[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0BK-pnbAe_A9UrX7FrnVHDvnMgnb6T_vP__IlLvd0HM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":130,"fingerprints":194},"svnzip","SVN Zip","0.1","flashpixx","https:\u002F\u002Fprofiles.wordpress.org\u002Fflashpixx\u002F","\u003Cp>\u003Cstrong>This plugin is not be in developing anymore, all functionality is moved to a new plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frepositoryzip\u002F\" rel=\"ugc\">Repository Zip\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin creates zip download links within articles and pages of a subversion repository. On each call the subversion revision number, link text, css name and download\u003Cbr \u002F>\nname can be set, so that each link points to different subversion. The plugin need no configuration or something else.\u003C\u002Fp>\n","With this plugin a zip download link of a subversion repository can be created within blog articles and pages",10,1808,0,"2012-10-19T17:36:00.000Z","3.4.2","2.7","",[19,20,21,22,23],"download","revision","subversion","svn","zip","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsvnzip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsvnzip.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},4,90,89,30,86,"2026-04-04T14:41:56.566Z",[38,50,67,92,113],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":46,"homepage":48,"download_link":49,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"repositoryzip","Repository Zip","0.14","\u003Cp>The plugin creates zip download links within articles and pages of a subversion or git repository. On each call the subversion revision number \u002F git tag, link text, css name and download\u003Cbr \u002F>\nname can be set, so that each link points to different repositority parts.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>remote access to Git or Subversion repository\u003C\u002Fli>\n\u003Cli>local caching for the repository data\u003C\u002Fli>\n\u003Cli>automatic update to the head revision\u003C\u002Fli>\n\u003Cli>extension access only need on access\u003C\u002Fli>\n\u003Cli>free configuration of tags, branches, trunk and revision \u002F commit access\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 3.2 or newer\u003C\u002Fli>\n\u003Cli>PHP 5.3.0 or newer \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fde3.php.net\u002Fmanual\u002Fen\u002Fbook.zip.php\" rel=\"nofollow ugc\">PHP Zip extension\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>for SVN access\u003Cbr \u002F>\n* \u003Ca href=\"http:\u002F\u002Fde3.php.net\u002Fmanual\u002Fen\u002Fbook.svn.php\" rel=\"nofollow ugc\">PHP SVN extension\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>for Git access\u003Cbr \u002F>\n* Git client\u003Cbr \u002F>\n* PHP must execute shell commands (no safe mode)\u003C\u002Fp>\n\u003Ch3>Shortcode\u003C\u002Fh3>\n\u003Cp>Shotcut for SVN access\u003C\u002Fp>\n\u003Cpre>[svnzip url=\"url-to-your-svn\"]\u003C\u002Fpre>\n\u003Cp>The SVN tag uses three optional flags (the default values are set within the plugin settings):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“trunkdir” the name of the trunk directory\u003C\u002Fli>\n\u003Cli>“branchdir” the name of the branch directory\u003C\u002Fli>\n\u003Cli>“tagdir” the name of the tag directory\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Shotcut for Git access\u003C\u002Fp>\n\u003Cpre>[gitzip url=\"url-to-your-svn\"]\u003C\u002Fpre>\n\u003Cp>Parameters for both commands are (all parameters are optional):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“version” defines a special revision (SVN) \u002F commit (Git), which is used. If the parameter is not set, the latest revision (head) is used\u003C\u002Fli>\n\u003Cli>“downloadtext” filename for the downloaded file (if not is set, the linktext is used)\u003C\u002Fli>\n\u003Cli>“linktext” text of the link (default is set within the plugin settings)\u003C\u002Fli>\n\u003Cli>“cssclass” sets the CSS class of the link (default is set within the plugin settings)\u003C\u002Fli>\n\u003Cli>“type” enum value trunk | branch | tag for setting the repository part (default is trunk, for Git trunk is also used and it is applied to the master)\u003C\u002Fli>\n\u003Cli>“name” the value for tag- or branchname (on trunk it is ignored \u002F empty)\u003C\u002Fli>\n\u003C\u002Ful>\n","With this plugin a zip download link of a subversion or git repository can be created within blog articles and pages",2727,"2012-11-01T23:28:00.000Z",[19,47,21,22,23],"git","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frepositoryzip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frepositoryzip.0.14.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":11,"downloaded":58,"rating":13,"num_ratings":13,"last_updated":59,"tested_up_to":60,"requires_at_least":61,"requires_php":17,"tags":62,"homepage":65,"download_link":66,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"post-version-control","Post Version Control","1.0","Makis","https:\u002F\u002Fprofiles.wordpress.org\u002Fmakesites\u002F","\u003Cp>Posts can be grouped in many ways in WordPress but there is no direct version control system. This plugin offers a lightweight solution if you want version control for a group of posts.\u003C\u002Fp>\n\u003Cp>To make this work you define a keyword for each version control group you want to create. Then use that keyword as a prefix in the post name of each post in that group. The plugin will sort out the latest post automatically and label the rest as outdated.\u003C\u002Fp>\n\u003Cp>It also let’s you have a URL that will always point to the latest post of that version control group. That way you can give out the URL to others and be sure that your visitors will always be viewing the most recent post.\u003C\u002Fp>\n\u003Cp>This plugin will automatically:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Define if a post is part of a version control group. \u003C\u002Fli>\n\u003Cli>Search and locate the latest post by publish date.\u003C\u002Fli>\n\u003Cli>Label the older posts of the group as outdated.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is especially practical for bloggers that often revisit older subjects and have to do the linking with the updated posts manually. Or if you are like me and publish material that has versioning applied to it (ex. software) through a blogging platform.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>First thing you should do is visit the plugin’s options page (“Settings” -> “Post Version Control”).\u003C\u002Fp>\n\u003Cp>There you will find two fields:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>The keyword list field, where you enter all the keywords you want to track seperated from each other by a comma and a space “, “. Each of them defines a different version control group.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The path for the latest posts URL. By default the path is “\u002Fcurrent”. So if we have a keyword named “ajax” the URL: http:\u002F\u002Fwww.myblogaddress.com\u002Fcurrent\u002Fajax will point to the latest post of the “ajax” group.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>To link a post to a version control group of posts all you need to do is enter the keyword of that group as a prefix to the post_name of that post. So in the group “ajax” mentioned earlier all posts in that group should start with the “ajax-” prefix. An example list of that group of posts might be:\u003C\u002Fp>\n\u003Col>\n\u003Cli>ajax-first-post\u003C\u002Fli>\n\u003Cli>ajax-updated-version\u003C\u002Fli>\n\u003Cli>ajax-latest-news\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>..and so on.\u003C\u002Fp>\n\u003Cp>The plugin will automatically look through your posts of the same group and label the older ones by inserting an \u003C!– outdated –> tag. This is replaced by the content of “outdated.html” in runtime. This is an example of how you can style your outdated tag. Just insert it along with your other styles:\u003C\u002Fp>\n\u003Cp>\u003Cstyle>\u003C\u002Fp>\n\u003Cp>p.outdated{\u003Cbr \u002F>\n  border: dashed 1px #f00;\u003Cbr \u002F>\n  background: #eee;\u003Cbr \u002F>\n  color: #f00;\u003Cbr \u002F>\n  text-align: center;\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003Cp>p.outdated a {\u003Cbr \u002F>\n  color: #f00;\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003Cp>\u003C\u002Fstyle>\u003C\u002Fp>\n\u003Cp>Uninstalling should be pretty easy too. The only left overs are the \u003C!– outdated: … –> comments in the old posts content which of course are ignored when viewing the webpage. If you don’t mind that you don’t have to do anything else apart from de-activating the plugin through your WordPress administration.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This work is released under the terms of the GNU General Public License:\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.txt\u003C\u002Fp>\n","Automatic version control for posts with the same prefix in the post_name",2336,"2008-05-29T14:23:00.000Z","2.5.1","2.5",[63,20,21,22,64],"automatic","version-control","http:\u002F\u002Fwww.makesites.cc\u002Fprojects\u002Fpvc","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-version-control.1.0.zip",{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":77,"num_ratings":78,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":87,"download_link":88,"security_score":89,"vuln_count":90,"unpatched_count":13,"last_vuln_date":91,"fetched_at":28},"download-plugin","Download Plugin","2.4.0","Metagauss","https:\u002F\u002Fprofiles.wordpress.org\u002Fmetagauss\u002F","\u003Ch4>Download Plugin for WordPress\u003C\u002Fh4>\n\u003Cp>Download Plugin can easily download plugins, themes, users, blog posts, pages, comments, attachments, and more directly from your WordPress dashboard. Download Plugin can also download data from any plugin that uses custom post types, including WooCommerce products, Easy Digital Downloads, Portfolio Post Types, Slider Revolution, bbPress, WP Job Manager, JetPack, and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Plugins\u003C\u002Fstrong>: A download button is placed beside each plugin, allowing you to download the plugin in a zip file format. You can also select multiple plugins and use the bulk download option to download all selected plugins with a single click.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Themes\u003C\u002Fstrong>: Similar to plugins, a download button is placed beside each theme in your WordPress dashboard. You can download themes in a zip file format.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Users\u003C\u002Fstrong>: With the Download Plugin, you can download individual user data or multiple users’ metadata in a CSV file format. This feature simplifies user data management, allowing easy download and save user information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Blog Posts\u003C\u002Fstrong>: Export blog posts individually or in bulk with just a click. Download Plugin allows you to download blog posts in a CSV format for backup or migration purposes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Pages\u003C\u002Fstrong>: Download single or multiple pages from your WordPress site. This feature is perfect for backing up your content or transferring pages between sites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Custom Posts\u003C\u002Fstrong>: Download data from plugin that use custom post types. Download single custom post or a bulk download of multiple posts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Comments\u003C\u002Fstrong>: Download comments either individually or in bulk. Save user feedback and engagement safely.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Just activate this plugin.\u003C\u002Fli>\n\u003Cli>You can see Download link below each plugin name on plugins page.\u003C\u002Fli>\n\u003Cli>Click on any of them and that plugin’s zip will be downloaded to your computer.\u003C\u002Fli>\n\u003Cli>Cheers!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cblockquote>\n\u003Cp>Must-have utility plugin that allows you to download any plugin directly from WordPress Dashboard!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>WordPress download plugin is a utility plugin that does one thing, and does it perfectly. It may sound simple, but this feature plugs a hole in current set of WordPress plugin functionality. As a site admin you must be aware that you can search and install WordPress plugins directly from the dashboard, or you can upload the plugin as zip files, assuming you received it from another site (for example, a commercial plugin). Once installed, all plugins list themselves inside Dashboard -> Plugins page. After deactivating and deleting them, they simply disappear. All files are removed from the server instantly. WordPress does not allow you to backup or download the plugins before you jettison them from your site. If you also manage your server and are fairly comfortable doing so, you may find a more contrived way to download installed plugins via directory manager app or FTP. Obviously, this requires more than a single click and not for everyone.\u003C\u002Fp>\n\u003Cp>What exactly are plugins and how this plugin helps you save time or bail you out from difficult situations? Plugins are files and\u002F or directories, which are created inside your WordPress installation (defined by WordPress) when you first install them. Both active and deactivated files reside inside them. When you upload zip package of a plugin, WordPress extracts it and places the directory inside it in the plugins folder. Our plugin allows you to reverse the process. It will convert any plugin installed on your site into a zip package ready to be reinstalled later or moved to another site. It accomplishes this by simply adding a new link “Download” under the plugin title to already existing links. It is a single click process and hardly takes any time. Our plugin does not create any other page in the dashboard or clutter menus. It is lightweight, efficient and completely invisible until you need it.\u003C\u002Fp>\n\u003Cp>So why would you need it? While there can be many reasons, here are the primary we think you will find it useful.\u003C\u002Fp>\n\u003Ch4>A. Backup\u003C\u002Fh4>\n\u003Cp>The foremost and most common reason – when you wish to make backup of the plugin for future installation.\u003C\u002Fp>\n\u003Ch4>B. Premium\u002F Commercial Plugins\u003C\u002Fh4>\n\u003Cp>If you have purchased the plugin from a vendor site, you may want to make a backup of your new purchase to make sure you have it handy if the vendor is no longer available or your account is expired. Please note: Do check terms of use for commercial plugins on publisher’s site.\u003C\u002Fp>\n\u003Ch4>C. Migrating to a different site\u003C\u002Fh4>\n\u003Cp>So you have found yourselves dependent on some specific plugins that you want to use on all of your sites? You can download these plugins from your current site do a folder on your hard disk from where you can upload to your other sites.\u003C\u002Fp>\n\u003Ch4>D. Preserving Changes\u003C\u002Fh4>\n\u003Cp>If you DIY type and made modifications to plugin files to suit your requirements, you will want to make sure you have an archived copy of the plugin if the files get overwritten by an update etc.\u003C\u002Fp>\n\u003Ch4>Starter Guide\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetagauss.com\u002Fdownload-plugin-guide\u002F\" rel=\"nofollow ugc\">Checkout Download plugin guide\u003C\u002Fa> for more information.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins (Free Download From WordPress.org)\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdownload-theme\u002F\" rel=\"ugc\">Download Theme Plugin:\u003C\u002Fa> allows you to download any theme from your WordPress admin panel’s Appearance page.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-registration-form-builder-with-submission-manager\u002F\" rel=\"ugc\">User Registration and Login Plugin:\u003C\u002Fa> Take total control of end-to-end user registration process on your site with RegistrationMagic plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprofilegrid-user-profiles-groups-and-communities\u002F\" rel=\"ugc\">User Profiles and Membership Plugin:\u003C\u002Fa> Build awesome user profiles, restrict content and launch memberships with ProfileGrid plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feventprime-event-calendar-management\u002F\" rel=\"ugc\">User Events and Calendar Plugin:\u003C\u002Fa> Manage user events, sell tickets and publish event calendar with EventPrime plugin.\u003C\u002Fp>\n","Download any plugin from your WordPress admin panel's Plugins page by just one click! Now, download themes, users, blog posts, pages, custom post &hellip;",50000,930336,88,22,"2026-03-06T07:06:00.000Z","6.8.5","4.8","5.6",[19,68,84,85,86],"download-plugin-zip","plugin-zip","plugins","http:\u002F\u002Fmetagauss.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-plugin.2.4.0.zip",94,5,"2025-07-03 13:38:05",{"slug":93,"name":94,"version":95,"author":71,"author_profile":72,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":80,"requires_at_least":103,"requires_php":17,"tags":104,"homepage":87,"download_link":109,"security_score":110,"vuln_count":111,"unpatched_count":13,"last_vuln_date":112,"fetched_at":28},"download-theme","Download Theme","1.1.2","\u003Cp>Download Theme allows you to download any theme directly from your WordPress dashboard. It adds the download link right on the theme listing page, on each theme, as shown in the screenshot.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Just activate this plugin.\u003C\u002Fli>\n\u003Cli>You can see Download link on each theme box on Appearance page.\u003C\u002Fli>\n\u003Cli>Click on any of them and that theme’s zip will be downloaded to your computer.\u003C\u002Fli>\n\u003Cli>Cheers!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Download Theme Services\u003C\u002Fh4>\n\u003Cp>Download Theme now offers Theme Services. If you need expert help setting up your WordPress theme, simply go to your WordPress dashboard, navigate to the Help button in the top right corner, and click on Get Help Now.\u003C\u002Fp>\n\u003Ch4>Download Plugin\u003C\u002Fh4>\n\u003Cp>If you want to download any plugin from your WordPress admin panel’s Plugins page, then use our other plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdownload-plugin\" rel=\"ugc\">Download Plugin\u003C\u002Fa>\u003C\u002Fp>\n","Download any theme from your WordPress admin panel's Appearance page by just one click!",4000,127909,80,7,"2025-04-23T11:55:00.000Z","3.0",[93,105,106,107,108],"download-theme-zip","theme","theme-zip","themes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-theme.1.1.2.zip",100,1,"2023-05-24 00:00:00",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":110,"num_ratings":111,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":128,"download_link":129,"security_score":110,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"kp-zip-downloader","KP Zip Downloader","1.0.3","Kalpesh Prajapati","https:\u002F\u002Fprofiles.wordpress.org\u002Fkprajapati22\u002F","\u003Cp>KP Zip Downloader provides an easy way to download installed plugins and themes as ZIP files directly from your WordPress admin dashboard. This tool is particularly useful for developers, site administrators, or anyone needing to quickly access the source files for migration or backup purposes.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Download any installed plugin as a ZIP file.\u003C\u002Fli>\n\u003Cli>Download any installed theme as a ZIP file.\u003C\u002Fli>\n\u003Cli>Fully integrated with the WordPress admin dashboard.\u003C\u002Fli>\n\u003Cli>Simple and intuitive user interface.\u003C\u002Fli>\n\u003Cli>Lightweight and efficient.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows administrators to download installed plugins and themes as ZIP files directly from the WordPress dashboard.",2000,9366,"2025-12-06T19:54:00.000Z","6.9.4","5.0","7.4",[19,86,108,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkp-zip-downloader","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkp-zip-downloader.1.0.3.zip",{"attackSurface":131,"codeSignals":148,"taintFlows":155,"riskAssessment":184,"analyzedAt":193},{"hooks":132,"ajaxHandlers":144,"restRoutes":145,"shortcodes":146,"cronEvents":147,"entryPointCount":13,"unprotectedCount":13},[133,139],{"type":134,"name":135,"callback":136,"file":137,"line":138},"filter","the_content","fpx_svnzip_filter","svnzip.php",41,{"type":140,"name":141,"callback":142,"file":137,"line":143},"action","init","fpx_svnzip_init",42,[],[],[],[],{"dangerousFunctions":149,"sqlUsage":150,"outputEscaping":152,"fileOperations":31,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":154},[],{"prepared":13,"raw":13,"locations":151},[],{"escaped":13,"rawEcho":13,"locations":153},[],[],[156],{"entryPoint":157,"graph":158,"unsanitizedCount":182,"severity":183},"\u003Cdownload> (download.php:0)",{"nodes":159,"edges":178},[160,165,171,173],{"id":161,"type":162,"label":163,"file":164,"line":34},"n0","source","$_GET","download.php",{"id":166,"type":167,"label":168,"file":164,"line":169,"wp_function":170},"n1","sink","header() [Header Injection]",109,"header",{"id":172,"type":162,"label":163,"file":164,"line":34},"n2",{"id":174,"type":167,"label":175,"file":164,"line":176,"wp_function":177},"n3","fopen() [File Access]",113,"fopen",[179,181],{"from":161,"to":166,"sanitized":180},false,{"from":172,"to":174,"sanitized":180},2,"medium",{"summary":185,"deductions":186},"The svnzip v0.1 plugin exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, the use of prepared statements for all SQL queries, and proper output escaping are strong indicators of adherence to secure coding practices. Furthermore, the plugin has no recorded vulnerabilities, including critical or high-severity ones, which is a positive sign of its stability and historical security.\n\nHowever, there are specific areas of concern. The presence of a taint flow with an unsanitized path, despite having no recorded critical or high severity, suggests a potential for path traversal or file manipulation vulnerabilities if the data flowing into this path is not adequately validated or sanitized before being used in file operations. The plugin also performs file operations without explicit capability checks or nonce verification, which could be exploited if these operations are exposed through an unprotected entry point, though the analysis indicates zero unprotected entry points. The lack of nonce checks is a notable weakness in the context of AJAX requests, which are often targeted by attackers.\n\nIn conclusion, while svnzip v0.1 benefits from secure database and output handling and a clean vulnerability history, the identified unsanitized path flow and the absence of capability\u002Fnonce checks on file operations represent potential risks that warrant attention. A thorough review of these specific code paths and the context in which file operations are performed is recommended to ensure robust security.",[187,189,191],{"reason":188,"points":11},"Flow with unsanitized path",{"reason":190,"points":90},"File operations without capability checks",{"reason":192,"points":90},"File operations without nonce checks","2026-03-17T00:36:26.811Z",{"wat":195,"direct":200},{"assetPaths":196,"generatorPatterns":197,"scriptPaths":198,"versionParams":199},[],[],[],[],{"cssClasses":201,"htmlComments":202,"htmlAttributes":203,"restEndpoints":206,"jsGlobals":207,"shortcodeOutput":208},[],[],[204,205],"class","target",[],[],[209,210,211],"\u003Ca href=\"\u002Fwp-content\u002Fplugins\u002Fsvnzip\u002Fdownload.php?h=","SVN Download","\u003C\u002Fa>"]