[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgww_VZjRo3hO1ZjWbVuFAkO2O9Db8yp4a85Wz3KqvOs":3,"$fYSwme6nOIsULk4sjJYf33dFNz9pV1vPOTgJL5XYbFXA":330,"$fuhAwbNFF9GrhPy6gVSoB2CHFI25cO9SCw-Hx2USvt6U":335},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":36,"analysis":140,"fingerprints":291},"website-thumbshots","Thumbshots plugin","1.4.6","sam2kb","https:\u002F\u002Fprofiles.wordpress.org\u002Fsam2kb\u002F","\u003Cp>This plugin allows any user to add previews of websites right in the content of their posts using a simple [thumb]http:\u002F\u002Fdomain.com[\u002Fthumb] format. Users may also “optionally” turn on mouseover previews. No purchase or registration is required to use the plugin. Optional upgrade enables PRO features such as “Full-length Captures”, “Free Width Captures” and “Refresh on Demand”.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Easily embed website previews in posts\u003C\u002Fli>\n\u003Cli>Flexible caching system allows you to store retrieved screenshots on your server\u003C\u002Fli>\n\u003Cli>[opt] Display custom images for queued or error thumbshots\u003C\u002Fli>\n\u003Cli>[opt] Display thumbshot URLs in a safe manner without linking them directly to the target website\u003C\u002Fli>\n\u003Cli>[opt] Display mouseover header preview over thumbshots\u003C\u002Fli>\n\u003Cli>[opt] Display mouseover pop-up preview over external links in your posts\u003C\u002Fli>\n\u003Cli>[opt] Utilize several Thumbshots.RU PRO features\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Take a look at Thumbshots.RU for more information (http:\u002F\u002Fwww.thumbshots.ru\u002Fen\u002F “Website screenshots provider”).\u003C\u002Fp>\n","This plugin uses the Thumbshots.RU API to replace special tags in posts with website screenshots. Note: This plugin is no longer maintained.",10,3984,30,2,"2020-05-13T04:57:00.000Z","3.5.2","2.0","",[20,21,22,23,24],"snapshot","thumbshot","website-preview","website-screenshot","website-thumbnail","http:\u002F\u002Fwww.thumbshots.ru\u002Fen\u002Fwebsite-thumbshots-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebsite-thumbshots.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":13,"trust_score":34,"computed_at":35},84,"2026-05-20T07:42:23.841Z",[37,63,81,98,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":60,"last_vuln_date":61,"fetched_at":62},"shrinktheweb-website-preview-plugin","ShrinkTheWeb (STW) Website Previews Plugin","2.8.5","puravida1976","https:\u002F\u002Fprofiles.wordpress.org\u002Fpuravida1976\u002F","\u003Cp>This plugin allows any WordPress user to \u003Cstrong>easily add thumbnail previews\u003C\u002Fstrong> of websites right in the content of their posts using a simple \u003Ccode>[stwthumb]http:\u002F\u002Fwww.yourwebsite.com[\u002Fstwthumb]\u003C\u002Fcode> format. Loads of examples are available within the plugin documentation (you’ll see it when you activate the plugin).\u003C\u002Fp>\n\u003Cp>The plugin requires a free or paid account from the thumbnail provider service \u003Ca href=\"https:\u002F\u002Fshrinktheweb.com\u002F\" rel=\"nofollow ugc\">ShrinkTheWeb.com\u003C\u002Fa>. No purchase is required to use the plugin or the free service.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cool Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily embed web page screenshots anywhere using shortcode!\u003C\u002Fli>\n\u003Cli>So simple to use with TinyMCE shortcode helper!\u003C\u002Fli>\n\u003Cli>Supports caching screenshots locally\u003C\u002Fli>\n\u003Cli>Plenty of examples in the plugin documentation\u003C\u002Fli>\n\u003Cli>Custom screenshot image quality\u003C\u002Fli>\n\u003Cli>Enable mouseover (hover) screenshot previews\u003C\u002Fli>\n\u003Cli>Alt and Title attributes support via shortcodes\u003C\u002Fli>\n\u003Cli>Custom filename option support via shortcode for SEO purposes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported ShrinkTheWeb PRO features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display “Inside Pages” or full URLs (Upgrade required)\u003Cbr \u002F>\n…rather than just the homepage of a domain.\u003C\u002Fli>\n\u003Cli>Full-Length screenshot captures (Upgrade required)\u003C\u002Fli>\n\u003Cli>Custom Size screenshot captures (Upgrade required)\u003C\u002Fli>\n\u003Cli>Custom Browser Resolution (Upgrade required)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Take a look at ShrinkTheWeb for more information \u003Ca href=\"https:\u002F\u002Fshrinktheweb.com\u002F\" title=\"Automated Website Preview Provider\" rel=\"nofollow ugc\">Shrink The Web\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Donate\u003C\u002Fh4>\n\u003Cp>Did this plugin get you out of trouble? Please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=ZBNAT7HJACUAG&lc=US&item_name=ShrinkTheWeb&no_note=0&cn=Add%20special%20instructions%20to%20the%20seller%3a&no_shipping=1&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a small donation\u003C\u002Fa> to thank the developer for their time.\u003C\u002Fp>\n","This plugin accesses the ShrinkTheWeb API to automatically replace special tags in posts with website screenshots, where desired.",70,19782,74,6,"2017-08-04T04:53:00.000Z","4.8.28","2.9",[53,54,20,55,56],"preview","screenshot","thumbnails","website-screenshots","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fshrinktheweb-website-preview-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshrinktheweb-website-preview-plugin.2.8.5.zip",63,1,"2025-09-22 00:00:00","2026-04-16T10:56:18.058Z",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":11,"downloaded":71,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":77,"download_link":78,"security_score":79,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":80},"apercite","Apercite","1.0.3","Francis","https:\u002F\u002Fprofiles.wordpress.org\u002Ffrancis-besset\u002F","\u003Cp>The aim of this plugin is to display a thumbnail when hovering over a link in the blog posts.\u003C\u002Fp>\n\u003Cp>Thumbnails are generated by the Apercite service ( http:\u002F\u002Fwww.apercite.fr\u002Fen\u002F ). The thumbnail is generated in 20 seconds.\u003Cbr \u002F>\nYou can choose the thumbnail size between 19 predefined sizes. You also have the ability to enable or disable JavaScript and Java when generating the thumbnail.\u003C\u002Fp>\n\u003Cp>If you have a valid subsciption to the Apercite service, you can fill in you login and API key to request the update of the thumbnails. To do so, you need to tick the box in the edition interface of each post.\u003C\u002Fp>\n\u003Cp>Feel free to contact me if you need help in finding the appropriate CSS attributes to display the thumbnails on your blog (don’t forget to mention the blog URL).\u003C\u002Fp>\n","The aim of this plugin is to display a thumbnail when hovering over a link in the blog posts.",2634,"3.0.5","2.8",[64,20,75,21,76],"thumbnail","widget","http:\u002F\u002Fwww.apercite.fr\u002Fen\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapercite.1.0.3.zip",100,"2026-03-15T10:48:56.248Z",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":11,"downloaded":89,"rating":28,"num_ratings":28,"last_updated":90,"tested_up_to":91,"requires_at_least":73,"requires_php":18,"tags":92,"homepage":96,"download_link":97,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":62},"thumbshots","Tribulant Thumbshots","1.0.2.1","Tribulant Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fcontrid\u002F","\u003Cp>Quickly insert a thumbshot of any website with a shortcode and a URL as a parameter into any WordPress post\u002Fpage. This plugin makes use of the Thumbshots.com service and can be used with either a free or a paid account.\u003C\u002Fp>\n\u003Cp>Thanks to Ian Blackford from \u003Ca href=\"http:\u002F\u002Fwww.designconscious.com\u002F\" rel=\"nofollow ugc\">Design Conscious\u003C\u002Fa> for the initial concept and funding of the plugin.\u003C\u002Fp>\n","Put website screenshots into any WordPress post\u002Fpage with a shortcode and a URL as parameter.",4507,"2014-09-09T09:39:00.000Z","4.0.38",[93,82,94,56,95],"screenshots","urls","websites","http:\u002F\u002Ftribulant.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthumbshots.1.0.2.1.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":79,"num_ratings":14,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":18,"download_link":117,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":62},"wpvivid-snapshot-database","Database Snapshots – WPvivid","0.9.4","wpvividplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpvividplugins\u002F","\u003Cp>WPvivid Database Snapshots allows you to quickly create snapshots of all tables in your WordPress database.\u003C\u002Fp>\n\u003Ch4>Why Use Database Snapshots?\u003C\u002Fh4>\n\u003Cp>Making a database snapshot is much faster than making a database backup. If you need a quicker rollback solution for safely testing WordPress database-related changes, use a snapshot.\u003C\u002Fp>\n\u003Cp>A snapshot contains database only. If you need to back up the full site or files, you can use our free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpvivid-backuprestore\u002F\" rel=\"ugc\">WPvivid Backup Plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Features Spotlight\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create a snapshot of WordPress database\u003C\u002Fli>\n\u003Cli>Create multiple snapshots\u003C\u002Fli>\n\u003Cli>Comment a snapshot\u003C\u002Fli>\n\u003Cli>Set up a retention for snapshots\u003C\u002Fli>\n\u003Cli>Restore the database from a snapshot\u003C\u002Fli>\n\u003Cli>More features are coming soon\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Minimum Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Character Encoding UTF-8\u003C\u002Fli>\n\u003Cli>PHP version 5.3\u003C\u002Fli>\n\u003Cli>MySQL version 4.1\u003C\u002Fli>\n\u003Cli>WordPress 4.5\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We offer free support at the support forum for WPvivid Database Snapshots on WordPress.org.\u003C\u002Fp>\n\u003Ch3>Installation and Uninstallation\u003C\u002Fh3>\n\u003Ch4>Install WPvivid Database Snapshot\u003C\u002Fh4>\n\u003Cp>1.Go to your sites admin dashboard.\u003Cbr \u002F>\n2.Navigate to Plugin Menu and search for WPvivid Database Snapshots.\u003Cbr \u002F>\n3.Click Install Now then click Activate Plugin.\u003C\u002Fp>\n\u003Ch4>Uninstall WPvivid Database Snapshot\u003C\u002Fh4>\n\u003Cp>1.Click Deactivate from the Plugin Menu.\u003Cbr \u002F>\n2.Click Delete.\u003C\u002Fp>\n\u003Ch3>Privacy Policy and GDPR Compliance\u003C\u002Fh3>\n\u003Cp>WPvivid Database Snapshots is created and operated with full respect and protection of users personal information, and is in full compliance with General Data Protection Regulation(GDPR). Check out the following content to know the details:\u003C\u002Fp>\n\u003Ch4>What personal data can WPvivid Database Snapshots access and how is the data processed?\u003C\u002Fh4>\n\u003Cp>The free version of WPvivid Database Snapshots is only available to download from WordPress plugin repository. Thus, all the data related to the updates of the versions as well as the support forum for WPvivid Database Snapshots on WordPress.org is held by WordPress.org.\u003Cbr \u002F>\nIn addition, the implementations of creating snapshots and restoring the database from snapshots happen completely on your website server, there are no data come across any of our servers in the whole process.\u003Cbr \u002F>\nThe only personal data currently we can access are the contact data when you contact us by email, which may include your name, email address and other contact details. The data will only be used for the purposes of handling and resolving your enquiry.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>WPvivid Database Snapshots is licensed under GPL version 3 or later.\u003Cbr \u002F>\nThis program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details:\u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.en.html\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.en.html\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contact us\u003C\u002Fh3>\n\u003Cp>Feel free to let us know how we can help using the support forum for WPvivid Database Snapshots on WordPress.org or our \u003Ca href=\"https:\u002F\u002Fwpvivid.com\u002Fcontact-us\" rel=\"nofollow ugc\">contact form\u003C\u002Fa>.\u003C\u002Fp>\n","Create snapshots of a WordPress database quickly.",1000,16353,"2023-04-11T02:24:00.000Z","6.2.9","4.5","5.3",[113,114,115,116,20],"database-restore","database-rollback","database-snapshot","rollback","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpvivid-snapshot-database.0.9.4.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":79,"downloaded":126,"rating":79,"num_ratings":60,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":136,"download_link":137,"security_score":138,"vuln_count":60,"unpatched_count":28,"last_vuln_date":139,"fetched_at":62},"stock-snapshot-for-woocommerce","Stock History & Reports Manager for WooCommerce","2.2.3","WPFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpcodefactory\u002F","\u003Cp>\u003Cstrong>Stock History & Reports Manager for WooCommerce\u003C\u002Fstrong> plugin lets you keep track of your products stock in WooCommerce.\u003C\u002Fp>\n\u003Ch3>✅ Main Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically take your products \u003Cstrong>stock snapshots\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Customize snapshots \u003Cstrong>time interval\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>View and export \u003Cstrong>product’s stock history\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>View \u003Cstrong>all stock snapshots history\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Use \u003Cstrong>shortcode\u003C\u002Fstrong> to display \u003Cstrong>recently restocked products\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Optionally set up \u003Cstrong>system cron\u003C\u002Fstrong> for the snapshots.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🏆 Premium Version\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpfactory.com\u002Fitem\u002Fstock-snapshot-for-woocommerce\u002F\" rel=\"nofollow ugc\">Stock History & Reports Manager for WooCommerce Pro\u003C\u002Fa> plugin version allows you to get stock snapshot \u003Cstrong>emails\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>🗘 Feedback\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We are open to your suggestions and feedback.\u003C\u002Fli>\n\u003Cli>Thank you for using or trying out one of our plugins!\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfactory.com\u002Fitem\u002Fstock-snapshot-for-woocommerce\u002F\" rel=\"nofollow ugc\">Visit plugin site\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>ℹ More\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The plugin is \u003Cstrong>“High-Performance Order Storage (HPOS)”\u003C\u002Fstrong> compatible.\u003C\u002Fli>\n\u003C\u002Ful>\n","Keep track of your products stock in WooCommerce.",4518,"2025-10-10T20:29:00.000Z","6.8.5","5.0",[131,132,133,134,135],"product-stock","stock","stock-history","stock-snapshot","woocommerce","https:\u002F\u002Fwpfactory.com\u002Fitem\u002Fstock-snapshot-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstock-snapshot-for-woocommerce.2.2.3.zip",99,"2025-10-10 20:52:10",{"attackSurface":141,"codeSignals":179,"taintFlows":246,"riskAssessment":273,"analyzedAt":290},{"hooks":142,"ajaxHandlers":162,"restRoutes":170,"shortcodes":171,"cronEvents":177,"entryPointCount":178,"unprotectedCount":14},[143,149,151,154,157],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","init","anonymous","thumbshots.plugin.php",71,{"type":144,"name":150,"callback":146,"file":147,"line":47},"admin_menu",{"type":144,"name":152,"callback":146,"file":147,"line":153},"wp_head",75,{"type":144,"name":155,"callback":146,"file":147,"line":156},"dbx_post_sidebar",78,{"type":158,"name":159,"callback":160,"priority":11,"file":147,"line":161},"filter","plugin_action_links","add_action_links",81,[163,167],{"action":164,"nopriv":165,"callback":146,"hasNonce":165,"hasCapCheck":165,"file":147,"line":166},"thumb_reload",false,72,{"action":168,"nopriv":165,"callback":146,"hasNonce":165,"hasCapCheck":165,"file":147,"line":169},"clear_thumb_cache",73,[],[172,176],{"tag":173,"callback":174,"file":147,"line":175},"thumb","parse_shortcode",62,{"tag":21,"callback":174,"file":147,"line":59},[],4,{"dangerousFunctions":180,"sqlUsage":208,"outputEscaping":210,"fileOperations":244,"externalRequests":60,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":245},[181,186,187,192,196,199,202,205],{"fn":182,"file":183,"line":184,"context":185},"unserialize","inc\u002F_plugin-helper.class.php",91,"if( @unserialize($option) !== false ) return unserialize($option);",{"fn":182,"file":183,"line":184,"context":185},{"fn":188,"file":189,"line":190,"context":191},"set_time_limit","inc\u002F_thumbshots.class.php",285,"set_time_limit(30); \u002F\u002F 30 sec",{"fn":193,"file":189,"line":194,"context":195},"ini_set",287,"ini_set( 'max_execution_time', '30' );",{"fn":193,"file":189,"line":197,"context":198},288,"ini_set( 'max_input_time', '30' );",{"fn":193,"file":189,"line":200,"context":201},497,"ini_set( 'memory_limit', '400M' );",{"fn":193,"file":189,"line":203,"context":204},741,"@ini_set( 'user_agent', $this->_name.' v'.$this->_version.' (+http:\u002F\u002Fwww.thumbshots.ru)' );",{"fn":193,"file":189,"line":206,"context":207},1129,"@ini_set('memory_limit', '500M'); \u002F\u002F artificially inflate memory if we can",{"prepared":28,"raw":28,"locations":209},[],{"escaped":28,"rawEcho":211,"locations":212},15,[213,216,218,220,222,224,226,228,230,232,234,236,238,240,242],{"file":183,"line":214,"context":215},194,"raw output",{"file":183,"line":217,"context":215},238,{"file":183,"line":219,"context":215},242,{"file":183,"line":221,"context":215},290,{"file":183,"line":223,"context":215},291,{"file":183,"line":225,"context":215},297,{"file":183,"line":227,"context":215},318,{"file":189,"line":229,"context":215},159,{"file":189,"line":231,"context":215},665,{"file":147,"line":233,"context":215},336,{"file":147,"line":235,"context":215},538,{"file":147,"line":237,"context":215},550,{"file":147,"line":239,"context":215},557,{"file":147,"line":241,"context":215},759,{"file":147,"line":243,"context":215},765,19,[],[247,265],{"entryPoint":248,"graph":249,"unsanitizedCount":60,"severity":264},"display_exit_page (thumbshots.plugin.php:712)",{"nodes":250,"edges":262},[251,256],{"id":252,"type":253,"label":254,"file":147,"line":255},"n0","source","$_GET",740,{"id":257,"type":258,"label":259,"file":147,"line":260,"wp_function":261},"n1","sink","file_get_contents() [SSRF\u002FLFI]",747,"file_get_contents",[263],{"from":252,"to":257,"sanitized":165},"medium",{"entryPoint":266,"graph":267,"unsanitizedCount":60,"severity":264},"\u003Cthumbshots.plugin> (thumbshots.plugin.php:0)",{"nodes":268,"edges":271},[269,270],{"id":252,"type":253,"label":254,"file":147,"line":255},{"id":257,"type":258,"label":259,"file":147,"line":260,"wp_function":261},[272],{"from":252,"to":257,"sanitized":165},{"summary":274,"deductions":275},"The \"website-thumbshots\" plugin v1.4.6 presents a mixed security posture. While it demonstrates good practice by exclusively using prepared statements for SQL queries and has no recorded vulnerability history, several critical security concerns are evident in the static analysis.  The absence of any nonce or capability checks on its entry points, particularly the two unprotected AJAX handlers, is a significant weakness. This directly exposes the plugin to potential Cross-Site Request Forgery (CSRF) attacks or unauthorized actions by unauthenticated users.\n\nThe presence of dangerous functions like `unserialize`, `set_time_limit`, and `ini_set` without adequate input validation or sanitization, coupled with taint analysis revealing two flows with unsanitized paths, strongly suggests a risk of arbitrary code execution or denial-of-service vulnerabilities. Furthermore, 100% of output is unescaped, opening the door to Cross-Site Scripting (XSS) attacks when user-supplied data is displayed. The plugin's attack surface is relatively small, but the unprotected nature of a portion of it and the identified code signals demand significant attention.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and secure SQL handling, the lack of robust authentication and authorization on its AJAX endpoints, combined with risky function usage and unescaped output, creates substantial security risks. Remediation efforts should prioritize input sanitization, output escaping, and the implementation of proper nonce and capability checks for all entry points to mitigate these vulnerabilities.",[276,278,281,283,285,288],{"reason":277,"points":11},"Unprotected AJAX handlers",{"reason":279,"points":280},"Unescaped output detected",8,{"reason":282,"points":11},"Flows with unsanitized paths",{"reason":284,"points":280},"Dangerous functions without checks",{"reason":286,"points":287},"Missing nonce checks",7,{"reason":289,"points":287},"Missing capability checks","2026-04-16T11:50:09.679Z",{"wat":292,"direct":303},{"assetPaths":293,"generatorPatterns":297,"scriptPaths":298,"versionParams":299},[294,295,296],"\u002Fwp-content\u002Fplugins\u002Fwebsite-thumbshots\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fwebsite-thumbshots\u002Fjs\u002Fjquery.hoverIntent.min.js","\u002Fwp-content\u002Fplugins\u002Fwebsite-thumbshots\u002Fjs\u002Fthumbshots-script.js",[],[295,296],[300,301,302],"website-thumbshots\u002Fcss\u002Fstyles.css?ver=","website-thumbshots\u002Fjs\u002Fjquery.hoverIntent.min.js?ver=","website-thumbshots\u002Fjs\u002Fthumbshots-script.js?ver=",{"cssClasses":304,"htmlComments":307,"htmlAttributes":312,"restEndpoints":319,"jsGlobals":320,"shortcodeOutput":325},[305,306],"thumbshot-img","thumbshot-preview",[308,309,310,311],"\u003C!-- website thumbshots plugin -->","\u003C!-- website thumbshots API -->","\u003C!-- website thumbshots script -->","\u003C!-- website thumbshots css -->",[313,314,315,316,317,318],"data-thumbshot-id","data-thumbshot-url","data-thumbshot-width","data-thumbshot-height","data-thumbshot-quality","data-thumbshot-link",[],[321,322,323,324],"thumbshots_reload_urls","thumbshots_clear_cache_url","thumbshots_ajax_url","thumbshots_plugin_options",[326,327,328,329],"\u003Cimg class=\"thumbshot-img\" src=\"","\u003Ca href=\"","\u003Cimg src=\"","\u003Ca class=\"thumbshot-img\" href=\"",{"error":331,"url":332,"statusCode":333,"statusMessage":334,"message":334},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwebsite-thumbshots\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":178,"versions":336},[337,344,351,358],{"version":338,"download_url":339,"svn_tag_url":340,"released_at":29,"has_diff":165,"diff_files_changed":341,"diff_lines":29,"trac_diff_url":342,"vulnerabilities":343,"is_current":165},"1.4.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebsite-thumbshots.1.4.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwebsite-thumbshots\u002Ftags\u002F1.4.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwebsite-thumbshots%2Ftags%2F1.4.2&new_path=%2Fwebsite-thumbshots%2Ftags%2F1.4.3",[],{"version":345,"download_url":346,"svn_tag_url":347,"released_at":29,"has_diff":165,"diff_files_changed":348,"diff_lines":29,"trac_diff_url":349,"vulnerabilities":350,"is_current":165},"1.4.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebsite-thumbshots.1.4.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwebsite-thumbshots\u002Ftags\u002F1.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwebsite-thumbshots%2Ftags%2F1.4.1&new_path=%2Fwebsite-thumbshots%2Ftags%2F1.4.2",[],{"version":352,"download_url":353,"svn_tag_url":354,"released_at":29,"has_diff":165,"diff_files_changed":355,"diff_lines":29,"trac_diff_url":356,"vulnerabilities":357,"is_current":165},"1.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebsite-thumbshots.1.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwebsite-thumbshots\u002Ftags\u002F1.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwebsite-thumbshots%2Ftags%2F1.4.0&new_path=%2Fwebsite-thumbshots%2Ftags%2F1.4.1",[],{"version":359,"download_url":360,"svn_tag_url":361,"released_at":29,"has_diff":165,"diff_files_changed":362,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":363,"is_current":165},"1.4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebsite-thumbshots.1.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwebsite-thumbshots\u002Ftags\u002F1.4.0\u002F",[],[]]