[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCK0tKJWU0O5DDg3POD8tQ4n14B7hThGVH7amviL4SCw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":61,"crawl_stats":36,"alternatives":64,"analysis":161,"fingerprints":496},"ungallery","UnGallery","2.2.4","mmond","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmond\u002F","\u003Cp>UnGallery displays your directories of images as a browsable WordPress gallery.\u003C\u002Fp>\n\u003Cp>The advantage of UnGallery is there is there is no gallery management required in WordPress.  You just point the plugin to a directory  of photos and they are immediately viewable via an existing WordPress site.  Any uploads, deletions, or edits you make to your photos and directory organization are automatically reflected in WordPress.\u003C\u002Fp>\n\u003Cp>If you’ve ever had to reorganize galleries after publishing, you know how inconvenient it is to return to a web tool to correct the paths, relink the thumbnails, update titles, etc.   With UnGallery, you can restructure entire galleries, edit a dozen party pic red-eyes, rename an event or remove individual photos and each of these changes is automatically live in WordPress.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fmarkpreynolds.com\u002Ftechnology\u002Fwordpress-ungallery\" rel=\"nofollow ugc\">Introduction and installation screencast\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Mark Reynolds http:\u002F\u002Fmarkpreynolds.com\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Unlimited depth, breadth, and number of photos in library. My gallery has ~24,000 pictures and movies.\u003C\u002Fli>\n\u003Cli>Photos are managed outside of WordPress.  Simply update a picture directory and UnGallery sees changes immediately.\u003C\u002Fli>\n\u003Cli>Galleries are searchable.  This became very helpful as gallery volume grew to thousands.\u003C\u002Fli>\n\u003Cli>Default and configurable gallery titles\u003C\u002Fli>\n\u003Cli>Galleries can be set to hidden.  These do not display in browsing, with access provided via direct link.\u003C\u002Fli>\n\u003Cli>Caching for faster page loads\u003C\u002Fli>\n\u003Cli>MP4 movies browsable within WordPress. Movies are linked and playable within browser.\u003C\u002Fli>\n\u003Cli>Image rotation support for orientation of jpegs with exif data\u003C\u002Fli>\n\u003Cli>Gallery hierarchy breadcrumb links\u003C\u002Fli>\n\u003Cli>Multiple gallery views, thumbnails, browsing navigation buttons, and slideshow.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Dependencies\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Linux on the WordPress server\u003C\u002Fli>\n\u003Cli>PHP 5\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All image sizes including thumbnails, selected image view, movies, and column layout are customizable.\u003C\u002Fli>\n\u003Cli>To display a caption over a gallery, add a file named banner.txt to that directory with the desired text.  The file can include plain text or html. If no banner.txt is found, the name of the directory used.\u003C\u002Fli>\n\u003Cli>To mark a gallery hidden, enter a name for hidden galleries on the UnGallery administration page. Any directories you create named “hidden”, will not be visible via normal gallery browsing. A direct link may be sent to provide access to hidden galleries.  \u003C\u002Fli>\n\u003Cli>You can include UnGallery images in other areas of your WordPress site or other sites by embedding the URL from UnGallery into the external site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>The MIT License\u003C\u002Fp>\n\u003Cp>Permission is hereby granted, free of charge, to any person obtaining a copy\u003Cbr \u002F>\nof this software and associated documentation files (the “Software”), to deal\u003Cbr \u002F>\nin the Software without restriction, including without limitation the rights\u003Cbr \u002F>\nto use, copy, modify, merge, publish, distribute, sublicense, and\u002For sell\u003Cbr \u002F>\ncopies of the Software, and to permit persons to whom the Software is\u003Cbr \u002F>\nfurnished to do so, subject to the following conditions:\u003C\u002Fp>\n\u003Cp>The above copyright notice and this permission notice shall be included in\u003Cbr \u002F>\nall copies or substantial portions of the Software.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\u003Cbr \u002F>\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\u003Cbr \u002F>\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\u003Cbr \u002F>\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\u003Cbr \u002F>\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\u003Cbr \u002F>\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\u003Cbr \u002F>\nTHE SOFTWARE.\u003C\u002Fp>\n","Publish thousands of pictures in WordPress, in minutes.",30,21333,74,3,"2014-12-31T05:49:00.000Z","4.1.42","",[19,20,21,22,4],"gallery","movies","mp4","pictures","http:\u002F\u002Fmarkpreynolds.com\u002Ftechnology\u002Fwordpress-ungallery","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fungallery.2.2.4.zip",58,2,1,"2024-04-18 00:00:00","2026-03-15T15:16:48.613Z",[31,45],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2024-3582","ungallery-cross-site-request-forgery-to-stored-cross-site-scripting","UnGallery \u003C= 2.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The UnGallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.4. This is due to missing or incorrect nonce validation on the ungallerysettings page. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious webscripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=2.2.4","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-05-16 12:33:44",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F84b45b34-c74c-4b56-bcb0-c905a9a44969?source=api-prod",{"id":46,"url_slug":47,"title":48,"description":49,"plugin_slug":4,"theme_slug":36,"affected_versions":50,"patched_in_version":51,"severity":52,"cvss_score":53,"cvss_vector":54,"vuln_type":55,"published_date":56,"updated_date":57,"references":58,"days_to_patch":60},"WF-5875a4c2-a309-41fb-8845-2935511ec6c0-ungallery","ungallery-command-injection","UnGallery \u003C 2.1.6 - Command Injection","The UnGallery plugin for WordPress is vulnerable to Command Injection in versions before 2.1.6 via the 'search' parameter. This makes it possible for unauthenticated attackers to execute arbitrary commands on the server.","\u003C2.1.6","2.1.6","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Generation of Code ('Code Injection')","2012-10-23 00:00:00","2024-01-22 19:56:02",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5875a4c2-a309-41fb-8845-2935511ec6c0?source=api-prod",4109,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":60,"trust_score":62,"computed_at":63},50,"2026-04-04T11:04:32.221Z",[65,87,110,129,147],{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":13,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":17,"tags":79,"homepage":83,"download_link":84,"security_score":85,"vuln_count":27,"unpatched_count":27,"last_vuln_date":86,"fetched_at":29},"facebook-photo-fetcher","Social Photo Fetcher","3.0.4","JK","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustin_k\u002F","\u003Cp>Social Photo Fetcher (previously called “Facebook Photo Fetcher”) allows you to quickly and easily generate WordPress photo galleries from Facebook albums.\u003C\u002Fp>\n\u003Cp>The idea was inspired by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ffotobook\u002F\" rel=\"ugc\">Fotobook\u003C\u002Fa>, though its approach is fundamentally different: while Fotobook’s emphasis is on automation, this plugin allows a great deal of customization.  With it you can create galleries in any Post or Page you like, right alongside your regular content. You do this simply by putting a “magic HTML tag” in the post’s content – much like \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FGallery_Shortcode\" rel=\"nofollow ugc\">WordPress Shortcode\u003C\u002Fa>. Upon saving, the tag will instantly be populated with the Facebook album content. Presentation is fully customizable via parameters to the “magic tag” – you can choose to show only a subset of an album’s photos, change the number of photos per column, show photo captions, and more.  Plus, Social Photo Fetcher doesn’t limit you to just your own albums: it can create galleries from fanpages as well.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses Facebook’s API to instantly create WordPress photo galleries from Facebook albums.\u003C\u002Fli>\n\u003Cli>Galleries are fully customizable: you can import complete albums, select excerpts, random excerpts, album descriptions, photo captions, and more.\u003C\u002Fli>\n\u003Cli>Galleries can be organized however you like: in any post or page, alone or alongside your other content.\u003C\u002Fli>\n\u003Cli>Simple PHP template function allows programmers to manually embed albums in any template or widget.\u003C\u002Fli>\n\u003Cli>Built-in LightBox: Photos appear in attractive pop-up overlays without the need for any other plugins.\u003C\u002Fli>\n\u003Cli>Admin panel handles all the setup for you: Just login and you’re ready to start making albums.\u003C\u002Fli>\n\u003Cli>No custom database tables required; galleries live in regular post content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a Demo Gallery, see the \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher\" rel=\"nofollow ugc\">plugin’s homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>Many hours have gone into developing & maintaining this plugin, far beyond my own personal needs. If you find it useful, please consider \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher\u002F#donate\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> to help support its continued development.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin uses the Facebook API to fetch photo albums from Facebook. Facebook’s security rules require that apps must authorize from one specific, known location. In order comply with this requirement, when you first authorize the plugin from its admin panel, a Facebook dialog will be initiated via my own authentication server. The dialog itself is shown directly by Facebook, and Facebook handles the entire login process – no personal information will be transferred via my server, as Facebook only supplies a single-use token which I then hand back to your site to be stored. This is what the plugin uses in order to fetch the photos. For more information about how the Facebook authorization process works, please see \u003Ca href=\"https:\u002F\u002Fdevelopers.facebook.com\u002Fdocs\u002Ffacebook-login\u002Fweb\" rel=\"nofollow ugc\">Facebook’s documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Usage of this plugin means the site administrator is consenting to \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpolicy.php\" rel=\"nofollow ugc\">Facebook’s data policy\u003C\u002Fa>. Fetched album data will be stored in your WordPress database, in posts or pages of your choosing. It can be removed by deleting those posts or pages. You are solely responsible for the security and protection of the fetched data, as it resides on and is hosted within your own WordPress site.\u003C\u002Fp>\n\u003Cp>I do not store or process any of your data.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please direct all support requests \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher#feedback\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n","Allows you to automatically create Wordpress photo galleries from Facebook albums.  Simple to use and highly customizable.",1000,258658,12,"2024-04-04T23:45:00.000Z","6.5.8","2.5",[80,19,81,82,22],"facebook","images","photos","https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Ffacebook-photo-fetcher","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacebook-photo-fetcher.3.0.4.zip",70,"2025-12-08 00:00:00",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":17,"tags":102,"homepage":106,"download_link":107,"security_score":108,"vuln_count":27,"unpatched_count":27,"last_vuln_date":109,"fetched_at":29},"piwigopress","PiwigoPress","2.33","vpiwigo","https:\u002F\u002Fprofiles.wordpress.org\u002Fvpiwigo\u002F","\u003Cp>On the one hand, PiwigoPress is a WordPress \u003Cstrong>Sidebar Widget\u003C\u002Fstrong> that links\u003Cbr \u002F>\nyour blog to some public pictures of a Piwigo gallery.  Thus, a Piwigo\u003Cbr \u002F>\ngallery with several public pictures in it is a prerequisite to make it\u003Cbr \u002F>\nworking. But even if you don’t have one yet, you can nonetheless give this\u003Cbr \u002F>\nplugin a try by using the Official Piwigo \u003Ca href=\"http:\u002F\u002Fpiwigo.org\u002Fdemo\u002F\" title=\"The demonstration gallery\" rel=\"nofollow ugc\">demonstration gallery\u003C\u002Fa> before\u003Cbr \u002F>\nsetting up your own gallery.\u003C\u002Fp>\n\u003Cp>PiwigoPress generates several highly valuable links in sidebars of your\u003Cbr \u002F>\nWordPress blog, all of them being optional: a thumbnail linking to\u003Cbr \u002F>\nthe corresponding picture page, menus directing to all albums defined\u003Cbr \u002F>\nas public in the gallery, several additional links to most recent, most\u003Cbr \u002F>\nviewed, most commented pictures, and more.\u003C\u002Fp>\n\u003Cp>On the other hand, by using \u003Cstrong>a shortcode\u003C\u002Fstrong> [PiwigoPress …] you can add\u003Cbr \u002F>\nany public picture of a Piwigo gallery. Here again you should try even\u003Cbr \u002F>\nthough you don’t have yet your Piwigo Gallery. Have a look with\u003Cbr \u002F>\n[PiwigoPress id=72 url=’http:\u002F\u002Fpiwigo.org\u002Fdemo’] in a post or page.\u003C\u002Fp>\n\u003Cp>Above all, PiwigoPress provides a shortcode \u003Cstrong>generator\u003C\u002Fstrong>. Each time you\u003Cbr \u002F>\nadd some pictures to your gallery you will be able to add a post related\u003Cbr \u002F>\nto your last uploaded photos. So, your friends and family are going to\u003Cbr \u002F>\nlike your photos and Search Engines are going reference your gallery with\u003Cbr \u002F>\nthe refbacks provided by PiwigoPress.\u003C\u002Fp>\n\u003Cp>When you’ve finished testing and want to create you own gallery, go to the\u003Cbr \u002F>\nPiwigo \u003Ca href=\"http:\u002F\u002Fpiwigo.org\u002Fbasics\u002Fdownloads\" title=\"Piwigo download page\" rel=\"nofollow ugc\">download page\u003C\u002Fa>, where you’ll find all the links you might need.\u003C\u002Fp>\n\u003Cp>Try “NetInstall” first. If it fails, switch to the “Package” download and\u003Cbr \u002F>\nfollow the full installation procedure. When ready, if you are a bit lost,\u003Cbr \u002F>\njust try Photos add page sheets (Web form, Applications, FTP + Synchronization)\u003Cbr \u002F>\nin your Piwigo gallery administration page.\u003C\u002Fp>\n\u003Cp>Development of PiwigoPress is open to contributions, please use the\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnorbusan\u002Fpiwigopress\" rel=\"nofollow ugc\">github page\u003C\u002Fa> for patches, bug reports, and issues.\u003C\u002Fp>\n\u003Ch3>Copyright\u002FLicense\u003C\u002Fh3>\n\u003Cp>PiwigoPress WordPress Plugin\u003C\u002Fp>\n\u003Cp>Copyright 2009-2012  VDigital\u003Cbr \u002F>\n  Copyright 2014-2024  Norbert Preining\u003C\u002Fp>\n\u003Cp>Contributions by\u003C\u002Fp>\n\u003Cp>Rüdiger Schulz 2015 (copyright transfered)\u003Cbr \u002F>\n  Anton Lavrov 2015\u003C\u002Fp>\n\u003Cp>Anton Lavrov’s contribution are under GPLv2+:\u003Cbr \u002F>\n  On Wed, 15 Jul 2015, Anton Lavrov wrote:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Hi Norbert,\u003C\u002Fp>\n\u003Cp>I hereby confirm that my contributions are under GPLv2 or higher.\u003C\u002Fp>\n\u003Cp>Please let me know if this is not exactly the wording you need.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>PiwigoPress is distributed under the terms of the GNU GPL version 2+\u003C\u002Fp>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation, either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\nalong with this program.  If not, see if not, write to the Free Software\u003Cbr \u002F>\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\u003C\u002Fp>\n","From any open API Piwigo gallery, swiftly include your photos in Posts\u002FPages and\u002For add randomized thumbnails and menus in your sidebar.",200,17749,66,7,"2024-10-21T07:11:00.000Z","4.9.29","2.8.4",[103,19,22,104,105],"galleries","randomize","shortcode","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpiwigopress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpiwigopress.zip",71,"2025-02-24 00:00:00",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":95,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":122,"requires_at_least":78,"requires_php":17,"tags":123,"homepage":125,"download_link":126,"security_score":127,"vuln_count":128,"unpatched_count":128,"last_vuln_date":36,"fetched_at":29},"thickbox","ThickBox","1.6.1","Christian Schenk","https:\u002F\u002Fprofiles.wordpress.org\u002Fchschenk\u002F","\u003Cp>Allows you to embed ThickBox into your blog. Simply insert ThickBox compliant markup\u003Cbr \u002F>\nwhere ever you want and you’re all set. It is a pretty lightweight plugin but here\u003Cbr \u002F>\nare some of its features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>comes with an expert mode that allows you include the JavaScript and CSS for ThickBox only on those pages that actually need it\u003C\u002Fli>\n\u003Cli>you can opt to use the script and style already bundled with WordPress\u003C\u002Fli>\n\u003Cli>automatically adds the correct class attribute when using the gallery shortcode\u003C\u002Fli>\n\u003Cli>and also contains SmoothBox\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Licence\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL.\u003C\u002Fp>\n","Embed ThickBox into your posts and pages.",97645,52,5,"2014-06-21T10:43:00.000Z","3.9.40",[19,81,22,124,111],"smoothbox","http:\u002F\u002Fwww.christianschenk.org\u002Fprojects\u002Fwordpress-thickbox-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthickbox.1.6.1.zip",85,0,{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":139,"num_ratings":26,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":17,"tags":143,"homepage":17,"download_link":146,"security_score":127,"vuln_count":128,"unpatched_count":128,"last_vuln_date":36,"fetched_at":29},"easy-gallery-slider","Easy Gallery Slider","0.6.6","iNexi","https:\u002F\u002Fprofiles.wordpress.org\u002Finexi\u002F","\u003Cp>This slider is easy to use, but powerful. It is designed to be responsive, and works perfectly with mobile devices. It can be automatically displayed on posts and pages, inserted by shortcode or PHP. The slides are pulled on each post from the attached images (gallery).\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically display slider for every post and\u002For page\u003C\u002Fli>\n\u003Cli>Slides are created from images attached to the post\u002Fpage it is displayed on (WordPress Gallery)\u003C\u002Fli>\n\u003Cli>Responsive slider performs the same on every platform (desktop or mobile)\u003C\u002Fli>\n\u003Cli>Fade or slide effects\u003C\u002Fli>\n\u003Cli>Navigation with buttons, “dots”, keyboard, scroll-wheel, automatic timer\u003C\u002Fli>\n\u003Cli>Show titles and descriptions with an overlay\u003C\u002Fli>\n\u003Cli>Link individual slides to any URL\u003C\u002Fli>\n\u003Cli>Show a “zoom” button to integrate with a Lightbox plugin\u003C\u002Fli>\n\u003Cli>Many options available through an easy to use admin interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please visit my homepage to submit bug reports and feature requests.\u003C\u002Fp>\n\u003Cp>Plugin Homepage: \u003Ca href=\"http:\u002F\u002Finexi.com\u002Fwordpress\" title=\"iNexi: WordPress Plugins\" rel=\"nofollow ugc\">iNexi.com\u003C\u002Fa>\u003C\u002Fp>\n","Responsive slider uses the images attached to a post or page. Simple to customize and configure.",100,36461,80,"2012-09-26T06:32:00.000Z","3.4.2","3.0",[19,81,22,144,145],"responsive","slider","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-gallery-slider.0.6.6.zip",{"slug":148,"name":149,"version":150,"author":114,"author_profile":115,"description":151,"short_description":152,"active_installs":85,"downloaded":153,"rating":154,"num_ratings":27,"last_updated":155,"tested_up_to":122,"requires_at_least":156,"requires_php":17,"tags":157,"homepage":159,"download_link":160,"security_score":127,"vuln_count":128,"unpatched_count":128,"last_vuln_date":36,"fetched_at":29},"smoothgallery","SmoothGallery","1.15.8","\u003Cp>This plugin embeds JonDesign’s \u003Ca href=\"http:\u002F\u002Fsmoothgallery.jondesign.net\u002F\" rel=\"nofollow ugc\">SmoothGallery\u003C\u002Fa> into your posts and pages.\u003C\u002Fp>\n\u003Cp>It’s this simple:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>upload some pictures to a post\u002Fpage\u003C\u002Fli>\n\u003Cli>use the shortcode “smoothgallery”\u003C\u002Fli>\n\u003Cli>add a custom field named “smoothgallery” with some \u003Ca href=\"http:\u002F\u002Fwww.christianschenk.org\u002Fprojects\u002Fwordpress-smoothgallery-plugin\u002F#option\" rel=\"nofollow ugc\">options\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>watch your gallery 😉\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There’re a lot more possibilities with this plugin. Please have a more\u003Cbr \u002F>\ndetailed look at it and don’t hesitate to leave a\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.christianschenk.org\u002Fprojects\u002Fwordpress-smoothgallery-plugin\u002F#respond\" rel=\"nofollow ugc\">comment\u003C\u002Fa>\u003Cbr \u002F>\nif you’d like to suggest a feature, need help with the plugin or just\u003Cbr \u002F>\nwant to say how cool this is 😉\u003C\u002Fp>\n\u003Ch3>Licence\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL.\u003C\u002Fp>\n","Embed JonDesign's SmoothGallery into your posts and pages.",47178,20,"2014-08-24T21:17:00.000Z","2.0",[19,81,158,22,148],"jondesign","http:\u002F\u002Fwww.christianschenk.org\u002Fprojects\u002Fwordpress-smoothgallery-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmoothgallery.1.15.8.zip",{"attackSurface":162,"codeSignals":193,"taintFlows":323,"riskAssessment":475,"analyzedAt":495},{"hooks":163,"ajaxHandlers":189,"restRoutes":190,"shortcodes":191,"cronEvents":192,"entryPointCount":128,"unprotectedCount":128},[164,170,176,179,182,184],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","admin_menu","mt_add_pages","configuration_menu.php",4,{"type":171,"name":172,"callback":173,"file":174,"line":175},"filter","the_content","search","ungallery.php",36,{"type":171,"name":172,"callback":177,"file":174,"line":178},"zip",39,{"type":171,"name":172,"callback":180,"file":174,"line":181},"no_fancybox",43,{"type":171,"name":172,"callback":4,"file":174,"line":183},44,{"type":171,"name":185,"callback":186,"priority":187,"file":174,"line":188},"plugin_row_meta","ungallery_set_plugin_meta",10,315,[],[],[],[],{"dangerousFunctions":194,"sqlUsage":200,"outputEscaping":202,"fileOperations":25,"externalRequests":27,"nonceChecks":128,"capabilityChecks":27,"bundledLibraries":322},[195],{"fn":196,"file":197,"line":198,"context":199},"exec","phpthumb\\phpthumb.gif.php",117,"exec('cjpeg '.$lpszFileName.'.bmp >'.$lpszFileName.' 2>\u002Fdev\u002Fnull');",{"prepared":128,"raw":128,"locations":201},[],{"escaped":203,"rawEcho":97,"locations":204},65,[205,208,210,212,213,215,216,218,219,221,223,225,227,229,231,232,234,235,237,238,240,241,243,244,246,247,249,250,252,253,255,256,258,259,261,262,264,265,267,268,270,271,273,274,277,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320],{"file":168,"line":206,"context":207},191,"raw output",{"file":168,"line":209,"context":207},199,{"file":168,"line":211,"context":207},202,{"file":168,"line":211,"context":207},{"file":168,"line":214,"context":207},207,{"file":168,"line":214,"context":207},{"file":168,"line":217,"context":207},212,{"file":168,"line":217,"context":207},{"file":168,"line":220,"context":207},227,{"file":168,"line":222,"context":207},229,{"file":168,"line":224,"context":207},242,{"file":168,"line":226,"context":207},263,{"file":168,"line":228,"context":207},279,{"file":168,"line":230,"context":207},298,{"file":168,"line":230,"context":207},{"file":168,"line":233,"context":207},303,{"file":168,"line":233,"context":207},{"file":168,"line":236,"context":207},308,{"file":168,"line":236,"context":207},{"file":168,"line":239,"context":207},313,{"file":168,"line":239,"context":207},{"file":168,"line":242,"context":207},320,{"file":168,"line":242,"context":207},{"file":168,"line":245,"context":207},332,{"file":168,"line":245,"context":207},{"file":168,"line":248,"context":207},334,{"file":168,"line":248,"context":207},{"file":168,"line":251,"context":207},338,{"file":168,"line":251,"context":207},{"file":168,"line":254,"context":207},340,{"file":168,"line":254,"context":207},{"file":168,"line":257,"context":207},344,{"file":168,"line":257,"context":207},{"file":168,"line":260,"context":207},346,{"file":168,"line":260,"context":207},{"file":168,"line":263,"context":207},350,{"file":168,"line":263,"context":207},{"file":168,"line":266,"context":207},352,{"file":168,"line":266,"context":207},{"file":168,"line":269,"context":207},356,{"file":168,"line":269,"context":207},{"file":168,"line":272,"context":207},358,{"file":168,"line":272,"context":207},{"file":275,"line":276,"context":207},"phpthumb\\phpthumb.bmp.php",764,{"file":278,"line":279,"context":207},"phpthumb\\phpthumb.class.php",576,{"file":278,"line":281,"context":207},610,{"file":278,"line":283,"context":207},632,{"file":278,"line":285,"context":207},3680,{"file":278,"line":287,"context":207},3682,{"file":278,"line":289,"context":207},3697,{"file":278,"line":291,"context":207},3701,{"file":278,"line":293,"context":207},3733,{"file":278,"line":295,"context":207},3749,{"file":174,"line":297,"context":207},94,{"file":174,"line":299,"context":207},120,{"file":174,"line":301,"context":207},123,{"file":174,"line":303,"context":207},145,{"file":174,"line":305,"context":207},148,{"file":174,"line":307,"context":207},163,{"file":174,"line":309,"context":207},180,{"file":174,"line":311,"context":207},194,{"file":174,"line":313,"context":207},195,{"file":174,"line":315,"context":207},238,{"file":174,"line":317,"context":207},255,{"file":174,"line":319,"context":207},260,{"file":174,"line":321,"context":207},262,[],[324,343,353,390,400,444,467],{"entryPoint":325,"graph":326,"unsanitizedCount":27,"severity":38},"SendSaveAsFileHeaderIfNeeded (phpthumb\\phpThumb.php:321)",{"nodes":327,"edges":340},[328,334],{"id":329,"type":330,"label":331,"file":332,"line":333},"n0","source","$_GET","phpthumb\\phpThumb.php",326,{"id":335,"type":336,"label":337,"file":332,"line":338,"wp_function":339},"n1","sink","header() [Header Injection]",329,"header",[341],{"from":329,"to":335,"sanitized":342},false,{"entryPoint":344,"graph":345,"unsanitizedCount":27,"severity":38},"RedirectToCachedFile (phpthumb\\phpThumb.php:419)",{"nodes":346,"edges":351},[347,350],{"id":329,"type":330,"label":348,"file":332,"line":349},"$_SERVER['SERVER_PROTOCOL']",457,{"id":335,"type":336,"label":337,"file":332,"line":349,"wp_function":339},[352],{"from":329,"to":335,"sanitized":342},{"entryPoint":354,"graph":355,"unsanitizedCount":120,"severity":38},"\u003CphpThumb> (phpthumb\\phpThumb.php:0)",{"nodes":356,"edges":383},[357,358,359,361,363,367,371,375,379,381],{"id":329,"type":330,"label":331,"file":332,"line":333},{"id":335,"type":336,"label":337,"file":332,"line":338,"wp_function":339},{"id":360,"type":330,"label":348,"file":332,"line":349},"n2",{"id":362,"type":336,"label":337,"file":332,"line":349,"wp_function":339},"n3",{"id":364,"type":330,"label":365,"file":332,"line":366},"n4","$_GET (x2)",142,{"id":368,"type":369,"label":370,"file":332,"line":366},"n5","transform","→ ErrorImage()",{"id":372,"type":336,"label":373,"file":278,"line":293,"wp_function":374},"n6","echo() [XSS]","echo",{"id":376,"type":330,"label":377,"file":332,"line":378},"n7","$_SERVER['PHP_SELF']",523,{"id":380,"type":369,"label":370,"file":332,"line":378},"n8",{"id":382,"type":336,"label":373,"file":278,"line":293,"wp_function":374},"n9",[384,385,386,387,388,389],{"from":329,"to":335,"sanitized":342},{"from":360,"to":362,"sanitized":342},{"from":364,"to":368,"sanitized":342},{"from":368,"to":372,"sanitized":342},{"from":376,"to":380,"sanitized":342},{"from":380,"to":382,"sanitized":342},{"entryPoint":391,"graph":392,"unsanitizedCount":399,"severity":38},"ungallery (ungallery.php:51)",{"nodes":393,"edges":397},[394,396],{"id":329,"type":330,"label":395,"file":174,"line":137},"$_GET (x9)",{"id":335,"type":336,"label":373,"file":174,"line":303,"wp_function":374},[398],{"from":329,"to":335,"sanitized":342},9,{"entryPoint":401,"graph":402,"unsanitizedCount":128,"severity":443},"mt_settings_page (configuration_menu.php:13)",{"nodes":403,"edges":435},[404,407,411,414,415,418,419,422,423,426,430,433],{"id":329,"type":330,"label":405,"file":168,"line":406},"$_POST (x19)",132,{"id":335,"type":336,"label":408,"file":168,"line":409,"wp_function":410},"update_option() [Settings Manipulation]",154,"update_option",{"id":360,"type":330,"label":412,"file":168,"line":413},"$_POST['activate_fancybox']",174,{"id":362,"type":336,"label":408,"file":168,"line":413,"wp_function":410},{"id":364,"type":330,"label":416,"file":168,"line":417},"$_POST['disable_zip']",175,{"id":368,"type":336,"label":408,"file":168,"line":417,"wp_function":410},{"id":372,"type":330,"label":420,"file":168,"line":421},"$_POST (x17)",138,{"id":376,"type":336,"label":373,"file":168,"line":211,"wp_function":374},{"id":380,"type":330,"label":424,"file":168,"line":425},"$_SERVER",221,{"id":382,"type":336,"label":427,"file":168,"line":428,"wp_function":429},"file_put_contents() [File Write]",222,"file_put_contents",{"id":431,"type":330,"label":432,"file":168,"line":220},"n10","$_SERVER['DOCUMENT_ROOT'] (x3)",{"id":434,"type":336,"label":373,"file":168,"line":220,"wp_function":374},"n11",[436,438,439,440,441,442],{"from":329,"to":335,"sanitized":437},true,{"from":360,"to":362,"sanitized":437},{"from":364,"to":368,"sanitized":437},{"from":372,"to":376,"sanitized":437},{"from":380,"to":382,"sanitized":437},{"from":431,"to":434,"sanitized":437},"low",{"entryPoint":445,"graph":446,"unsanitizedCount":128,"severity":443},"\u003Cconfiguration_menu> (configuration_menu.php:0)",{"nodes":447,"edges":460},[448,449,450,451,452,453,454,455,456,457,458,459],{"id":329,"type":330,"label":405,"file":168,"line":406},{"id":335,"type":336,"label":408,"file":168,"line":409,"wp_function":410},{"id":360,"type":330,"label":412,"file":168,"line":413},{"id":362,"type":336,"label":408,"file":168,"line":413,"wp_function":410},{"id":364,"type":330,"label":416,"file":168,"line":417},{"id":368,"type":336,"label":408,"file":168,"line":417,"wp_function":410},{"id":372,"type":330,"label":420,"file":168,"line":421},{"id":376,"type":336,"label":373,"file":168,"line":211,"wp_function":374},{"id":380,"type":330,"label":424,"file":168,"line":425},{"id":382,"type":336,"label":427,"file":168,"line":428,"wp_function":429},{"id":431,"type":330,"label":432,"file":168,"line":220},{"id":434,"type":336,"label":373,"file":168,"line":220,"wp_function":374},[461,462,463,464,465,466],{"from":329,"to":335,"sanitized":437},{"from":360,"to":362,"sanitized":437},{"from":364,"to":368,"sanitized":437},{"from":372,"to":376,"sanitized":437},{"from":380,"to":382,"sanitized":437},{"from":431,"to":434,"sanitized":437},{"entryPoint":468,"graph":469,"unsanitizedCount":399,"severity":443},"\u003Cungallery> (ungallery.php:0)",{"nodes":470,"edges":473},[471,472],{"id":329,"type":330,"label":395,"file":174,"line":137},{"id":335,"type":336,"label":373,"file":174,"line":303,"wp_function":374},[474],{"from":329,"to":335,"sanitized":342},{"summary":476,"deductions":477},"The ungallery v2.2.4 plugin exhibits a mixed security posture, with some positive aspects overshadowed by significant concerns.  While the plugin avoids exposing a large attack surface through traditional WordPress entry points like AJAX handlers, REST API routes, and shortcodes, and uses prepared statements for all SQL queries, these strengths are undermined by critical vulnerabilities. The presence of the 'exec' dangerous function is a serious red flag, indicating a potential for arbitrary code execution if misused. Furthermore, the taint analysis revealing flows with unsanitized paths is concerning, even without critical or high severity findings, as it suggests potential pathways for malicious input to be processed improperly.\n\nThe plugin's vulnerability history is particularly alarming. With two known CVEs, including one critical unpatched vulnerability, and a recent history of critical Cross-site Scripting and Code Injection issues, this plugin presents a substantial risk. The pattern of critical vulnerabilities in the past, combined with the presence of dangerous functions and unsanitized taint flows in the current version, strongly suggests a recurring problem with secure coding practices. The lack of nonce checks and only one capability check across all code also contributes to a weaker security framework.\n\nIn conclusion, while the plugin has a clean entry point surface and secure SQL practices, the critical unpatched CVE, the presence of 'exec', a significant number of unsanitized taint flows, and a history of critical code injection and XSS vulnerabilities make this plugin a high-risk component. The lack of comprehensive capability and nonce checks further exacerbates these risks, making it imperative to address these issues immediately.",[478,480,483,485,487,489,491,493],{"reason":479,"points":154},"Unpatched critical CVE",{"reason":481,"points":482},"Presence of dangerous function 'exec'",15,{"reason":484,"points":187},"Flows with unsanitized paths identified",{"reason":486,"points":120},"Output escaping only 50% proper",{"reason":488,"points":120},"No nonce checks",{"reason":490,"points":120},"Only one capability check",{"reason":492,"points":482},"Historical critical vulnerability (Code Injection)",{"reason":494,"points":482},"Historical critical vulnerability (XSS)","2026-03-16T22:33:02.847Z",{"wat":497,"direct":507},{"assetPaths":498,"generatorPatterns":502,"scriptPaths":503,"versionParams":504},[499,500,501],"\u002Fwp-content\u002Fplugins\u002Fungallery\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fungallery\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fungallery\u002Fsource.php",[],[500],[505,506],"ungallery\u002Fstyles.css?ver=","ungallery\u002Fscript.js?ver=",{"cssClasses":508,"htmlComments":510,"htmlAttributes":513,"restEndpoints":516,"jsGlobals":517,"shortcodeOutput":519},[509],"post-headline",[511,512],"UnGallery version: ","If we are in thumbnails view,",[514,515],"name=\"myform\"","style=\"display: inline\"",[],[518],"submitform",[]]