[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCACpiv4YIvNd44v95Jh8g-KA8sdAcOAxu8HV2lAX9Yo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":127,"fingerprints":436},"smoothgallery","SmoothGallery","1.15.8","Christian Schenk","https:\u002F\u002Fprofiles.wordpress.org\u002Fchschenk\u002F","\u003Cp>This plugin embeds JonDesign’s \u003Ca href=\"http:\u002F\u002Fsmoothgallery.jondesign.net\u002F\" rel=\"nofollow ugc\">SmoothGallery\u003C\u002Fa> into your posts and pages.\u003C\u002Fp>\n\u003Cp>It’s this simple:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>upload some pictures to a post\u002Fpage\u003C\u002Fli>\n\u003Cli>use the shortcode “smoothgallery”\u003C\u002Fli>\n\u003Cli>add a custom field named “smoothgallery” with some \u003Ca href=\"http:\u002F\u002Fwww.christianschenk.org\u002Fprojects\u002Fwordpress-smoothgallery-plugin\u002F#option\" rel=\"nofollow ugc\">options\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>watch your gallery 😉\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There’re a lot more possibilities with this plugin. Please have a more\u003Cbr \u002F>\ndetailed look at it and don’t hesitate to leave a\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.christianschenk.org\u002Fprojects\u002Fwordpress-smoothgallery-plugin\u002F#respond\" rel=\"nofollow ugc\">comment\u003C\u002Fa>\u003Cbr \u002F>\nif you’d like to suggest a feature, need help with the plugin or just\u003Cbr \u002F>\nwant to say how cool this is 😉\u003C\u002Fp>\n\u003Ch3>Licence\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL.\u003C\u002Fp>\n","Embed JonDesign's SmoothGallery into your posts and pages.",70,47178,20,1,"2014-08-24T21:17:00.000Z","3.9.40","2.0","",[20,21,22,23,4],"gallery","images","jondesign","pictures","http:\u002F\u002Fwww.christianschenk.org\u002Fprojects\u002Fwordpress-smoothgallery-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmoothgallery.1.15.8.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"chschenk",3,280,30,84,"2026-04-04T07:27:31.360Z",[39,60,75,94,113],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":57,"download_link":58,"security_score":11,"vuln_count":14,"unpatched_count":14,"last_vuln_date":59,"fetched_at":29},"facebook-photo-fetcher","Social Photo Fetcher","3.0.4","JK","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustin_k\u002F","\u003Cp>Social Photo Fetcher (previously called “Facebook Photo Fetcher”) allows you to quickly and easily generate WordPress photo galleries from Facebook albums.\u003C\u002Fp>\n\u003Cp>The idea was inspired by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ffotobook\u002F\" rel=\"ugc\">Fotobook\u003C\u002Fa>, though its approach is fundamentally different: while Fotobook’s emphasis is on automation, this plugin allows a great deal of customization.  With it you can create galleries in any Post or Page you like, right alongside your regular content. You do this simply by putting a “magic HTML tag” in the post’s content – much like \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FGallery_Shortcode\" rel=\"nofollow ugc\">WordPress Shortcode\u003C\u002Fa>. Upon saving, the tag will instantly be populated with the Facebook album content. Presentation is fully customizable via parameters to the “magic tag” – you can choose to show only a subset of an album’s photos, change the number of photos per column, show photo captions, and more.  Plus, Social Photo Fetcher doesn’t limit you to just your own albums: it can create galleries from fanpages as well.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses Facebook’s API to instantly create WordPress photo galleries from Facebook albums.\u003C\u002Fli>\n\u003Cli>Galleries are fully customizable: you can import complete albums, select excerpts, random excerpts, album descriptions, photo captions, and more.\u003C\u002Fli>\n\u003Cli>Galleries can be organized however you like: in any post or page, alone or alongside your other content.\u003C\u002Fli>\n\u003Cli>Simple PHP template function allows programmers to manually embed albums in any template or widget.\u003C\u002Fli>\n\u003Cli>Built-in LightBox: Photos appear in attractive pop-up overlays without the need for any other plugins.\u003C\u002Fli>\n\u003Cli>Admin panel handles all the setup for you: Just login and you’re ready to start making albums.\u003C\u002Fli>\n\u003Cli>No custom database tables required; galleries live in regular post content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a Demo Gallery, see the \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher\" rel=\"nofollow ugc\">plugin’s homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>Many hours have gone into developing & maintaining this plugin, far beyond my own personal needs. If you find it useful, please consider \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher\u002F#donate\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> to help support its continued development.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin uses the Facebook API to fetch photo albums from Facebook. Facebook’s security rules require that apps must authorize from one specific, known location. In order comply with this requirement, when you first authorize the plugin from its admin panel, a Facebook dialog will be initiated via my own authentication server. The dialog itself is shown directly by Facebook, and Facebook handles the entire login process – no personal information will be transferred via my server, as Facebook only supplies a single-use token which I then hand back to your site to be stored. This is what the plugin uses in order to fetch the photos. For more information about how the Facebook authorization process works, please see \u003Ca href=\"https:\u002F\u002Fdevelopers.facebook.com\u002Fdocs\u002Ffacebook-login\u002Fweb\" rel=\"nofollow ugc\">Facebook’s documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Usage of this plugin means the site administrator is consenting to \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpolicy.php\" rel=\"nofollow ugc\">Facebook’s data policy\u003C\u002Fa>. Fetched album data will be stored in your WordPress database, in posts or pages of your choosing. It can be removed by deleting those posts or pages. You are solely responsible for the security and protection of the fetched data, as it resides on and is hosted within your own WordPress site.\u003C\u002Fp>\n\u003Cp>I do not store or process any of your data.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please direct all support requests \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher#feedback\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n","Allows you to automatically create Wordpress photo galleries from Facebook albums.  Simple to use and highly customizable.",1000,258658,74,12,"2024-04-04T23:45:00.000Z","6.5.8","2.5",[55,20,21,56,23],"facebook","photos","https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacebook-photo-fetcher.3.0.4.zip","2025-12-08 00:00:00",{"slug":61,"name":62,"version":63,"author":7,"author_profile":8,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":16,"requires_at_least":53,"requires_php":18,"tags":71,"homepage":73,"download_link":74,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"thickbox","ThickBox","1.6.1","\u003Cp>Allows you to embed ThickBox into your blog. Simply insert ThickBox compliant markup\u003Cbr \u002F>\nwhere ever you want and you’re all set. It is a pretty lightweight plugin but here\u003Cbr \u002F>\nare some of its features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>comes with an expert mode that allows you include the JavaScript and CSS for ThickBox only on those pages that actually need it\u003C\u002Fli>\n\u003Cli>you can opt to use the script and style already bundled with WordPress\u003C\u002Fli>\n\u003Cli>automatically adds the correct class attribute when using the gallery shortcode\u003C\u002Fli>\n\u003Cli>and also contains SmoothBox\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Licence\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL.\u003C\u002Fp>\n","Embed ThickBox into your posts and pages.",200,97645,52,5,"2014-06-21T10:43:00.000Z",[20,21,23,72,61],"smoothbox","http:\u002F\u002Fwww.christianschenk.org\u002Fprojects\u002Fwordpress-thickbox-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthickbox.1.6.1.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":18,"download_link":93,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"easy-gallery-slider","Easy Gallery Slider","0.6.6","iNexi","https:\u002F\u002Fprofiles.wordpress.org\u002Finexi\u002F","\u003Cp>This slider is easy to use, but powerful. It is designed to be responsive, and works perfectly with mobile devices. It can be automatically displayed on posts and pages, inserted by shortcode or PHP. The slides are pulled on each post from the attached images (gallery).\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically display slider for every post and\u002For page\u003C\u002Fli>\n\u003Cli>Slides are created from images attached to the post\u002Fpage it is displayed on (WordPress Gallery)\u003C\u002Fli>\n\u003Cli>Responsive slider performs the same on every platform (desktop or mobile)\u003C\u002Fli>\n\u003Cli>Fade or slide effects\u003C\u002Fli>\n\u003Cli>Navigation with buttons, “dots”, keyboard, scroll-wheel, automatic timer\u003C\u002Fli>\n\u003Cli>Show titles and descriptions with an overlay\u003C\u002Fli>\n\u003Cli>Link individual slides to any URL\u003C\u002Fli>\n\u003Cli>Show a “zoom” button to integrate with a Lightbox plugin\u003C\u002Fli>\n\u003Cli>Many options available through an easy to use admin interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please visit my homepage to submit bug reports and feature requests.\u003C\u002Fp>\n\u003Cp>Plugin Homepage: \u003Ca href=\"http:\u002F\u002Finexi.com\u002Fwordpress\" title=\"iNexi: WordPress Plugins\" rel=\"nofollow ugc\">iNexi.com\u003C\u002Fa>\u003C\u002Fp>\n","Responsive slider uses the images attached to a post or page. Simple to customize and configure.",100,36461,80,2,"2012-09-26T06:32:00.000Z","3.4.2","3.0",[20,21,23,91,92],"responsive","slider","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-gallery-slider.0.6.6.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":83,"num_ratings":69,"last_updated":104,"tested_up_to":105,"requires_at_least":89,"requires_php":18,"tags":106,"homepage":109,"download_link":110,"security_score":111,"vuln_count":14,"unpatched_count":14,"last_vuln_date":112,"fetched_at":29},"tp-gallery-slider","T&P Gallery Slider","1.2","pey22","https:\u002F\u002Fprofiles.wordpress.org\u002Fpey22\u002F","\u003Cp>This simple plugin shows a large size image in the page and below a scrollable row of thumbnails without scrollbar. You can scroll the thumbs while mouseover or mouseclick and choose an image for the big view.\u003Cbr \u002F>\nyou can also add each image a short description that displaying on the big image (the description is the images alt).\u003Cbr \u002F>\nyou can display slider from another post\u002Fpage by passing his ID to the short code [tp_gallery post_id=”id”].\u003Cbr \u002F>\nalso there is a setting page with beautiful preview box.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New!!! from T&P plugins: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftp-navigation-menu\" rel=\"ugc\">T&P Navigation Menu\u003C\u002Fa> – sticky navigation menu when scroll down the page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Create Images\u003C\u002Fh3>\n\u003Cp>You need all images of your gallery in the same size and have to upload them in the same aspect ratio.\u003Cbr \u002F>\n1. The size of the big image is the size of the first in the gallery. You should have all images in the gallery in the same width and heigth to avoid scaling.\u003Cbr \u002F>\n2. When putting the mouse over the big image will change.\u003C\u002Fp>\n","T&P Gallery Slider for WordPress is an image hover\u002Fclick gallery as a WordPress plugin.",50,14487,"2013-08-23T08:46:00.000Z","3.5.2",[20,107,21,108,23],"image","jquery","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftp-gallery-slider\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftp-gallery-slider.1.2.zip",61,"2025-04-14 00:00:00",{"slug":114,"name":115,"version":97,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":35,"downloaded":120,"rating":27,"num_ratings":27,"last_updated":121,"tested_up_to":122,"requires_at_least":53,"requires_php":18,"tags":123,"homepage":125,"download_link":126,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"simplegal","SimpleGal","dath","https:\u002F\u002Fprofiles.wordpress.org\u002Fdath\u002F","\u003Cp>With the \u003Cstrong>SimpleGal\u003C\u002Fstrong> plugin you can simply create galleries.\u003Cbr \u002F>\nJust upload your images, add the \u003Cstrong>SimpleGal\u003C\u002Fstrong> Shortcode to your posts or pages and the gallery will appear.\u003Cbr \u002F>\nFor an optimal gallery view you should install a lightbox plugin.\u003C\u002Fp>\n\u003Cp>Mit dem \u003Cstrong>SimpleGal\u003C\u002Fstrong> Plugin kannst du ganz einfach Galerien erstellen.\u003Cbr \u002F>\nEinfach deine Bilder hochladen, den \u003Cstrong>SimpleGal\u003C\u002Fstrong> Shortcode deinem Artikel oder deiner Seite hinzuf&uuml;gen und schon ist deine Galerie fertig.\u003Cbr \u002F>\nF&uuml;r eine optimale Galerie-Darstellung solltest du ein Lightbox-Plugin installieren.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Available languages:\u003C\u002Fstrong> English and German\u003C\u002Fp>\n","Create an Image-Gallery in 5 simple Steps. Just add the shortcode to your posts.",6209,"2012-03-01T16:34:00.000Z","3.3.2",[20,21,124,56,23],"lightbox","http:\u002F\u002Fwww.dath.info\u002Fwebwork\u002Fwp-plugins\u002Fsimplegal\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimplegal.1.2.zip",{"attackSurface":128,"codeSignals":188,"taintFlows":338,"riskAssessment":416,"analyzedAt":435},{"hooks":129,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":187,"entryPointCount":86,"unprotectedCount":27},[130,136,141,145,149,153,156,160,166,171,174],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","widgets_init","recent_images_box_widget_register","extra\\recent_images_box.php",102,{"type":131,"name":137,"callback":138,"file":139,"line":140},"init","smoothgallery_init","smoothgallery.php",93,{"type":131,"name":142,"callback":143,"file":139,"line":144},"wp_head","add_smoothgallery_css",181,{"type":131,"name":146,"callback":147,"file":139,"line":148},"wp_footer","add_smoothgallery_js",194,{"type":131,"name":150,"callback":151,"file":139,"line":152},"dbx_post_advanced","smoothgallery_old_custom_box",206,{"type":131,"name":154,"callback":151,"file":139,"line":155},"dbx_page_advanced",207,{"type":131,"name":157,"callback":158,"file":139,"line":159},"admin_menu","smoothgallery_add_custom_box",210,{"type":161,"name":162,"callback":163,"priority":164,"file":139,"line":165},"filter","attachment_fields_to_edit","smoothgallery_image_attachment_fields_to_edit",99,309,{"type":161,"name":167,"callback":168,"priority":169,"file":139,"line":170},"attachment_fields_to_save","smoothgallery_image_attachment_fields_to_save",11,323,{"type":131,"name":132,"callback":172,"file":139,"line":173},"smoothgallery_widget_register",493,{"type":131,"name":132,"callback":175,"file":139,"line":176},"anonymous",541,[],[],[180,184],{"tag":181,"callback":182,"file":134,"line":183},"recent-images-box","insert_recent_images_box_shortcode",72,{"tag":4,"callback":185,"file":139,"line":186},"smoothgallery_shortcode",287,[],{"dangerousFunctions":189,"sqlUsage":209,"outputEscaping":244,"fileOperations":245,"externalRequests":14,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":337},[190,195,200,203,205],{"fn":191,"file":192,"line":193,"context":194},"create_function","extra\\phpFlickr\\PEAR\\HTTP\\Request.php",939,"create_function('$a', 'return $a[0] . \\'=\\' . $a[1];'),",{"fn":196,"file":197,"line":198,"context":199},"unserialize","extra\\phpFlickr\\phpFlickr.php",233,"$this->parsed_response = $this->clean_text_nodes(unserialize($this->response));",{"fn":196,"file":197,"line":201,"context":202},318,"return unserialize(file_get_contents('http:\u002F\u002Fphpflickr.com\u002Fgeodata\u002F?format=php&lat=' . $lat . '&lon=",{"fn":191,"file":139,"line":176,"context":204},"add_action('widgets_init', create_function('', 'return register_widget(\"SmoothGallery_Widget\");'));",{"fn":196,"file":206,"line":207,"context":208},"utils.php",581,"$attachment_meta = unserialize($attachment_meta);",{"prepared":210,"raw":211,"locations":212},23,14,[213,217,219,221,223,225,227,229,231,233,235,238,240,242],{"file":214,"line":215,"context":216},"extra\\phpFlickr\\PEAR\\DB\\mysql.php",587,"$wpdb->query() with variable interpolation",{"file":214,"line":218,"context":216},609,{"file":214,"line":220,"context":216},666,{"file":214,"line":222,"context":216},673,{"file":214,"line":224,"context":216},678,{"file":214,"line":226,"context":216},696,{"file":214,"line":228,"context":216},734,{"file":230,"line":224,"context":216},"extra\\phpFlickr\\PEAR\\DB\\pgsql.php",{"file":230,"line":232,"context":216},717,{"file":230,"line":234,"context":216},736,{"file":236,"line":237,"context":216},"extra\\phpFlickr\\PEAR\\DB\\storage.php",209,{"file":197,"line":239,"context":216},114,{"file":197,"line":241,"context":216},123,{"file":197,"line":243,"context":216},124,{"escaped":14,"rawEcho":245,"locations":246},49,[247,251,253,255,257,260,262,264,266,268,269,271,273,275,277,279,281,283,285,287,288,290,292,294,295,297,299,301,303,305,307,309,310,312,313,314,315,317,318,320,322,324,326,328,330,332,333,335,336],{"file":248,"line":249,"context":250},"extra\\phpFlickr\\getToken.php",17,"raw output",{"file":236,"line":252,"context":250},278,{"file":236,"line":254,"context":250},279,{"file":256,"line":164,"context":250},"extra\\phpFlickr\\PEAR\\HTTP\\Request\\Listener.php",{"file":258,"line":259,"context":250},"extra\\phpFlickr\\PEAR\\PEAR.php",174,{"file":134,"line":261,"context":250},87,{"file":134,"line":263,"context":250},89,{"file":134,"line":265,"context":250},90,{"file":134,"line":267,"context":250},91,{"file":134,"line":140,"context":250},{"file":134,"line":270,"context":250},94,{"file":134,"line":272,"context":250},126,{"file":134,"line":274,"context":250},130,{"file":276,"line":198,"context":250},"extra\\resizer.php",{"file":276,"line":278,"context":250},433,{"file":276,"line":280,"context":250},434,{"file":276,"line":282,"context":250},1052,{"file":276,"line":284,"context":250},1252,{"file":139,"line":286,"context":250},60,{"file":139,"line":49,"context":250},{"file":139,"line":289,"context":250},179,{"file":139,"line":291,"context":250},192,{"file":139,"line":293,"context":250},232,{"file":139,"line":293,"context":250},{"file":139,"line":296,"context":250},350,{"file":139,"line":298,"context":250},352,{"file":139,"line":300,"context":250},353,{"file":139,"line":302,"context":250},354,{"file":139,"line":304,"context":250},356,{"file":139,"line":306,"context":250},357,{"file":139,"line":308,"context":250},455,{"file":139,"line":308,"context":250},{"file":139,"line":311,"context":250},456,{"file":139,"line":311,"context":250},{"file":139,"line":311,"context":250},{"file":139,"line":311,"context":250},{"file":139,"line":316,"context":250},459,{"file":139,"line":316,"context":250},{"file":139,"line":319,"context":250},508,{"file":139,"line":321,"context":250},510,{"file":139,"line":323,"context":250},511,{"file":139,"line":325,"context":250},512,{"file":139,"line":327,"context":250},514,{"file":139,"line":329,"context":250},515,{"file":139,"line":331,"context":250},533,{"file":139,"line":331,"context":250},{"file":139,"line":334,"context":250},534,{"file":139,"line":334,"context":250},{"file":139,"line":334,"context":250},[],[339,358,366,376,393,405],{"entryPoint":340,"graph":341,"unsanitizedCount":86,"severity":357},"auth (extra\\phpFlickr\\phpFlickr.php:531)",{"nodes":342,"edges":354},[343,348],{"id":344,"type":345,"label":346,"file":197,"line":347},"n0","source","$_SERVER (x2)",538,{"id":349,"type":350,"label":351,"file":197,"line":352,"wp_function":353},"n1","sink","header() [Header Injection]",542,"header",[355],{"from":344,"to":349,"sanitized":356},false,"medium",{"entryPoint":359,"graph":360,"unsanitizedCount":86,"severity":357},"\u003CphpFlickr> (extra\\phpFlickr\\phpFlickr.php:0)",{"nodes":361,"edges":364},[362,363],{"id":344,"type":345,"label":346,"file":197,"line":347},{"id":349,"type":350,"label":351,"file":197,"line":352,"wp_function":353},[365],{"from":344,"to":349,"sanitized":356},{"entryPoint":367,"graph":368,"unsanitizedCount":14,"severity":357},"tryBrowserCache (extra\\resizer.php:340)",{"nodes":369,"edges":374},[370,373],{"id":344,"type":345,"label":371,"file":276,"line":372},"$_SERVER['SERVER_PROTOCOL']",370,{"id":349,"type":350,"label":351,"file":276,"line":372,"wp_function":353},[375],{"from":344,"to":349,"sanitized":356},{"entryPoint":377,"graph":378,"unsanitizedCount":86,"severity":357},"serveErrors (extra\\resizer.php:423)",{"nodes":379,"edges":390},[380,382,383,386],{"id":344,"type":345,"label":371,"file":276,"line":381},424,{"id":349,"type":350,"label":351,"file":276,"line":381,"wp_function":353},{"id":384,"type":345,"label":385,"file":276,"line":280},"n2","$_SERVER['QUERY_STRING']",{"id":387,"type":350,"label":388,"file":276,"line":280,"wp_function":389},"n3","echo() [XSS]","echo",[391,392],{"from":344,"to":349,"sanitized":356},{"from":384,"to":387,"sanitized":356},{"entryPoint":394,"graph":395,"unsanitizedCount":33,"severity":357},"\u003Cresizer> (extra\\resizer.php:0)",{"nodes":396,"edges":402},[397,399,400,401],{"id":344,"type":345,"label":398,"file":276,"line":372},"$_SERVER['SERVER_PROTOCOL'] (x2)",{"id":349,"type":350,"label":351,"file":276,"line":372,"wp_function":353},{"id":384,"type":345,"label":385,"file":276,"line":280},{"id":387,"type":350,"label":388,"file":276,"line":280,"wp_function":389},[403,404],{"from":344,"to":349,"sanitized":356},{"from":384,"to":387,"sanitized":356},{"entryPoint":406,"graph":407,"unsanitizedCount":14,"severity":415},"\u003Csmoothgallery> (smoothgallery.php:0)",{"nodes":408,"edges":413},[409,412],{"id":344,"type":345,"label":410,"file":139,"line":411},"$_REQUEST",59,{"id":349,"type":350,"label":388,"file":139,"line":286,"wp_function":389},[414],{"from":344,"to":349,"sanitized":356},"low",{"summary":417,"deductions":418},"The smoothgallery plugin, version 1.15.8, presents a mixed security posture.  While the attack surface appears limited with no identified unprotected entry points and a lack of known CVEs, significant concerns arise from the static analysis. The presence of dangerous functions like `create_function` and `unserialize` is a red flag, as these can be exploited for code execution if not handled with extreme care. Furthermore, the alarmingly low percentage of properly escaped outputs (2%) strongly suggests a high risk of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website.\n\nDespite the absence of known vulnerabilities in its history, the code itself exhibits several concerning practices. The taint analysis shows flows with unsanitized paths, though no critical or high severity issues were flagged in this specific analysis. The lack of nonce checks and capability checks on potentially sensitive operations, coupled with the high number of file operations, further amplifies the risk.  The plugin's reliance on direct SQL queries, with a substantial portion not using prepared statements, also opens it up to SQL injection risks. In conclusion, while the plugin has no recorded public vulnerabilities, the internal code quality and practices present significant potential weaknesses that require immediate attention.",[419,422,424,427,430,433],{"reason":420,"points":421},"Presence of dangerous functions (create_function, unserialize)",15,{"reason":423,"points":421},"Low percentage of properly escaped output",{"reason":425,"points":426},"Flows with unsanitized paths",10,{"reason":428,"points":429},"SQL queries not using prepared statements",8,{"reason":431,"points":432},"No nonce checks",7,{"reason":434,"points":432},"No capability checks","2026-03-16T21:35:07.304Z",{"wat":437,"direct":447},{"assetPaths":438,"generatorPatterns":441,"scriptPaths":442,"versionParams":444},[439,440],"\u002Fwp-content\u002Fplugins\u002Fsmoothgallery\u002Fcss\u002Fjd.gallery.css","\u002Fwp-content\u002Fplugins\u002Fsmoothgallery\u002Fcss\u002FReMooz.css",[],[443],"\u002Fwp-content\u002Fplugins\u002Fsmoothgallery\u002Fjs\u002Fsmoothgallery.js",[445,446],"smoothgallery\u002Fstyle.css?ver=","smoothgallery\u002Fjs\u002Fsmoothgallery.js?ver=",{"cssClasses":448,"htmlComments":459,"htmlAttributes":461,"restEndpoints":474,"jsGlobals":475,"shortcodeOutput":476},[449,450,451,452,453,454,455,456,457,458],"jd-gallery","jd-controls","jd-caption","jd-loading","jd-preview","jd-thumbs","jd-thumbs-wrapper","jd-nav-prev","jd-nav-next","jd-nav-container",[460],"\u003C!-- Generated by SmoothGallery plugin -->",[462,463,464,465,466,467,468,469,470,471,472,473],"data-smoothgallery-id","data-smoothgallery-theme","data-smoothgallery-width","data-smoothgallery-height","data-smoothgallery-bordercolor","data-smoothgallery-autoplay","data-smoothgallery-delay","data-smoothgallery-fade","data-smoothgallery-circular","data-smoothgallery-continuous","data-smoothgallery-random","data-smoothgallery-pause",[],[5],[477],"[smoothgallery]"]