[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvSto38ArM7TEO_P57AhifYYGUil9Z0b5PHLPx4q_omI":3,"$fKiiE0XGo5lP379i_baVK__T-4hoBgMuNjr-nFf3MdgU":493,"$f-1X67e230R8vticjSNaUd1W1RWc82h_OWjErUQLOOjQ":497},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":49,"crawl_stats":37,"alternatives":53,"analysis":157,"fingerprints":454},"photo-express-for-google","Photo Express for Google","0.3.2","thhake","https:\u002F\u002Fprofiles.wordpress.org\u002Fthhake\u002F","\u003Cp>Browse your Google+\u002FPicasa Web albums and select images or whole albums to insert into your posts\u002Fpages. This is an unofficial\u003Cbr \u002F>\nfork of Picasa Express 2.\u003C\u002Fp>\n\u003Cp>The fork has been necessary because the authentication for private photo albums of “Picasa and Google Plus Express” has been broken since\u003Cbr \u002F>\n April 2015 due to changes to the authentication protocol. This is the first release after a major change to the code. Please\u003Cbr \u002F>\n  be so kind and test this version before putting it into production.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This fork supports OAUTH authentication with Google, so you can access private photos and albums again! Currently this only works on a blog-wide mode (Google+ Express access level: blog). I am working on a solution for a per user authentication.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Upgrade notice:\u003Cbr \u002F>\n*   The plugin requires at \u003Cstrong>least PHP 5.4\u003C\u002Fstrong>. Using a version before PHP 5.4 leads to parse errors.\u003Cbr \u002F>\n*   If you have shortcodes for single images that have been generated using a prior version of “Photo Express for Google” (0.1) or “Picasa and Google Plus Express” (all versions), you’ll have to update them to make photoswipe work correctly. Please have a look into the FAQ.\u003Cbr \u002F>\n*   The prefix for all CSS classes has changed from “pe2” to “peg”. Please consider this when upgrading from “Picasa and Google Plus Express”.\u003Cbr \u002F>\n*   The function to store authentication data on a user basis has been removed. The use case for storing it on a per user basis was not clear. If you rely on this function, please post a feature request with your particular use case.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use your Google user to access your photos and albums\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Private\u003C\u002Fstrong> album access after granting access via Google auth service\u003C\u002Fli>\n\u003Cli>Select albums \u002F images from GUI listing by album cover and name\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile gallery\u003C\u002Fstrong> display support with PhotoSwipe\u003C\u002Fli>\n\u003Cli>Google+ style \u003Cstrong>phototile\u003C\u002Fstrong> gallery display or standard gallery utilizing native WordPress image thumbnail size\u003C\u002Fli>\n\u003Cli>Create a gallery of a subset of photos from an album by \u003Cstrong>filtering the album with tags\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Gallery and image shortcodes for display of entire album or selected images\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress MU\u003C\u002Fstrong> support – sitewide activation, users, roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Additional settings:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Image link:\n\u003Cul>\n\u003Cli>\u003Cstrong>Mobile gallery\u003C\u002Fstrong> with PhotoSwipe – in desktop browsers PhotoSwipe is clean and works nicely.  On a mobile device, swiping between photos is supported\u003C\u002Fli>\n\u003Cli>Custom thickbox with plugin – including keyboard navigation and Google+ view link\u003C\u002Fli>\n\u003Cli>WordPress thickbox – using the integrated thickbox provided by WordPress\u003C\u002Fli>\n\u003Cli>3rd-party thickbox – setup the thickbox class\u002Frel, but rely on external library\u003C\u002Fli>\n\u003Cli>3rd-party lightbox – setup the lightbox class\u002Frel, but rely on an external library\u003C\u002Fli>\n\u003Cli>3rd-party highslide – setup the highslide class\u002Frel, but rely on an external library\u003C\u002Fli>\n\u003Cli>Google+ image page – a direct link to the Google+ image page for the photo\u003C\u002Fli>\n\u003Cli>direct – a direct link to the large photo\u003C\u002Fli>\n\u003Cli>none – just the image thumbnails are displayed with no link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>CSS \u002F style customizations for most tags created in galleries, photos & captions\u003C\u002Fli>\n\u003Cli>Caption under image and\u002For in image\u002Flink title and gallery display\u003C\u002Fli>\n\u003Cli>Alignment for images and gallery using standard CSS classes\u003C\u002Fli>\n\u003Cli>Define \u003Cstrong>Roles\u003C\u002Fstrong> who are allowed to use the plugin\u003C\u002Fli>\n\u003Cli>Switch from blog to \u003Cstrong>user level\u003C\u002Fstrong> for storing the user and private access token\u003C\u002Fli>\n\u003Cli>Settings for single-image thumbnail size, single-video thumbnail size and large image size limit\u003C\u002Fli>\n\u003Cli>Forcing SSL connection to the Google photo APIs\u003C\u002Fli>\n\u003Cli>Optional caching of the Google photo API results\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>And by design:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Shortcodes inserted for both albums and photos in anticipation of changes forthcoming in Picasaweb to Google+ migration.\u003C\u002Fli>\n\u003Cli>Support native WordPress image and link dialog for album image thumbnail size\u003C\u002Fli>\n\u003Cli>Support native WordPress gallery captions\u003C\u002Fli>\n\u003Cli>Multilanguage support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Old changelog of Picasa Express 2\u003C\u002Fh3>\n\u003Ch4>2.2.10\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Corrects a bug introduced in 2.2.7 regarding per-post options on thumbnail size setting\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.2.9\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Corrects an undefined variable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.2.8\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Corrects a bug with non-proportional image thumbnail sizes\u003C\u002Fli>\n\u003Cli>Corrects a bug with images displayed without a caption when captions are enabled, the alignment was not being properly assigned\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.2.7\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added an option to allow single image\u002Fvideo thumbnails to be configured non-proportionally\u003C\u002Fli>\n\u003Cli>Added the configuration option for PhotoSwipe to prevent upscaling of images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.2.6\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added a browser check for Photoswipe to switch to Thickbox if the client is using any version of IE, as the current version of Photoswipe has a bug in all versions of IE.\u003C\u002Fli>\n\u003Cli>Standardized the image links in Thickbox-Custom to match those of Photoswipe.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.2.5\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Attempted a fix suggested by Google to show all tag search results correctly.\u003C\u002Fli>\n\u003Cli>Corrected the use of the pe2_img_css and style options when displaying an album.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.2.4\u003C\u002Fh4>\n\u003Cp>Bugfix for image thumbnail size that was introduced in new posts created after\u003Cbr \u002F>\ninstalling version 2.2.3.\u003C\u002Fp>\n\u003Ch4>2.2.3\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Removed the “Video overlay” option and replaced with Google+’s native “play overlay” for videos\u003C\u002Fli>\n\u003Cli>Bugfix: A PHP warning was being generated when a gallery shortcode was wrapped around individual images.\u003C\u002Fli>\n\u003Cli>Bugfix: Removed the need for the alignX classes being added to the image when captions are being displayed below the image.  This was causing issues with certain themes, and is no longer necessary since the “Video overlay” is built into the thumbnail image.\u003C\u002Fli>\n\u003Cli>Bugfix: Changes to the js include method for thickbox used by the dialog to hopefully help resolve some issues certain users are experiencing with media-upload.js\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.2.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Changed the name of the plugin from “Picasa Express x2” to “Picasa and Google Plus Express”:\n\u003Cul>\n\u003Cli>As Google migrates to Google+ from Picasaweb, so is\u002Fwill this plugin\u003C\u002Fli>\n\u003Cli>Renamed the plugin to hopefully help indicate that and assist with plugin searches\u003C\u002Fli>\n\u003Cli>Plugin URL \u002F SVN name that WordPress uses to update the plugin will remain unchanged so that plugin updates can continue to occur from older versions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Removed the requirement of jquery.mobile for PhotoSwipe:\n\u003Cul>\n\u003Cli>PhotoSwipe appears to work properly without jquery.mobile\u003C\u002Fli>\n\u003Cli>jquery.mobile was causing many other issues with themes not designed for it\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Removed the reference to the 3rd parameter of “round()”:\n\u003Cul>\n\u003Cli>The 3rd parameter of round() was introduced in PHP 5.3, so users of previous versions were getting a warning.\u003C\u002Fli>\n\u003Cli>If PHP version is detected previous to 5.3, it will not call round with the 3rd parameter.  This may cause some rounding errors, but will not prevent it from working.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.2.1\u003C\u002Fh4>\n\u003Cp>Phototile last row will now properly select a row template so the template\u003Cbr \u002F>\nnumber of images matches the number of images remaining, therefore preventing\u003Cbr \u002F>\nthe last row of a phototile gallery from being incomplete.\u003C\u002Fp>\n\u003Ch4>2.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Phototile support for the image gallery\n\u003Cul>\n\u003Cli>Google+ style phototile image gallery option\u003C\u002Fli>\n\u003Cli>Thumbnail sizes are generated dynamically based on phototile layout\u003C\u002Fli>\n\u003Cli>Set the width of the phototile container and the phototile layout sizes to match\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Bugfix for mobile device detection to enable mobile interface for “Touch” Windows 8 devices\u003C\u002Fli>\n\u003Cli>Bugfix to move the is_mobile_device function into the class to prevent conflicts caused by the include\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Mobile-friendly gallery option added:\n\u003Cul>\n\u003Cli>The link option of \u003Ca href=\"http:\u002F\u002Fwww.photoswipe.com\" rel=\"nofollow ugc\">PhotoSwipe\u003C\u002Fa>, an open-source\u003Cbr \u002F>\nmobile-friendly image gallery.\u003C\u002Fli>\n\u003Cli>This is now the default image link option as it provides superior performance in both desktop and mobile clients.\u003C\u002Fli>\n\u003Cli>Added some additional options that display if PhotoSwipe is selected to configure the caption format.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Some additional improvements to the preferences to clean things up and hide options that aren’t necessary based on other option settings.\u003C\u002Fli>\n\u003Cli>RSS parsing option has been added to enable parsing the RSS to remove the caption entry for records where Google sends the caption as the image filename when the caption itself is blank. \u003C\u002Fli>\n\u003Cli>Some bug-fixes related to caption width and non-width-based thumbnail scaling.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.0.6\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>A small release to improve messaging for the Google username check and to\u003Cbr \u002F>\nclean up a few additional bugs\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Messaging when checking the username’s validity is now improved\u003C\u002Fli>\n\u003Cli>The FAQ now includes an entry speaking to the old picasaweb “short username” that Google appears to have removed support for\u003C\u002Fli>\n\u003Cli>Some shortcode attributes for gallery shortcodes were previously not being sent if changed in the dialog options.  Corrected this and the back-end processing to handle them.\u003C\u002Fli>\n\u003Cli>Some internal code cleanup and addition of some shared code to remove duplicate code.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.0.5\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>A small release to add additional style control for captions.\n\u003Cul>\n\u003Cli>Added the ability to set classes & styles for the P tag that contains the caption text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.0.4\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>A small release to add additional style control for captions.\n\u003Cul>\n\u003Cli>Added the ability to set classes & styles for the A tag that wraps the img tag\u003C\u002Fli>\n\u003Cli>Added the ability to set classes & styles on the caption container if captions are enabled for display\u003C\u002Fli>\n\u003Cli>Fixed a bug that was preventing the width from being set for single-image captions, therefore preventing the caption from appearing at all\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.0.3\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>A bugfix and feature addition update.\n\u003Cul>\n\u003Cli>Fixed bug related to PHP short_open_tag use\u003C\u002Fli>\n\u003Cli>Fixed bug related to image insertion in order\u003C\u002Fli>\n\u003Cli>Added option to return HTML rather than pe2-image shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.0.2\u003C\u002Fh4>\n\u003Cp>A bugfix release to correct bugs with the options page and requesting auth\u003Cbr \u002F>\ntokens from an SSL-based site.\u003C\u002Fp>\n\u003Ch4>2.0.1\u003C\u002Fh4>\n\u003Cp>A small bugfix release to correct a fatal error when gathering the transport\u003Cbr \u002F>\nfor user-based access levels.\u003C\u002Fp>\n\u003Ch4>2.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>A major change release that adds a lot of new functionality:\n\u003Cul>\n\u003Cli>Fixed a bug introduced by Google+ that was preventing private albums access\u003C\u002Fli>\n\u003Cli>Added video support – video thumbnail images have a “video play button overlay”, and the link opens in a new tab for viewing on Google+\u003C\u002Fli>\n\u003Cli>Added filtering albums with tags\u003C\u002Fli>\n\u003Cli>Added built-in customized thickbox option\u003C\u002Fli>\n\u003Cli>Added single-image shortcode\u003C\u002Fli>\n\u003Cli>Single-image insert method now allows selecting multiple images to insert together\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.5.4\u003C\u002Fh4>\n\u003Cp>Picasa change URL for origin image so \u002Fs0\u003C\u002Fp>\n\u003Ch4>1.5.3\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 3.3 fixes\u003C\u002Fli>\n\u003Cli>Gallery shortcode:\n\u003Cul>\n\u003Cli>\u003Ccode>class\u003C\u002Fcode>, \u003Ccode>style\u003C\u002Fcode> and \u003Ccode>align\u003C\u002Fcode> for gallery\u003C\u002Fli>\n\u003Cli>\u003Ccode>img_class\u003C\u002Fcode>,\u003Ccode>img_style\u003C\u002Fcode> and \u003Ccode>img_align\u003C\u002Fcode> for images inside gallery\u003Cbr \u002F>\n( align can be \u003Ccode>none\u003C\u002Fcode>, \u003Ccode>left\u003C\u002Fcode>, \u003Ccode>right\u003C\u002Fcode> or \u003Ccode>center\u003C\u002Fcode> )\u003C\u002Fli>\n\u003Cli>\u003Ccode>img_sort\u003C\u002Fcode> for sort images ( possible values: \u003Ccode>none\u003C\u002Fcode>, \u003Ccode>date\u003C\u002Fcode>, \u003Ccode>title\u003C\u002Fcode>, \u003Ccode>file\u003C\u002Fcode> or \u003Ccode>random\u003C\u002Fcode> )\u003C\u002Fli>\n\u003Cli>\u003Ccode>img_asc=1\u003C\u002Fcode> for ascending sort otherwise will be descending sort\u003C\u002Fli>\n\u003Cli>\u003Ccode>caption=1\u003C\u002Fcode> for use image description as image caption\u003C\u002Fli>\n\u003Cli>\u003Ccode>use_title=1\u003C\u002Fcode> for use description as image title\u003C\u002Fli>\n\u003Cli>\u003Ccode>tag\u003C\u002Fcode> for enveloping tag ( \u003Ccode>div\u003C\u002Fcode> by default )\u003C\u002Fli>\n\u003Cli>\u003Ccode>thumb_w\u003C\u002Fcode> and \u003Ccode>thumb_h\u003C\u002Fcode> for thumnails size and \u003Ccode>thumb_crop=1\u003C\u002Fcode> if you need to crop thumbnail to square \u003C\u002Fli>\n\u003Cli>\u003Ccode>large_size\u003C\u002Fcode> for limit opened image\u003C\u002Fli>\n\u003Cli>\u003Ccode>link\u003C\u002Fcode> for enveloping link (possible values: \u003Ccode>none\u003C\u002Fcode>, \u003Ccode>direct\u003C\u002Fcode>, \u003Ccode>picasa\u003C\u002Fcode>, \u003Ccode>thickbox\u003C\u002Fcode>, \u003Ccode>lightbox\u003C\u002Fcode> or \u003Ccode>highslide\u003C\u002Fcode> )\u003C\u002Fli>\n\u003Cli>\u003Ccode>limit\u003C\u002Fcode> to limit number of images displayed\u003C\u002Fli>\n\u003Cli>\u003Ccode>hide_rest=1\u003C\u002Fcode> include images over limit but with display:none. It’s for gallery script which show all images including hidden.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.5.2\u003C\u002Fh4>\n\u003Cp>WordPress 3.2 fixes\u003C\u002Fp>\n\u003Ch4>1.5\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Save last state\u003C\u002Fli>\n\u003Cli>Can limit the big size of images\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Revoke access to private albums from settings\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>avoid some warnings for PHP4\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Add error handling in several cases\u003C\u002Fli>\n\u003Cli>remove SSL verification ( some hosts report the problem with ssl verification – thanks to streetdaddy)\u003C\u002Fli>\n\u003Cli>increase timeout for connection with Google Picasa\u003C\u002Fli>\n\u003Cli>add Picasa username test in settings\u003C\u002Fli>\n\u003Cli>Envelop html special chars in titles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.4\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Some code was re-factored to be more extensible\u003C\u002Fli>\n\u003Cli>Warning for non standard image library. Help and links. \u003C\u002Fli>\n\u003Cli>Donate banner and “power by” link in the footer (of course you can disable link and banner in the settings)\u003C\u002Fli>\n\u003Cli>New smart size for thumbnails\u003C\u002Fli>\n\u003Cli>Options on fly\u003C\u002Fli>\n\u003Cli>Insert Picasa album by shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.3\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Define roles which capable to use the plugin\u003C\u002Fli>\n\u003Cli>Switch from blog to user level for store Picasa user and private access token \u003C\u002Fli>\n\u003Cli>WordPress MU support – sitewide activation, users, roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Finally make compatible with old PHP versions\u003C\u002Fli>\n\u003Cli>Access to private albums via granting on Google page. See FAQ for more details \u003C\u002Fli>\n\u003Cli>Reload button in dialog to retreive last changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Remove STATIC – should work with old PHP version. Optimize hooks and setting. Keep settings after deactivation.\u003C\u002Fli>\n\u003Cli>Change Picasa request method. Remove WP cache – changes displayed immediatelly.\u003C\u002Fli>\n\u003Cli>Add sorting ( date, title and file name , asc and desc ) for images in the dialog in settings. Without sorting should be displayed as in PicasaWeb.\u003C\u002Fli>\n\u003Cli>Add ordering for images in gallery ( by clicking )\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>Highslide\u003C\u002Fstrong> support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>First public release\u003C\u002Fli>\n\u003C\u002Ful>\n","Browse and select photos from any public or private Google+ album and add them to your posts\u002Fpages. This is an unofficial fork of \"Picasa and Goo &hellip;",70,21710,88,20,"2015-08-30T19:17:00.000Z","4.2.39","3.7","",[20,21,22,23],"google","googleplus","oauth","picasaweb","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fphoto-express","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphoto-express-for-google.zip",64,1,"2025-06-23 00:00:00","2026-04-06T09:54:40.288Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":37,"research_verified":47,"research_rounds_completed":48,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":47,"poc_model_used":37,"poc_verification_depth":37},"CVE-2025-27361","photo-express-for-google-reflected-cross-site-scripting","Photo Express for Google \u003C= 0.3.2 - Reflected Cross-Site Scripting","The Photo Express for Google plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=0.3.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-07-01 17:30:29",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3d0114d9-de95-444b-9820-e775bff32d53?source=api-prod",[],false,0,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},30,69,"2026-07-15T07:23:09.285Z",[54,77,97,118,139],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":26,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":73,"download_link":74,"security_score":64,"vuln_count":27,"unpatched_count":48,"last_vuln_date":75,"fetched_at":76},"google-apps-login","Login for Google Apps","3.5.2","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Login for Google Apps allows existing WordPress user accounts to log in to your website using Google to securely authenticate their account. This means that if they are already logged into Gmail – they can simply click their way through the WordPress login screen – no username or password is explicitly required!\u003C\u002Fp>\n\u003Cp>Login for Google Apps uses \u003Cstrong>secure oAuth2 authentication recommended by Google\u003C\u002Fstrong>, including 2-factor authentication (2FA) if enabled for your Google Workspace (formerly known as Google Apps and G Suite) accounts.\u003C\u002Fp>\n\u003Cp>This is far simpler to configure than the older SAML protocol.\u003C\u002Fp>\n\u003Cp>Login for Google Apps is trusted by thousands of organizations from schools to large public companies. Login for Google Apps for WordPress is the most popular enterprise grade plugin enabling login and user management based on your Google Workspace domain.\u003C\u002Fp>\n\u003Cp>Its plugin setup requires you to have admin access to any Google Workspace domain, or a regular Gmail account, to register and obtain two simple codes from Google.\u003C\u002Fp>\n\u003Ch4>Support and Premium features\u003C\u002Fh4>\n\u003Cp>Full support and premium features are also available for purchase:\u003C\u002Fp>\n\u003Cp>Eliminate the need for Google Workspace (previously called “Google Apps and G Suite”) domain admins to separately manage WordPress user accounts, and get peace of mind that only authorized employees have access to your organization’s websites and intranet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>See \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20Top&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">our website at wp-glogin.com\u003C\u002Fa> for more details.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Premium version allows everyone in your Google Workspace (Google Apps \u002F G Suite) domain to log in to WordPress – an account will be automatically created in WordPress if one doesn’t already exist.\u003C\u002Fp>\n\u003Cp>Our Enterprise version goes further, allowing you to specify granular access and role controls based on Google Group or Organizational Unit membership.\u003C\u002Fp>\n\u003Cp>You can also see logs of accounts created and roles changed by the plugin.\u003C\u002Fp>\n\u003Ch4>Extensible Platform\u003C\u002Fh4>\n\u003Cp>Login for Google Apps allows you to centralize your site’s Google functionality and build your own extensions, or use third-party extensions, which require no configuration themselves and share the same user authentication and permissions that users already allowed for Login for Google Apps itself.\u003C\u002Fp>\n\u003Cp>Using our platform, your website appears to Google accounts as one unified ‘web application’, making it more secure and easier to manage.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogledriveembedder\" rel=\"nofollow ugc\">Google Drive Embedder\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nusers to browse for Google Drive documents to embed directly in their posts or pages.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogleappsdirectory\" rel=\"nofollow ugc\">Google Apps Directory\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nlogged-in users to search your Google Apps employee directory from a widget on your intranet or client site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Favatars\u002F?utm_source=Login%20Readme%20Avatars&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Google Profile Avatars\u003C\u002Fa>\u003Cbr \u002F>\nis available on our website. It displays users’ Google profile photos in place of their avatars throughout your site.\u003C\u002Fp>\n\u003Cp>Login for Google Apps works on single or multisite WordPress websites or private intranets.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>One-click login will work for the following domains and user accounts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Workspace Starter\u003C\u002Fli>\n\u003Cli>Google Workspace Business Standard\u003C\u002Fli>\n\u003Cli>Google Workspace Business Plus\u003C\u002Fli>\n\u003Cli>Google Workspace Enterprise\u003C\u002Fli>\n\u003Cli>Google Workspace for Nonprofits\u003C\u002Fli>\n\u003Cli>Google Workspace for Government\u003C\u002Fli>\n\u003Cli>Google Classroom (Google Workspace for Education)\u003C\u002Fli>\n\u003Cli>Personal gmail.com and googlemail.com emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Login for Google Apps uses the latest secure OAuth2 authentication recommended by Google. Other 3rd party authentication plugins may allow you to use your Google username and password to login, but they do not do this securely unless they also use OAuth2. This is discussed further in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoogle-apps-login\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>This plugin currently operates in multiple languages.\u003C\u002Fp>\n\u003Cp>We welcome volunteers to translate into their own language. If you would like to contribute a translation, please open the WordPress.org \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgoogle-apps-login\u002F\" rel=\"nofollow ugc\">Translation portal\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Website and Upgrades\u003C\u002Fh4>\n\u003Cp>Please see our website \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002F?utm_source=Login%20Readme%20Website&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">https:\u002F\u002Fwp-glogin.com\u002F\u003C\u002Fa> for more information about this free plugin and extra features available in our Premium and Enterprise upgrades, plus support details, other plugins, and useful guides for admins of WordPress sites and Google Apps.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20PremEnt&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Premium and Enterprise versions\u003C\u002Fa> eliminate the need to manage user accounts in your WordPress site – everything is synced from Google Apps instead.\u003C\u002Fp>\n\u003Cp>If you are building your organization’s intranet on WordPress, try out our \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fintranet\u002F?utm_source=Login%20Readme%20AIOI&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">All-In-One Intranet plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).",10000,664671,92,"2025-05-08T16:01:00.000Z","6.8.5","5.5","7.2",[70,20,71,22,72],"authentication","login","sso","https:\u002F\u002Fwp-glogin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-apps-login.3.5.2.zip","2022-12-01 00:00:00","2026-04-16T10:56:18.058Z",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":67,"requires_php":91,"tags":92,"homepage":18,"download_link":95,"security_score":96,"vuln_count":48,"unpatched_count":48,"last_vuln_date":37,"fetched_at":76},"login-with-google","Log in with Google","1.4.2","rtCamp","https:\u002F\u002Fprofiles.wordpress.org\u002Frtcamp\u002F","\u003Cp>Ultra minimal plugin to let your users login to WordPress applications using their Google accounts. No more remembering hefty passwords!\u003C\u002Fp>\n\u003Ch3>Initial Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Create a project from \u003Ca href=\"https:\u002F\u002Fconsole.developers.google.com\u002Fapis\u002Fdashboard\" rel=\"nofollow ugc\">Google Developers Console\u003C\u002Fa> if none exists.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Go to \u003Cstrong>Credentials\u003C\u002Fstrong> tab, then create credential for OAuth client.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Application type will be \u003Cstrong>Web Application\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add \u003Ccode>YOUR_DOMAIN\u002Fwp-login.php\u003C\u002Fcode> in \u003Cstrong>Authorized redirect URIs\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This will give you \u003Cstrong>Client ID\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Input these values either in \u003Ccode>WP Admin > Settings > WP Google Login\u003C\u002Fcode>, or in \u003Ccode>wp-config.php\u003C\u002Fcode> using the following code snippet:\u003C\u002Fp>\n\u003Cp>\u003Ccode>define( 'WP_GOOGLE_LOGIN_CLIENT_ID', 'YOUR_GOOGLE_CLIENT_ID' );\u003Cbr \u002F>\ndefine( 'WP_GOOGLE_LOGIN_SECRET', 'YOUR_SECRET_KEY' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Browser support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fidentity\u002Fgsi\u002Fweb\u002Fguides\u002Fsupported-browsers\" rel=\"nofollow ugc\">These browsers are supported\u003C\u002Fa>. Note, for example, that One Tap Login is not supported in Safari.\u003C\u002Fp>\n\u003Ch3>How to enable automatic user registration\u003C\u002Fh3>\n\u003Cp>You can enable user registration either by\u003Cbr \u002F>\n– Enabling \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>OR\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adding\u003Cbr \u002F>\n\u003Ccode>define( 'WP_GOOGLE_LOGIN_USER_REGISTRATION', 'true' );\u003C\u002Fcode>\u003Cbr \u002F>\nin wp-config.php file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If the checkbox is ON then, it will register valid Google users even when WordPress default setting, under\u003C\u002Fp>\n\u003Cp>\u003Cem>Settings > General Settings > Membership > Anyone can register\u003C\u002Fem> checkbox\u003C\u002Fp>\n\u003Cp>is OFF.\u003C\u002Fp>\n\u003Ch3>Restrict user registration to one or more domain(s)\u003C\u002Fh3>\n\u003Cp>By default, when you enable user registration via constant \u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> or enable \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>, it will create a user for any Google login (including gmail.com users). If you are planning to use this plugin on a private, internal site, then you may like to restrict user registration to users under a single Google Suite organization. This configuration variable does that.\u003C\u002Fp>\n\u003Cp>Add your domain name, without any schema prefix and \u003Ccode>www,\u003C\u002Fcode> as the value of \u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> constant or in the settings \u003Ccode>Settings > WP Google Login > Whitelisted Domains\u003C\u002Fcode>. You can whitelist multiple domains. Please separate domains with commas. See the below example to know how to do it via constants:\u003Cbr \u002F>\n    \u003Ccode>define( 'WP_GOOGLE_LOGIN_WHITELIST_DOMAINS', 'example.com,sample.com' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If a user already exists, they \u003Cstrong>will be allowed to login with Google\u003C\u002Fstrong> regardless of whether their domain is whitelisted or not. Whitelisting will only prevent users from \u003Cstrong>registering\u003C\u002Fstrong> with email addresses from non-whitelisted domains.\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>For a list of all hooks please refer to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FrtCamp\u002Flogin-with-google#hooks\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>wp-config.php parameters list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_CLIENT_ID\u003C\u002Fcode> (string): Google client ID of your application.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_SECRET\u003C\u002Fcode> (string): Secret key of your application\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> (boolean) (optional): Set \u003Ccode>true\u003C\u002Fcode> If you want to enable new user registration. By default, user registration defers to \u003Ccode>Settings > General Settings > Membership\u003C\u002Fcode> if constant is not set.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> (string) (optional): Domain names, if you want to restrict login with your custom domain. By default, it will allow all domains. You can whitelist multiple domains.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>BTW, We’re Hiring!\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Frtcamp.com\u002Fcareers\u002F\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","Minimal plugin that allows WordPress users to log in using Google.",6000,120101,90,15,"2026-02-20T14:59:00.000Z","6.7.5","7.4",[70,93,22,94,72],"google-login","sign-in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-google.1.4.2.zip",100,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":96,"num_ratings":27,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":115,"download_link":116,"security_score":117,"vuln_count":48,"unpatched_count":48,"last_vuln_date":37,"fetched_at":76},"kn-social-slide","KN Social Slide","1.1.5","Freddie Aziz Jasbindar","https:\u002F\u002Fprofiles.wordpress.org\u002Fkakinetwork\u002F","\u003Cul>\n\u003Cli>We make setting up a simple slide to your wordpress and lets your visitors know about your facebook, twitter, feedburner email subscriptions and google+ and random post from your own wordpress. Don’t worry, you can turn on and off, re-position and re-order any slide you don’t want to anytime.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>http:\u002F\u002Fwww.kakiheboh.com\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.thegarang.com\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.kirinselamaperak.com\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.cikapasaja.com\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customizable\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Reposition any slide\u003C\u002Fli>\n\u003Cli>Reorder any slide\u003C\u002Fli>\n\u003Cli>On and off unwanted slide\u003C\u002Fli>\n\u003Cli>Auto open for random post\u003C\u002Fli>\n\u003Cli>Show how many tweet (1 ~ 4)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feature\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Facebook Fanpage\u003C\u002Fli>\n\u003Cli>Twitter Profile\u003C\u002Fli>\n\u003Cli>Google + Page\u003C\u002Fli>\n\u003Cli>Feedburner Email Subscriptions\u003C\u002Fli>\n\u003Cli>Random entry from your own blog\u003C\u002Fli>\n\u003C\u002Ful>\n","KN Social Slide is a free WordPress Plugin that lets your visitors know about your facebook, twitter, google+, feedburner and random entry!",50,16520,"2012-01-24T14:16:00.000Z","3.3.2","3.0.1",[111,21,112,113,114],"facebook","random-entry","social-slide","twitter","http:\u002F\u002Fwww.KakiNetwork.Com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkn-social-slide.zip",85,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":48,"num_ratings":48,"last_updated":128,"tested_up_to":57,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":18,"download_link":138,"security_score":117,"vuln_count":48,"unpatched_count":48,"last_vuln_date":37,"fetched_at":76},"gp","GP – GeePress","1.0","Louy Alakkad","https:\u002F\u002Fprofiles.wordpress.org\u002Flouyx\u002F","\u003Cp>GeePress, gives you all the tools you need to integrate your WordPress and Google+, including “Login with Google+” and “Comment via Google+”… Highly customizable and easy to use.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow your visitors to comment using their Google+ accounts\u003C\u002Fli>\n\u003Cli>Allow your blog users to sign in with their Google+ accounts. one click signin!\u003C\u002Fli>\n\u003Cli>Easily customizable by theme authors.\u003C\u002Fli>\n\u003C\u002Ful>\n","All the tools you need to integrate your WordPress and Google+.",40,1959,"2013-10-12T20:22:00.000Z","3.0",[131,132,133,134,135,20,136,71,22,137],"admin","button","comment","comments","connect","google-plus","wpmu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp.1.0.zip",{"slug":140,"name":141,"version":142,"author":143,"author_profile":144,"description":145,"short_description":146,"active_installs":14,"downloaded":147,"rating":148,"num_ratings":149,"last_updated":150,"tested_up_to":151,"requires_at_least":109,"requires_php":18,"tags":152,"homepage":155,"download_link":156,"security_score":117,"vuln_count":48,"unpatched_count":48,"last_vuln_date":37,"fetched_at":29},"fast-easy-social-sharing","Fast & Easy Social Sharing","1.0.2","Michael Tieso","https:\u002F\u002Fprofiles.wordpress.org\u002Fvskylabv\u002F","\u003Cp>A simple and fast social media sharing plugin. The share buttons are loaded as fonts thus load fast and can scale as large as you want them to be. No JavaScript is loaded from any of the social networks. Only two requests are being made, one for the fonts and another for the stylesheet, that’s it.\u003C\u002Fp>\n\u003Cp>For the time being, the icons are displayed only on posts, not pages or your homepage. Future version will have a feature to enable for pages.\u003C\u002Fp>\n\u003Ch4>Social Media Icons Supported:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>StumbleUpon\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>Google Plus\u003C\u002Fli>\n\u003Cli>LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feautres\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Change text of Share This.\u003C\u002Fli>\n\u003Cli>Change size of text for Share This.\u003C\u002Fli>\n\u003Cli>Change size of share buttons.\u003C\u002Fli>\n\u003Cli>Insert Twitter handle on tweet button.\u003C\u002Fli>\n\u003Cli>Total share count provided by sharedcount.com.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Support is available through the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffast-easy-social-sharing\" rel=\"ugc\">WordPress plugin support forum\u003C\u002Fa>. I’ll do my best to answer everyones questions.\u003C\u002Fp>\n\u003Ch3>Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Twitter: \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fmichaeltieso\" rel=\"nofollow ugc\">@michaeltieso\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.michaeltieso.com\" rel=\"nofollow ugc\">Personal Blog\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fartofadventuring.com\" rel=\"nofollow ugc\">Art of Adventuring\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftravelblogsuccess.com\" rel=\"nofollow ugc\">Travel Blog Success\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and fast social media sharing plugin. The share buttons are loaded as fonts thus load fast and can scale as large as you want them to be.",8468,74,3,"2014-03-10T18:18:00.000Z","3.7.41",[111,21,153,154,114],"sharing","socialmedia","http:\u002F\u002Fblog.michaeltieso.com\u002Fcode\u002Fwordpress-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffast-easy-social-sharing.zip",{"attackSurface":158,"codeSignals":292,"taintFlows":363,"riskAssessment":438,"analyzedAt":453},{"hooks":159,"ajaxHandlers":253,"restRoutes":269,"shortcodes":270,"cronEvents":289,"entryPointCount":290,"unprotectedCount":291},[160,166,170,175,178,183,187,193,197,202,206,209,212,215,219,223,227,230,233,236,239,242,245,248],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","admin_print_styles","add_style","class-photo-browser.php",289,{"type":161,"name":167,"callback":168,"file":164,"line":169},"admin_enqueue_scripts","add_script",290,{"type":161,"name":171,"callback":172,"file":173,"line":174},"wp_footer","peg_add_custom_thickbox_config","class-photo-renderer.php",1242,{"type":161,"name":171,"callback":176,"file":173,"line":177},"peg_init_photoswipe",1278,{"type":161,"name":179,"callback":180,"file":181,"line":182},"admin_init","settings_reg","class-settings.php",62,{"type":161,"name":184,"callback":185,"file":181,"line":186},"admin_print_styles-settings_page_photo-express","settings_style",63,{"type":161,"name":188,"callback":189,"priority":190,"file":191,"line":192},"update_option_peg_general_settings","check_for_cache_invalidation",10,"class-simple-cache.php",25,{"type":161,"name":194,"callback":195,"file":191,"line":196},"save_post","clear_cached_urls_for_post",27,{"type":161,"name":198,"callback":199,"file":200,"line":201},"plugins_loaded","migrate_if_possible","photo-express.php",115,{"type":161,"name":203,"callback":204,"priority":14,"file":200,"line":205},"media_buttons","add_media_button",129,{"type":161,"name":207,"callback":207,"file":200,"line":208},"media_upload_picasa",132,{"type":161,"name":179,"callback":210,"file":200,"line":211},"check_for_authorization_code",145,{"type":161,"name":179,"callback":213,"file":200,"line":214},"check_for_revoke",146,{"type":161,"name":216,"callback":217,"file":200,"line":218},"init","load_textdomain",149,{"type":161,"name":220,"callback":221,"file":200,"line":222},"admin_menu","add_settings_page",157,{"type":224,"name":225,"callback":225,"priority":190,"file":200,"line":226},"filter","contextual_help",158,{"type":161,"name":228,"callback":228,"file":200,"line":229},"wpmu_new_blog",164,{"type":161,"name":171,"callback":231,"file":200,"line":232},"add_footer_link",186,{"type":161,"name":216,"callback":234,"file":200,"line":235},"peg_add_display_css",190,{"type":161,"name":216,"callback":237,"file":200,"line":238},"peg_add_thickbox_script",196,{"type":161,"name":216,"callback":240,"file":200,"line":241},"peg_add_custom_thickbox_script",202,{"type":161,"name":216,"callback":243,"file":200,"line":244},"peg_add_photoswipe_script",213,{"type":161,"name":171,"callback":246,"file":200,"line":247},"peg_add_caption_width_javascript",222,{"type":224,"name":249,"callback":250,"priority":251,"file":200,"line":252},"the_content","peg_img_caption_shortcode_filter",12,236,[254,258,262,266],{"action":255,"nopriv":47,"callback":256,"hasNonce":47,"hasCapCheck":47,"file":200,"line":257},"peg_get_gallery","get_gallery",135,{"action":259,"nopriv":47,"callback":260,"hasNonce":47,"hasCapCheck":47,"file":200,"line":261},"peg_get_images","get_images",136,{"action":263,"nopriv":47,"callback":264,"hasNonce":47,"hasCapCheck":47,"file":200,"line":265},"peg_save_state","save_state",137,{"action":267,"nopriv":47,"callback":267,"hasNonce":47,"hasCapCheck":47,"file":200,"line":268},"peg_process_shortcode",138,[],[271,275,279,282,285],{"tag":272,"callback":273,"file":200,"line":274},"pe2-gallery","gallery_shortcode",174,{"tag":276,"callback":277,"file":200,"line":278},"pe2-image","image_shortcode",175,{"tag":280,"callback":273,"file":200,"line":281},"peg-gallery",177,{"tag":283,"callback":277,"file":200,"line":284},"peg-image",178,{"tag":286,"callback":287,"file":200,"line":288},"clear","clear_shortcode",180,[],9,4,{"dangerousFunctions":293,"sqlUsage":294,"outputEscaping":299,"fileOperations":27,"externalRequests":291,"nonceChecks":27,"capabilityChecks":361,"bundledLibraries":362},[],{"prepared":48,"raw":27,"locations":295},[296],{"file":297,"line":252,"context":298},"class-settings-storage.php","$wpdb->get_col() with variable interpolation",{"escaped":14,"rawEcho":300,"locations":301},31,[302,305,306,308,310,311,313,315,316,318,320,322,324,326,328,330,331,333,335,337,339,341,343,345,347,349,351,353,355,357,359],{"file":303,"line":182,"context":304},"class-common.php","raw output",{"file":303,"line":186,"context":304},{"file":303,"line":307,"context":304},65,{"file":303,"line":309,"context":304},67,{"file":303,"line":309,"context":304},{"file":312,"line":186,"context":304},"class-google-photo-access.php",{"file":312,"line":314,"context":304},109,{"file":312,"line":205,"context":304},{"file":312,"line":317,"context":304},130,{"file":312,"line":319,"context":304},143,{"file":312,"line":321,"context":304},148,{"file":312,"line":323,"context":304},168,{"file":164,"line":325,"context":304},43,{"file":164,"line":327,"context":304},57,{"file":164,"line":329,"context":304},118,{"file":164,"line":265,"context":304},{"file":164,"line":332,"context":304},221,{"file":164,"line":334,"context":304},232,{"file":164,"line":336,"context":304},263,{"file":164,"line":338,"context":304},270,{"file":164,"line":340,"context":304},275,{"file":173,"line":342,"context":304},1186,{"file":173,"line":344,"context":304},1257,{"file":173,"line":346,"context":304},1258,{"file":173,"line":348,"context":304},1262,{"file":173,"line":350,"context":304},1286,{"file":173,"line":352,"context":304},1293,{"file":173,"line":354,"context":304},1294,{"file":173,"line":356,"context":304},1295,{"file":173,"line":358,"context":304},1296,{"file":181,"line":360,"context":304},1018,8,[],[364,379,389,399,419,430],{"entryPoint":365,"graph":366,"unsanitizedCount":27,"severity":39},"check_for_authorization_code (class-google-photo-access.php:98)",{"nodes":367,"edges":377},[368,372],{"id":369,"type":370,"label":371,"file":312,"line":314},"n0","source","$_GET['error']",{"id":373,"type":374,"label":375,"file":312,"line":314,"wp_function":376},"n1","sink","echo() [XSS]","echo",[378],{"from":369,"to":373,"sanitized":47},{"entryPoint":380,"graph":381,"unsanitizedCount":27,"severity":39},"settings_form (class-settings.php:981)",{"nodes":382,"edges":387},[383,386],{"id":369,"type":370,"label":384,"file":181,"line":385},"$_GET",1006,{"id":373,"type":374,"label":375,"file":181,"line":360,"wp_function":376},[388],{"from":369,"to":373,"sanitized":47},{"entryPoint":390,"graph":391,"unsanitizedCount":48,"severity":398},"\u003Cclass-google-photo-access> (class-google-photo-access.php:0)",{"nodes":392,"edges":395},[393,394],{"id":369,"type":370,"label":371,"file":312,"line":314},{"id":373,"type":374,"label":375,"file":312,"line":314,"wp_function":376},[396],{"from":369,"to":373,"sanitized":397},true,"low",{"entryPoint":400,"graph":401,"unsanitizedCount":48,"severity":398},"save_state (class-photo-browser.php:229)",{"nodes":402,"edges":416},[403,406,409,413],{"id":369,"type":370,"label":404,"file":164,"line":405},"$_POST['last_request'] (x2)",242,{"id":373,"type":374,"label":407,"file":164,"line":405,"wp_function":408},"update_option() [Settings Manipulation]","update_option",{"id":410,"type":370,"label":411,"file":164,"line":412},"n2","$_POST",239,{"id":414,"type":374,"label":407,"file":164,"line":415,"wp_function":408},"n3",250,[417,418],{"from":369,"to":373,"sanitized":397},{"from":410,"to":414,"sanitized":397},{"entryPoint":420,"graph":421,"unsanitizedCount":48,"severity":398},"\u003Cclass-photo-browser> (class-photo-browser.php:0)",{"nodes":422,"edges":427},[423,424,425,426],{"id":369,"type":370,"label":404,"file":164,"line":405},{"id":373,"type":374,"label":407,"file":164,"line":405,"wp_function":408},{"id":410,"type":370,"label":411,"file":164,"line":412},{"id":414,"type":374,"label":407,"file":164,"line":415,"wp_function":408},[428,429],{"from":369,"to":373,"sanitized":397},{"from":410,"to":414,"sanitized":397},{"entryPoint":431,"graph":432,"unsanitizedCount":48,"severity":398},"\u003Cclass-settings> (class-settings.php:0)",{"nodes":433,"edges":436},[434,435],{"id":369,"type":370,"label":384,"file":181,"line":385},{"id":373,"type":374,"label":375,"file":181,"line":360,"wp_function":376},[437],{"from":369,"to":373,"sanitized":397},{"summary":439,"deductions":440},"The photo-express-for-google plugin version 0.3.2 exhibits a concerning security posture, primarily due to a significant number of unprotected entry points and a history of vulnerabilities. The static analysis reveals 4 out of 9 total entry points lack authentication checks, which is a major concern for potential unauthorized access and manipulation. While there are no critical or high severity taint analysis findings, the presence of 2 flows with unsanitized paths warrants attention as they could lead to unexpected behavior or security issues if exploited.  The vulnerability history is particularly troubling, with one known unpatched medium severity CVE. This indicates a pattern of security weaknesses that have not been fully addressed, and the fact that it's a Cross-site Scripting (XSS) vulnerability suggests potential issues with how user input is handled. While the plugin does perform capability checks and has some output escaping, the high percentage of unescaped outputs and the lack of prepared statements for SQL queries are notable weaknesses. The combination of unprotected entry points and past vulnerabilities paints a picture of a plugin that requires immediate attention to mitigate risks.",[441,443,446,449,451],{"reason":442,"points":190},"Unprotected AJAX handlers",{"reason":444,"points":445},"SQL queries without prepared statements",5,{"reason":447,"points":448},"Low percentage of properly escaped output",7,{"reason":450,"points":88},"Unpatched medium severity CVE",{"reason":452,"points":361},"Flows with unsanitized paths","2026-03-16T21:34:11.345Z",{"wat":455,"direct":470},{"assetPaths":456,"generatorPatterns":462,"scriptPaths":463,"versionParams":464},[457,458,459,460,461],"\u002Fwp-content\u002Fplugins\u002Fphoto-express-for-google\u002Fphoto-express.css","\u002Fwp-content\u002Fplugins\u002Fphoto-express-for-google\u002Fpeg-admin.css","\u002Fwp-content\u002Fplugins\u002Fphoto-express-for-google\u002Fpeg-gallery.css","\u002Fwp-content\u002Fplugins\u002Fphoto-express-for-google\u002Fpeg-scripts.js","\u002Fwp-content\u002Fplugins\u002Fphoto-express-for-google\u002Fpeg-styles.js",[],[460],[465,466,467,468,469],"photo-express-for-google\u002Fphoto-express.css?ver=","photo-express-for-google\u002Fpeg-admin.css?ver=","photo-express-for-google\u002Fpeg-gallery.css?ver=","photo-express-for-google\u002Fpeg-scripts.js?ver=","photo-express-for-google\u002Fpeg-styles.js?ver=",{"cssClasses":471,"htmlComments":475,"htmlAttributes":479,"restEndpoints":482,"jsGlobals":485,"shortcodeOutput":487},[472,473,474],"peg-browser-container","peg-gallery-main","peg-login-button",[476,477,478],"\u003C!-- Picasa Express 2.0 -->","\u003C!-- PEG Gallery -->","\u003C!-- PEG Image -->",[480,481],"data-peg-gallery-id","data-peg-image-id",[483,484],"\u002Fwp-json\u002Fphoto-express-for-google\u002Fv1\u002Fget-galleries","\u002Fwp-json\u002Fphoto-express-for-google\u002Fv1\u002Fget-images",[486],"photoExpress",[488,489,490,491,492],"[peg-gallery]","[peg-image]","[pe2-gallery]","[pe2-image]","[clear]",{"error":397,"url":494,"statusCode":495,"statusMessage":496,"message":496},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fphoto-express-for-google\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":48,"versions":498},[]]