[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faVJgSXl65OeZhIupDyzS0qeMdbZT6gYiYFOGoI5pfGU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":147,"fingerprints":275},"tiny-backup","Tiny Backup","1.1.1","Takashi Fujisaki","https:\u002F\u002Fprofiles.wordpress.org\u002Fejointjp\u002F","\u003Cp>Tiny Backup is a WordPress plugin that allows you to create backup files simply and without any complicated configuration.\u003Cbr \u002F>\nYou can create and download the bare minimum backup with just one click, stress-free.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Database backup (SQL inside ZIP)\u003C\u002Fli>\n\u003Cli>Files backup (select folders under \u003Ccode>wp-content\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Clear progress indicator and logs\u003C\u002Fli>\n\u003Cli>No external services; everything runs on your server\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is ideal for small to medium sites that need quick on-demand backups.\u003C\u002Fp>\n","Simple and minimal backup plugin for WordPress. Create database and files backups with one click.",0,174,"2025-11-18T03:09:00.000Z","6.8.5","6.0","7.4",[18,19,20,21,22],"admin","backup","database","files","zip","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftiny-backup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftiny-backup.1.1.1.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"ejointjp",5,230,94,30,90,"2026-04-04T11:51:11.680Z",[38,61,86,109,130],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":33,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":11,"last_vuln_date":60,"fetched_at":27},"backupwordpress","BackUpWordPress","3.14","Tom Willmot","https:\u002F\u002Fprofiles.wordpress.org\u002Fwillmot\u002F","\u003Cp>BackupWordPress was created by our friends at Human Made but is now under new ownership.  We’re committed to opensource and WordPress and will provide free support for the many BackupWordPress fans.\u003Cbr \u002F>\nWe’ll make occasional updates to the free software – please send us any patches you’d like to see released here: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Forgs\u002Fxibodevelopment\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Forgs\u002Fxibodevelopment\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>However, we’ll no longer be selling or supporting the paid add-ons (e.g. for backups to Dropbox and Google Drive). It’s certainly a good idea to backup to cloud storage to protect against server-wide risks.\u003Cbr \u002F>\nFor this we recommend \u003Ca href=\"https:\u002F\u002Fupdraftplus.com\u002F?afref=744\" rel=\"nofollow ugc\">UpdraftPlus WordPress Backups\u003C\u002Fa> which can do things for free BackupWordPress Premium could do on a paid basis.  Click here for \u003Ca href=\"https:\u002F\u002Fupdraftplus.com\u002Fbackupwordpress\u002F?afref=744\" rel=\"nofollow ugc\">full comparison\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>BackUpWordPress will back up your entire site including your database and all your files on a schedule that suits you. Try it now to see how easy it is!\u003C\u002Fp>\n\u003Cp>This plugin requires PHP version 5.3.2 or later\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Super simple to use, no setup required.\u003C\u002Fli>\n\u003Cli>Works in low memory, “shared host” environments.\u003C\u002Fli>\n\u003Cli>Manage multiple schedules.\u003C\u002Fli>\n\u003Cli>Option to have each backup file emailed to you.\u003C\u002Fli>\n\u003Cli>Uses \u003Ccode>zip\u003C\u002Fcode> and \u003Ccode>mysqldump\u003C\u002Fcode> for faster backups if they are available.\u003C\u002Fli>\n\u003Cli>Works on Linux & Windows Server.\u003C\u002Fli>\n\u003Cli>Exclude files and folders from your backups.\u003C\u002Fli>\n\u003Cli>Good support should you need help.\u003C\u002Fli>\n\u003Cli>Translations for Spanish, German, Chinese, Romanian, Russian, Serbian, Lithuanian, Italian, Czech, Dutch, French, Basque.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>We’d also love help translating the plugin into more languages, if you can help then please visit \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fbackupwordpress\u002Fdev\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fbackupwordpress\u002Fdev\u002F\u003C\u002Fa> to start translating.\u003C\u002Fp>\n","Simple automated backups of your WordPress-powered website.",90000,4904025,1374,"2024-04-24T09:40:00.000Z","6.5.8","3.9","",[54,19,55,20,22],"back-up","backups","https:\u002F\u002Fupdraftplus.com\u002Fbackupwordpress\u002F?afref=744","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbackupwordpress.3.14.zip",88,3,"2024-04-26 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":58,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":81,"download_link":82,"security_score":83,"vuln_count":84,"unpatched_count":11,"last_vuln_date":85,"fetched_at":27},"wp-database-backup","WP Database Backup – Unlimited Database & Files Backup by Backup for WP","7.9","Backup For WP","https:\u002F\u002Fprofiles.wordpress.org\u002Fdatabasebackup\u002F","\u003Cp>WP Database Backup plugin helps you to create Database Backup and Restore Database Backup easily on single click. Manual or Automated Database Backups And also store database backup on safe place- Dropbox,FTP,Email,Google drive, Amazon S3\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create Database Backup\u003Cbr \u002F>\nWP Database Backup plugin helps you to create Database Backup easily on single click.\u003C\u002Fli>\n\u003Cli>Auto Backup – Backup automatically on a repeating \u003Cstrong>schedule\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Website Migration – Migration Your Site with Just One Click!\u003C\u002Fli>\n\u003Cli>Download backup file direct from your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Easy To Install(Very easy to use)\u003Cbr \u002F>\nWP Database Backup is super easy to install. \u003C\u002Fli>\n\u003Cli>Simple to configure(very less configuration), less than a minute.\u003C\u002Fli>\n\u003Cli>Restore Database Backup\u003Cbr \u002F>\nWP Database Backup plugin helps you to Restore Database Backup easily on single click.\u003C\u002Fli>\n\u003Cli>Multiple storage destinations\u003C\u002Fli>\n\u003Cli>Store database backup on safe place- \u003Cstrong> Dropbox, Google drive, Amazon s3, FTP, sFTP, Backblaze, Email\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Reporting- Sends emailed backups and backup reports to any email addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exclude Table\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Database backup list pagination\u003C\u002Fli>\n\u003Cli>Search and Replace in database backup file.\u003C\u002Fli>\n\u003Cli>Search backup from list(Date\u002F Database Size)\u003C\u002Fli>\n\u003Cli>Sort backup list (Date\u002F Database Size)\u003C\u002Fli>\n\u003Cli>Save database backup file in zip format on local server And Send database backup file to destination in zip format\u003C\u002Fli>\n\u003Cli>Documentation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Subscribe to Backup for WP Cloudstorage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We are excited to introduce a new feature for the Backup for WP plugin , our \u003Ca href=\"https:\u002F\u002Fbackupforwp.com\u002Fregister\" rel=\"nofollow ugc\">Backup For WP Cloudstorage\u003C\u002Fa>. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Affordable Pricing\u003C\u002Fstrong>: Only $1 per 50GB of storage per website per month, with a flexible pay-as-you-go model. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>14-Day Free Trial\u003C\u002Fstrong>: Start with a 14-day free trial to experience the benefits of cloud storage without any upfront cost.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scalable Storage\u003C\u002Fstrong>: Easily adjusts to your storage needs, providing as much space as required for your backups. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Cloud Storage\u003C\u002Fstrong>: All backups are stored securely in the cloud, protecting your data from unauthorized access \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We try our best to provide support on WordPress.org forums. However, We have a special \u003Ca href=\"https:\u002F\u002Fmagazine3.company\u002Fcontact\u002F\" rel=\"nofollow ugc\">team support\u003C\u002Fa> where you can ask us questions and get help. Delivering a good user experience means a lot to us and so we try our best to reply each and every question that gets asked.\u003C\u002Fp>\n\u003Ch3>Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports for WP Database Backup  are \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fahmedkaludi\u002Fwp-database-backup\" rel=\"nofollow ugc\">welcomed on GitHub\u003C\u002Fa>. Please note GitHub is not a support forum, and issues that aren’t properly qualified as bugs will be closed.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin uses the following third-party libraries:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong> Google APIs Client Library for PHP \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Author: Google\u003C\u002Fli>\n\u003Cli>URL: https:\u002F\u002Fgithub.com\u002Fgoogleapis\u002Fgoogle-api-php-client\u003C\u002Fli>\n\u003Cli>License: Apache License, Version 2.0 (the “License”)\u003C\u002Fli>\n\u003Cli>License URL: http:\u002F\u002Fwww.apache.org\u002Flicenses\u002FLICENSE-2.0\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong> PHP Secure Communications Library \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Author: phpseclib\u003C\u002Fli>\n\u003Cli>URL:https:\u002F\u002Fgithub.com\u002Fphpseclib\u002Fphpseclib\u003C\u002Fli>\n\u003Cli>License: MIT License (or any other applicable license)\u003C\u002Fli>\n\u003Cli>License URL: http:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>PhpConcept Library – Zip Module \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Author: Vincent Blavet\u003C\u002Fli>\n\u003Cli>URL:http:\u002F\u002Fwww.phpconcept.net\u003C\u002Fli>\n\u003Cli>License: License GNU\u002FLGPL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>phpFileTree \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Author: Cory S.N. LaViska’s\u003C\u002Fli>\n\u003Cli>URL: https:\u002F\u002Fwww.abeautifulsite.net\u002Fblog\u002F2007\u002F06\u002Fphp-file-tree\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Create & Restore Database Backup easily on single click. Manual or automated backups (backup to Dropbox, Google drive, Amazon s3,FTP,Email).",30000,2173638,101,"2026-01-22T06:51:00.000Z","6.9.4","3.1","5.6.20",[19,77,78,79,80],"cloud-backup","database-backup","files-backup","wordpress-backup","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-database-backup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-database-backup.7.9.zip",87,13,"2025-01-08 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":14,"requires_at_least":99,"requires_php":52,"tags":100,"homepage":52,"download_link":105,"security_score":106,"vuln_count":31,"unpatched_count":107,"last_vuln_date":108,"fetched_at":27},"zippy","Zippy","1.7.0","Gesundheit Bewegt GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Floyaltymanufaktur\u002F","\u003Cp>Incredibly easy solution to archive pages and posts as zip file and unpack them back even on the other website!\u003C\u002Fp>\n\u003Cp>Archive posts and pages in one click. Transfer them to the other website or simple use this feature to backup you articles on the local computer.\u003C\u002Fp>\n\u003Ch4>Important\u003C\u002Fh4>\n\u003Cp>Please make sure Zip extension is enabled on your web server! Otherwise, the plugin will not work for you.\u003C\u002Fp>\n\u003Cp>More info: https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fbook.zip.php\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>archive posts as zip-files\u003C\u002Fli>\n\u003Cli>extract archives on any website with the installed plugin\u003C\u002Fli>\n\u003Cli>download and store posts as zip archives\u003C\u002Fli>\n\u003Cli>multiple posts support\u003C\u002Fli>\n\u003Cli>custom post types support\u003C\u002Fli>\n\u003C\u002Ful>\n","Incredibly easy solution to archive pages and posts as zip file and unpack them back even on the other website!",10000,227277,92,16,"2025-09-30T21:34:00.000Z","4.9",[101,19,102,103,104],"archive","custom-post-types","migration","zip-files","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzippy.1.7.0.zip",71,1,"2024-08-27 00:00:00",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":25,"num_ratings":119,"last_updated":120,"tested_up_to":14,"requires_at_least":121,"requires_php":16,"tags":122,"homepage":125,"download_link":126,"security_score":127,"vuln_count":128,"unpatched_count":11,"last_vuln_date":129,"fetched_at":27},"hackrepair-plugin-archiver","The Hack Repair Guy's Plugin Archiver","3.1.1","The Hack Repair Guy","https:\u002F\u002Fprofiles.wordpress.org\u002Ftvcnet\u002F","\u003Cp>Archive any plugin with one click. Archived plugins are hidden from your Plugins list and safely moved out of wp-content\u002Fplugins into a dedicated archive directory for easy restore later. Ideal for preventing accidental re-activation, testing different plugin sets, and keeping occasional-use tools out of sight until needed.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi_Gn22bWLVs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One‑click Archive link on the Plugins screen\u003C\u002Fli>\n\u003Cli>Bulk Archive \u002F Unarchive \u002F Delete actions\u003C\u002Fli>\n\u003Cli>Optional auto‑deactivate before archiving (recommended)\u003C\u002Fli>\n\u003Cli>Manage multiple archive directories and switch between them\u003C\u002Fli>\n\u003Cli>“Unarchive All” button on the Archived Plugins tab\u003C\u002Fli>\n\u003Cli>Non‑destructive: archiving does not remove a plugin’s settings\u002Fdata\u003C\u002Fli>\n\u003Cli>Uses the built‑in WordPress Filesystem API with capability and nonce checks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>When you Archive a plugin, its folder is moved from wp-content\u002Fplugins to your chosen archive directory (e.g., wp-content\u002Fplugins-archive-xxxxxx).\u003C\u002Fli>\n\u003Cli>Archived plugins are removed from the Plugins list, so they can’t be accidentally activated.\u003C\u002Fli>\n\u003Cli>You may switch the active archive directory or create new ones in Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugin Archiver.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Common use cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Maintain a “toolbox” of favorite utilities you don’t need to see every day\u003C\u002Fli>\n\u003Cli>Quarantine buggy or compromised plugins to avoid accidental activation\u003C\u002Fli>\n\u003Cli>Test different plugin stacks by pulling sets into and out of the archive\u003C\u002Fli>\n\u003Cli>Share management with others while reducing “oops, I clicked Activate” incidents\u003C\u002Fli>\n\u003C\u002Ful>\n","Disable Plugins Without Deleting — Archive and Restore in One Click",400,8390,11,"2025-09-11T16:27:00.000Z","6.6",[18,19,20,123,124],"performance","security","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fhackrepair-plugin-archiver\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhackrepair-plugin-archiver.3.1.1.zip",97,2,"2025-09-16 00:00:00",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":25,"downloaded":138,"rating":11,"num_ratings":11,"last_updated":139,"tested_up_to":140,"requires_at_least":141,"requires_php":52,"tags":142,"homepage":144,"download_link":145,"security_score":146,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"remote-database-backup","Remote Database Backup","1.00.1","binnyva","https:\u002F\u002Fprofiles.wordpress.org\u002Fbinnyva\u002F","\u003Cp>This plugin creates SQL dumps of your wordpress database. It is based on the WordPress Database Backup plugin(http:\u002F\u002Fwww.ilfilosofo.com\u002Fblog\u002Fwp-db-backup) – but it removes some of the security restrictions in the plugin to enable automated remote backups. You still need the admin user name and password to do a remote backup.\u003C\u002Fp>\n\u003Ch3>How to Use\u003C\u002Fh3>\n\u003Cp>One the plugin is enabled, you create a backup by going to Manage > DB Backup. You can download the backups to your system or you can leave it on the server.\u003C\u002Fp>\n","Lets you create and download SQL dumps of your wordpress database for backup.",28934,"2009-07-10T20:18:00.000Z","2.8","2.5",[18,19,20,143],"db","http:\u002F\u002Fwww.bin-co.com\u002Fblog\u002F2008\u002F10\u002Fremote-database-backup-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremote-database-backup.1.00.1.zip",85,{"attackSurface":148,"codeSignals":202,"taintFlows":226,"riskAssessment":265,"analyzedAt":274},{"hooks":149,"ajaxHandlers":185,"restRoutes":199,"shortcodes":200,"cronEvents":201,"entryPointCount":59,"unprotectedCount":59},[150,156,160,164,168,172,176,180],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","admin_menu","add_menu","includes\\class-tnbu-core.php",54,{"type":151,"name":157,"callback":158,"file":154,"line":159},"admin_init","register_settings",55,{"type":151,"name":161,"callback":162,"file":154,"line":163},"admin_enqueue_scripts","enqueue_admin_assets",56,{"type":151,"name":165,"callback":166,"file":154,"line":167},"admin_post_tnbu_download_backup","handle_download_backup",57,{"type":151,"name":169,"callback":170,"file":154,"line":171},"admin_post_tnbu_delete_selected_backups","handle_delete_selected_backups",58,{"type":151,"name":173,"callback":174,"file":154,"line":175},"admin_post_tnbu_reset_settings","handle_reset_settings",59,{"type":151,"name":177,"callback":178,"file":154,"line":179},"admin_notices","show_admin_notices",60,{"type":181,"name":182,"callback":183,"file":154,"line":184},"filter","plugin_action_links_tiny-backup\u002Ftiny-backup.php","add_plugin_action_links",66,[186,191,195],{"action":187,"nopriv":188,"callback":189,"hasNonce":188,"hasCapCheck":188,"file":154,"line":190},"tnbu_progress",false,"ajax_progress",61,{"action":192,"nopriv":188,"callback":193,"hasNonce":188,"hasCapCheck":188,"file":154,"line":194},"tnbu_start_backup","ajax_start_backup",62,{"action":196,"nopriv":188,"callback":197,"hasNonce":188,"hasCapCheck":188,"file":154,"line":198},"tnbu_list_wpcontent","ajax_list_wpcontent",64,[],[],[],{"dangerousFunctions":203,"sqlUsage":204,"outputEscaping":216,"fileOperations":223,"externalRequests":11,"nonceChecks":31,"capabilityChecks":224,"bundledLibraries":225},[],{"prepared":59,"raw":59,"locations":205},[206,210,213],{"file":207,"line":208,"context":209},"includes\\class-tnbu-database-backup.php",127,"$wpdb->get_row() with variable interpolation",{"file":207,"line":211,"context":212},139,"$wpdb->get_col() with variable interpolation",{"file":207,"line":214,"context":215},148,"$wpdb->get_var() with variable interpolation",{"escaped":217,"rawEcho":107,"locations":218},69,[219],{"file":220,"line":221,"context":222},"includes\\class-tnbu-ajax-handler.php",376,"raw output",9,7,[],[227,254],{"entryPoint":228,"graph":229,"unsanitizedCount":11,"severity":253},"handle_download_backup (includes\\class-tnbu-ajax-handler.php:303)",{"nodes":230,"edges":249},[231,236,242,245],{"id":232,"type":233,"label":234,"file":220,"line":235},"n0","source","$_GET (x2)",313,{"id":237,"type":238,"label":239,"file":220,"line":240,"wp_function":241},"n1","sink","header() [Header Injection]",349,"header",{"id":243,"type":233,"label":244,"file":220,"line":235},"n2","$_GET",{"id":246,"type":238,"label":247,"file":220,"line":221,"wp_function":248},"n3","echo() [XSS]","echo",[250,252],{"from":232,"to":237,"sanitized":251},true,{"from":243,"to":246,"sanitized":251},"low",{"entryPoint":255,"graph":256,"unsanitizedCount":11,"severity":253},"\u003Cclass-tnbu-ajax-handler> (includes\\class-tnbu-ajax-handler.php:0)",{"nodes":257,"edges":262},[258,259,260,261],{"id":232,"type":233,"label":234,"file":220,"line":235},{"id":237,"type":238,"label":239,"file":220,"line":240,"wp_function":241},{"id":243,"type":233,"label":244,"file":220,"line":235},{"id":246,"type":238,"label":247,"file":220,"line":221,"wp_function":248},[263,264],{"from":232,"to":237,"sanitized":251},{"from":243,"to":246,"sanitized":251},{"summary":266,"deductions":267},"The tiny-backup plugin v1.1.1 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices in output escaping, with 99% of outputs properly escaped, and has no recorded history of vulnerabilities (CVEs).  Furthermore, the code analysis shows no critical or high severity taint flows and a low percentage of SQL queries not using prepared statements, suggesting robust handling of data manipulation and preventing common injection attacks. The absence of external HTTP requests also reduces the attack surface from external services.\n\nHowever, a significant concern lies in the unprotected attack surface. The plugin exposes three AJAX handlers without any authentication or authorization checks. This presents a direct and substantial risk, as any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure depending on their functionality. While the plugin has a good number of nonce and capability checks overall, their absence on these specific AJAX entry points is a critical oversight. The lack of reported vulnerabilities historically might be misleading; the current design of unprotected AJAX handlers could easily harbor exploitable flaws that haven't been discovered or disclosed yet.\n\nIn conclusion, while tiny-backup v1.1.1 benefits from strong output sanitization and a clean vulnerability history, the presence of unprotected AJAX handlers represents a serious security weakness. This oversight could lead to significant security issues if these handlers are not properly secured. The plugin's strengths in other areas are overshadowed by this critical flaw in its entry point security.",[268,271],{"reason":269,"points":270},"AJAX handlers without auth checks",15,{"reason":272,"points":273},"3 unprotected AJAX entry points",10,"2026-03-17T06:21:22.709Z",{"wat":276,"direct":285},{"assetPaths":277,"generatorPatterns":280,"scriptPaths":281,"versionParams":282},[278,279],"\u002Fwp-content\u002Fplugins\u002Ftiny-backup\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Ftiny-backup\u002Fassets\u002Fjs\u002Fadmin.js",[],[279],[283,284],"tiny-backup\u002Fassets\u002Fcss\u002Fadmin.css?ver=","tiny-backup\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":286,"htmlComments":294,"htmlAttributes":295,"restEndpoints":298,"jsGlobals":299,"shortcodeOutput":305},[287,288,289,290,291,292,293],"tnbu-backup-toggles","tnbu-file-related","tnbu-files-ui","tnbu-files-tree","tnbu-target-dir","tnbu-wrap","tnbu-settings-form",[],[296,297],"tnbuOptionKey","tnbuPresetItems",[],[300,301,302,303,304],"window.tnbuFilesNonce","window.tnbuAjaxNonce","window.ajaxurl","window.tnbuOptionKey","window.tnbuPresetItems",[]]