[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiVYfloUlqWjpo_juaeZ0tWbAFwqdn64Q4w2043-Fv1o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":62,"crawl_stats":36,"alternatives":70,"analysis":182,"fingerprints":393},"user-photo","User Photo","0.9.10","Weston Ruter","https:\u002F\u002Fprofiles.wordpress.org\u002Fwestonruter\u002F","\u003Cp>Allows a user to associate a profile photo with their account through their “Your Profile” page. Admins may\u003Cbr \u002F>\nadd a user profile photo by accessing the “Edit User” page. Uploaded images are resized to fit the dimensions specified\u003Cbr \u002F>\non the options page; a thumbnail image correspondingly is also generated.\u003Cbr \u002F>\nUser photos may be displayed within a post or a comment to\u003Cbr \u002F>\nhelp identify the author. New template tags introduced are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>userphoto_the_author_photo()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>userphoto_the_author_thumbnail()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>userphoto_comment_author_photo()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>userphoto_comment_author_thumbnail()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Important: all of these “template tags” must appear inside of PHP script blocks (see examples below).\u003C\u002Fem>\u003Cbr \u002F>\nThe first two should be placed in the posts loop near \u003Ccode>the_author()\u003C\u002Fcode>, and the second two in the comments\u003Cbr \u002F>\nloop near \u003Ccode>comment_author()\u003C\u002Fcode> (or their respective equivalents). Furthermore, \u003Ccode>userphoto_the_author_photo()\u003C\u002Fcode>\u003Cbr \u002F>\nand \u003Ccode>userphoto_the_author_thumbnail()\u003C\u002Fcode> may be called anywhere (i.e. sidebar) if \u003Ccode>$authordata\u003C\u002Fcode> is set.\u003C\u002Fp>\n\u003Cp>The output of these template tags may be modified by passing four parameters: \u003Ccode>$before\u003C\u002Fcode>, \u003Ccode>$after\u003C\u002Fcode>, \u003Ccode>$attributes\u003C\u002Fcode>, and \u003Ccode>$default_src\u003C\u002Fcode>,\u003Cbr \u002F>\nas in: \u003Ccode>userphoto_the_author_photo($before, $after, $attributes, $default_src)\u003C\u002Fcode>.\u003Cbr \u002F>\nIf the user photo exists (or \u003Ccode>$default_src\u003C\u002Fcode> is supplied), then the text provided in the \u003Ccode>$before\u003C\u002Fcode> and \u003Ccode>$after\u003C\u002Fcode> parameters is respectively\u003Cbr \u002F>\nprefixed and suffixed to the generated \u003Ccode>img\u003C\u002Fcode> tag (a common pattern in WordPress). If attributes are provided in the \u003Ccode>$attributes\u003C\u002Fcode>\u003Cbr \u002F>\nparameter, then they are returned as attributes of the generated \u003Ccode>img\u003C\u002Fcode> element. For example: \u003Ccode>userphoto_the_author_photo('', '', array(style => 'border:0'))\u003C\u002Fcode>\u003Cbr \u002F>\nJust added in 0.8.1 release are these two new template tags:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>userphoto($user, $before = '', $after = '', $attributes = array(), $default_src = '')\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>userphoto_thumbnail($user, $before = '', $after = '', $attributes = array(), $default_src = '')\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using these, it is uneccessary to set the global \u003Ccode>$authordata\u003C\u002Fcode> to display a photo. Just pass \u003Ccode>$authordata\u003C\u002Fcode>, \u003Ccode>$curauth\u003C\u002Fcode> or\u003Cbr \u002F>\nwhatever variable you have which contains the user object, or (as of version 0.9), pass in a user ID or a user login name.\u003C\u002Fp>\n\u003Cp>Here’s an example that shows a few ways of inserting a user’s photo into the post loop:\u003Cbr \u002F>\n    \u002F\u002Fthis will display the user’s avatar if they don’t have a user photo,\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php while (have_posts()) : the_post(); ?>\n    \u003Cdiv class=\"post\" id=\"post-\u003C?php the_ID(); ?>\">\n        \u003Ch2>\u003Ca href=\"\u003C?php the_permalink() ?>\">\u003C?php the_title(); ?>\u003C\u002Fa>\u003C\u002Fh2>\n        \u003Cdiv class=\"meta\">\n            \u003C?php the_time('F jS, Y') ?>\n            by \u003C?php the_author() ?>\n\n            \u003C!-- displays the user's photo and then thumbnail -->\n            \u003C?php userphoto_the_author_photo() ?>\n            \u003C?php userphoto_the_author_thumbnail() ?>\n\n            \u003C!-- the following two do the same since $authordata populated -->\n            \u003C?php userphoto($authordata) ?>\n            \u003C?php userphoto_thumbnail($authordata) ?>\n\n            \u003C!-- and this is how to customize the output -->\n            \u003C?php userphoto_the_author_photo(\n                '\u003Cb>Photo of me: ',\n                '\u003C\u002Fb>',\n                array('class' => 'photo'),\n                get_template_directory_uri() . '\u002Fnophoto.jpg'\n            ) ?>\n        \u003C\u002Fdiv>\n        \u003C?php the_content('Read the rest of this entry &raquo;'); ?>\n    \u003C\u002Fdiv>\n\u003C?php endwhile; ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you want to display the user’s photo in the sidebar, just get the user ID or object and pass it into \u003Ccode>userphoto()\u003C\u002Fcode> or \u003Ccode>userphoto_thumbnail()\u003C\u002Fcode> like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php userphoto($posts[0]->post_author); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you want to display a user’s photo their author page, you may do this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php userphoto($wp_query->get_queried_object()) ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In version 0.9 the boolean function \u003Ccode>userphoto_exists($user)\u003C\u002Fcode> has been introduced which returns true if the user has a photo and false if they do not.\u003Cbr \u002F>\nArgument \u003Ccode>$user\u003C\u002Fcode> may be user object, ID, or login name. This function can be used along with avatars:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\nif(userphoto_exists($user))\n    userphoto($user);\nelse\n    echo get_avatar($user->ID, 96);\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Or if the new “Serve Avatar as Fallback” option is turned on, then the avatar will be served by any of the regular calls to display the user photo:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n\u002F\u002Fthis will display the user's avatar if they don't have a user photo,\n\u002F\u002F  and if \"Serve Avatar as Fallback\" is turned on\nuserphoto($user);\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Additionally, all of the regular function calls to display the user photo may be done away with alltogether if the new “Override Avatar with User Photo”\u003Cbr \u002F>\noption is enabled:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n\u002F\u002Fboth will display the user photo if it exists\n\u002F\u002F  and if \"Override Avatar with User Photo\" is turned on\necho get_avatar($user_id);\necho get_avatar($user->user_email);\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Both options “Serve Avatar as Fallback” and “Override Avatar with User Photo” require that the ‘Avatar Display’ setting under Discussion be set to “Show”.\u003C\u002Fp>\n\u003Cp>Uploaded images may be moderated by administrators via the “Edit User” page.\u003C\u002Fp>\n\u003Cp>Localizations included for Spanish, German, Dutch, Polish, Russian, French, Hungarian, Brazilian Portuguese, Italian, and Catalan.\u003C\u002Fp>\n\u003Cp>If you value this plugin, \u003Cem>please donate\u003C\u002Fem> to ensure that it may continue to be maintained and improved.\u003C\u002Fp>\n","Allows a user to associate a photo with their account and for this photo to be displayed in their posts and comments.",3000,487412,86,20,"2017-11-28T09:18:00.000Z","4.6.30","3.0.5","",[20,21,22],"images","photos","users","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fuser-photo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-photo.0.9.10.zip",84,2,0,"2012-05-09 00:00:00","2026-03-15T15:16:48.613Z",[31,47],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2012-2920","user-photo-cross-site-scripting","User Photo \u003C= 0.9.5 - Cross-Site Scripting","Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin\u002Foptions-general.php. NOTE: some of these details are obtained from third party information.",null,"\u003C=0.9.5","0.9.5.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffa39debf-b2c0-4e85-bef9-90e1365f96f8?source=api-prod",4276,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":43,"references":59,"days_to_patch":61},"CVE-2013-1916","user-photo-arbitrary-file-upload","User Photo \u003C= 0.9.4 - Arbitrary File Upload","In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.","\u003C=0.9.4","0.9.5","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2011-02-18 00:00:00",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F76eff464-69f0-47c1-bdcb-f8caa28a1280?source=api-prod",4722,{"slug":63,"display_name":7,"profile_url":8,"plugin_count":64,"total_installs":65,"avg_security_score":66,"avg_patch_time_days":67,"trust_score":68,"computed_at":69},"westonruter",22,436940,91,4499,73,"2026-04-04T11:07:14.506Z",[71,97,122,142,162],{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":92,"download_link":93,"security_score":94,"vuln_count":95,"unpatched_count":27,"last_vuln_date":96,"fetched_at":29},"instant-images","Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy","7.1.0.1","connekthq","https:\u002F\u002Fprofiles.wordpress.org\u002Fconnekthq\u002F","\u003Cp>Instantly upload photos from Unsplash, Openverse, Pixabay, Pexels, and Giphy to your website all without ever leaving WordPress!\u003C\u002Fp>\n\u003Cp>Instant Images is the fastest way to find and upload high-quality, free stock images directly from inside WordPress.\u003C\u002Fp>\n\u003Cp>No downloads.\u003Cbr \u002F>\nNo switching tabs.\u003Cbr \u002F>\nNo copy-paste workflow.\u003C\u002Fp>\n\u003Cp>Just search, click, and your image is instantly added to your Media Library — properly processed and ready to use.\u003C\u002Fp>\n\u003Cp>Whether you’re building content, designing layouts, or prototyping a client site, Instant Images keeps you in your workflow and saves you time.\u003C\u002Fp>\n\u003Ch4>Supported Image Providers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Funsplash.com\" rel=\"nofollow ugc\">Unsplash\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fopenverse\u002F\" rel=\"ugc\">Openverse\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fpixabay.com\" rel=\"nofollow ugc\">Pixabay\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fpexels.com\" rel=\"nofollow ugc\">Pexels\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fgiphy.com\" rel=\"nofollow ugc\">Giphy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Works seamlessly with the Block Editor, Media Modal, and popular page builders.\u003C\u002Fp>\n\u003C!--YouTube Error: bad URL entered-->\n\u003Cp>The perfect tool for users who want to save time and frustration by uploading images directly inside their WordPress installation and for developers who want to prototype and develop using real world imagery.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgetinstantimages.com\" rel=\"nofollow ugc\">Visit Plugin Website\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Image Search\u003C\u002Fstrong> – The Instant Images search let’s you quickly find and upload images for any subject in a matter of seconds!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image Orientation\u003C\u002Fstrong> – Filter search results by landscape, portrait or square images.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time Saver\u003C\u002Fstrong> – Quickly upload amazing stock photos without leaving the comfort of your WordPress admin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme\u002FPlugin Developers\u003C\u002Fstrong> – A great tool for developers who want to prototype and develop using real world imagery.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg\u003C\u002Fstrong> – Instant Images directly integrates with Gutenberg as a plugin sidebar.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media Modal\u003C\u002Fstrong> – Instant Images is available as a tab in the WordPress Media Modal.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page Builders\u003C\u002Fstrong> – Instant Images integrates with page builders such as Elementor, Beaver Builder, Brizy and Divi.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Edit Image Metadata\u003C\u002Fstrong> – Easily edit image filename, alt text and caption prior to uploading to your media library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessibility\u003C\u002Fstrong> – Automatically include a relevant alt description for screen readers, visually reduced users, and SEO.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to Use\u003C\u002Fstrong> – It couldn’t get much more simple, just click an image and it’s automatically uploaded to your media library for use on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Accounts Needed\u003C\u002Fstrong> – An account on any service provider is not required for use of this plugin. Just activate and you’re ready to go.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Add-ons\u003C\u002Fh4>\n\u003Ch3>Instant Images: Extended\u003C\u002Fh3>\n\u003Cp>Enhance Instant Images with powerful professional features.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Includes:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Search History & Autocomplete.\u003Cbr \u002F>\n– Instant Images as a WordPress Block.\u003Cbr \u002F>\n– WordPress CLI Imports.\u003Cbr \u002F>\n– Batch Image Imports.\u003Cbr \u002F>\n– I’m Feeling Lucky WordPress Block.\u003Cbr \u002F>\n– Image Size Generator.\u003Cbr \u002F>\n– Instant Featured Images\u003Cbr \u002F>\n– Instagram-style image filters\u003Cbr \u002F>\n– Persistent search terms across providers.\u003Cbr \u002F>\n– And more…\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetinstantimages.com\u002Fadd-ons\u002Fextended\u002F\" rel=\"nofollow ugc\">Learn More\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Proxy Server\u003C\u002Fh4>\n\u003Cp>Instant Images routes all API requests to service providers (Unsplash, Pexels, Pixabay, Openverse etc.) through our custom proxy server at \u003Ca href=\"https:\u002F\u002Fproxy.getinstantimages.com\" rel=\"nofollow ugc\">proxy.getinstantimages.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Maintaining a proxy server for Instant Images allows us to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Protect API keys from public exposure.\u003C\u002Fli>\n\u003Cli>Normalize data from multiple providers.\u003C\u002Fli>\n\u003Cli>Improve compatibility and reliability across plugin versions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please take a moment and read our Terms of Use and Privacy Policy for when using our proxy service:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgetinstantimages.com\u002Fterms-of-use\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgetinstantimages.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How Can You Contribute?\u003C\u002Fh4>\n\u003Cp>Pull requests can be submitted via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdcooney\u002Finstant-images\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Website\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetinstantimages.com\" rel=\"nofollow ugc\">https:\u002F\u002Fgetinstantimages.com\u003C\u002Fa>\u003C\u002Fp>\n","One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.",200000,2942295,96,59,"2026-02-13T13:27:00.000Z","6.9.4","6.0",[87,88,89,90,91],"free-images","media-library","pixabay","stock-photos","unsplash","https:\u002F\u002Fconnekthq.com\u002Fplugins\u002Finstant-images\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstant-images.7.1.0.1.zip",98,3,"2024-01-29 00:00:00",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":84,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":117,"download_link":118,"security_score":119,"vuln_count":120,"unpatched_count":27,"last_vuln_date":121,"fetched_at":29},"simple-local-avatars","Simple Local Avatars","2.8.6","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Adds an avatar upload field to user profiles if the current user has media permissions. Generates requested sizes on demand just like Gravatar! Simple and lightweight.\u003C\u002Fp>\n\u003Cp>Just edit a user profile, and scroll down to the new “Avatar” field. The plug-in will take care of cropping and sizing!\u003C\u002Fp>\n\u003Col>\n\u003Cli>Stores avatars in the “uploads” folder where all of your other media is kept.\u003C\u002Fli>\n\u003Cli>Has a simple, native interface.\u003C\u002Fli>\n\u003Cli>Fully supports Gravatar and default avatars if no local avatar is set for the user – but also allows you turn off Gravatar.\u003C\u002Fli>\n\u003Cli>Generates the requested avatar size on demand (and stores the new size for efficiency), so it looks great, just like Gravatar!\u003C\u002Fli>\n\u003Cli>Lets you decide whether lower privilege users (subscribers, contributors) can upload their own avatar.\u003C\u002Fli>\n\u003Cli>Enables rating of local avatars, just like Gravatar.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support Level\u003C\u002Fh3>\n\u003Cp>Simple Local Avatars’ support level is marked as \u003Ccode>stable\u003C\u002Fcode>.  10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns.  We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes.  We otherwise intend to keep this tested up to the most recent version of WordPress.\u003C\u002Fp>\n","Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!",100000,2395990,92,89,"2026-02-17T19:34:00.000Z","6.6","7.4",[113,114,115,116,22],"avatar","gravatar","profile","user-photos","https:\u002F\u002F10up.com\u002Fplugins\u002Fsimple-local-avatars-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-local-avatars.2.8.6.zip",93,6,"2025-08-11 18:20:29",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":107,"num_ratings":107,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":111,"tags":135,"homepage":139,"download_link":140,"security_score":81,"vuln_count":95,"unpatched_count":27,"last_vuln_date":141,"fetched_at":29},"fancybox-for-wordpress","FancyBox for WordPress","3.3.7","colorlibplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcolorlibplugins\u002F","\u003Cp>Seamlessly integrates FancyBox into your blog: Upload, activate, and you’re done. Additional configuration optional.\u003C\u002Fp>\n\u003Cp>You can easily customize almost anything you can think about fancybox lightbox: the border, margin width and color, zoom speed, animation type, close button position, overlay color and opacity and even more advanced option like several options to group images into galleries, and more…\u003C\u002Fp>\n\u003Cp>By default, the plugin will use jQuery to apply FancyBox to ANY thumbnails that link directly to an image. This includes posts, the sidebar, etc, so you can activate it and it will be applied automatically.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>This plugin is developed and maintained by Colorlib. Which is well know for their free \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002F\" rel=\"nofollow ugc\">\u003C\u002Fa>WordPress themes. However, now they are looking to extend their presence in plugin development and believe that FancyBox lightbox is a great way to start.\u003C\u002Fp>\n\u003Cp>If you are new to WordPress and want to lear more we have got you covered. Colorlib will teach you have to \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002F\" rel=\"nofollow ugc\">start a blog\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fhow-to-make-a-website\u002F\" rel=\"nofollow ugc\">create a website\u003C\u002Fa> and much more. If you are already familiar with WordPress you likely want to learn how to make it faster and more reliable. That’s when you want to look into hosting and more specifically \u003Ca href=\"http:\u002F\u002Fcolorlib.com\u002Fwp\u002Fwordpress-hosting\" rel=\"nofollow ugc\">WordPress hosting\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you enjoy using FancyBox lightbox for WordPress please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffancybox-for-wordpress\u002Freviews\u002F?filter=5\" rel=\"ugc\">positive feedback\u003C\u002Fa>. We are committed to make it the best lightbox plugin for WordPress.\u003C\u002Fp>\n","Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.",40000,1940597,"2025-05-07T14:18:00.000Z","6.8.5","5.6",[136,20,137,21,138],"fancybox","lightbox","pictures","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffancybox-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffancybox-for-wordpress.3.3.7.zip","2025-05-13 00:00:00",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":94,"num_ratings":152,"last_updated":153,"tested_up_to":84,"requires_at_least":154,"requires_php":18,"tags":155,"homepage":159,"download_link":160,"security_score":161,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"lightbox-photoswipe","Lightbox with PhotoSwipe","5.8.3","Arno Welzel","https:\u002F\u002Fprofiles.wordpress.org\u002Fawelzel\u002F","\u003Cp>This plugin integrates PhotoSwipe to WordPress. All linked images in a post or page will be displayed using PhotoSwipe, regardless if they are part of a gallery or single images.\u003C\u002Fp>\n\u003Cp>More about the original version of PhotoSwipe see here: \u003Ca href=\"http:\u002F\u002Fphotoswipe.com\" rel=\"nofollow ugc\">http:\u002F\u002Fphotoswipe.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can also display EXIF data from supported image types.\u003C\u002Fp>\n\u003Cp>As of version 4.0.0 this plugin requires at least WordPress 5.3 and PHP 7.0. Older PHP version will cause problems. In this case you have to upgrade your PHP version or ask your hoster to do so. Please note that WordPress itself also recommends at least PHP 7.4 – see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please keep in mind: not the visible thumbnail is relevant, but only the image link. Images should always be linked to the file and not to the attachment page. Since version 5.6.1 there is an option to fix attachment links which can be enabled if needed – however this may slow down your website since then all links on a page will be checked if they are attachment links.\u003C\u002Fp>\n","Integration of PhotoSwipe (http:\u002F\u002Fphotoswipe.com) for WordPress.",20000,937902,113,"2026-02-26T16:27:00.000Z","5.3",[156,157,20,137,158],"attachments","gallery","photoswipe","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flightbox-photoswipe\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flightbox-photoswipe.5.8.3.zip",100,{"slug":87,"name":163,"version":164,"author":165,"author_profile":166,"description":167,"short_description":168,"active_installs":169,"downloaded":170,"rating":171,"num_ratings":172,"last_updated":173,"tested_up_to":174,"requires_at_least":175,"requires_php":18,"tags":176,"homepage":179,"download_link":180,"security_score":181,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"Free Assets Library – Openverse\u002FPixabay 600+ Million Images","2.2.1","surror","https:\u002F\u002Fprofiles.wordpress.org\u002Fsurror\u002F","\u003Cp>\u003Cstrong>Free Assets Library\u003C\u002Fstrong> is the #1 WordPress plugin which provides 600 Million FREE Images with 90,000+ downloads 🚀\u003C\u002Fp>\n\u003Cp>You can simply search your favorite images from 600+ millions of images from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fopenverse\u002F\" rel=\"ugc\">Openverse\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpixabay.com\u002F\" rel=\"nofollow ugc\">Pixabay\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>soon more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can use the plugin with:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Download from Media Popup\u003C\u002Fli>\n\u003Cli>Download from Admin Page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>1. Download from Media Popup\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to Edit any post\u002Fpage\u002Fcustom post type\u003C\u002Fli>\n\u003Cli>Add an image to the post content\u003C\u002Fli>\n\u003Cli>Open media upload popup\u003C\u002Fli>\n\u003Cli>Select the Openverse or Pixabay tab\u003C\u002Fli>\n\u003Cli>Search for the image\u003C\u002Fli>\n\u003Cli>Click on the image\u003C\u002Fli>\n\u003Cli>Change image name, title, caption, description\u003C\u002Fli>\n\u003Cli>Click on the Download image\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"560\" height=\"315\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fpdh6UN7INV4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>2. Download from Admin Page\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to \u003Ccode>Media > Free Assets\u003C\u002Fcode> Library\u003C\u002Fli>\n\u003Cli>Select the “Openverse” or “Pixabay” tab\u003C\u002Fli>\n\u003Cli>Search for the image\u003C\u002Fli>\n\u003Cli>Click on the image\u003C\u002Fli>\n\u003Cli>Change image name, title, caption, description\u003C\u002Fli>\n\u003Cli>Click on the Download image\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"560\" height=\"315\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fa7pAzk0EMlQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Read more in \u003Ca href=\"https:\u002F\u002Fdocs.surror.com\u002Fdoc\u002Ffree-assets-library\u002Fgetting-started\u002F\" rel=\"nofollow ugc\">one page quick documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Zero configuration\u003C\u002Fli>\n\u003Cli>Download images from Openverse, Pixabay, and (soon more)\u003C\u002Fli>\n\u003Cli>Easy search from 600+ millions of images.\u003C\u002Fli>\n\u003Cli>Direct download into media library.\u003C\u002Fli>\n\u003Cli>Automatically set the image TITLE tag for SEO purpose.\u003C\u002Fli>\n\u003Cli>Automatically set the image ALT tag for SEO purpose.\u003C\u002Fli>\n\u003Cli>Automatically Image attribution (of original image author) in image description field for SEO purpose.\u003C\u002Fli>\n\u003Cli>Automatically create SEO ready images names.\u003C\u002Fli>\n\u003Cli>100% safe, model released images.\u003C\u002Fli>\n\u003Cli>Quick support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Welcome for featured requests\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you have any suggestion or any featured request then don’t hesitate to \u003Ca href=\"https:\u002F\u002Fsurror.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Bug reports\u003C\u002Fh3>\n\u003Cp>Bug reports for “Free Assets Library” are welcomed in our \u003Ca href=\"https:\u002F\u002Fsurror.com\u002Fforums\u002Fforum\u002Ffree-asset-library\u002F\" rel=\"nofollow ugc\">Forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Further reading\u003C\u002Fh3>\n\u003Cp>For more info check out the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fsurror.com\u002F\" rel=\"nofollow ugc\">surror.com\u003C\u002Fa> official website.\u003C\u002Fli>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fsurror.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact Me\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fsurror.com\u002Fdoc\u002Ffree-asset-library\u002F\" rel=\"nofollow ugc\">Getting started guide\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Other my \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch\u002Fsurror\u002F\" rel=\"ugc\">WordPress Plugins\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Make a \u003Ca href=\"https:\u002F\u002Fwww.paypal.me\u002Fmwaghmare7\u002F\" rel=\"nofollow ugc\">small donation\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Free Assets Library is the #1 WordPress plugin which provides 600 Million FREE Images with 90,000+ downloads 🚀",4000,114236,88,11,"2023-11-19T21:14:00.000Z","6.3.8","4.4",[20,177,21,89,178],"openverse","stock-images","https:\u002F\u002Fsurror.com\u002Ffree-asset-library\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffree-images.2.2.1.zip",85,{"attackSurface":183,"codeSignals":239,"taintFlows":328,"riskAssessment":378,"analyzedAt":392},{"hooks":184,"ajaxHandlers":235,"restRoutes":236,"shortcodes":237,"cronEvents":238,"entryPointCount":27,"unprotectedCount":27},[185,192,195,199,205,208,212,216,220,224,228,231],{"type":186,"name":187,"callback":188,"priority":189,"file":190,"line":191},"action","admin_init","add_notice",5,"class-user-photo-upgrade-notice.php",24,{"type":186,"name":187,"callback":193,"priority":189,"file":190,"line":194},"set_no_bug",25,{"type":186,"name":196,"callback":197,"file":190,"line":198},"admin_notices","display_admin_notice",34,{"type":200,"name":201,"callback":202,"priority":203,"file":204,"line":25},"filter","get_avatar","userphoto_filter_get_avatar",10,"user-photo.php",{"type":186,"name":206,"callback":207,"file":204,"line":13},"init","userphoto__init",{"type":186,"name":209,"callback":210,"file":204,"line":211},"profile_update","userphoto_profile_update",510,{"type":186,"name":213,"callback":214,"file":204,"line":215},"delete_user","userphoto_delete_user",528,{"type":186,"name":217,"callback":218,"file":204,"line":219},"admin_head-options_page_user-photo\u002Fuser-photo","userphoto_admin_options_head",539,{"type":186,"name":221,"callback":222,"file":204,"line":223},"admin_head","userphoto_admin_useredit_head",540,{"type":186,"name":225,"callback":226,"file":204,"line":227},"show_user_profile","userphoto_display_selector_fieldset",673,{"type":186,"name":229,"callback":226,"file":204,"line":230},"edit_user_profile",674,{"type":186,"name":232,"callback":233,"file":204,"line":234},"admin_menu","userphoto_add_page",682,[],[],[],[],{"dangerousFunctions":240,"sqlUsage":241,"outputEscaping":243,"fileOperations":244,"externalRequests":27,"nonceChecks":26,"capabilityChecks":326,"bundledLibraries":327},[],{"prepared":26,"raw":27,"locations":242},[],{"escaped":244,"rawEcho":245,"locations":246},8,39,[247,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324],{"file":190,"line":248,"context":249},49,"raw output",{"file":204,"line":251,"context":249},277,{"file":204,"line":253,"context":249},282,{"file":204,"line":255,"context":249},287,{"file":204,"line":257,"context":249},292,{"file":204,"line":259,"context":249},308,{"file":204,"line":261,"context":249},323,{"file":204,"line":263,"context":249},611,{"file":204,"line":265,"context":249},614,{"file":204,"line":267,"context":249},621,{"file":204,"line":269,"context":249},627,{"file":204,"line":271,"context":249},636,{"file":204,"line":273,"context":249},639,{"file":204,"line":275,"context":249},742,{"file":204,"line":277,"context":249},746,{"file":204,"line":279,"context":249},747,{"file":204,"line":281,"context":249},748,{"file":204,"line":283,"context":249},749,{"file":204,"line":285,"context":249},753,{"file":204,"line":287,"context":249},754,{"file":204,"line":289,"context":249},755,{"file":204,"line":291,"context":249},756,{"file":204,"line":293,"context":249},760,{"file":204,"line":295,"context":249},763,{"file":204,"line":297,"context":249},764,{"file":204,"line":299,"context":249},768,{"file":204,"line":301,"context":249},771,{"file":204,"line":303,"context":249},772,{"file":204,"line":305,"context":249},776,{"file":204,"line":307,"context":249},777,{"file":204,"line":309,"context":249},778,{"file":204,"line":311,"context":249},779,{"file":204,"line":313,"context":249},783,{"file":204,"line":315,"context":249},791,{"file":204,"line":317,"context":249},794,{"file":204,"line":319,"context":249},799,{"file":204,"line":321,"context":249},800,{"file":204,"line":323,"context":249},805,{"file":204,"line":325,"context":249},816,1,[],[329,364],{"entryPoint":330,"graph":331,"unsanitizedCount":27,"severity":363},"userphoto_options_page (user-photo.php:684)",{"nodes":332,"edges":358},[333,338,344,348,352,356],{"id":334,"type":335,"label":336,"file":204,"line":337},"n0","source","$_POST (x7)",698,{"id":339,"type":340,"label":341,"file":204,"line":342,"wp_function":343},"n1","sink","update_option() [Settings Manipulation]",699,"update_option",{"id":345,"type":335,"label":346,"file":204,"line":347},"n2","$_SERVER['REQUEST_URI']",734,{"id":349,"type":340,"label":350,"file":204,"line":347,"wp_function":351},"n3","echo() [XSS]","echo",{"id":353,"type":335,"label":354,"file":204,"line":355},"n4","$_POST (x3)",701,{"id":357,"type":340,"label":350,"file":204,"line":279,"wp_function":351},"n5",[359,361,362],{"from":334,"to":339,"sanitized":360},true,{"from":345,"to":349,"sanitized":360},{"from":353,"to":357,"sanitized":360},"low",{"entryPoint":365,"graph":366,"unsanitizedCount":27,"severity":363},"\u003Cuser-photo> (user-photo.php:0)",{"nodes":367,"edges":374},[368,369,370,371,372,373],{"id":334,"type":335,"label":336,"file":204,"line":337},{"id":339,"type":340,"label":341,"file":204,"line":342,"wp_function":343},{"id":345,"type":335,"label":346,"file":204,"line":347},{"id":349,"type":340,"label":350,"file":204,"line":347,"wp_function":351},{"id":353,"type":335,"label":354,"file":204,"line":355},{"id":357,"type":340,"label":350,"file":204,"line":279,"wp_function":351},[375,376,377],{"from":334,"to":339,"sanitized":360},{"from":345,"to":349,"sanitized":360},{"from":353,"to":357,"sanitized":360},{"summary":379,"deductions":380},"The user-photo plugin version 0.9.10 presents a mixed security posture. On the positive side, the static analysis reveals a very limited attack surface with no apparent direct entry points like AJAX handlers, REST API routes, or shortcodes that are unprotected. Furthermore, all identified SQL queries are properly prepared, and there are no critical or high-severity taint flows, suggesting good data handling in these areas.  The plugin also implements some nonce and capability checks, which are essential security mechanisms.\n\nHowever, significant concerns arise from the output escaping and the plugin's historical vulnerability record. Only 17% of output operations are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. This is directly corroborated by its vulnerability history, which includes two past CVEs, one of which was a high-severity XSS issue. The absence of recent vulnerabilities might suggest the plugin has not been actively maintained or tested in recent years, especially considering the last vulnerability was in 2012. The file operation count, while not inherently problematic, warrants careful consideration given the past unrestricted upload vulnerability type.\n\nIn conclusion, while the current static analysis does not reveal immediate critical vulnerabilities in terms of attack surface or data handling, the poor output escaping and the history of severe vulnerabilities, particularly XSS and unrestricted uploads, present a substantial ongoing risk. The lack of recent updates and the dated vulnerability history are strong indicators that this plugin should be treated with caution and ideally updated or replaced.",[381,384,386,388,390],{"reason":382,"points":383},"Low output escaping percentage",15,{"reason":385,"points":383},"History of high severity CVEs",{"reason":387,"points":203},"History of medium severity CVEs",{"reason":389,"points":203},"Past unrestricted file upload vulnerability type",{"reason":391,"points":189},"Dated vulnerability history (2012)","2026-03-16T18:17:25.902Z",{"wat":394,"direct":403},{"assetPaths":395,"generatorPatterns":398,"scriptPaths":399,"versionParams":400},[396,397],"\u002Fwp-content\u002Fplugins\u002Fuser-photo\u002Fcss\u002Fuser-photo.css","\u002Fwp-content\u002Fplugins\u002Fuser-photo\u002Fjs\u002Fuser-photo.js",[],[397],[401,402],"user-photo\u002Fcss\u002Fuser-photo.css?ver=","user-photo\u002Fjs\u002Fuser-photo.js?ver=",{"cssClasses":404,"htmlComments":407,"htmlAttributes":408,"restEndpoints":416,"jsGlobals":417,"shortcodeOutput":420},[405,406],"userphoto-avatar","photo",[],[409,410,411,412,413,414,415],"userphoto_approvalstatus","userphoto_image_file","userphoto_thumb_file","userphoto_image_width","userphoto_thumb_width","userphoto_image_height","userphoto_thumb_height",[],[418,419],"userphoto_using_avatar_fallback","userphoto_prevent_override_avatar",[]]