[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWsGI6oK3JqehqqQn2i6R2ga0f48fcUMDcB9Xxe9tjr0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":58,"crawl_stats":37,"alternatives":65,"analysis":164,"fingerprints":283},"pro-mime-types","Pro Mime Types – Manage file media types","2.2.0","Sybre Waaijer","https:\u002F\u002Fprofiles.wordpress.org\u002Fcybr\u002F","\u003Cp>Pro Mime Types adds a nifty (network) admin interface for allowing or blocking many file extensions for uploading media, documents, and other attachments.\u003C\u002Fp>\n\u003Cp>It also shows you a list of all allowed MIME types on the site or network.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When a MIME type is allowed, users who can upload files can now do so for that MIME type.\u003C\u002Fli>\n\u003Cli>When a MIME type is blocked, users see an error that the file isn’t allowed for security reasons.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For WordPress Multisite networks, you can enable this plugin in network mode to control MIME types for the entire network.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>You can control many MIME types and extensions for upload via a modern interface.\u003C\u002Fli>\n\u003Cli>Pro Mime Types comes preconfigured by enabling many safe MIME types.\u003C\u002Fli>\n\u003Cli>View all allowed MIME types for the site (also those enabled by other plugins).\u003C\u002Fli>\n\u003Cli>Every MIME type comes with a security summary explaining why you should or shouldn’t allow it. To view the summary, hover the mouse cursor over the big colored icon.\u003C\u002Fli>\n\u003Cli>Accessibility is at the forefront. For example, you can use full keyboard navigation, even for tooltips.\u003C\u002Fli>\n\u003Cli>Adds text, code, and miscellaneous file types to the Media Library for sorting.\u003C\u002Fli>\n\u003Cli>The Media Library gains support for more file types for sorting images, audio, video, documents, spreadsheets, and archives.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Multisite support\u003C\u002Fh3>\n\u003Cp>This plugin can run in network mode, where all sites are allowed one set of MIME types. You can configure the allowed MIME types via the network administration UI.\u003C\u002Fp>\n\u003Cp>Alternatively, Pro Mime Types can run in single-site mode, where every subsite has custom-allowed MIME types. Only the network administrator can assign these on a per-site basis.\u003C\u002Fp>\n","Pro Mime Types adds a nifty admin interface for allowing or blocking many file extensions for uploading media, documents, and other attachments.",2000,29898,100,2,"2025-12-08T07:23:00.000Z","6.9.4","5.3","7.4.0",[20,21,22,23,24],"attachment","image","mime-types","multisite","upload","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpro-mime-types\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpro-mime-types.2.2.0.zip",99,0,"2023-05-09 00:00:00","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-32502","pro-mime-types-cross-site-request-forgery","Pro Mime Types \u003C= 1.0.7 - Cross-Site Request Forgery","The Pro Mime Types plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7. This is due to missing nonce validation on the pmt_settings_section_callback_tab_1() function used to control the plugin's settings. This makes it possible for unauthenticated attackers to enable and disable MIME-type support via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.7","2.0.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb7db3d45-2b96-4ba4-b258-08ee5e0b947b?source=api-prod",259,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":39,"severity":40,"cvss_score":54,"cvss_vector":55,"vuln_type":43,"published_date":29,"updated_date":44,"references":56,"days_to_patch":47},"WF-f68ac2b8-33dc-4cc2-b0f3-8777450e39f9-pro-mime-types","pro-mime-types-manage-file-media-types-cross-site-request-forgery-via-pmtsettingssectioncallbacktab1","Pro Mime Types - Manage file media types \u003C= 1.0.7 - Cross-Site Request Forgery via pmt_settings_section_callback_tab_1","The Pro Mime Types plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the pmt_settings_section_callback_tab_1 function. This makes it possible for unauthenticated attackers to modify allowed mime types on the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C2.0.0",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:H\u002FA:N",[57],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff68ac2b8-33dc-4cc2-b0f3-8777450e39f9?source=api-prod",{"slug":59,"display_name":7,"profile_url":8,"plugin_count":60,"total_installs":61,"avg_security_score":62,"avg_patch_time_days":47,"trust_score":63,"computed_at":64},"cybr",11,204210,95,76,"2026-04-04T06:06:32.249Z",[66,87,107,126,146],{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":13,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":84,"download_link":85,"security_score":86,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"ap-extended-mime-types","AP Extended MIME Types","1.1","Josh Maxwell","https:\u002F\u002Fprofiles.wordpress.org\u002Fhornetok\u002F","\u003Cp>The \u003Ca href=\"http:\u002F\u002Fardentpixels.com\u002F\" rel=\"nofollow ugc\">Ardent Pixels’\u003C\u002Fa> \u003Cem>Extended MIME Types\u003C\u002Fem> plugin was created specifically for WPMS in mind. You can now allow all or only select blogs to upload a WIDE range of file types.\u003C\u002Fp>\n\u003Ch4>Included MIME Types:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ac3\u003C\u002Fli>\n\u003Cli>ai\u003C\u002Fli>\n\u003Cli>aif\u003C\u002Fli>\n\u003Cli>aifc\u003C\u002Fli>\n\u003Cli>aiff\u003C\u002Fli>\n\u003Cli>au\u003C\u002Fli>\n\u003Cli>avi\u003C\u002Fli>\n\u003Cli>bmp\u003C\u002Fli>\n\u003Cli>cat\u003C\u002Fli>\n\u003Cli>clp\u003C\u002Fli>\n\u003Cli>crd\u003C\u002Fli>\n\u003Cli>css\u003C\u002Fli>\n\u003Cli>csv\u003C\u002Fli>\n\u003Cli>csv\u003C\u002Fli>\n\u003Cli>dll\u003C\u002Fli>\n\u003Cli>doc\u003C\u002Fli>\n\u003Cli>docm\u003C\u002Fli>\n\u003Cli>docx\u003C\u002Fli>\n\u003Cli>dot\u003C\u002Fli>\n\u003Cli>dotm\u003C\u002Fli>\n\u003Cli>dotx\u003C\u002Fli>\n\u003Cli>eps\u003C\u002Fli>\n\u003Cli>flv\u003C\u002Fli>\n\u003Cli>gif\u003C\u002Fli>\n\u003Cli>gtar\u003C\u002Fli>\n\u003Cli>gz\u003C\u002Fli>\n\u003Cli>gzip\u003C\u002Fli>\n\u003Cli>ics\u003C\u002Fli>\n\u003Cli>ief\u003C\u002Fli>\n\u003Cli>ifb\u003C\u002Fli>\n\u003Cli>jpe\u003C\u002Fli>\n\u003Cli>jpeg\u003C\u002Fli>\n\u003Cli>jpg\u003C\u002Fli>\n\u003Cli>js\u003C\u002Fli>\n\u003Cli>m13\u003C\u002Fli>\n\u003Cli>m14\u003C\u002Fli>\n\u003Cli>mdb\u003C\u002Fli>\n\u003Cli>mid\u003C\u002Fli>\n\u003Cli>midi\u003C\u002Fli>\n\u003Cli>mny\u003C\u002Fli>\n\u003Cli>mov\u003C\u002Fli>\n\u003Cli>movie\u003C\u002Fli>\n\u003Cli>mp3\u003C\u002Fli>\n\u003Cli>mp4\u003C\u002Fli>\n\u003Cli>mpa\u003C\u002Fli>\n\u003Cli>mpe\u003C\u002Fli>\n\u003Cli>mpeg\u003C\u002Fli>\n\u003Cli>mpg\u003C\u002Fli>\n\u003Cli>mpp\u003C\u002Fli>\n\u003Cli>msg\u003C\u002Fli>\n\u003Cli>mvb\u003C\u002Fli>\n\u003Cli>pdf\u003C\u002Fli>\n\u003Cli>pict\u003C\u002Fli>\n\u003Cli>png\u003C\u002Fli>\n\u003Cli>pot\u003C\u002Fli>\n\u003Cli>potm\u003C\u002Fli>\n\u003Cli>potx\u003C\u002Fli>\n\u003Cli>ppam\u003C\u002Fli>\n\u003Cli>pps\u003C\u002Fli>\n\u003Cli>ppsm\u003C\u002Fli>\n\u003Cli>ppsx\u003C\u002Fli>\n\u003Cli>ppt\u003C\u002Fli>\n\u003Cli>pptm\u003C\u002Fli>\n\u003Cli>pptx\u003C\u002Fli>\n\u003Cli>ps\u003C\u002Fli>\n\u003Cli>pub\u003C\u002Fli>\n\u003Cli>qt\u003C\u002Fli>\n\u003Cli>ra\u003C\u002Fli>\n\u003Cli>ram\u003C\u002Fli>\n\u003Cli>rtf\u003C\u002Fli>\n\u003Cli>rtx\u003C\u002Fli>\n\u003Cli>scd\u003C\u002Fli>\n\u003Cli>snd\u003C\u002Fli>\n\u003Cli>sst\u003C\u002Fli>\n\u003Cli>stl\u003C\u002Fli>\n\u003Cli>swf\u003C\u002Fli>\n\u003Cli>tif\u003C\u002Fli>\n\u003Cli>tiff\u003C\u002Fli>\n\u003Cli>trm\u003C\u002Fli>\n\u003Cli>tsv\u003C\u002Fli>\n\u003Cli>txt\u003C\u002Fli>\n\u003Cli>w6w\u003C\u002Fli>\n\u003Cli>wav\u003C\u002Fli>\n\u003Cli>wmf\u003C\u002Fli>\n\u003Cli>word\u003C\u002Fli>\n\u003Cli>wri\u003C\u002Fli>\n\u003Cli>xla\u003C\u002Fli>\n\u003Cli>xlam\u003C\u002Fli>\n\u003Cli>xlc\u003C\u002Fli>\n\u003Cli>xlm\u003C\u002Fli>\n\u003Cli>xls\u003C\u002Fli>\n\u003Cli>xlsb\u003C\u002Fli>\n\u003Cli>xlsm\u003C\u002Fli>\n\u003Cli>xlsx\u003C\u002Fli>\n\u003Cli>xlt\u003C\u002Fli>\n\u003Cli>xltm\u003C\u002Fli>\n\u003Cli>xltx\u003C\u002Fli>\n\u003Cli>xlw\u003C\u002Fli>\n\u003Cli>zip\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>= Donations =\u003Cbr \u002F>\nFeel free to \u003Ca href=\"http:\u002F\u002Fardentpixels.com\u002Fjosh\u002Fcontact\u002F\" rel=\"nofollow ugc\">donate\u003C\u002Fa> if you liked this plugin.\u003C\u002Fp>\n","This plugin extends the allowed uploadable MIME types to include a WIDE range of file types. Created specifically for WPMS...",300,17896,5,"2012-04-18T15:48:00.000Z","3.3.2","2.0","",[82,83,22,23,24],"media","mime","http:\u002F\u002Fardentpixels.com\u002Fjosh\u002Fwordpress\u002Fplugins\u002Fap-extended-mime-types\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fap-extended-mime-types.1.1.zip",85,{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":13,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":80,"tags":101,"homepage":80,"download_link":106,"security_score":86,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"bbpress-multi-image-uploader","bbPress Multi Image Uploader","1.0.6","Ankit Gade","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpgurudev\u002F","\u003Cp>This plugin allows you to upload images to bbPress topics and replies. Code is flexible so that you can customize the plugin according to requirement.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to install and setup.\u003C\u002Fli>\n\u003Cli>Easily customizable.\u003C\u002Fli>\n\u003Cli>Upload images to topics and replies in bbPress.\u003C\u002Fli>\n\u003Cli>Remove uploaded images when editing topics and replies.\u003C\u002Fli>\n\u003Cli>Compatible with bbPress Private Replies plugin.\u003C\u002Fli>\n\u003Cli>Strong support.\u003C\u002Fli>\n\u003Cli>For customization according to your need contact: http:\u002F\u002Fsharethingz.com\u002Fcontact\u002F\u003C\u002Fli>\n\u003Cli>Very lighweight code.\u003C\u002Fli>\n\u003C\u002Ful>\n","Upload multiple images to bbPress topics and replies.",10778,90,8,"2018-04-20T11:55:00.000Z","4.9.29","4.0",[102,103,104,105,21],"attachments","bbpress","bbpress-attachments","bbpress-media-upload","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbbpress-multi-image-uploader.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":28,"num_ratings":28,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":124,"download_link":125,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"add-exif-and-iptc-meta-data-to-attachment","Add EXIF and IPTC meta data to Attachment Post","1.1.0","Mark Howells-Mead","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkhowellsmead\u002F","\u003Cp>WordPress extracts image meta data from a file when it is uploaded and adds it to the newly created Attachment Post in the database. This Plugin extracts and saves a much wider range of EXIF and IPTC information than WordPress Core usually stores.\u003C\u002Fp>\n\u003Cp>This Plugin currently supports JPEG and WEBP files.\u003C\u002Fp>\n\u003Cp>This plugin does not output any data on the website or in the WordPress Admin area. If this is required, a developer will need to amend the Theme or Plugin which generates the HTML for the website.\u003C\u002Fp>\n\u003Cp>The Plugin does not add any information to Attachment Posts which have already been created. (The Plugin does, however, update the stored meta data when a new image is uploaded to an existing Attachment Post; for example when the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-media-replace\u002F\" rel=\"ugc\">Enable Media Replace Plugin\u003C\u002Fa> is used.)\u003C\u002Fp>\n\u003Cp>The information is not visible in the Media editor, but is available to developers when using the \u003Ccode>wp_get_attachment_metadata\u003C\u002Fcode> function. The data is stored in a subset of the array returned by this function, within the array key \u003Ccode>shp_additional_metadata\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>e.g.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n$attachment_metadata = wp_get_attachment_metadata($attachment_id);\nvar_dump($attachment_metadata['shp_additional_metadata']);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>The data array can be manipulated using \u003Ccode>add_filter\u003C\u002Fcode> once it has been retrieved from the file, using the following hooks.\u003C\u002Fp>\n\u003Ch4>All additional data\u003C\u002Fh4>\n\u003Cp>All IPTC data which is added by the plugin.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\napply_filters('shp_additional_metadata\u002Fiptc', $exif['iptc'], $source_path);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>IPTC data\u003C\u002Fh4>\n\u003Cp>All data which is added by the plugin.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\napply_filters('shp_additional_metadata\u002Fall_exif', $exif, $source_path);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Extends the attachment meta data to include a much wider range of EXIF and IPTC information when an image is uploaded. This plugin does not output any &hellip;",20,1803,"2025-12-02T16:09:00.000Z","6.9.0","5.2","7.3",[20,122,21,123,24],"exif","iptc","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadd-exif-and-iptc-meta-data-to-attachment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-exif-and-iptc-meta-data-to-attachment.zip",{"slug":127,"name":128,"version":90,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":136,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":80,"tags":140,"homepage":144,"download_link":145,"security_score":86,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wp-multitarget-uploads-sync-tool","WP-MultiTarget-Uploads-Sync-Tool","evlos","https:\u002F\u002Fprofiles.wordpress.org\u002Fevlos\u002F","\u003Cp>A WordPress plugin which able to sync attachments to multiple FTP targets. And all the documents can be found after install it.\u003C\u002Fp>\n","A WordPress plugin which able to sync attachments to multiple FTP targets.",10,2266,40,1,"2012-12-30T08:24:00.000Z","3.4.2","3.4.0",[102,141,142,143,24],"images","imgbed","sync","http:\u002F\u002Frainmoe.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-multitarget-uploads-sync-tool.1.0.6.zip",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":28,"downloaded":154,"rating":28,"num_ratings":28,"last_updated":155,"tested_up_to":156,"requires_at_least":157,"requires_php":80,"tags":158,"homepage":162,"download_link":163,"security_score":86,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"codedrill-single-image-upload","CodeDrill Single Image Upload","1.0","Codedrill Infotech Pvt. Ltd.","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodedrill\u002F","\u003Cp>This plugin will allow to upload an image as attachment. And you will get attachment id of the image.  Shortcode: [CD_Single_IMAGE_UPLOAD]. It will create thumbnails as defined in wordpress configuration.\u003C\u002Fp>\n","This plugin will allow to upload an image as attachment. And you will get attachment id of the image.  Shortcode: [CD_Single_IMAGE_UPLOAD].",1102,"2017-04-25T11:19:00.000Z","4.7.32","3.7",[159,160,161],"add-attachment","codedrill","single-image-upload","http:\u002F\u002Fwww.codedrillinfotech.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcodedrill-single-image-upload.zip",{"attackSurface":165,"codeSignals":171,"taintFlows":270,"riskAssessment":271,"analyzedAt":282},{"hooks":166,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":28,"unprotectedCount":28},[],[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":176,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":269},[],{"prepared":174,"raw":28,"locations":175},12,[],{"escaped":28,"rawEcho":177,"locations":178},48,[179,183,185,187,189,191,194,196,198,199,201,203,205,207,209,211,212,214,215,217,219,221,223,225,227,229,231,233,234,237,239,241,243,244,245,246,247,249,251,253,255,257,258,259,261,263,265,267],{"file":180,"line":181,"context":182},"views\\admin.php",84,"raw output",{"file":180,"line":184,"context":182},106,{"file":180,"line":186,"context":182},115,{"file":180,"line":188,"context":182},122,{"file":180,"line":190,"context":182},129,{"file":192,"line":193,"context":182},"views\\tab-allowed-types.php",37,{"file":192,"line":195,"context":182},39,{"file":192,"line":197,"context":182},41,{"file":192,"line":96,"context":182},{"file":192,"line":200,"context":182},91,{"file":192,"line":202,"context":182},92,{"file":192,"line":204,"context":182},123,{"file":192,"line":206,"context":182},124,{"file":192,"line":208,"context":182},126,{"file":192,"line":210,"context":182},127,{"file":192,"line":190,"context":182},{"file":192,"line":213,"context":182},130,{"file":192,"line":213,"context":182},{"file":192,"line":216,"context":182},163,{"file":192,"line":218,"context":182},164,{"file":192,"line":220,"context":182},165,{"file":192,"line":222,"context":182},196,{"file":192,"line":224,"context":182},197,{"file":192,"line":226,"context":182},199,{"file":192,"line":228,"context":182},200,{"file":192,"line":230,"context":182},202,{"file":192,"line":232,"context":182},203,{"file":192,"line":232,"context":182},{"file":235,"line":236,"context":182},"views\\tab-options.php",43,{"file":235,"line":238,"context":182},61,{"file":235,"line":240,"context":182},66,{"file":235,"line":242,"context":182},121,{"file":235,"line":188,"context":182},{"file":235,"line":208,"context":182},{"file":235,"line":190,"context":182},{"file":235,"line":213,"context":182},{"file":235,"line":248,"context":182},131,{"file":235,"line":250,"context":182},155,{"file":235,"line":252,"context":182},156,{"file":235,"line":254,"context":182},158,{"file":235,"line":256,"context":182},161,{"file":235,"line":218,"context":182},{"file":235,"line":218,"context":182},{"file":235,"line":260,"context":182},166,{"file":235,"line":262,"context":182},167,{"file":235,"line":264,"context":182},168,{"file":235,"line":266,"context":182},171,{"file":235,"line":268,"context":182},172,[],[],{"summary":272,"deductions":273},"The 'pro-mime-types' plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query execution, utilizing prepared statements exclusively, and it has no known unpatched vulnerabilities. The absence of external HTTP requests, file operations, and critical taint flows further contributes to its perceived stability.\n\nHowever, significant concerns arise from the complete lack of output escaping. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where attacker-controlled data could be injected into web pages without proper sanitization. Additionally, the plugin has a history of two medium-severity CVEs, both related to Cross-Site Request Forgery (CSRF). While these are currently patched, the recurring nature of CSRF vulnerabilities suggests a potential underlying weakness in how user actions are validated or protected against unauthorized execution.\n\nIn conclusion, while the plugin avoids common pitfalls like unpatched vulnerabilities and insecure SQL, the pervasive issue of unescaped output presents a critical security blind spot. The historical pattern of CSRF also warrants attention. Users should be aware of the XSS risk and the need for vigilance regarding any future reported vulnerabilities.",[274,276,278,280],{"reason":275,"points":97},"0% properly escaped output",{"reason":277,"points":76},"History of 2 medium CVEs (CSRF)",{"reason":279,"points":76},"No nonce checks",{"reason":281,"points":76},"No capability checks","2026-03-16T18:34:55.128Z",{"wat":284,"direct":293},{"assetPaths":285,"generatorPatterns":288,"scriptPaths":289,"versionParams":290},[286,287],"\u002Fwp-content\u002Fplugins\u002Fpro-mime-types\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fpro-mime-types\u002Fassets\u002Fjs\u002Fadmin.js",[],[287],[291,292],"pro-mime-types\u002Fassets\u002Fcss\u002Fadmin.css?ver=","pro-mime-types\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":294,"htmlComments":295,"htmlAttributes":296,"restEndpoints":297,"jsGlobals":298,"shortcodeOutput":299},[],[],[],[],[],[]]