[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVUUE7l12G8a00alKF_udaCpThbLVS_aPFJeQyciY2kg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":136,"fingerprints":325},"simple-sugarsync-upload","Simple Sugarsync Upload","1.2.0","hiphopsmurf","https:\u002F\u002Fprofiles.wordpress.org\u002Fhiphopsmurf\u002F","\u003Cp>This plugin lets you insert an upload form in a page, post or widget so visitors can upload files to your SugarSync account. No need to signup for a developer account.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 3.2.1 or higher\u003C\u002Fli>\n\u003Cli>PHP 5.0 or higher\u003C\u002Fli>\n\u003Cli>CURL must be enabled\u003C\u002Fli>\n\u003Cli>The wp-content\u002Fuploads directory needs to be writable by the plugin.  This is likely already the case as WordPress stores your media and various other uploads here.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to Site Admin > Settings > Simple SugarSync\u003C\u002Fli>\n\u003Cli>(Optional)Enter the folder path you would like to save the files to on SugarSync.\u003C\u002Fli>\n\u003Cli>(Optional) Change the temporary path for files uploaded to your server before being uploaded to SugarSync.\u003C\u002Fli>\n\u003Cli>(Required) Enter the file extensions without periods for the files you want to allow users to upload separated by one space.\u003C\u002Fli>\n\u003Cli>(Optional) Enter a message you want displayed after the user uploads a file.\u003C\u002Fli>\n\u003Cli>Choose whether or not to display upload form again after the first file has been uploaded to SugarSync.\u003C\u002Fli>\n\u003Cli>Choose whether or not to delete the file located on your server after it has been uploaded to SugarSync.\u003C\u002Fli>\n\u003Cli>Click Save options.\u003C\u002Fli>\n\u003Cli>Create a Page, Post or Widget to insert the shortcode into.\u003C\u002Fli>\n\u003Cli>Insert \u003Cstrong>[simple-wp-sugarsync]\u003C\u002Fstrong> where you would like the form to display.\u003C\u002Fli>\n\u003Cli>Click Save or Publish.\u003C\u002Fli>\n\u003Cli>Visit the location to confirm everything is working properly.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>To-do list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add ability to append uploaders username to file name\u002Ffolder path\u003C\u002Fli>\n\u003Cli>Add ability to control file upload size\u003C\u002Fli>\n\u003Cli>Add ability to limit the number of submissions per user\u002Fday\u003C\u002Fli>\n\u003Cli>Restyle admin interface\u003C\u002Fli>\n\u003C\u002Ful>\n","Inserts an upload form for visitors to upload files to you SugarSync account without the need of a SugarSync developer account.",10,2939,0,"2012-05-10T14:18:00.000Z","3.3.2","3.2.1","",[19,20,21,22,23],"api","integration","simple","sugarsync","upload","http:\u002F\u002Fcdsincdesign.com\u002Fsimple-sugarsync-upload\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-sugarsync-upload.1.2.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},2,210,84,3783,68,"2026-04-04T13:56:42.584Z",[38,58,74,94,116],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":53,"download_link":54,"security_score":55,"vuln_count":56,"unpatched_count":13,"last_vuln_date":57,"fetched_at":28},"simple-dropbox-upload-form","Simple Dropbox Upload","1.8.8.2","\u003Cp>This plugin lets you insert an upload form on your pages or in a post so visitors can upload files to your Dropbox account.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 3.3.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 5.0 or higher\u003C\u002Fli>\n\u003Cli>The wp-content\u002Fuploads directory needs to be writable by the plugin.  This is likely already the case as WordPress stores your media and various other uploads here.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to Site Admin > Simple Dropbox\u003C\u002Fli>\n\u003Cli>(Optional)Enter the folder path you would like to save the files to on Dropbox.\u003C\u002Fli>\n\u003Cli>(Optional) Change the temporary path for files uploaded to your server before being uploaded to Dropbox.\u003C\u002Fli>\n\u003Cli>(Required) Enter the file extensions without periods for the files you want to allow users to upload separated by one space.\u003C\u002Fli>\n\u003Cli>(Optional) Enter a message you want displayed after the user uploads a file.\u003C\u002Fli>\n\u003Cli>(Optional) Choose a color for the message you want displayed after the user uploads a file.\u003C\u002Fli>\n\u003Cli>Choose whether or not to display upload form again after the first file has been uploaded to Dropbox.\u003C\u002Fli>\n\u003Cli>Choose whether or not to delete the file located on your server after it has been uploaded to Dropbox.\u003C\u002Fli>\n\u003Cli>Click Save options.\u003C\u002Fli>\n\u003Cli>If you have already authorized this plugin to use your Dropbox account you can skip to step 17\u003C\u002Fli>\n\u003Cli>Click the Authorize button at the bottom of the screen.\u003C\u002Fli>\n\u003Cli>Click Continue to be taken to Dropbox.\u003C\u002Fli>\n\u003Cli>Once at Dropbox Click the Allow button so this plugin can link with your Dropbox account.\u003C\u002Fli>\n\u003Cli>Go to Site Admin > Simple Dropbox\u003C\u002Fli>\n\u003Cli>Click the Confirm button located at the bottom of the page to confirm your Dropbox account.\u003C\u002Fli>\n\u003Cli>You should see the email address used with your Dropbox account. If you don’t, Reset your settings and start over.\u003C\u002Fli>\n\u003Cli>Click Finish.\u003C\u002Fli>\n\u003Cli>Create a Page, Post or Widget to insert the shortcode into.\u003C\u002Fli>\n\u003Cli>Insert \u003Cstrong>[simple-wp-dropbox]\u003C\u002Fstrong> where you would like the form to display.\u003C\u002Fli>\n\u003Cli>Click Save or Publish.\u003C\u002Fli>\n\u003Cli>Visit the location to confirm everything is working properly.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>To-do list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Multiple file upload\u003C\u002Fli>\n\u003Cli>Add ability to append uploaders username to file name\u002Ffolder path\u003C\u002Fli>\n\u003Cli>Add ability to control file upload size\u003C\u002Fli>\n\u003Cli>Add ability to limit the number of submissions per user\u002Fday\u003C\u002Fli>\n\u003Cli>Restyle admin interface (Done|)\u003C\u002Fli>\n\u003Cli>Change database structure (Done|)\u003C\u002Fli>\n\u003C\u002Ful>\n","Inserts an upload form for visitors to upload files to you Dropbox account without the need of a Dropbox developer account.",200,38580,82,13,"2013-09-18T20:09:00.000Z","3.5.2","3.3.0",[19,52,20,21,23],"dropbox","http:\u002F\u002Fcdsincdesign.com\u002Fsimple-dropbox-upload-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-dropbox-upload-form.1.8.8.2.zip",83,1,"2013-09-14 00:00:00",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":67,"num_ratings":56,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":17,"tags":71,"homepage":17,"download_link":73,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"dropbox-upload-form","Dropbox Upload Form","0.2.1","ostlund","https:\u002F\u002Fprofiles.wordpress.org\u002Fostlund\u002F","\u003Cp>This plugin lets you insert a upload form on your pages so visitors can upload files to a Dropbox account.\u003C\u002Fp>\n","Inserts a upload form for visitors to upload files to a Dropbox account",12058,20,"2013-05-09T17:19:00.000Z","3.6.0","3.5.0",[19,52,72,20,23],"form","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdropbox-upload-form.0.2.1.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":13,"downloaded":82,"rating":13,"num_ratings":13,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":17,"download_link":92,"security_score":93,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"extension-access-manager","Extension Access Manager","1.1","Haider Mirza","https:\u002F\u002Fprofiles.wordpress.org\u002Fhaidermirza1\u002F","\u003Cp>\u003Cstrong>Extension Access Manager\u003C\u002Fstrong> enables a secure, custom REST API endpoint for uploading images and submitting posts directly to WordPress. Built for browser extensions and third-party apps, it simplifies content publishing and media handling through a protected access token system.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Secure image upload via POST request\u003C\u002Fli>\n\u003Cli>JSON-based post publishing from extensions\u003C\u002Fli>\n\u003Cli>Token-based authentication\u003C\u002Fli>\n\u003Cli>Built for integration with Chrome extensions\u003C\u002Fli>\n\u003Cli>Lightweight and easy to set up\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">License URI\u003C\u002Fa> for more information.\u003C\u002Fp>\n","Securely connect your Chrome extension to WordPress for uploading images and posting content via custom REST API.",338,"2025-10-02T20:31:00.000Z","6.8.5","5.0","7.4",[19,88,89,90,91],"chrome-extension","image-upload","rest-api","wordpress-integration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextension-access-manager.1.1.zip",100,{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":86,"tags":109,"homepage":17,"download_link":113,"security_score":114,"vuln_count":31,"unpatched_count":13,"last_vuln_date":115,"fetched_at":28},"zapier","Zapier for WordPress","1.5.3","Zapier","https:\u002F\u002Fprofiles.wordpress.org\u002Fzapier\u002F","\u003Cp>Zapier is the #1 workflow automation platform for small and midsize businesses that supports 7,000+ of the most popular apps, like Instagram, Facebook, and Pinterest. In just a few minutes, you can set up automated workflows (called \u003Cem>Zaps\u003C\u002Fem>) that connect WordPress with the other apps you use most. You can share your latest WordPress posts to Facebook or Instagram, create drafts from an RSS feed or Mailchimp newsletter, or be notified when you get new comments and much more–no manual work or coding required.\u003C\u002Fp>\n\u003Ch4>Some things you can do with Zapier + WordPress\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Share your latest WordPress posts to your social media profiles, like Facebook, Instagram, and Pinterest\u003C\u002Fli>\n\u003Cli>Create WordPress posts automatically based on your newsletters or RSS feeds\u003C\u002Fli>\n\u003Cli>Add new WordPress users to your email marketing campaigns\u003C\u002Fli>\n\u003Cli>Get notified in Slack or Microsoft Teams when new comments are left on your posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to get started\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fsign-up\u002F?utm_source=partner_wordpress_sign_up&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Sign up for Zapier\u003C\u002Fa>. (Zapier has a free forever plan. Paid plans scale with usage.)\u003C\u002Fli>\n\u003Cli>Check out Zapier’s \u003Ca href=\"https:\u002F\u002Fzapier.com\u002Flearn\u002Fgetting-started-guide\u002Fwhat-is-zapier?utm_source=partner_wordpress_getting_started&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Getting Started Guide\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Install the plugin, then head to \u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fwordpress?utm_source=partner_wordpress_integration&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">https:\u002F\u002Fzapier.com\u002Fapps\u002Fwordpress\u003C\u002Fa> to get started.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What people are saying about Zapier\u003C\u002Fh4>\n\u003Cp>“I would go as far to say that it has increased my personal efficiency by more than 400 percent.”—Garrett Grohman, Indiegogo\u003C\u002Fp>\n\u003Cp>“Zapier helps us to work faster and smarter by removing manual processes. We can now focus on adding a personal touch to our work.”—Olivia Jardine, Meister\u003C\u002Fp>\n\u003Cp>“Zapier probably saves me about 10 hours a week, when it comes to running our design operations. If I tap into my math skills, I do believe it’s 25 percent more productive!”—Lindsey Redinger, InVision\u003C\u002Fp>\n\u003Ch3>What people are connecting with Zapier\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fcalendly\u002Fintegrations\u002Fwordpress?utm_source=partner_wordpress_calendly&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">WordPress to Calendly\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fwordpress\u002Fintegrations\u002Fzoom?utm_source=partner_wordpress_zoom&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Zoom to WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fmongodb\u002Fintegrations\u002Fwordpress?utm_source=partner_wordpress_mongodb&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">WordPress to Mongodb\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fpipedrive\u002Fintegrations\u002Fwordpress?utm_source=partner_wordpress_pipedrive&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Pipedrive to WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapps\u002Fteachable\u002Fintegrations\u002Fwordpress?utm_source=partner_wordpress_teachable&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">Teachable to WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Get Help\u003C\u002Fh3>\n\u003Cp>If you have any feature requests, issues, or questions with Zapier for WordPress, please contact us using our \u003Ca href=\"https:\u002F\u002Fzapier.com\u002Fapp\u002Fget-help?utm_source=partner_wordpress_support&utm_medium=plugin_listing&utm_campaign=partner_wordpress\" rel=\"nofollow ugc\">help form\u003C\u002Fa>.\u003C\u002Fp>\n","Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.",50000,676957,44,72,"2025-07-24T16:50:00.000Z","6.5.8","5.5",[110,111,20,112,95],"automation","dataflow","workflow","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzapier.1.5.3.zip",98,"2025-06-19 00:00:00",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":93,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":86,"tags":130,"homepage":134,"download_link":135,"security_score":93,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cf7-to-zapier","CF7 to Webhook","5.0.0","Mário Valney","https:\u002F\u002Fprofiles.wordpress.org\u002Fmariovalney\u002F","\u003Cp>\u003Cstrong>CF7 to Webhook\u003C\u002Fstrong> is trusted by more than 30.000 WordPress websites and translated in languages!\u003C\u002Fp>\n\u003Cp>Thank you!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" title=\"Install it first, of course\" rel=\"ugc\">Contact Form 7 (CF7)\u003C\u002Fa> is a awesome plugin used by 1+ million WordPress websites.\u003C\u002Fp>\n\u003Cp>Webhooks are endpoint (urls) you can send data!\u003C\u002Fp>\n\u003Cp>Now you can join both: the best contact form plugin to WordPress and any webhook which receive JSON!\u003C\u002Fp>\n\u003Cp>And Zapier?\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fzapier.com\" rel=\"nofollow ugc\">Zapier (Zapier)\u003C\u002Fa> is a awesome service to connect your apps and automate workflows!\u003C\u002Fp>\n\u003Cp>Just activate and configure Zapier to receive data!\u003C\u002Fp>\n\u003Cp>Disclaimer: this plugin was created without any encouragement from Zapier (or any webhook\u002FAPI service) \u002F CF7 (and other supported plugins) developers.\u003C\u002Fp>\n\u003Ch4>How to Use\u003C\u002Fh4>\n\u003Cp>Easily and quickly! Just activate “Contact Form 7” and “CF7 to Webhook” and configure a URL to send data (or go to Zapier to create your Zap).\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>You can \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcf7-to-zapier\" rel=\"nofollow ugc\">translate CF7 to Webhook\u003C\u002Fa> to your language.\u003C\u002Fp>\n\u003Ch4>Review\u003C\u002Fh4>\n\u003Cp>We would be grateful for a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcf7-to-zapier\u002Freviews\u002F\" rel=\"ugc\">review here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Contact Form 7 – 6.1.5\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Tested with other plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MultiLine files for Contact Form 7 – 2.9.1\u003C\u002Fli>\n\u003Cli>Contact Form 7 Multi-Step Forms – 4.6\u003C\u002Fli>\n\u003C\u002Ful>\n","Use Contact Form 7 as a trigger to any webhook!",30000,354708,50,"2026-02-19T02:27:00.000Z","6.9.4","4.7",[131,132,20,133,95],"cf7","contact-form","webhook","https:\u002F\u002Fcf7-to-webhook.valney.dev","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-to-zapier.5.0.0.zip",{"attackSurface":137,"codeSignals":157,"taintFlows":201,"riskAssessment":309,"analyzedAt":324},{"hooks":138,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":156,"entryPointCount":56,"unprotectedCount":13},[139,145],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_init","register_wp_simple_sugarsync_settings","simple-sugarsync.php",470,{"type":140,"name":146,"callback":147,"file":143,"line":148},"admin_menu","wp_ssync_create_menu",573,[],[],[152],{"tag":153,"callback":154,"file":143,"line":155},"simple-wp-sugarsync","shortcode_wp_simple_sugarsync",571,[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":161,"fileOperations":199,"externalRequests":31,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":200},[],{"prepared":13,"raw":13,"locations":160},[],{"escaped":13,"rawEcho":162,"locations":163},17,[164,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197],{"file":143,"line":165,"context":166},95,"raw output",{"file":143,"line":168,"context":166},113,{"file":143,"line":170,"context":166},127,{"file":143,"line":172,"context":166},206,{"file":143,"line":174,"context":166},222,{"file":143,"line":176,"context":166},295,{"file":143,"line":178,"context":166},304,{"file":143,"line":180,"context":166},344,{"file":143,"line":182,"context":166},347,{"file":143,"line":184,"context":166},350,{"file":143,"line":186,"context":166},366,{"file":143,"line":188,"context":166},370,{"file":143,"line":190,"context":166},374,{"file":143,"line":192,"context":166},380,{"file":143,"line":194,"context":166},382,{"file":143,"line":196,"context":166},386,{"file":143,"line":198,"context":166},392,5,[],[202,277],{"entryPoint":203,"graph":204,"unsanitizedCount":275,"severity":276},"wp_simple_sugarsync_settings (simple-sugarsync.php:255)",{"nodes":205,"edges":264},[206,211,216,220,222,226,228,232,234,238,240,244,246,250,252,256,258,262],{"id":207,"type":208,"label":209,"file":143,"line":210},"n0","source","$_POST['wp_ssync_username']",274,{"id":212,"type":213,"label":214,"file":143,"line":210,"wp_function":215},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":217,"type":208,"label":218,"file":143,"line":219},"n2","$_POST['wp_ssync_password']",276,{"id":221,"type":213,"label":214,"file":143,"line":219,"wp_function":215},"n3",{"id":223,"type":208,"label":224,"file":143,"line":225},"n4","$_POST['wp_ssync_path']",278,{"id":227,"type":213,"label":214,"file":143,"line":225,"wp_function":215},"n5",{"id":229,"type":208,"label":230,"file":143,"line":231},"n6","$_POST['wp_ssync_temp_path']",280,{"id":233,"type":213,"label":214,"file":143,"line":231,"wp_function":215},"n7",{"id":235,"type":208,"label":236,"file":143,"line":237},"n8","$_POST['wp_ssync_allow_ext']",282,{"id":239,"type":213,"label":214,"file":143,"line":237,"wp_function":215},"n9",{"id":241,"type":208,"label":242,"file":143,"line":243},"n10","$_POST['wp_ssync_thank_message']",284,{"id":245,"type":213,"label":214,"file":143,"line":243,"wp_function":215},"n11",{"id":247,"type":208,"label":248,"file":143,"line":249},"n12","$_POST['wp_ssync_show_form']",286,{"id":251,"type":213,"label":214,"file":143,"line":249,"wp_function":215},"n13",{"id":253,"type":208,"label":254,"file":143,"line":255},"n14","$_POST['wp_ssync_delete_file']",288,{"id":257,"type":213,"label":214,"file":143,"line":255,"wp_function":215},"n15",{"id":259,"type":208,"label":260,"file":143,"line":261},"n16","$_POST['wp_ssync_menu_pref']",291,{"id":263,"type":213,"label":214,"file":143,"line":261,"wp_function":215},"n17",[265,267,268,269,270,271,272,273,274],{"from":207,"to":212,"sanitized":266},false,{"from":217,"to":221,"sanitized":266},{"from":223,"to":227,"sanitized":266},{"from":229,"to":233,"sanitized":266},{"from":235,"to":239,"sanitized":266},{"from":241,"to":245,"sanitized":266},{"from":247,"to":251,"sanitized":266},{"from":253,"to":257,"sanitized":266},{"from":259,"to":263,"sanitized":266},9,"low",{"entryPoint":278,"graph":279,"unsanitizedCount":275,"severity":276},"\u003Csimple-sugarsync> (simple-sugarsync.php:0)",{"nodes":280,"edges":299},[281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298],{"id":207,"type":208,"label":209,"file":143,"line":210},{"id":212,"type":213,"label":214,"file":143,"line":210,"wp_function":215},{"id":217,"type":208,"label":218,"file":143,"line":219},{"id":221,"type":213,"label":214,"file":143,"line":219,"wp_function":215},{"id":223,"type":208,"label":224,"file":143,"line":225},{"id":227,"type":213,"label":214,"file":143,"line":225,"wp_function":215},{"id":229,"type":208,"label":230,"file":143,"line":231},{"id":233,"type":213,"label":214,"file":143,"line":231,"wp_function":215},{"id":235,"type":208,"label":236,"file":143,"line":237},{"id":239,"type":213,"label":214,"file":143,"line":237,"wp_function":215},{"id":241,"type":208,"label":242,"file":143,"line":243},{"id":245,"type":213,"label":214,"file":143,"line":243,"wp_function":215},{"id":247,"type":208,"label":248,"file":143,"line":249},{"id":251,"type":213,"label":214,"file":143,"line":249,"wp_function":215},{"id":253,"type":208,"label":254,"file":143,"line":255},{"id":257,"type":213,"label":214,"file":143,"line":255,"wp_function":215},{"id":259,"type":208,"label":260,"file":143,"line":261},{"id":263,"type":213,"label":214,"file":143,"line":261,"wp_function":215},[300,301,302,303,304,305,306,307,308],{"from":207,"to":212,"sanitized":266},{"from":217,"to":221,"sanitized":266},{"from":223,"to":227,"sanitized":266},{"from":229,"to":233,"sanitized":266},{"from":235,"to":239,"sanitized":266},{"from":241,"to":245,"sanitized":266},{"from":247,"to":251,"sanitized":266},{"from":253,"to":257,"sanitized":266},{"from":259,"to":263,"sanitized":266},{"summary":310,"deductions":311},"The \"simple-sugarsync-upload\" v1.2.0 plugin presents a mixed security posture.  On the positive side, there are no known CVEs associated with this plugin, indicating a potentially stable past. The absence of raw SQL queries and the use of prepared statements for all database interactions is a significant strength, mitigating risks of SQL injection. However, the static analysis reveals several critical concerns.  The most alarming finding is that 0% of the 17 total output operations are properly escaped. This means user-supplied data, or data manipulated by user input, could be rendered directly into the browser, leading to cross-site scripting (XSS) vulnerabilities.  Furthermore, the taint analysis indicates that both analyzed flows involve unsanitized paths, suggesting potential for path traversal or other file system related vulnerabilities, even though no critical or high severity taint flows were explicitly flagged. The lack of any nonce or capability checks, despite the presence of file operations and external HTTP requests, creates a significant attack vector. Any functionality exposed without proper authorization checks is a serious risk, as attackers could trigger these operations without authentication. The plugin has a small attack surface with only one shortcode and no AJAX handlers or REST API routes, which is good, but the unprotected nature of the shortcode is a concern.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and secure database practices, the complete lack of output escaping and the absence of authorization checks on its entry points (specifically the shortcode) are major weaknesses. The unsanitized paths identified in the taint analysis further amplify these concerns. The plugin is highly susceptible to XSS attacks and unauthorized execution of its functions, making it a significant risk for any WordPress site.",[312,315,317,319,322],{"reason":313,"points":314},"0% of output operations are properly escaped",15,{"reason":316,"points":11},"No nonce checks",{"reason":318,"points":11},"No capability checks",{"reason":320,"points":321},"Unsanitized paths in taint analysis (2 flows)",8,{"reason":323,"points":199},"Shortcode is an entry point without auth checks","2026-03-17T00:53:41.929Z",{"wat":326,"direct":332},{"assetPaths":327,"generatorPatterns":329,"scriptPaths":330,"versionParams":331},[328],"\u002Fwp-content\u002Fplugins\u002Fsimple-sugarsync-upload\u002Fcss\u002Fwp-ssync-style.css",[],[],[],{"cssClasses":333,"htmlComments":338,"htmlAttributes":339,"restEndpoints":341,"jsGlobals":342,"shortcodeOutput":343},[334,335,336,337],"wp-ssync","input_form","sucess","syntax_error",[],[340],"data-wp-ssync-path",[],[],[344],"[simple-wp-sugarsync]"]