[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhMcsREOkYG2j0fzbUzBykuZeRRE-AboiF3WRWXxvySM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":55,"fingerprints":94},"restrict-uploads","Restrict Uploads","0.1.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>This plugin works silently in the background to restrict uploads to specified file types only (jpg, gif, png). It adds no options page, no external objects on your site, or anything else therefore it has no baring on your site’s load time.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fprofile\u002Fsmub\" title=\"Check out my other plugins\" rel=\"ugc\">Check out my other plugins\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\" title=\"Visit WPBeginner for any tutorials or support\" rel=\"nofollow ugc\">Visit WPBeginner for any tutorials or support\u003C\u002Fa>\u003C\u002Fp>\n","Restrict uploads to specified file types only (jpg, gif, png).",100,3435,0,"2011-07-28T16:21:00.000Z","3.2.1","3.0","",[4,19,20],"restrict-uploads-by-file-type","restrict-uploads-to-only-image-files","http:\u002F\u002Fwww.wpbeginner.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-uploads.0.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"smub",94,23510130,91,795,73,"2026-04-03T23:29:28.490Z",[36],{"slug":37,"name":38,"version":6,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":11,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":53,"download_link":54,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"only-media-uploads","Only Media Uploads","Riyad Arefin","https:\u002F\u002Fprofiles.wordpress.org\u002Friyad_a\u002F","\u003Cp>A simple plugin to restricts uploads to specified file types only (images: jpg, gif, png | videos: wmv, avi, mpeg, mp4, mkv).\u003Cbr \u002F>\nIt does not add any options page.  it does not effect on your site’s load speed\u002F time.\u003Cbr \u002F>\n Its just a tiny plugin which works silently in the background.\u003C\u002Fp>\n","A simple plugin to restricts uploads to specified file types only (images: jpg, gif, png | videos: wmv, avi, mpeg, mp4, mkv).",10,2214,1,"2016-05-02T02:58:00.000Z","4.5.33","3.2",[50,4,19,51,52],"images","restrict-uploads-to-only-images","uploads","https:\u002F\u002Friyadarefin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonly-media-uploads.0.1.1.zip",{"attackSurface":56,"codeSignals":73,"taintFlows":86,"riskAssessment":87,"analyzedAt":93},{"hooks":57,"ajaxHandlers":69,"restRoutes":70,"shortcodes":71,"cronEvents":72,"entryPointCount":13,"unprotectedCount":13},[58,64],{"type":59,"name":60,"callback":61,"file":62,"line":63},"filter","upload_mimes","restrict_mime","restrictuploads.php",23,{"type":65,"name":66,"callback":67,"file":62,"line":68},"action","wp_dashboard_setup","restrictuploads_dashboard_widgets",33,[],[],[],[],{"dangerousFunctions":74,"sqlUsage":75,"outputEscaping":77,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":85},[],{"prepared":13,"raw":13,"locations":76},[],{"escaped":13,"rawEcho":78,"locations":79},2,[80,83],{"file":62,"line":81,"context":82},61,"raw output",{"file":62,"line":84,"context":82},62,[],[],{"summary":88,"deductions":89},"The \"restrict-uploads\" plugin v0.1.1 presents a mixed security posture.  On the positive side, the static analysis indicates no discovered dangerous functions, a complete reliance on prepared statements for SQL queries, and no file operations or external HTTP requests. Furthermore, there is no record of past vulnerabilities, suggesting a history of relatively secure development.  However, a significant concern arises from the complete lack of output escaping. With 100% of identified outputs being unescaped, this opens the door to potential Cross-Site Scripting (XSS) vulnerabilities, especially if any user-supplied data were to be displayed without proper sanitization.  The absence of nonce checks and capability checks, coupled with zero total entry points, suggests a very limited attack surface, but this also means that any future additions to the plugin could introduce vulnerabilities if not secured properly.  The lack of any taint analysis flows is also notable, though this could be a reflection of a very simple plugin or limitations in the analysis tool itself.\n\nOverall, while the plugin exhibits good practices in areas like SQL query handling and avoiding risky functions, the unescaped output is a critical weakness that could be exploited. The clean vulnerability history is encouraging, but it does not mitigate the immediate risks identified in the static analysis.  Developers should prioritize addressing the output escaping issue to improve the plugin's security. The lack of entry points is a strength in terms of a small attack surface, but it also implies that the plugin may not perform significant actions, thus potentially limiting its usefulness or its security implications to only specific scenarios.  Given the lack of exploitable patterns in the static analysis beyond output escaping, and the absence of any known CVEs, the plugin is not inherently insecure, but the unescaped output remains a significant risk.",[90],{"reason":91,"points":92},"Unescaped output",8,"2026-03-16T20:47:02.327Z",{"wat":95,"direct":101},{"assetPaths":96,"generatorPatterns":98,"scriptPaths":99,"versionParams":100},[97],"\u002Fwp-content\u002Fplugins\u002Frestrict-uploads\u002Frestrictuploads.php",[],[],[],{"cssClasses":102,"htmlComments":107,"htmlAttributes":108,"restEndpoints":114,"jsGlobals":115,"shortcodeOutput":116},[103,104,105,106],"rss-widget","rsswidget","rss-date","alignright",[],[109,110,111,112,113],"alt","href","title","src","class",[],[],[]]