \"photo-credits\" v1.0 appears to be a secure plugin due to its adherence to secure coding practices like prepared statements and output escaping, and its clean vulnerability history. However, the complete absence of nonce and capability checks represents a potential future risk if the plugin's functionality expands. The limited detected attack surface is a strength, but the lack of fundamental security checks on any potential (even if undetected) interactions is a weakness that should be addressed.",[112,114],{"reason":113,"points":11},"Missing nonce checks",{"reason":115,"points":11},"Missing capability checks","2026-03-17T00:24:40.776Z",{"wat":118,"direct":124},{"assetPaths":119,"generatorPatterns":121,"scriptPaths":122,"versionParams":123},[120],"\u002Fwp-content\u002Fplugins\u002Fphoto-credits\u002Fphoto-credit-style.css",[],[],[],{"cssClasses":125,"htmlComments":128,"htmlAttributes":129,"restEndpoints":133,"jsGlobals":134,"shortcodeOutput":135},[126,127],"img-cont","photo-credit",[],[130,131,132],"be-photographer-name","be-photographer-website","be-photographer-url",[],[],[136,137],"\u003Cspan class=\"photo-credit\">","\u003Ca href=\""]