[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHAisafbxAH9jbWUh3rLkYHjw8fZu_41XlGxc8Nqvcg4":3,"$fgBaxzGvCfwVDOs8Xy5do8PueJoNqkK0Uw6IVmslRdC4":160,"$frgdQKdwDOX9or7Fr1ahVKIe8MneZt-3v1u9xL6YW3Ec":164},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":34,"analysis":35,"fingerprints":139},"really-simple-backup","Really Simple Backup","1.3.5","DaganLev","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaganlev\u002F","\u003Cp>A simple backup of your Theme, Uploads, Plugins and Database.\u003Cbr \u002F>\nThis plugin does not have support and we will not take responsibility for any issues arising from this plugin – \u003Cstrong>proceed at your own risk…\u003C\u002Fstrong>\u003C\u002Fp>\n","A simple backup of your Theme, Uploads, Plugins and Database - proceed at your own risk...",70,5349,0,"2020-05-22T11:09:00.000Z","5.4.19","3.1","",[19],"simple-backup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-backup.1.3.5.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"daganlev",3,10870,77,624,63,"2026-05-20T01:25:36.140Z",[],{"attackSurface":36,"codeSignals":52,"taintFlows":75,"riskAssessment":124,"analyzedAt":138},{"hooks":37,"ajaxHandlers":48,"restRoutes":49,"shortcodes":50,"cronEvents":51,"entryPointCount":13,"unprotectedCount":13},[38,44],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","admin_menu","rsb_addBackupLink","really-simple-backup.php",26,{"type":39,"name":45,"callback":46,"file":42,"line":47},"admin_post_rsb_backup_do","rsb_backup_response",27,[],[],[],[],{"dangerousFunctions":53,"sqlUsage":58,"outputEscaping":60,"fileOperations":72,"externalRequests":13,"nonceChecks":73,"capabilityChecks":61,"bundledLibraries":74},[54],{"fn":55,"file":42,"line":56,"context":57},"system",115,"system('mysqldump -u' . DB_USER . ' -h'. DB_HOST .' -p\\'' . DB_PASSWORD . '\\' ' . DB_NAME . ' > ' . ",{"prepared":13,"raw":13,"locations":59},[],{"escaped":61,"rawEcho":62,"locations":63},2,4,[64,67,69,70],{"file":42,"line":65,"context":66},73,"raw output",{"file":42,"line":68,"context":66},74,{"file":42,"line":21,"context":66},{"file":42,"line":71,"context":66},161,16,1,[],[76,108],{"entryPoint":77,"graph":78,"unsanitizedCount":13,"severity":107},"\u003Creally-simple-backup> (really-simple-backup.php:0)",{"nodes":79,"edges":102},[80,85,89,91,96,98],{"id":81,"type":82,"label":83,"file":42,"line":84},"n0","source","$_POST",103,{"id":86,"type":87,"label":88,"file":42,"line":56,"wp_function":55},"n1","sink","system() [RCE]",{"id":90,"type":82,"label":83,"file":42,"line":84},"n2",{"id":92,"type":87,"label":93,"file":42,"line":94,"wp_function":95},"n3","fopen() [File Access]",159,"fopen",{"id":97,"type":82,"label":83,"file":42,"line":84},"n4",{"id":99,"type":87,"label":100,"file":42,"line":71,"wp_function":101},"n5","echo() [XSS]","echo",[103,105,106],{"from":81,"to":86,"sanitized":104},true,{"from":90,"to":92,"sanitized":104},{"from":97,"to":99,"sanitized":104},"low",{"entryPoint":109,"graph":110,"unsanitizedCount":28,"severity":123},"rsb_doBackup (really-simple-backup.php:99)",{"nodes":111,"edges":118},[112,113,114,115,116,117],{"id":81,"type":82,"label":83,"file":42,"line":84},{"id":86,"type":87,"label":88,"file":42,"line":56,"wp_function":55},{"id":90,"type":82,"label":83,"file":42,"line":84},{"id":92,"type":87,"label":93,"file":42,"line":94,"wp_function":95},{"id":97,"type":82,"label":83,"file":42,"line":84},{"id":99,"type":87,"label":100,"file":42,"line":71,"wp_function":101},[119,121,122],{"from":81,"to":86,"sanitized":120},false,{"from":90,"to":92,"sanitized":120},{"from":97,"to":99,"sanitized":120},"critical",{"summary":125,"deductions":126},"The \"really-simple-backup\" v1.3.5 plugin exhibits a mixed security posture. On the positive side, it has no known CVEs and a clean vulnerability history, indicating a commitment to security or a lack of prior exploitation.  Furthermore, all SQL queries are properly prepared, and there are no external HTTP requests, which are excellent security practices. However, the static analysis reveals significant concerns. The presence of a 'system' function call is a critical red flag, especially when combined with a critical severity taint flow involving unsanitized paths. This suggests a potential for arbitrary code execution or command injection if an attacker can influence the path input to this function.\n\nThe limited attack surface with zero unprotected entry points is a strong positive.  However, the 16 file operations, coupled with only 33% of outputs being properly escaped, raise concerns about potential directory traversal or information disclosure vulnerabilities. While nonce and capability checks are present, their limited count in relation to the file operations and the identified taint flow is insufficient to fully mitigate the risks associated with the 'system' function and unsanitized paths.\n\nIn conclusion, while the plugin benefits from a clean vulnerability record and good SQL practices, the identified critical taint flow and the use of the 'system' function alongside potentially unescaped file operations present a tangible risk. The limited number of security checks relative to the potential impact of these code signals warrants careful consideration.",[127,130,133,136],{"reason":128,"points":129},"Critical taint flow with unsanitized path",15,{"reason":131,"points":132},"Use of dangerous 'system' function",10,{"reason":134,"points":135},"Low output escaping percentage (33%)",6,{"reason":137,"points":28},"Multiple file operations","2026-03-16T21:35:45.359Z",{"wat":140,"direct":146},{"assetPaths":141,"generatorPatterns":143,"scriptPaths":144,"versionParams":145},[142],"\u002Fwp-content\u002Fplugins\u002Freally-simple-backup\u002Fbackup\u002F",[],[],[],{"cssClasses":147,"htmlComments":149,"htmlAttributes":150,"restEndpoints":157,"jsGlobals":158,"shortcodeOutput":159},[148],"wrap",[],[151,152,153,154,155,156],"id=\"database\"","name=\"database\"","id=\"uploadsall\"","name=\"uploadsall\"","name=\"uploads[]\"","id=\"uploads_.*\"",[],[],[],{"error":104,"url":161,"statusCode":162,"statusMessage":163,"message":163},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Freally-simple-backup\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":165,"versions":166},9,[167,172,179,186,193,200,207,214,221],{"version":6,"download_url":20,"svn_tag_url":168,"released_at":22,"has_diff":120,"diff_files_changed":169,"diff_lines":22,"trac_diff_url":170,"vulnerabilities":171,"is_current":104},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Freally-simple-backup\u002Ftags\u002F1.3.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Freally-simple-backup%2Ftags%2F1.3.4&new_path=%2Freally-simple-backup%2Ftags%2F1.3.5",[],{"version":173,"download_url":174,"svn_tag_url":175,"released_at":22,"has_diff":120,"diff_files_changed":176,"diff_lines":22,"trac_diff_url":177,"vulnerabilities":178,"is_current":120},"1.3.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-backup.1.3.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Freally-simple-backup\u002Ftags\u002F1.3.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Freally-simple-backup%2Ftags%2F1.3.3&new_path=%2Freally-simple-backup%2Ftags%2F1.3.4",[],{"version":180,"download_url":181,"svn_tag_url":182,"released_at":22,"has_diff":120,"diff_files_changed":183,"diff_lines":22,"trac_diff_url":184,"vulnerabilities":185,"is_current":120},"1.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-backup.1.3.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Freally-simple-backup\u002Ftags\u002F1.3.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Freally-simple-backup%2Ftags%2F1.3.2&new_path=%2Freally-simple-backup%2Ftags%2F1.3.3",[],{"version":187,"download_url":188,"svn_tag_url":189,"released_at":22,"has_diff":120,"diff_files_changed":190,"diff_lines":22,"trac_diff_url":191,"vulnerabilities":192,"is_current":120},"1.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-backup.1.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Freally-simple-backup\u002Ftags\u002F1.3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Freally-simple-backup%2Ftags%2F1.3.1&new_path=%2Freally-simple-backup%2Ftags%2F1.3.2",[],{"version":194,"download_url":195,"svn_tag_url":196,"released_at":22,"has_diff":120,"diff_files_changed":197,"diff_lines":22,"trac_diff_url":198,"vulnerabilities":199,"is_current":120},"1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-backup.1.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Freally-simple-backup\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Freally-simple-backup%2Ftags%2F1.3.0&new_path=%2Freally-simple-backup%2Ftags%2F1.3.1",[],{"version":201,"download_url":202,"svn_tag_url":203,"released_at":22,"has_diff":120,"diff_files_changed":204,"diff_lines":22,"trac_diff_url":205,"vulnerabilities":206,"is_current":120},"1.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-backup.1.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Freally-simple-backup\u002Ftags\u002F1.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Freally-simple-backup%2Ftags%2F1.2.0&new_path=%2Freally-simple-backup%2Ftags%2F1.3.0",[],{"version":208,"download_url":209,"svn_tag_url":210,"released_at":22,"has_diff":120,"diff_files_changed":211,"diff_lines":22,"trac_diff_url":212,"vulnerabilities":213,"is_current":120},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-backup.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Freally-simple-backup\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Freally-simple-backup%2Ftags%2F1.1.0&new_path=%2Freally-simple-backup%2Ftags%2F1.2.0",[],{"version":215,"download_url":216,"svn_tag_url":217,"released_at":22,"has_diff":120,"diff_files_changed":218,"diff_lines":22,"trac_diff_url":219,"vulnerabilities":220,"is_current":120},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-backup.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Freally-simple-backup\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Freally-simple-backup%2Ftags%2F1.0.0&new_path=%2Freally-simple-backup%2Ftags%2F1.1.0",[],{"version":222,"download_url":223,"svn_tag_url":224,"released_at":22,"has_diff":120,"diff_files_changed":225,"diff_lines":22,"trac_diff_url":22,"vulnerabilities":226,"is_current":120},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-backup.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Freally-simple-backup\u002Ftags\u002F1.0.0\u002F",[],[]]