[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxzqKyKfTvQZOmVQ4MJR5vqYcnQwt3K1XcEo730J7ouY":3},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":20,"security_score":21,"vuln_count":12,"unpatched_count":12,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":30,"analysis":31,"fingerprints":112},"video-flv-converter","1.0","niroshan","https:\u002F\u002Fprofiles.wordpress.org\u002Fniroshan\u002F","\u003Cp>This plugin will convert all the video files which you will upload through media manager, to .flv format. Once this is installed you dont have to worry about the large file\u003Cbr \u002F>\nsize since when converting to flv it will reduce the file size as well.\u003C\u002Fp>\n\u003Cp>video-flv-converter to work properly following pre-requirements need to be there in the server.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Server should support \u003Cstrong>ffmpeg\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>PHP need to be compiled with \u003Cstrong>ffmpeg-PHP extension\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n","This plugin will convert all your uploaded video files into .flv format enhance the performance and to reduce the file size.",20,5246,0,"2010-02-11T09:37:00.000Z","2.9.2","2.9.1","",[18,19],"flv-converter","video-converter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvideo-flv-converter.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":6,"display_name":6,"profile_url":7,"plugin_count":26,"total_installs":10,"avg_security_score":21,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},1,30,84,"2026-04-05T01:56:40.394Z",[],{"attackSurface":32,"codeSignals":47,"taintFlows":59,"riskAssessment":95,"analyzedAt":111},{"hooks":33,"ajaxHandlers":43,"restRoutes":44,"shortcodes":45,"cronEvents":46,"entryPointCount":12,"unprotectedCount":12},[34,40],{"type":35,"name":36,"callback":37,"file":38,"line":39},"action","edit_attachment","fileuploads","video-flv-converter.php",67,{"type":35,"name":41,"callback":37,"file":38,"line":42},"add_attachment",68,[],[],[],[],{"dangerousFunctions":48,"sqlUsage":53,"outputEscaping":56,"fileOperations":26,"externalRequests":12,"nonceChecks":12,"capabilityChecks":12,"bundledLibraries":58},[49],{"fn":50,"file":38,"line":51,"context":52},"exec",44,"exec($str);",{"prepared":54,"raw":12,"locations":55},8,[],{"escaped":12,"rawEcho":12,"locations":57},[],[],[60,77],{"entryPoint":61,"graph":62,"unsanitizedCount":26,"severity":76},"fileuploads (video-flv-converter.php:10)",{"nodes":63,"edges":73},[64,69],{"id":65,"type":66,"label":67,"file":38,"line":68},"n0","source","$_SERVER",24,{"id":70,"type":71,"label":72,"file":38,"line":51,"wp_function":50},"n1","sink","exec() [RCE]",[74],{"from":65,"to":70,"sanitized":75},false,"critical",{"entryPoint":78,"graph":79,"unsanitizedCount":94,"severity":76},"\u003Cvideo-flv-converter> (video-flv-converter.php:0)",{"nodes":80,"edges":91},[81,82,83,86],{"id":65,"type":66,"label":67,"file":38,"line":68},{"id":70,"type":71,"label":72,"file":38,"line":51,"wp_function":50},{"id":84,"type":66,"label":85,"file":38,"line":68},"n2","$_SERVER (x2)",{"id":87,"type":71,"label":88,"file":38,"line":89,"wp_function":90},"n3","query() [SQLi]",51,"query",[92,93],{"from":65,"to":70,"sanitized":75},{"from":84,"to":87,"sanitized":75},3,{"summary":96,"deductions":97},"The \"video-flv-converter\" v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and ensuring all outputs are properly escaped.  Furthermore, it has no recorded vulnerability history, suggesting a stable codebase in terms of publicly known exploits.  However, the static analysis reveals significant concerns that outweigh these strengths. The presence of the `exec` function is a critical red flag, as it can be exploited for arbitrary command execution if not properly secured. Compounding this is the taint analysis, which identifies two flows with unsanitized paths resulting in critical severity. This strongly indicates a risk of remote code execution or command injection, potentially allowing attackers to compromise the server. The absence of any nonce or capability checks across all identified entry points further exacerbates these risks, meaning that if an attacker can trigger these sensitive functions, they likely won't require any authentication or special privileges.",[98,101,104,106,108],{"reason":99,"points":100},"Critical severity unsanitized path flows",15,{"reason":102,"points":103},"Dangerous function 'exec' present",12,{"reason":105,"points":54},"No nonce checks on entry points",{"reason":107,"points":54},"No capability checks on entry points",{"reason":109,"points":110},"File operations present without auth",5,"2026-03-16T23:00:40.771Z",{"wat":113,"direct":118},{"assetPaths":114,"generatorPatterns":115,"scriptPaths":116,"versionParams":117},[],[],[],[],{"cssClasses":119,"htmlComments":120,"htmlAttributes":121,"restEndpoints":122,"jsGlobals":123,"shortcodeOutput":124},[],[],[],[],[],[]]