[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0SLnvMyzQujYB2Y6pAr9qWaKv3cpureEEfItE5SMcZU":3,"$fb8gXauKncd8mhVJd5gl0P8Qq7qeYunhov8upBUlPU7s":279,"$fjCt9wlj5WqtHVP73hTrLppQD1DB5bILu1_XFIQaL1io":283},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":39,"analysis":134,"fingerprints":255},"photoroulette","PhotoRoulette","1.1.0","polkan","https:\u002F\u002Fprofiles.wordpress.org\u002Fpolkan\u002F","\u003Cp>The interactive random post loader with thumbnails activated by site visitors. Being involved in process visitor makes more pageviews and stays longer!\u003C\u002Fp>\n\u003Cp>Plugin has 5 predefined color schemes, allows to select categories to get posts from. You can add several widgets simultaneously, each one has its own settings.\u003C\u002Fp>\n\u003Cp>Live preview: http:\u002F\u002Fphotoroulette.pwpcode.ru\u003C\u002Fp>\n","The interactive random post loader activated by site visitors.",10,1501,100,1,"2015-09-24T23:03:00.000Z","4.3.34","4.0","",[20,21,22,23,24],"attraction","interactive","photo","photo-blog","photoblog","http:\u002F\u002Fphotoroulette.pwpcode.ru","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphotoroulette.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},2,50,30,84,"2026-05-20T06:55:32.791Z",[40,59,72,95,115],{"slug":41,"name":41,"version":42,"author":18,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":56,"download_link":57,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":58},"wp2flickr","0.15","https:\u002F\u002Fprofiles.wordpress.org\u002Ffsimo\u002F","\u003Cp>Uploads photos from WordPress posts to Flickr.\u003Cbr \u002F>\nIt works with standard WordPress media and with YAPB plugin (recomended).\u003Cbr \u002F>\nPerfect for photoblogging.\u003C\u002Fp>\n\u003Ch4>Typical usage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Anytime you publish a new post it will be uploaded to flickr.\u003C\u002Fli>\n\u003C\u002Ful>\n","Uploads photos from WordPress posts to Flickr. It works with standard Wordpress media and with YAPB plugin (recomended).",3812,20,3,"2014-12-15T16:49:00.000Z","3.9.40","3.8",[53,23,54,24,55],"images","photo-blogging","yapb","http:\u002F\u002Fwp2flickr.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp2flickr.zip","2026-04-06T09:54:40.288Z",{"slug":60,"name":60,"version":61,"author":18,"author_profile":43,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":28,"num_ratings":28,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":18,"tags":68,"homepage":18,"download_link":71,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"yapb-queue","1.0.7","\u003Cp>Schedule YAPB images from a directory with an interval of time.\u003Cbr \u002F>\nRead iptcs set the title, body and tags.\u003Cbr \u002F>\nPerfect for photoblogging.\u003C\u002Fp>\n\u003Ch4>Typical usage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Edit your photos in your favorite editor (Lightroom, Aperture, etc.)\u003C\u002Fli>\n\u003Cli>Be sure to edit your IPTC data\u003C\u002Fli>\n\u003Cli>Upload your image with any FTP client to \u002Fwp-content\u002Fuploads\u002Fyapq-queue\u003C\u002Fli>\n\u003Cli>Goto ‘Post’ section and you will see an ‘YAPB queue’ option\u003C\u002Fli>\n\u003Cli>Enter the start date and the period of time between post\u003C\u002Fli>\n\u003Cli>‘Process queue’… 🙂\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Based on “YAPB Bulk Uploader” http:\u002F\u002Fjoost.reuzel.nl\u002Fabout\u002Fplugins\u002F\u003C\u002Fp>\n","Schedule YAPB images from a directory with an interval of time.",3854,"2013-04-09T12:57:00.000Z","3.5.2","2.5",[23,24,69,70,55],"queue","schedule","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyapb-queue.1.0.7.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":91,"download_link":92,"security_score":93,"vuln_count":34,"unpatched_count":34,"last_vuln_date":94,"fetched_at":30},"import-external-attachments","Import external attachments","1.5.12","ryanpcmcquen","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanpcmcquen\u002F","\u003Cp>Makes local copies of all the linked images and pdfs in a post, adding them as gallery attachments.\u003C\u002Fp>\n\u003Cp>Source & support:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fryanpcmcquen\u002Fimport-external-attachments\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is based on the work done in the “Import External Images” plugin by MartyThornley.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002FMartyThornley\u003C\u002Fp>\n\u003Cp>HTTPS support added by IvanDoomer:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FIvanDoomer\u003C\u002Fp>\n\u003Cp>PDF support added by bengreeley:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fbengreeley\u003C\u002Fp>\n\u003Cp>Most of the JavaScript was rewritten from the original plugin, to reduce the\u003Cbr \u002F>\nnumber of global variables.\u003C\u002Fp>\n","Makes local copies of all the linked images and pdfs in a post, adding them as gallery attachments.",2000,24367,86,26,"2017-02-24T14:39:00.000Z","4.4.34","3.2",[88,89,53,22,90],"attachments","gallery","photobloggers","https:\u002F\u002Fgithub.com\u002Fryanpcmcquen\u002Fimport-external-attachments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimport-external-attachments.zip",41,"2025-12-14 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":13,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":85,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":113,"download_link":114,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"before-after","Before After","1.0.2","Hemant Nandrajog (instruite)","https:\u002F\u002Fprofiles.wordpress.org\u002Finstruite\u002F","\u003Cp>Before After plugin integrates modified version \u003Ca href=\"http:\u002F\u002Fwww.catchmyfame.com\u002F2009\u002F06\u002F25\u002Fjquery-beforeafter-plugin\u002F\" title=\"jQuery Before\u002FAfter Plugin\" rel=\"nofollow ugc\">jQuery Before\u002FAfter Plugin\u003C\u002Fa> in the wordpress.\u003Cbr \u002F>\nIt can be used to show the difference between edited and original photo, before and after photos of changes, etc.\u003C\u002Fp>\n\u003Cp>Please check ‘Other Notes’ for the Usage instructions to see how to use it on your blog\u003C\u002Fp>\n\u003Cp>Demosites:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.instruite.com\u002Fblog\u002F2016\u002F02\u002F16\u002Fbefore-after-works\u002F\" title=\"Demo with Latest version\" rel=\"nofollow ugc\">Demo with Latest version\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.instruite.com\u002Fblog\u002F2011\u002F05\u002F18\u002Fphotostrying-photoshop-filters\u002F\" title=\"Operation on custom theme\" rel=\"nofollow ugc\">Operation on custom theme\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Author info:\u003Cbr \u002F>\nFollow me on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Finstruite\u002F\" title=\"Follow instruite on twitter\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> or become my Friend on \u003Ca href=\"http:\u002F\u002Fwww.facebook.com\u002Finstruite\u002F\" title=\"Instruite's Facebook page\" rel=\"nofollow ugc\">facebook\u003C\u002Fa>\u003Cbr \u002F>\nAlso on \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002F108357740742566610994\u002F\" title=\"Follow instruite on Google+\" rel=\"nofollow ugc\">Google+\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Write the content of your post other than the images\u003C\u002Fli>\n\u003Cli>Switch to ‘HTML-editor’ mode of the post editor area\u003C\u002Fli>\n\u003Cli>Click ‘BeforeAfter’ button (This will start the ‘[beforeafter]’ shortcode)\u003C\u002Fli>\n\u003Cli>Add the photos to your post through the wordpress image\u002Fmedia uploader\u003C\u002Fli>\n\u003Cli>1 photo should be left align when you insert the images on your post, the other one can be aligned right\u002Fcenter\u002Fnone\u003C\u002Fli>\n\u003Cli>The ‘left-aligned’ photo is taken as before photo so please align your photos accordingly\u003C\u002Fli>\n\u003Cli>After you have inserted the two images in the post Click ‘BeforeAfter’ button again to close ‘[\u002Fbeforeafter]’ shortcode.\u003C\u002Fli>\n\u003Cli>You can add more content to your post after closing the ‘[\u002Fbeforeafter]’ shortcode\u003C\u002Fli>\n\u003Cli>The content other than image information withing the ‘[beforeafter]…[\u002Fbeforeafter]’ is ignored when the shortcode is executed, in other places like home page archive page the content will be shown as is in the post.\u003C\u002Fli>\n\u003C\u002Ful>\n","Before After plugin integrates modified version [jQuery Before\u002FAfter Plugin](http:\u002F\u002Fwww.catchmyfame.com\u002F2009\u002F06\u002F25\u002Fjquery-beforeafter-plugin\u002F \"jQ &hellip;",17884,92,11,"2016-02-16T07:23:00.000Z","2.9",[109,110,111,24,112],"after","before","photo-effects","photos","http:\u002F\u002Fwww.instruite.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbefore-after.1.0.2.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":14,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":18,"tags":129,"homepage":132,"download_link":133,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"sidebar-photoblog","Sidebar Photoblog","2.06","Hassan1","https:\u002F\u002Fprofiles.wordpress.org\u002Fhassan1\u002F","\u003Cp>There are several photo blog plug-in for WordPress. Most of them assume that you are a professional photographer who makes lots of money via his\u002Fher camera.\u003C\u002Fp>\n\u003Cp>Sidebar Photo blog does not use lots of server resources and doesn’t have any confusing options.  It uses WordPress functions to get maximum compatibility and flexibility.\u003C\u002Fp>\n\u003Cp>New Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli> Slideshow\u003C\u002Fli>\n\u003Cli> Ability to show random photos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Sidebar Photo blog is simple, light and easy to use. It also has some nice effects, a simple slideshow, ability to show random photos and an archive page for your pictures.\u003C\u002Fp>\n\u003Cp>To learn how to add your photos please see \u003Ca href=\"http:\u002F\u002Fwpwave.com\u002Fplugins\u002Fsidebar-photoblog\u002F\" rel=\"nofollow ugc\">plugin URL\u003C\u002Fa>. It’s easy!\u003C\u002Fp>\n\u003Cp>Languages:\u003Cbr \u002F>\n    Persian by     \u003Ca href=\"http:\u002F\u002Fcyberia.ir\" rel=\"nofollow ugc\">Cyberia\u003C\u002Fa>\u003Cbr \u002F>\n    Russian by     \u003Ca href=\"http:\u002F\u002Fwww.fatcow.com\" rel=\"nofollow ugc\">Fatcow\u003C\u002Fa>\u003Cbr \u002F>\n    French by      \u003Ca href=\"http:\u002F\u002Fwww.wolforg.eu\" rel=\"nofollow ugc\">Wolforg\u003C\u002Fa>\u003Cbr \u002F>\n    Turkish by     \u003Ca href=\"http:\u002F\u002Fwww.dmry.net\" rel=\"nofollow ugc\">Hakan Demiray\u003C\u002Fa>\u003Cbr \u002F>\n        Belorussian by \u003Ca href=\"http:\u002F\u002Fantsar.info\" rel=\"nofollow ugc\">ilyuha\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To add your own language contact us.\u003C\u002Fp>\n","An easy to use photoblog plugin helps you to share your daily photos on your sidebar. With slideshow, photo archive, nice effects and ability to show  &hellip;",70,45084,80,"2010-03-21T17:39:00.000Z","2.9.2","2.7",[130,53,22,24,131],"image","widget","http:\u002F\u002Fwpwave.com\u002Fplugins\u002Fsidebar-photoblog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsidebar-photoblog.zip",{"attackSurface":135,"codeSignals":167,"taintFlows":239,"riskAssessment":240,"analyzedAt":254},{"hooks":136,"ajaxHandlers":156,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":34,"unprotectedCount":28},[137,143,147,151],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","wp_enqueue_scripts","enqueue_scripts","main.php",13,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_enqueue_scripts","enqueue_admin_scripts",14,{"type":138,"name":148,"callback":149,"priority":14,"file":141,"line":150},"plugins_loaded","includes",15,{"type":138,"name":152,"callback":153,"file":154,"line":155},"widgets_init","anonymous","widget.php",222,[157,163],{"action":158,"nopriv":159,"callback":160,"hasNonce":161,"hasCapCheck":159,"file":141,"line":162},"pwppr_actions",false,"ajax_actions",true,18,{"action":158,"nopriv":161,"callback":160,"hasNonce":161,"hasCapCheck":159,"file":141,"line":47},[],[],[],{"dangerousFunctions":168,"sqlUsage":172,"outputEscaping":174,"fileOperations":28,"externalRequests":28,"nonceChecks":14,"capabilityChecks":28,"bundledLibraries":238},[169],{"fn":170,"file":154,"line":155,"context":171},"create_function","add_action( 'widgets_init', create_function( '', 'return register_widget(\"PWP_Photoroulette_Widget\")",{"prepared":28,"raw":28,"locations":173},[],{"escaped":150,"rawEcho":175,"locations":176},38,[177,180,182,184,186,188,190,192,194,195,197,199,200,201,202,204,205,207,209,210,211,212,213,214,215,216,217,219,221,223,224,226,228,230,232,234,235,237],{"file":154,"line":178,"context":179},46,"raw output",{"file":154,"line":181,"context":179},49,{"file":154,"line":183,"context":179},56,{"file":154,"line":185,"context":179},59,{"file":154,"line":187,"context":179},74,{"file":154,"line":189,"context":179},91,{"file":154,"line":191,"context":179},129,{"file":154,"line":193,"context":179},130,{"file":154,"line":193,"context":179},{"file":154,"line":196,"context":179},134,{"file":154,"line":198,"context":179},135,{"file":154,"line":198,"context":179},{"file":154,"line":198,"context":179},{"file":154,"line":198,"context":179},{"file":154,"line":203,"context":179},139,{"file":154,"line":203,"context":179},{"file":154,"line":206,"context":179},140,{"file":154,"line":208,"context":179},145,{"file":154,"line":208,"context":179},{"file":154,"line":208,"context":179},{"file":154,"line":208,"context":179},{"file":154,"line":208,"context":179},{"file":154,"line":208,"context":179},{"file":154,"line":208,"context":179},{"file":154,"line":208,"context":179},{"file":154,"line":208,"context":179},{"file":154,"line":218,"context":179},150,{"file":154,"line":220,"context":179},153,{"file":154,"line":222,"context":179},161,{"file":154,"line":222,"context":179},{"file":154,"line":225,"context":179},166,{"file":154,"line":227,"context":179},167,{"file":154,"line":229,"context":179},168,{"file":154,"line":231,"context":179},169,{"file":154,"line":233,"context":179},174,{"file":154,"line":233,"context":179},{"file":154,"line":236,"context":179},209,{"file":154,"line":236,"context":179},[],[],{"summary":241,"deductions":242},"The plugin \"photoroulette\" v1.1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not having any exposed REST API routes, shortcodes, or cron events, resulting in a small total attack surface. Furthermore, all SQL queries are correctly parameterized, and there are no known vulnerabilities or CVEs associated with this plugin, indicating a history of relatively safe development. The absence of file operations and external HTTP requests also reduces potential attack vectors.\n\nHowever, several areas raise concerns. The presence of the `create_function` function is a significant red flag as it is highly discouraged and can lead to remote code execution vulnerabilities if used with untrusted input. The output escaping is also a weakness, with only 28% of outputs being properly escaped, leaving a substantial number of potential XSS vulnerabilities. While there is one nonce check, there are no capability checks for the AJAX handlers, meaning any authenticated user could potentially trigger these endpoints without proper authorization. The taint analysis showing zero flows analyzed is also concerning as it suggests insufficient testing for potential data leakage or manipulation.\n\nIn conclusion, while the plugin benefits from a limited attack surface and a clean vulnerability history, the identified code signals, particularly `create_function` and insufficient output escaping and capability checks on AJAX handlers, represent tangible security risks. The lack of taint analysis also suggests that some vulnerabilities might remain undetected. A thorough review and remediation of these specific issues are recommended to improve the overall security of the plugin.",[243,245,248,251],{"reason":244,"points":150},"Dangerous function `create_function` used",{"reason":246,"points":247},"Low percentage of properly escaped output",8,{"reason":249,"points":250},"No capability checks on AJAX handlers",7,{"reason":252,"points":253},"No taint flow analysis performed",5,"2026-04-16T12:16:12.640Z",{"wat":256,"direct":269},{"assetPaths":257,"generatorPatterns":262,"scriptPaths":263,"versionParams":264},[258,259,260,261],"\u002Fwp-content\u002Fplugins\u002Fphotoroulette\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fphotoroulette\u002Fjs\u002Fscripts.js","\u002Fwp-content\u002Fplugins\u002Fphotoroulette\u002Fcss\u002Fstyle-admin.css","\u002Fwp-content\u002Fplugins\u002Fphotoroulette\u002Fjs\u002Fscripts-admin.js",[],[259,261],[265,266,267,268],"photoroulette\u002Fcss\u002Fstyle.css?ver=","photoroulette\u002Fjs\u002Fscripts.js?ver=","photoroulette\u002Fcss\u002Fstyle-admin.css?ver=","photoroulette\u002Fjs\u002Fscripts-admin.js?ver=",{"cssClasses":270,"htmlComments":273,"htmlAttributes":274,"restEndpoints":275,"jsGlobals":276,"shortcodeOutput":278},[271,272],"pwppr-styles","pwpph-styles-adm",[],[],[],[277],"pwppr",[],{"error":161,"url":280,"statusCode":281,"statusMessage":282,"message":282},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fphotoroulette\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":284},[285],{"version":6,"download_url":286,"svn_tag_url":287,"released_at":29,"has_diff":159,"diff_files_changed":288,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":289,"is_current":161},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphotoroulette.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fphotoroulette\u002Ftags\u002F1.1.0\u002F",[],[]]