[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIQK2qaS3hHO-FKuNPxZv8mP5SpKz6utdGJT_YLs7IOM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":72},"rajoshik-post-feature-image-from-url","aaM Upload Feature Image From URL","1.2","Md. Abdullah Al Mahim","https:\u002F\u002Fprofiles.wordpress.org\u002Faamahin\u002F","\u003Cp>Rajoshik Post Feature Image From URL is a Plugin for WordPress. This Plugin will be give option to user set post feature image from any image URL. No Need to upload image just put the image url and publish the post, image will be automatically upload with post from the url as post feature image.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For Any Type of Support Submit your Query Here:\u003Cbr \u002F>\nhttp:\u002F\u002Fsupport.vaincode.com\u002F\u003C\u002Fp>\n","Donate link: http:\u002F\u002Frajoshik.com Tags: Set feature image from url, Upload image from image url, Requires at least: 3.0 Tested up to: 4.",70,4559,88,5,"2018-09-11T06:07:00.000Z","",[],"http:\u002F\u002Fmarket.vaincode.com\u002Fproduct\u002Fset-post-feature-image-from-url\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frajoshik-post-feature-image-from-url.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"aamahin",3,90,30,87,"2026-04-05T10:00:39.175Z",[],{"attackSurface":34,"codeSignals":53,"taintFlows":64,"riskAssessment":65,"analyzedAt":71},{"hooks":35,"ajaxHandlers":49,"restRoutes":50,"shortcodes":51,"cronEvents":52,"entryPointCount":21,"unprotectedCount":21},[36,42,46],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_init","url_to_image_custome_field","image-from-url.php",18,{"type":37,"name":43,"callback":44,"file":40,"line":45},"post_updated","url_to_image_mela_field",69,{"type":37,"name":47,"callback":48,"file":40,"line":20},"admin_head","url_to_image_style_admin",[],[],[],[],{"dangerousFunctions":54,"sqlUsage":55,"outputEscaping":57,"fileOperations":27,"externalRequests":21,"nonceChecks":58,"capabilityChecks":58,"bundledLibraries":63},[],{"prepared":21,"raw":21,"locations":56},[],{"escaped":58,"rawEcho":58,"locations":59},1,[60],{"file":40,"line":61,"context":62},27,"raw output",[],[],{"summary":66,"deductions":67},"The rajoshik-post-feature-image-from-url plugin version 1.2 exhibits a strong security posture based on the provided static analysis. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface, and importantly, all identified entry points (though zero in count) are reported as protected. The code analysis further reveals good security practices, with no dangerous functions identified, all SQL queries utilizing prepared statements, and the presence of nonce and capability checks. The plugin also avoids external HTTP requests and bundled libraries, which can often be sources of vulnerabilities.\n\nHowever, a potential area of concern lies in the output escaping. With only 50% of the two identified outputs properly escaped, there's a risk of cross-site scripting (XSS) vulnerabilities if the unescaped data is user-controllable or derived from untrusted sources. While the taint analysis shows no unsanitized paths, this doesn't entirely negate the risk if the unescaped data is indeed dynamic. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of its past security. Overall, the plugin demonstrates a good understanding of secure WordPress development, with the primary, albeit moderate, concern being the incomplete output escaping.",[68],{"reason":69,"points":70},"Unescaped output detected",4,"2026-03-16T21:36:03.478Z",{"wat":73,"direct":78},{"assetPaths":74,"generatorPatterns":75,"scriptPaths":76,"versionParams":77},[],[],[],[],{"cssClasses":79,"htmlComments":82,"htmlAttributes":83,"restEndpoints":85,"jsGlobals":86,"shortcodeOutput":87},[80,81],"rajoshik_meta_box","rajoshik_input_box",[],[84],"placeholder=\"Put Image URL Here\"",[],[],[]]