[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f07yXUxEwH8t-PTrKX6vYV2z4iWbHanoSgqLBZA9B3jM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":138,"fingerprints":266},"plugin-grabber","Plugin Grabber","1.02","avdude","https:\u002F\u002Fprofiles.wordpress.org\u002Favdude\u002F","\u003Cp>This wordpress plugin allows you to create and download a backup of a plugin or your entire plugins directory.\u003Cbr \u002F>\nVery useful to use just before updating a plugin.\u003Cbr \u002F>\nAdds menu item to Plugins & Tools\u003C\u002Fp>\n","This wordpress plugin allows you to create and download a backup of a plugin or your entire plugins directory.",10,2251,90,2,"2015-04-28T15:18:00.000Z","4.2.39","3.0.1","",[20,21,22,23],"archive","backup","plugins","zip","http:\u002F\u002Fwww.avdude.com\u002Fplugingrabber","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-grabber.1.02.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,84,"2026-04-04T15:04:42.299Z",[37,60,77,101,122],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":18,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":32,"last_vuln_date":59,"fetched_at":29},"zippy","Zippy","1.7.0","Gesundheit Bewegt GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Floyaltymanufaktur\u002F","\u003Cp>Incredibly easy solution to archive pages and posts as zip file and unpack them back even on the other website!\u003C\u002Fp>\n\u003Cp>Archive posts and pages in one click. Transfer them to the other website or simple use this feature to backup you articles on the local computer.\u003C\u002Fp>\n\u003Ch4>Important\u003C\u002Fh4>\n\u003Cp>Please make sure Zip extension is enabled on your web server! Otherwise, the plugin will not work for you.\u003C\u002Fp>\n\u003Cp>More info: https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fbook.zip.php\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>archive posts as zip-files\u003C\u002Fli>\n\u003Cli>extract archives on any website with the installed plugin\u003C\u002Fli>\n\u003Cli>download and store posts as zip archives\u003C\u002Fli>\n\u003Cli>multiple posts support\u003C\u002Fli>\n\u003Cli>custom post types support\u003C\u002Fli>\n\u003C\u002Ful>\n","Incredibly easy solution to archive pages and posts as zip file and unpack them back even on the other website!",10000,227277,92,16,"2025-09-30T21:34:00.000Z","6.8.5","4.9",[20,21,53,54,55],"custom-post-types","migration","zip-files","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzippy.1.7.0.zip",71,5,"2024-08-27 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":27,"downloaded":68,"rating":27,"num_ratings":27,"last_updated":69,"tested_up_to":50,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":74,"download_link":75,"security_score":76,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"platinaxe-pudding-package-backup","Pudding Package Backup","1.1.0","Platinaxe","https:\u002F\u002Fprofiles.wordpress.org\u002Fplatinaxe\u002F","\u003Cp>Pudding Package Backup is a simple yet powerful tool that helps you create clean, versioned backups of your WordPress plugins and themes. Simply visit your WordPress Plugins page, click the “Backup” link next to any plugin, or open a theme in the Theme Browser and click the “Backup” button to instantly get a ZIP download with version information included in the filename. It automatically excludes development files and directories, ensuring you get only the essential files in your backup.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>✅ One-click backup from the plugins page and theme browser\u003Cbr \u002F>\n✅ Automatically includes plugin\u002Ftheme version in the backup filename\u003Cbr \u002F>\n✅ Excludes development files and directories (node_modules, .git, etc.)\u003Cbr \u002F>\n✅ Clean, simple interface\u003Cbr \u002F>\n✅ No configuration needed\u003Cbr \u002F>\n✅ Works with all WordPress plugins and themes\u003C\u002Fp>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Creating clean backups before updates\u003C\u002Fli>\n\u003Cli>Sharing plugins and themes with version information\u003C\u002Fli>\n\u003Cli>Maintaining a version history of your plugins and themes\u003C\u002Fli>\n\u003Cli>Quick backup of modified plugins or themes\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily backup WordPress plugins and themes with version info. Creates clean ZIP backups excluding development files.",317,"2025-07-19T13:25:00.000Z","5.0","7.2",[21,22,73,23],"themes","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplatinaxe-pudding-package-backup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplatinaxe-pudding-package-backup.1.1.0.zip",100,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":96,"download_link":97,"security_score":98,"vuln_count":99,"unpatched_count":27,"last_vuln_date":100,"fetched_at":29},"backupwordpress","BackUpWordPress","3.14","Tom Willmot","https:\u002F\u002Fprofiles.wordpress.org\u002Fwillmot\u002F","\u003Cp>BackupWordPress was created by our friends at Human Made but is now under new ownership.  We’re committed to opensource and WordPress and will provide free support for the many BackupWordPress fans.\u003Cbr \u002F>\nWe’ll make occasional updates to the free software – please send us any patches you’d like to see released here: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Forgs\u002Fxibodevelopment\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Forgs\u002Fxibodevelopment\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>However, we’ll no longer be selling or supporting the paid add-ons (e.g. for backups to Dropbox and Google Drive). It’s certainly a good idea to backup to cloud storage to protect against server-wide risks.\u003Cbr \u002F>\nFor this we recommend \u003Ca href=\"https:\u002F\u002Fupdraftplus.com\u002F?afref=744\" rel=\"nofollow ugc\">UpdraftPlus WordPress Backups\u003C\u002Fa> which can do things for free BackupWordPress Premium could do on a paid basis.  Click here for \u003Ca href=\"https:\u002F\u002Fupdraftplus.com\u002Fbackupwordpress\u002F?afref=744\" rel=\"nofollow ugc\">full comparison\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>BackUpWordPress will back up your entire site including your database and all your files on a schedule that suits you. Try it now to see how easy it is!\u003C\u002Fp>\n\u003Cp>This plugin requires PHP version 5.3.2 or later\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Super simple to use, no setup required.\u003C\u002Fli>\n\u003Cli>Works in low memory, “shared host” environments.\u003C\u002Fli>\n\u003Cli>Manage multiple schedules.\u003C\u002Fli>\n\u003Cli>Option to have each backup file emailed to you.\u003C\u002Fli>\n\u003Cli>Uses \u003Ccode>zip\u003C\u002Fcode> and \u003Ccode>mysqldump\u003C\u002Fcode> for faster backups if they are available.\u003C\u002Fli>\n\u003Cli>Works on Linux & Windows Server.\u003C\u002Fli>\n\u003Cli>Exclude files and folders from your backups.\u003C\u002Fli>\n\u003Cli>Good support should you need help.\u003C\u002Fli>\n\u003Cli>Translations for Spanish, German, Chinese, Romanian, Russian, Serbian, Lithuanian, Italian, Czech, Dutch, French, Basque.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>We’d also love help translating the plugin into more languages, if you can help then please visit \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fbackupwordpress\u002Fdev\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fbackupwordpress\u002Fdev\u002F\u003C\u002Fa> to start translating.\u003C\u002Fp>\n","Simple automated backups of your WordPress-powered website.",90000,4904025,94,1374,"2024-04-24T09:40:00.000Z","6.5.8","3.9",[93,21,94,95,23],"back-up","backups","database","https:\u002F\u002Fupdraftplus.com\u002Fbackupwordpress\u002F?afref=744","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbackupwordpress.3.14.zip",88,3,"2024-04-26 00:00:00",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":98,"num_ratings":111,"last_updated":112,"tested_up_to":50,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":87,"vuln_count":58,"unpatched_count":27,"last_vuln_date":121,"fetched_at":29},"download-plugin","Download Plugin","2.4.0","Metagauss","https:\u002F\u002Fprofiles.wordpress.org\u002Fmetagauss\u002F","\u003Ch4>Download Plugin for WordPress\u003C\u002Fh4>\n\u003Cp>Download Plugin can easily download plugins, themes, users, blog posts, pages, comments, attachments, and more directly from your WordPress dashboard. Download Plugin can also download data from any plugin that uses custom post types, including WooCommerce products, Easy Digital Downloads, Portfolio Post Types, Slider Revolution, bbPress, WP Job Manager, JetPack, and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Plugins\u003C\u002Fstrong>: A download button is placed beside each plugin, allowing you to download the plugin in a zip file format. You can also select multiple plugins and use the bulk download option to download all selected plugins with a single click.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Themes\u003C\u002Fstrong>: Similar to plugins, a download button is placed beside each theme in your WordPress dashboard. You can download themes in a zip file format.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Users\u003C\u002Fstrong>: With the Download Plugin, you can download individual user data or multiple users’ metadata in a CSV file format. This feature simplifies user data management, allowing easy download and save user information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Blog Posts\u003C\u002Fstrong>: Export blog posts individually or in bulk with just a click. Download Plugin allows you to download blog posts in a CSV format for backup or migration purposes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Pages\u003C\u002Fstrong>: Download single or multiple pages from your WordPress site. This feature is perfect for backing up your content or transferring pages between sites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Custom Posts\u003C\u002Fstrong>: Download data from plugin that use custom post types. Download single custom post or a bulk download of multiple posts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Comments\u003C\u002Fstrong>: Download comments either individually or in bulk. Save user feedback and engagement safely.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Just activate this plugin.\u003C\u002Fli>\n\u003Cli>You can see Download link below each plugin name on plugins page.\u003C\u002Fli>\n\u003Cli>Click on any of them and that plugin’s zip will be downloaded to your computer.\u003C\u002Fli>\n\u003Cli>Cheers!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cblockquote>\n\u003Cp>Must-have utility plugin that allows you to download any plugin directly from WordPress Dashboard!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>WordPress download plugin is a utility plugin that does one thing, and does it perfectly. It may sound simple, but this feature plugs a hole in current set of WordPress plugin functionality. As a site admin you must be aware that you can search and install WordPress plugins directly from the dashboard, or you can upload the plugin as zip files, assuming you received it from another site (for example, a commercial plugin). Once installed, all plugins list themselves inside Dashboard -> Plugins page. After deactivating and deleting them, they simply disappear. All files are removed from the server instantly. WordPress does not allow you to backup or download the plugins before you jettison them from your site. If you also manage your server and are fairly comfortable doing so, you may find a more contrived way to download installed plugins via directory manager app or FTP. Obviously, this requires more than a single click and not for everyone.\u003C\u002Fp>\n\u003Cp>What exactly are plugins and how this plugin helps you save time or bail you out from difficult situations? Plugins are files and\u002F or directories, which are created inside your WordPress installation (defined by WordPress) when you first install them. Both active and deactivated files reside inside them. When you upload zip package of a plugin, WordPress extracts it and places the directory inside it in the plugins folder. Our plugin allows you to reverse the process. It will convert any plugin installed on your site into a zip package ready to be reinstalled later or moved to another site. It accomplishes this by simply adding a new link “Download” under the plugin title to already existing links. It is a single click process and hardly takes any time. Our plugin does not create any other page in the dashboard or clutter menus. It is lightweight, efficient and completely invisible until you need it.\u003C\u002Fp>\n\u003Cp>So why would you need it? While there can be many reasons, here are the primary we think you will find it useful.\u003C\u002Fp>\n\u003Ch4>A. Backup\u003C\u002Fh4>\n\u003Cp>The foremost and most common reason – when you wish to make backup of the plugin for future installation.\u003C\u002Fp>\n\u003Ch4>B. Premium\u002F Commercial Plugins\u003C\u002Fh4>\n\u003Cp>If you have purchased the plugin from a vendor site, you may want to make a backup of your new purchase to make sure you have it handy if the vendor is no longer available or your account is expired. Please note: Do check terms of use for commercial plugins on publisher’s site.\u003C\u002Fp>\n\u003Ch4>C. Migrating to a different site\u003C\u002Fh4>\n\u003Cp>So you have found yourselves dependent on some specific plugins that you want to use on all of your sites? You can download these plugins from your current site do a folder on your hard disk from where you can upload to your other sites.\u003C\u002Fp>\n\u003Ch4>D. Preserving Changes\u003C\u002Fh4>\n\u003Cp>If you DIY type and made modifications to plugin files to suit your requirements, you will want to make sure you have an archived copy of the plugin if the files get overwritten by an update etc.\u003C\u002Fp>\n\u003Ch4>Starter Guide\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetagauss.com\u002Fdownload-plugin-guide\u002F\" rel=\"nofollow ugc\">Checkout Download plugin guide\u003C\u002Fa> for more information.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins (Free Download From WordPress.org)\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdownload-theme\u002F\" rel=\"ugc\">Download Theme Plugin:\u003C\u002Fa> allows you to download any theme from your WordPress admin panel’s Appearance page.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-registration-form-builder-with-submission-manager\u002F\" rel=\"ugc\">User Registration and Login Plugin:\u003C\u002Fa> Take total control of end-to-end user registration process on your site with RegistrationMagic plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprofilegrid-user-profiles-groups-and-communities\u002F\" rel=\"ugc\">User Profiles and Membership Plugin:\u003C\u002Fa> Build awesome user profiles, restrict content and launch memberships with ProfileGrid plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feventprime-event-calendar-management\u002F\" rel=\"ugc\">User Events and Calendar Plugin:\u003C\u002Fa> Manage user events, sell tickets and publish event calendar with EventPrime plugin.\u003C\u002Fp>\n","Download any plugin from your WordPress admin panel's Plugins page by just one click! Now, download themes, users, blog posts, pages, custom post …",50000,930336,22,"2026-03-06T07:06:00.000Z","4.8","5.6",[116,102,117,118,22],"download","download-plugin-zip","plugin-zip","http:\u002F\u002Fmetagauss.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-plugin.2.4.0.zip","2025-07-03 13:38:05",{"slug":123,"name":124,"version":125,"author":124,"author_profile":126,"description":127,"short_description":128,"active_installs":45,"downloaded":129,"rating":27,"num_ratings":27,"last_updated":130,"tested_up_to":50,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":136,"download_link":137,"security_score":76,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"softaculous","Softaculous","2.2.7","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>If ever you wanted a single panel to manage tons of your WordPress websites from and save the hassle to login all your website’s dashboards separately, you have it here at last. \u003Ca href=\"https:\u002F\u002Fsoftaculous.com\u002F\" title=\"Manage Multiple WordPress Websites\" rel=\"nofollow ugc\">Softaculous\u003C\u002Fa> provides a single panel where you can add infinite number of WordPress websites for free.\u003C\u002Fp>\n\u003Cp>Key Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Entire data of all your websites can be synced in the Softaculous panel so that you may skim through the same without logging in separately. Even if you want to go into detail for any website, you can simply click and you will be logged into the website using the Single Sign On feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Should you want to activate\u002Fdeactivate a plugin\u002Ftheme on n number of websites, you can achieve this from the Softaculous panel using Softaculous plugin. Also, you can install and update the plugins\u002Fthemes on all the websites in one go.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can also create Sets of common Plugins and Themes which you want to install on multiple websites together.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you are worried about losing your data anytime in the future, we, hereby, resolve all your stress by providing you with the backup feature of your websites. In an unfortunate event, when you loose your website or your website gets corrupted, you can even restore the backup taken previously.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A new WordPress update is out and you are all stressed up to update your websites? No worries, Softaculous helps you achieve the same without the need to go into the dashboard of each website separately.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[Coming Soon] Website Monitoring, Cloning, Staging, Push to Live and much more.. Please stay tuned!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Should you have any suggestions to improve Softaculous, want to see some related features in Softaculous to help you in the websites management or if you have any queries, you can open a ticket with us at https:\u002F\u002Fsoftaculous.deskuss.com\u002Fopen.php\u003C\u002Fp>\n","Softaculous provides a single-login centralized panel where you can manage tons of your WordPress websites efficiently, unitedly as well as singularly …",107158,"2025-08-06T12:37:00.000Z","4.4","5.3",[21,134,22,135,123],"manage-sites","sites","https:\u002F\u002Fsoftaculous.com\u002Fwordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsoftaculous.2.2.7.zip",{"attackSurface":139,"codeSignals":151,"taintFlows":182,"riskAssessment":250,"analyzedAt":265},{"hooks":140,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":150,"entryPointCount":27,"unprotectedCount":27},[141],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","admin_menu","plggbr_admin_menu","plugin-grabber.php",36,[],[],[],[],{"dangerousFunctions":152,"sqlUsage":153,"outputEscaping":155,"fileOperations":32,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":181},[],{"prepared":27,"raw":27,"locations":154},[],{"escaped":14,"rawEcho":156,"locations":157},11,[158,161,163,165,167,169,171,173,175,177,179],{"file":145,"line":159,"context":160},113,"raw output",{"file":145,"line":162,"context":160},117,{"file":145,"line":164,"context":160},132,{"file":145,"line":166,"context":160},159,{"file":145,"line":168,"context":160},171,{"file":145,"line":170,"context":160},173,{"file":145,"line":172,"context":160},174,{"file":145,"line":174,"context":160},192,{"file":145,"line":176,"context":160},209,{"file":145,"line":178,"context":160},219,{"file":145,"line":180,"context":160},247,[],[183,212,220,228,236],{"entryPoint":184,"graph":185,"unsanitizedCount":14,"severity":211},"plugin_grabber (plugin-grabber.php:76)",{"nodes":186,"edges":206},[187,191,196,200,204],{"id":188,"type":189,"label":190,"file":145,"line":162},"n0","source","$_SERVER['REQUEST_URI']",{"id":192,"type":193,"label":194,"file":145,"line":162,"wp_function":195},"n1","sink","echo() [XSS]","echo",{"id":197,"type":189,"label":198,"file":145,"line":199},"n2","$_POST['plugin']",87,{"id":201,"type":202,"label":203,"file":145,"line":199},"n3","transform","→ plggbr_getplugin()",{"id":205,"type":193,"label":194,"file":145,"line":176,"wp_function":195},"n4",[207,209,210],{"from":188,"to":192,"sanitized":208},false,{"from":197,"to":201,"sanitized":208},{"from":201,"to":205,"sanitized":208},"medium",{"entryPoint":213,"graph":214,"unsanitizedCount":32,"severity":211},"plggbr_ListZips (plugin-grabber.php:150)",{"nodes":215,"edges":218},[216,217],{"id":188,"type":189,"label":190,"file":145,"line":168},{"id":192,"type":193,"label":194,"file":145,"line":168,"wp_function":195},[219],{"from":188,"to":192,"sanitized":208},{"entryPoint":221,"graph":222,"unsanitizedCount":32,"severity":211},"plggbr_deletebu (plugin-grabber.php:187)",{"nodes":223,"edges":226},[224,225],{"id":188,"type":189,"label":190,"file":145,"line":174},{"id":192,"type":193,"label":194,"file":145,"line":174,"wp_function":195},[227],{"from":188,"to":192,"sanitized":208},{"entryPoint":229,"graph":230,"unsanitizedCount":32,"severity":211},"plggbr_getplugin (plugin-grabber.php:196)",{"nodes":231,"edges":234},[232,233],{"id":188,"type":189,"label":190,"file":145,"line":178},{"id":192,"type":193,"label":194,"file":145,"line":178,"wp_function":195},[235],{"from":188,"to":192,"sanitized":208},{"entryPoint":237,"graph":238,"unsanitizedCount":58,"severity":211},"\u003Cplugin-grabber> (plugin-grabber.php:0)",{"nodes":239,"edges":246},[240,242,243,244,245],{"id":188,"type":189,"label":241,"file":145,"line":162},"$_SERVER['REQUEST_URI'] (x4)",{"id":192,"type":193,"label":194,"file":145,"line":162,"wp_function":195},{"id":197,"type":189,"label":198,"file":145,"line":199},{"id":201,"type":202,"label":203,"file":145,"line":199},{"id":205,"type":193,"label":194,"file":145,"line":176,"wp_function":195},[247,248,249],{"from":188,"to":192,"sanitized":208},{"from":197,"to":201,"sanitized":208},{"from":201,"to":205,"sanitized":208},{"summary":251,"deductions":252},"The \"plugin-grabber\" v1.02 plugin exhibits a mixed security posture.  While it shows a clean vulnerability history with no recorded CVEs, indicating a generally stable past, the static analysis reveals significant areas of concern.  The complete absence of capability checks and nonce checks on any potential entry points is a major red flag.  Furthermore, the taint analysis highlights that all five analyzed flows involve unsanitized paths, even though no critical or high severity issues were flagged. This suggests a potential for insecure handling of user-supplied data.  The low percentage of properly escaped output (15%) further compounds these concerns, increasing the risk of cross-site scripting (XSS) vulnerabilities.  The presence of file operations without explicit mention of sanitization is another point of attention.  While the plugin avoids common pitfalls like raw SQL queries and external HTTP requests, the lack of robust input validation and output escaping, coupled with no authorization checks, presents a substantial risk that could be exploited if any entry points were to be discovered or if a flow bypasses the current taint analysis.",[253,256,258,260,263],{"reason":254,"points":255},"No capability checks on entry points",15,{"reason":257,"points":11},"No nonce checks on entry points",{"reason":259,"points":255},"All analyzed flows have unsanitized paths",{"reason":261,"points":262},"Low output escaping percentage (15%)",12,{"reason":264,"points":58},"File operations without explicit sanitization mention","2026-03-17T01:38:41.018Z",{"wat":267,"direct":274},{"assetPaths":268,"generatorPatterns":271,"scriptPaths":272,"versionParams":273},[269,270],"\u002Fwp-content\u002Fplugins\u002Fplugin-grabber\u002Fimages\u002Floading.gif","\u002Fwp-content\u002Fplugins\u002Fplugin-grabber\u002Fimages\u002Fplugingrabber.png",[],[],[],{"cssClasses":275,"htmlComments":277,"htmlAttributes":283,"restEndpoints":286,"jsGlobals":287,"shortcodeOutput":289},[276],"ulli",[278,279,280,281,282],"Copyright  2012  DAVID FLEMING  (email : CONSULTANT@AVDUDE.COM)","Todo:","This program is free software; you can redistribute it and\u002For modify\n    it under the terms of the GNU General Public License, version 2, as \n    published by the Free Software Foundation.","This program is distributed in the hope that it will be useful,\n    but WITHOUT ANY WARRANTY; without even the implied warranty of\n    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n    GNU General Public License for more details.","You should have received a copy of the GNU General Public License\n    along with this program; if not, write to the Free Software\n    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA",[284,285],"style=\"background-color:#ccff99;width:400px\"","style=\"background-color:pink;width:400px\"",[],[288],"PclZip",[]]