[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fD8uH9A6TCcp2QgWE17slvq2HIeYP3fIrtxpuIImmKzk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":129,"fingerprints":166},"upload-unziper","Upload Unzipper","1.0","ulfben","https:\u002F\u002Fprofiles.wordpress.org\u002Fulfben\u002F","\u003Cp>Upload Unziper let’s you upload zip-archives and have them extracted, each file properly attached to the current post.\u003C\u002Fp>\n\u003Cp>It’s built upon and meant to replace James Revillini’s now-broken \u003Ca href=\"http:\u002F\u002Fjames.revillini.com\u002Fprojects\u002Fjust-unzip\u002F\" rel=\"nofollow ugc\">just-unzip\u003C\u002Fa>, and expands on the original plugin in the following ways:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>runs all files through WP’s sanitize filter to ensure valid filenames\u003C\u002Fli>\n\u003Cli>does not attach duplicates\u003C\u002Fli>\n\u003Cli>does not replace files with the same name\u003C\u002Fli>\n\u003Cli>correctly deals with nestled directories \u003C\u002Fli>\n\u003Cli>uses the latest WP core functionality and the latest PclZip version\u003C\u002Fli>\n\u003Cli>and – perhaps most importantly – it \u003Cem>works\u003C\u002Fem>! 😉\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In short – it’s a nice way to do batch uploading. I highly recommend you combine it with an \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmini-slides\u002F\" rel=\"ugc\">inline image viewer\u003C\u002Fa> and a plugin to better \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcustom-upload-dir\u002F\" rel=\"ugc\">organize your uploads\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>TODO (help needed)\u003C\u002Fh3>\n\u003Cp>This plugin could do with a few options. As it is, it’ll always unzip archives and then delete them – which might not always be desired.\u003C\u002Fp>\n\u003Cp>There are options for this already used in the plugin so it shouldn’t be a problem, but I just loath front-end development. Placing a few tickboxes in the ‘upload’-iframe would do the trick. If you’ve got a few minutes to throw something together, please email me or post a comment to this plugin.\u003C\u002Fp>\n\u003Cp>Options I’d like exposed:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>delete zip when done (default: true)\u003C\u002Fli>\n\u003Cli>unzip and attach (default: true)\u003C\u002Fli>\n\u003Cli>attach zip to post (default: false)Copyright (C) 2007 Ulf Benjaminsson (ulf at ulfben dot com).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation; either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\nalong with this program; if not, write to the Free Software\u003Cbr \u002F>\nFoundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA\u003C\u002Fp>\n","Extracts uploaded zip archives and associates all files with the current post.",20,5044,0,"2007-12-04T20:58:00.000Z","2.2.3","2.2","",[19,20,21,22],"batch","unzip","upload","zip","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fupload-unziper\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupload-unziper.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},6,5340,30,84,"2026-04-04T00:39:13.669Z",[36,53,73,92,104],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":17,"requires_at_least":17,"requires_php":17,"tags":47,"homepage":51,"download_link":52,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"just-unzip","Just Unzip","0.2.2","James Revillini","https:\u002F\u002Fprofiles.wordpress.org\u002Fjrevillini\u002F","\u003Cp>Just Unzip (LGPL Licensed) takes a zip file you upload from the “Write” page, unzips it, stores the zipped files in your upload folder, and associates the unzipped files with the current post.    Just Unzip makes use of the PclZip php library (LGPL Licensed).\u003C\u002Fp>\n","Just Unzip (LGPL Licensed) takes a zip file you upload from the \"Write\" page, unzips it, stores the zipped files in your upload folder, and  …",10,5893,"2007-04-15T17:13:00.000Z",[48,49,50,20,21],"admin","multiple","post","http:\u002F\u002Fjames.revillini.com\u002Fprojects\u002Fjust-unzip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjust-unzip.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":13,"num_ratings":13,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":17,"tags":66,"homepage":17,"download_link":71,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-plugin-management","WP Install From Web","1.10.1","safetydev","https:\u002F\u002Fprofiles.wordpress.org\u002Fsafetydev\u002F","\u003Cp>If you are a developer and want your customers to install plugins from your site without downloading and uploading them manually – just install our plugin and provide the URL. If you are a website administrator and you buy third-party plugins from developers – you can use our plugin for quick and easy installation. Just ask the developer for a link and past it into URL field.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Install Plugin From URL\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can easily let your customers install all your plugins right from their website administrator area.  When a user goes into his\u002Fher backend and click on the “Install from Web” tab, your extension can be found and the “Install” button appears, so the user can just click to install your extension.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Install from any URL\u003C\u002Fli>\n\u003Cli>No coding required\u003C\u002Fli>\n\u003Cli>One-click installation\u003C\u002Fli>\n\u003Cli>Create your own repository for your customers\u003C\u002Fli>\n\u003Cli>No need to download and upload archive\u003C\u002Fli>\n\u003Cli>Adding new feature to WordPress dashboard menu\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Install Plugin From Web allows you to install any plugin from a URL. All you need to do is to insert a specific URL and click the Install button.",300,1324,"2025-05-29T13:21:00.000Z","6.8.5","2.0",[67,68,69,70,22],"manage-plugin","plugin-install","plugin-upload","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-plugin-management.1.10.1.zip",100,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":90,"download_link":91,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"upload-media-by-zip","Upload Media by Zip","0.9.1","Kailey (trepmal)","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrepmal\u002F","\u003Cp>Upload a zip archive and let WP unzip it and attach everything to a page\u002Fpost (or not).\u003C\u002Fp>\n\u003Cp>Please note that you’ll still be restricted by your server’s maximum upload size.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Ftrepmal\" rel=\"nofollow ugc\">I’m on twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If the zip file uploads, but the contents aren’t extracted, see the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fupload-media-by-zip\u002Ffaq\u002F\" rel=\"ugc\">FAQs\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Farsi, by \u003Ca href=\"http:\u002F\u002Fwww.newbie.ir\u002F1390\u002F04\u002Fupload-media-by-zip\u002F\" rel=\"nofollow ugc\">mohsengham\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German, by \u003Ca href=\"http:\u002F\u002Fdeckerweb.de\u002F\" rel=\"nofollow ugc\">daveshine\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Upload a zip archive and let WP unzip it and attach everything to a page\u002Fpost (or not).",200,20171,60,4,"2016-09-18T00:32:00.000Z","4.6.30","2.8",[89,21,22],"media-library","http:\u002F\u002Ftrepmal.com\u002Fplugins\u002Fupload-media-by-zip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupload-media-by-zip.0.9.1.zip",{"slug":93,"name":94,"version":95,"author":77,"author_profile":78,"description":96,"short_description":97,"active_installs":44,"downloaded":98,"rating":13,"num_ratings":13,"last_updated":99,"tested_up_to":100,"requires_at_least":87,"requires_php":17,"tags":101,"homepage":102,"download_link":103,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"zip-embed","Zip Embed","0.4","\u003Cp>Upload a zip archive and let WP embed its contents into a post.\u003C\u002Fp>\n\u003Cp>Please note that you’ll still be restricted by your server’s maximum upload size.\u003C\u002Fp>\n\u003Cp>New plugin. Please report bugs to trepmal (at) gmail (dot) com. Thanks!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Ftrepmal\" rel=\"nofollow ugc\">I’m on twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>0.4\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Multisite compatibility\u003C\u002Fli>\n\u003C\u002Ful>\n","Upload a zip archive and let WP embed its contents into a post.",2254,"2011-11-12T06:27:00.000Z","3.2.1",[89,21,22],"http:\u002F\u002Ftrepmal.com\u002Fplugins\u002Fzip-embed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzip-embed.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":118,"tags":119,"homepage":124,"download_link":125,"security_score":126,"vuln_count":127,"unpatched_count":13,"last_vuln_date":128,"fetched_at":27},"fileorganizer","FileOrganizer – WordPress File Manager","1.1.8","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>FileOrganizer is a lightweight and easy-to-use WordPress file manager. Organize and manage your WordPress files with FileOrganizer without any control panel or FTP access. You can access, upload, download, edit, delete, zip, cut, copy, and paste files even outside the WordPress root directory.\u003C\u002Fp>\n\u003Ch3>Free Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Files and directory Management:\u003C\u002Fstrong> Supports all file operations on a remote server such as create files or directory, upload, download, rename, copy, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Drag & drop:\u003C\u002Fstrong> Easy drag-and-drop file transfer for uploading and moving files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in editor:\u003C\u002Fstrong> FileOrganizer has a built-in editor for editing code and files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Archive creation \u002F extraction:\u003C\u002Fstrong>  Create or extract archives with one click(.zip, .tar)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Previews\u003C\u002Fstrong>: Supports previews for common file types including PDFs, pictures, videos, audio, and thumbnails.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive\u003C\u002Fstrong>: FileOrganizer is compatible with tablets and smartphones.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Search\u003C\u002Fstrong>: The built-in search feature makes it simple to find your files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File View\u003C\u002Fstrong>: Offers both icons and list views for easy navigation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image Thumbnails\u003C\u002Fstrong>: Display thumbnails for image files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support Shortcuts\u003C\u002Fstrong>: Common keyboard shortcuts such as cut, copy, paste, etc. are available.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Toolbar\u003C\u002Fstrong>: Rich Toolbar and context menu are available.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Directory Size\u003C\u002Fstrong>: Calculates size of the directory.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File\u002FDirectory Info\u003C\u002Fstrong>: File or directory information can retrived by simply right-clicking a file and choosing Get Info.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Info\u003C\u002Fh3>\n\u003Cp>Do you have questions related to FileOrganizer ? Use the following links :\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffileorganizer.net\u002Fdocs\" rel=\"nofollow ugc\">Docs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffileorganizer.deskuss.com\" rel=\"nofollow ugc\">Help Desk\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002FfileOrganizer\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","FileOrganizer is an intuitive file manager to easily edit, delete, upload, download, and manage all your WordPress files and folders right from the da …",200000,1830720,96,45,"2025-12-05T12:43:00.000Z","6.9.4","5.5",[120,121,105,122,123],"file-explorer","file-manager","upload-files","wordpress-file-manager","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffileorganizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffileorganizer.1.1.8.zip",95,5,"2024-12-06 21:06:15",{"attackSurface":130,"codeSignals":143,"taintFlows":159,"riskAssessment":160,"analyzedAt":165},{"hooks":131,"ajaxHandlers":139,"restRoutes":140,"shortcodes":141,"cronEvents":142,"entryPointCount":13,"unprotectedCount":13},[132],{"type":133,"name":134,"callback":135,"priority":136,"file":137,"line":138},"action","upload_files_upload","ulfben_uu_upload_tab_upload_action",1,"wp-upload-unzipper.php",16,[],[],[],[],{"dangerousFunctions":144,"sqlUsage":145,"outputEscaping":147,"fileOperations":156,"externalRequests":13,"nonceChecks":157,"capabilityChecks":148,"bundledLibraries":158},[],{"prepared":136,"raw":13,"locations":146},[],{"escaped":136,"rawEcho":148,"locations":149},2,[150,154],{"file":151,"line":152,"context":153},"pclzip.lib.php",4078,"raw output",{"file":151,"line":155,"context":153},4093,66,3,[],[],{"summary":161,"deductions":162},"The \"upload-unziper\" v1.0 plugin presents a generally good security posture with no known vulnerabilities and a clean static analysis report regarding critical code signals. The absence of AJAX handlers, REST API routes, shortcodes, and cron events, especially without authentication checks, significantly limits its attack surface. Furthermore, the code uses prepared statements for its single SQL query and incorporates nonce and capability checks, demonstrating an awareness of common WordPress security practices.\n\nHowever, a notable area of concern is the limited output escaping. With only 3 outputs analyzed and one-third properly escaped, there's a substantial risk of cross-site scripting (XSS) vulnerabilities if user-provided data is rendered directly without adequate sanitization. The high number of file operations (66) also warrants attention, as it could potentially be a vector for issues if not carefully managed, though no specific concerns were flagged by the taint analysis. \n\nOverall, the plugin's lack of historical vulnerabilities and clean critical code signals are strong positives. The primary weakness lies in the incomplete output escaping, which introduces a tangible risk. Addressing this would significantly enhance the plugin's security.",[163],{"reason":164,"points":30},"Insufficient output escaping","2026-03-16T23:04:18.051Z",{"wat":167,"direct":172},{"assetPaths":168,"generatorPatterns":169,"scriptPaths":170,"versionParams":171},[],[],[],[],{"cssClasses":173,"htmlComments":174,"htmlAttributes":175,"restEndpoints":176,"jsGlobals":177,"shortcodeOutput":178},[],[],[],[],[],[]]