[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftVq-958zjLGMyQJKgI_wHMybeer8eBjV8WUFAS3i51E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":55,"analysis":147,"fingerprints":468},"simple-dropbox-upload-form","Simple Dropbox Upload","1.8.8.2","hiphopsmurf","https:\u002F\u002Fprofiles.wordpress.org\u002Fhiphopsmurf\u002F","\u003Cp>This plugin lets you insert an upload form on your pages or in a post so visitors can upload files to your Dropbox account.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 3.3.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 5.0 or higher\u003C\u002Fli>\n\u003Cli>The wp-content\u002Fuploads directory needs to be writable by the plugin.  This is likely already the case as WordPress stores your media and various other uploads here.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to Site Admin > Simple Dropbox\u003C\u002Fli>\n\u003Cli>(Optional)Enter the folder path you would like to save the files to on Dropbox.\u003C\u002Fli>\n\u003Cli>(Optional) Change the temporary path for files uploaded to your server before being uploaded to Dropbox.\u003C\u002Fli>\n\u003Cli>(Required) Enter the file extensions without periods for the files you want to allow users to upload separated by one space.\u003C\u002Fli>\n\u003Cli>(Optional) Enter a message you want displayed after the user uploads a file.\u003C\u002Fli>\n\u003Cli>(Optional) Choose a color for the message you want displayed after the user uploads a file.\u003C\u002Fli>\n\u003Cli>Choose whether or not to display upload form again after the first file has been uploaded to Dropbox.\u003C\u002Fli>\n\u003Cli>Choose whether or not to delete the file located on your server after it has been uploaded to Dropbox.\u003C\u002Fli>\n\u003Cli>Click Save options.\u003C\u002Fli>\n\u003Cli>If you have already authorized this plugin to use your Dropbox account you can skip to step 17\u003C\u002Fli>\n\u003Cli>Click the Authorize button at the bottom of the screen.\u003C\u002Fli>\n\u003Cli>Click Continue to be taken to Dropbox.\u003C\u002Fli>\n\u003Cli>Once at Dropbox Click the Allow button so this plugin can link with your Dropbox account.\u003C\u002Fli>\n\u003Cli>Go to Site Admin > Simple Dropbox\u003C\u002Fli>\n\u003Cli>Click the Confirm button located at the bottom of the page to confirm your Dropbox account.\u003C\u002Fli>\n\u003Cli>You should see the email address used with your Dropbox account. If you don’t, Reset your settings and start over.\u003C\u002Fli>\n\u003Cli>Click Finish.\u003C\u002Fli>\n\u003Cli>Create a Page, Post or Widget to insert the shortcode into.\u003C\u002Fli>\n\u003Cli>Insert \u003Cstrong>[simple-wp-dropbox]\u003C\u002Fstrong> where you would like the form to display.\u003C\u002Fli>\n\u003Cli>Click Save or Publish.\u003C\u002Fli>\n\u003Cli>Visit the location to confirm everything is working properly.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>To-do list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Multiple file upload\u003C\u002Fli>\n\u003Cli>Add ability to append uploaders username to file name\u002Ffolder path\u003C\u002Fli>\n\u003Cli>Add ability to control file upload size\u003C\u002Fli>\n\u003Cli>Add ability to limit the number of submissions per user\u002Fday\u003C\u002Fli>\n\u003Cli>Restyle admin interface (Done|)\u003C\u002Fli>\n\u003Cli>Change database structure (Done|)\u003C\u002Fli>\n\u003C\u002Ful>\n","Inserts an upload form for visitors to upload files to you Dropbox account without the need of a Dropbox developer account.",200,38580,82,13,"2013-09-18T20:09:00.000Z","3.5.2","3.3.0","",[20,21,22,23,24],"api","dropbox","integration","simple","upload","http:\u002F\u002Fcdsincdesign.com\u002Fsimple-dropbox-upload-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-dropbox-upload-form.1.8.8.2.zip",83,1,0,"2013-09-14 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2013-5963","simple-dropbox-upload-arbitrary-file-upload","Simple Dropbox Upload \u003C 1.8.8.1 - Arbitrary File Upload","Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content\u002Fuploads\u002Fwpdb\u002F.",null,"\u003C1.8.8.1","1.8.8.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F89904362-4ac2-450a-89ac-8935fdb4976d?source=api-prod",3783,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":48,"trust_score":53,"computed_at":54},2,210,84,68,"2026-04-04T15:21:20.233Z",[56,74,88,106,125],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":28,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":18,"download_link":72,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"dropbox-upload-form","Dropbox Upload Form","0.2.1","ostlund","https:\u002F\u002Fprofiles.wordpress.org\u002Fostlund\u002F","\u003Cp>This plugin lets you insert a upload form on your pages so visitors can upload files to a Dropbox account.\u003C\u002Fp>\n","Inserts a upload form for visitors to upload files to a Dropbox account",10,12058,20,"2013-05-09T17:19:00.000Z","3.6.0","3.5.0",[20,21,71,22,24],"form","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdropbox-upload-form.0.2.1.zip",85,{"slug":75,"name":76,"version":77,"author":7,"author_profile":8,"description":78,"short_description":79,"active_installs":64,"downloaded":80,"rating":29,"num_ratings":29,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":18,"tags":84,"homepage":86,"download_link":87,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"simple-sugarsync-upload","Simple Sugarsync Upload","1.2.0","\u003Cp>This plugin lets you insert an upload form in a page, post or widget so visitors can upload files to your SugarSync account. No need to signup for a developer account.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 3.2.1 or higher\u003C\u002Fli>\n\u003Cli>PHP 5.0 or higher\u003C\u002Fli>\n\u003Cli>CURL must be enabled\u003C\u002Fli>\n\u003Cli>The wp-content\u002Fuploads directory needs to be writable by the plugin.  This is likely already the case as WordPress stores your media and various other uploads here.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to Site Admin > Settings > Simple SugarSync\u003C\u002Fli>\n\u003Cli>(Optional)Enter the folder path you would like to save the files to on SugarSync.\u003C\u002Fli>\n\u003Cli>(Optional) Change the temporary path for files uploaded to your server before being uploaded to SugarSync.\u003C\u002Fli>\n\u003Cli>(Required) Enter the file extensions without periods for the files you want to allow users to upload separated by one space.\u003C\u002Fli>\n\u003Cli>(Optional) Enter a message you want displayed after the user uploads a file.\u003C\u002Fli>\n\u003Cli>Choose whether or not to display upload form again after the first file has been uploaded to SugarSync.\u003C\u002Fli>\n\u003Cli>Choose whether or not to delete the file located on your server after it has been uploaded to SugarSync.\u003C\u002Fli>\n\u003Cli>Click Save options.\u003C\u002Fli>\n\u003Cli>Create a Page, Post or Widget to insert the shortcode into.\u003C\u002Fli>\n\u003Cli>Insert \u003Cstrong>[simple-wp-sugarsync]\u003C\u002Fstrong> where you would like the form to display.\u003C\u002Fli>\n\u003Cli>Click Save or Publish.\u003C\u002Fli>\n\u003Cli>Visit the location to confirm everything is working properly.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>To-do list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add ability to append uploaders username to file name\u002Ffolder path\u003C\u002Fli>\n\u003Cli>Add ability to control file upload size\u003C\u002Fli>\n\u003Cli>Add ability to limit the number of submissions per user\u002Fday\u003C\u002Fli>\n\u003Cli>Restyle admin interface\u003C\u002Fli>\n\u003C\u002Ful>\n","Inserts an upload form for visitors to upload files to you SugarSync account without the need of a SugarSync developer account.",2939,"2012-05-10T14:18:00.000Z","3.3.2","3.2.1",[20,22,23,85,24],"sugarsync","http:\u002F\u002Fcdsincdesign.com\u002Fsimple-sugarsync-upload\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-sugarsync-upload.1.2.0.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":64,"downloaded":96,"rating":29,"num_ratings":29,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":18,"download_link":105,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"aspl-dropbox-file-upload","ASPL Dropbox File Upload","1.1.0","acespritech","https:\u002F\u002Fprofiles.wordpress.org\u002Facespritech\u002F","\u003Cp>Are you looking for a way to create an upload form that automatically sends WordPress file uploads to your Dropbox? Using this Plugin you can easily integrate your Dropbox to your WordPress website. You can select maximum file size till your dropbox maximum upload size.\u003C\u002Fp>\n\u003Cp>Features:-\u003Cbr \u002F>\n1 – Easy to connect form with Dropbox.\u003Cbr \u002F>\n2 – There is no file limit for upload.\u003Cbr \u002F>\n2 – Admin have short-code of form to display form in any page using it.\u003C\u002Fp>\n\u003Cp>Shortcode:- [aspl_dropbox]\u003C\u002Fp>\n","Another Best Plugin for Integrate Dropbox With Your Upload Form.",1169,"2020-09-16T12:51:00.000Z","5.5.0","5.1","5.0",[102,21,103,22,104],"contact-form","file-upload","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faspl-dropbox-file-upload.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":29,"downloaded":114,"rating":29,"num_ratings":29,"last_updated":115,"tested_up_to":116,"requires_at_least":100,"requires_php":117,"tags":118,"homepage":18,"download_link":123,"security_score":124,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"extension-access-manager","Extension Access Manager","1.1","Haider Mirza","https:\u002F\u002Fprofiles.wordpress.org\u002Fhaidermirza1\u002F","\u003Cp>\u003Cstrong>Extension Access Manager\u003C\u002Fstrong> enables a secure, custom REST API endpoint for uploading images and submitting posts directly to WordPress. Built for browser extensions and third-party apps, it simplifies content publishing and media handling through a protected access token system.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Secure image upload via POST request\u003C\u002Fli>\n\u003Cli>JSON-based post publishing from extensions\u003C\u002Fli>\n\u003Cli>Token-based authentication\u003C\u002Fli>\n\u003Cli>Built for integration with Chrome extensions\u003C\u002Fli>\n\u003Cli>Lightweight and easy to set up\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">License URI\u003C\u002Fa> for more information.\u003C\u002Fp>\n","Securely connect your Chrome extension to WordPress for uploading images and posting content via custom REST API.",338,"2025-10-02T20:31:00.000Z","6.8.5","7.4",[20,119,120,121,122],"chrome-extension","image-upload","rest-api","wordpress-integration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextension-access-manager.1.1.zip",100,{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":136,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":117,"tags":140,"homepage":18,"download_link":144,"security_score":145,"vuln_count":50,"unpatched_count":29,"last_vuln_date":146,"fetched_at":31},"zapier","Zapier for WordPress","1.5.3","Zapier","https:\u002F\u002Fprofiles.wordpress.org\u002Fzapier\u002F","\u003Cp>Zapier is the #1 workflow automation platform for small and midsize businesses that supports 7,000+ of the most popular apps, like Instagram, Facebook, and Pinterest. In just a few minutes, you can set up automated workflows (called \u003Cem>Zaps\u003C\u002Fem>) that connect WordPress with the other apps you use most. You can share your latest WordPress posts to Facebook or Instagram, create drafts from an RSS feed or Mailchimp newsletter, or be notified when you get new comments and much more–no manual work or coding required.\u003C\u002Fp>\n\u003Ch4>Some things you can do with Zapier + WordPress\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Share your latest WordPress posts to your social media profiles, like Facebook, Instagram, and Pinterest\u003C\u002Fli>\n\u003Cli>Create WordPress posts automatically based on your newsletters or RSS feeds\u003C\u002Fli>\n\u003Cli>Add new WordPress users to your email marketing campaigns\u003C\u002Fli>\n\u003Cli>Get notified in Slack or Microsoft Teams when new comments are left on your posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to get started\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fsign-up\u002F?utm_source=partner_wordpress_sign_up&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Sign up for Zapier\u003C\u002Fa>. (Zapier has a free forever plan. Paid plans scale with usage.)\u003C\u002Fli>\n\u003Cli>Check out Zapier’s \u003Ca href=\"https:\u002F\u002Fzapier.com\u002Flearn\u002Fgetting-started-guide\u002Fwhat-is-zapier?utm_source=partner_wordpress_getting_started&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Getting Started Guide\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Install the plugin, then head to \u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fwordpress?utm_source=partner_wordpress_integration&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">https:\u002F\u002Fzapier.com\u002Fapps\u002Fwordpress\u003C\u002Fa> to get started.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What people are saying about Zapier\u003C\u002Fh4>\n\u003Cp>“I would go as far to say that it has increased my personal efficiency by more than 400 percent.”—Garrett Grohman, Indiegogo\u003C\u002Fp>\n\u003Cp>“Zapier helps us to work faster and smarter by removing manual processes. We can now focus on adding a personal touch to our work.”—Olivia Jardine, Meister\u003C\u002Fp>\n\u003Cp>“Zapier probably saves me about 10 hours a week, when it comes to running our design operations. If I tap into my math skills, I do believe it’s 25 percent more productive!”—Lindsey Redinger, InVision\u003C\u002Fp>\n\u003Ch3>What people are connecting with Zapier\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fcalendly\u002Fintegrations\u002Fwordpress?utm_source=partner_wordpress_calendly&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">WordPress to Calendly\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fwordpress\u002Fintegrations\u002Fzoom?utm_source=partner_wordpress_zoom&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Zoom to WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fmongodb\u002Fintegrations\u002Fwordpress?utm_source=partner_wordpress_mongodb&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">WordPress to Mongodb\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fpipedrive\u002Fintegrations\u002Fwordpress?utm_source=partner_wordpress_pipedrive&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Pipedrive to WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fteachable\u002Fintegrations\u002Fwordpress?utm_source=partner_wordpress_teachable&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Teachable to WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Get Help\u003C\u002Fh3>\n\u003Cp>If you have any feature requests, issues, or questions with Zapier for WordPress, please contact us using our \u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapp\u002Fget-help?utm_source=partner_wordpress_support&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">help form\u003C\u002Fa>.\u003C\u002Fp>\n","Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.",50000,676957,44,72,"2025-07-24T16:50:00.000Z","6.5.8","5.5",[141,142,22,143,126],"automation","dataflow","workflow","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzapier.1.5.3.zip",98,"2025-06-19 00:00:00",{"attackSurface":148,"codeSignals":196,"taintFlows":316,"riskAssessment":453,"analyzedAt":467},{"hooks":149,"ajaxHandlers":184,"restRoutes":189,"shortcodes":190,"cronEvents":195,"entryPointCount":50,"unprotectedCount":28},[150,156,159,164,168,172,177,181],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","admin_print_scripts","js_libs","inc\\wpsdb_auth.php",11,{"type":151,"name":157,"callback":158,"file":154,"line":14},"admin_print_styles","style_libs",{"type":151,"name":160,"callback":161,"file":162,"line":163},"init","wpsdb_build_stylesheet_content","wp-dropbox.php",77,{"type":151,"name":165,"callback":166,"file":162,"line":167},"wp_head","wpsdb_build_stylesheet_url",78,{"type":151,"name":169,"callback":170,"file":162,"line":171},"admin_init","register_wp_dropbox_settings",1123,{"type":173,"name":174,"callback":175,"priority":64,"file":162,"line":176},"filter","plugin_row_meta","wpsdb_plugin_row_meta",1304,{"type":151,"name":178,"callback":179,"file":162,"line":180},"admin_menu","wpsdb_create_menu",1312,{"type":151,"name":169,"callback":182,"file":162,"line":183},"wpsdb_plugin_redirect",1314,[185],{"action":186,"nopriv":187,"callback":186,"hasNonce":187,"hasCapCheck":187,"file":154,"line":188},"choice",false,15,[],[191],{"tag":192,"callback":193,"file":162,"line":194},"simple-wp-dropbox","shortcode_wp_dropbox",1310,[],{"dangerousFunctions":197,"sqlUsage":216,"outputEscaping":219,"fileOperations":314,"externalRequests":50,"nonceChecks":28,"capabilityChecks":29,"bundledLibraries":315},[198,203,206,210,212],{"fn":199,"file":200,"line":201,"context":202},"unserialize","inc\\Dropbox\\OAuth\\Zend.php",151,"return $this->setToken(unserialize($token));",{"fn":199,"file":200,"line":204,"context":205},155,"return $this->setToken(unserialize($token['zend_oauth_token']));",{"fn":199,"file":207,"line":208,"context":209},"inc\\Dropbox\\pear_includes\\HTTP\\OAuth\\Store\\Consumer\\CacheLite.php",119,"return unserialize($result);",{"fn":199,"file":207,"line":211,"context":209},150,{"fn":199,"file":213,"line":214,"context":215},"inc\\Dropbox\\pear_includes\\HTTP\\Request2\\CookieJar.php",378,"$data = unserialize($serialized);",{"prepared":217,"raw":29,"locations":218},3,[],{"escaped":220,"rawEcho":221,"locations":222},6,45,[223,227,229,231,233,235,237,239,241,243,245,247,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312],{"file":224,"line":225,"context":226},"inc\\Dropbox\\pear_includes\\HTTP\\OAuth\\Provider\\Response.php",282,"raw output",{"file":154,"line":228,"context":226},165,{"file":154,"line":230,"context":226},219,{"file":154,"line":232,"context":226},221,{"file":154,"line":234,"context":226},223,{"file":162,"line":236,"context":226},55,{"file":162,"line":238,"context":226},135,{"file":162,"line":240,"context":226},305,{"file":162,"line":242,"context":226},315,{"file":162,"line":244,"context":226},337,{"file":162,"line":246,"context":226},357,{"file":162,"line":246,"context":226},{"file":162,"line":249,"context":226},387,{"file":162,"line":251,"context":226},404,{"file":162,"line":253,"context":226},405,{"file":162,"line":255,"context":226},421,{"file":162,"line":257,"context":226},422,{"file":162,"line":259,"context":226},423,{"file":162,"line":261,"context":226},487,{"file":162,"line":263,"context":226},527,{"file":162,"line":265,"context":226},529,{"file":162,"line":267,"context":226},694,{"file":162,"line":269,"context":226},701,{"file":162,"line":271,"context":226},704,{"file":162,"line":273,"context":226},707,{"file":162,"line":275,"context":226},718,{"file":162,"line":277,"context":226},719,{"file":162,"line":279,"context":226},720,{"file":162,"line":281,"context":226},721,{"file":162,"line":283,"context":226},722,{"file":162,"line":285,"context":226},723,{"file":162,"line":287,"context":226},864,{"file":162,"line":289,"context":226},874,{"file":162,"line":291,"context":226},880,{"file":162,"line":293,"context":226},886,{"file":162,"line":295,"context":226},891,{"file":162,"line":297,"context":226},892,{"file":162,"line":299,"context":226},910,{"file":162,"line":301,"context":226},918,{"file":162,"line":303,"context":226},941,{"file":162,"line":305,"context":226},973,{"file":162,"line":307,"context":226},1001,{"file":162,"line":309,"context":226},1006,{"file":162,"line":311,"context":226},1011,{"file":162,"line":313,"context":226},1016,19,[],[317,412],{"entryPoint":318,"graph":319,"unsanitizedCount":29,"severity":411},"wpsdb_settings_page (wp-dropbox.php:495)",{"nodes":320,"edges":397},[321,326,331,335,337,341,343,347,349,353,355,359,361,365,367,371,373,377,379,383,385,389,391,395],{"id":322,"type":323,"label":324,"file":162,"line":325},"n0","source","$_POST['wpsdb_path']",564,{"id":327,"type":328,"label":329,"file":162,"line":325,"wp_function":330},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":332,"type":323,"label":333,"file":162,"line":334},"n2","$_POST['wpsdb_temp_path']",566,{"id":336,"type":328,"label":329,"file":162,"line":334,"wp_function":330},"n3",{"id":338,"type":323,"label":339,"file":162,"line":340},"n4","$_POST['wpsdb_allow_ext']",568,{"id":342,"type":328,"label":329,"file":162,"line":340,"wp_function":330},"n5",{"id":344,"type":323,"label":345,"file":162,"line":346},"n6","$_POST['wpsdb_thank_message']",570,{"id":348,"type":328,"label":329,"file":162,"line":346,"wp_function":330},"n7",{"id":350,"type":323,"label":351,"file":162,"line":352},"n8","$_POST['wpsdb_redirect_page']",572,{"id":354,"type":328,"label":329,"file":162,"line":352,"wp_function":330},"n9",{"id":356,"type":323,"label":357,"file":162,"line":358},"n10","$_POST['wpsdb_show_progress']",574,{"id":360,"type":328,"label":329,"file":162,"line":358,"wp_function":330},"n11",{"id":362,"type":323,"label":363,"file":162,"line":364},"n12","$_POST['wpsdb_show_multi']",576,{"id":366,"type":328,"label":329,"file":162,"line":364,"wp_function":330},"n13",{"id":368,"type":323,"label":369,"file":162,"line":370},"n14","$_POST['wpsdb_show_multi_size']",580,{"id":372,"type":328,"label":329,"file":162,"line":370,"wp_function":330},"n15",{"id":374,"type":323,"label":375,"file":162,"line":376},"n16","$_POST['wpsdb_show_form']",582,{"id":378,"type":328,"label":329,"file":162,"line":376,"wp_function":330},"n17",{"id":380,"type":323,"label":381,"file":162,"line":382},"n18","$_POST['wpsdb_delete_file']",584,{"id":384,"type":328,"label":329,"file":162,"line":382,"wp_function":330},"n19",{"id":386,"type":323,"label":387,"file":162,"line":388},"n20","$_POST['wpsdb_thank_color']",586,{"id":390,"type":328,"label":329,"file":162,"line":388,"wp_function":330},"n21",{"id":392,"type":323,"label":393,"file":162,"line":394},"n22","$_POST['wpsdb_php_pear']",588,{"id":396,"type":328,"label":329,"file":162,"line":394,"wp_function":330},"n23",[398,400,401,402,403,404,405,406,407,408,409,410],{"from":322,"to":327,"sanitized":399},true,{"from":332,"to":336,"sanitized":399},{"from":338,"to":342,"sanitized":399},{"from":344,"to":348,"sanitized":399},{"from":350,"to":354,"sanitized":399},{"from":356,"to":360,"sanitized":399},{"from":362,"to":366,"sanitized":399},{"from":368,"to":372,"sanitized":399},{"from":374,"to":378,"sanitized":399},{"from":380,"to":384,"sanitized":399},{"from":386,"to":390,"sanitized":399},{"from":392,"to":396,"sanitized":399},"low",{"entryPoint":413,"graph":414,"unsanitizedCount":29,"severity":411},"\u003Cwp-dropbox> (wp-dropbox.php:0)",{"nodes":415,"edges":440},[416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439],{"id":322,"type":323,"label":324,"file":162,"line":325},{"id":327,"type":328,"label":329,"file":162,"line":325,"wp_function":330},{"id":332,"type":323,"label":333,"file":162,"line":334},{"id":336,"type":328,"label":329,"file":162,"line":334,"wp_function":330},{"id":338,"type":323,"label":339,"file":162,"line":340},{"id":342,"type":328,"label":329,"file":162,"line":340,"wp_function":330},{"id":344,"type":323,"label":345,"file":162,"line":346},{"id":348,"type":328,"label":329,"file":162,"line":346,"wp_function":330},{"id":350,"type":323,"label":351,"file":162,"line":352},{"id":354,"type":328,"label":329,"file":162,"line":352,"wp_function":330},{"id":356,"type":323,"label":357,"file":162,"line":358},{"id":360,"type":328,"label":329,"file":162,"line":358,"wp_function":330},{"id":362,"type":323,"label":363,"file":162,"line":364},{"id":366,"type":328,"label":329,"file":162,"line":364,"wp_function":330},{"id":368,"type":323,"label":369,"file":162,"line":370},{"id":372,"type":328,"label":329,"file":162,"line":370,"wp_function":330},{"id":374,"type":323,"label":375,"file":162,"line":376},{"id":378,"type":328,"label":329,"file":162,"line":376,"wp_function":330},{"id":380,"type":323,"label":381,"file":162,"line":382},{"id":384,"type":328,"label":329,"file":162,"line":382,"wp_function":330},{"id":386,"type":323,"label":387,"file":162,"line":388},{"id":390,"type":328,"label":329,"file":162,"line":388,"wp_function":330},{"id":392,"type":323,"label":393,"file":162,"line":394},{"id":396,"type":328,"label":329,"file":162,"line":394,"wp_function":330},[441,442,443,444,445,446,447,448,449,450,451,452],{"from":322,"to":327,"sanitized":399},{"from":332,"to":336,"sanitized":399},{"from":338,"to":342,"sanitized":399},{"from":344,"to":348,"sanitized":399},{"from":350,"to":354,"sanitized":399},{"from":356,"to":360,"sanitized":399},{"from":362,"to":366,"sanitized":399},{"from":368,"to":372,"sanitized":399},{"from":374,"to":378,"sanitized":399},{"from":380,"to":384,"sanitized":399},{"from":386,"to":390,"sanitized":399},{"from":392,"to":396,"sanitized":399},{"summary":454,"deductions":455},"The plugin 'simple-dropbox-upload-form' version 1.8.8.2 exhibits a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and shows no critical or high severity taint flows, several significant concerns are present. The static analysis reveals an unprotected AJAX handler, which is a direct entry point into the application that lacks authentication checks. Furthermore, the plugin uses the dangerous `unserialize` function five times, a known vector for deserialization vulnerabilities if user-controlled input is passed to it without proper sanitization. The vulnerability history, although showing no currently unpatched CVEs, highlights a past critical vulnerability related to unrestricted file uploads, which is a common and severe issue. The absence of capability checks on any entry points is also a critical oversight. Overall, the plugin has strengths in its SQL handling and lack of critical taint flows, but the presence of an unprotected AJAX endpoint, the repeated use of `unserialize`, and a history of critical file upload vulnerabilities necessitate caution.",[456,458,460,462,465],{"reason":457,"points":64},"Unprotected AJAX handler",{"reason":459,"points":64},"Dangerous function: unserialize used 5 times",{"reason":461,"points":66},"No capability checks on any entry points",{"reason":463,"points":464},"Low percentage of properly escaped output",5,{"reason":466,"points":188},"History of a critical vulnerability","2026-03-16T20:23:53.659Z",{"wat":469,"direct":476},{"assetPaths":470,"generatorPatterns":472,"scriptPaths":473,"versionParams":474},[471],"\u002Fwp-content\u002Fplugins\u002Fsimple-dropbox-upload-form\u002Fcss\u002Fwpsdb-style.css",[],[],[475],"simple-dropbox-upload-form\u002Fcss\u002Fwpsdb-style.css?build=",{"cssClasses":477,"htmlComments":479,"htmlAttributes":480,"restEndpoints":483,"jsGlobals":484,"shortcodeOutput":485},[478],"wp-dropbox",[],[481,482],"id=\"wpsdb-success\"","id=\"wpsdb-error\"",[],[],[486],"\u003Cdiv class=\"wp-dropbox\">"]