[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4ekcVNdbbFWMjk6nqwj0Hdm91yjkynJiTHQBRVwvlDA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":55,"fingerprints":206},"wp-copy-media-url","WP Copy Media URL","2.1","Ashish Ajani","https:\u002F\u002Fprofiles.wordpress.org\u002Fashishajani\u002F","\u003Cp>Often we need to copy URL of any media (image, video, document, etc…) and for that we have to go to the media library and copy URL from the input. This WordPress plugin will make this process easier by providing a button to copy media URL by just a single click. Once the plugin installed, button will appear in Media Grid View, Media List View, Attachment Details popup, Add Media while add\u002Fedit post\u002Fpage and Edit Media.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Ch4>Overview\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Copy Media URL from media listing view and grid view\u003C\u002Fli>\n\u003Cli>Copy Media URL from edit media page\u003C\u002Fli>\n\u003Cli>Copy Media URL when upload new media\u003C\u002Fli>\n\u003Cli>Copy Media URL from media details popup\u003C\u002Fli>\n\u003Cli>This plugin provides settings to set copy button color and copy button text.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For further information on plugin or suggestions\u002Fcomments on how to customize the plugin please feel free to connect with me  \u003Ca href=\"https:\u002F\u002Ffreelancer-coder.com\u002Fcontact-wordpress-developer\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Ffreelancer-coder.com\u002Fcontact-wordpress-developer\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","This WordPress plugin provides ability to copy media URL with just a single click.",200,5977,100,5,"2024-02-21T06:26:00.000Z","6.4.8","4.7","7.4",[20,21,22,23,24],"copy-media","copy-media-url","one-click-copy-media-url","wordpress-copy-media","wordpress-copy-media-url","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-copy-media-url\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-copy-media-url.2.1.zip",64,1,"2025-03-31 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-31583","wp-copy-media-url-cross-site-request-forgery-to-stored-cross-site-scripting","WP Copy Media URL \u003C= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The WP Copy Media URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=2.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-08 18:35:28",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0ec84f54-5cb9-4788-ab78-4f744f0a4029?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"ashishajani",4,2610,77,103,63,"2026-04-04T04:24:20.333Z",[],{"attackSurface":56,"codeSignals":107,"taintFlows":150,"riskAssessment":195,"analyzedAt":205},{"hooks":57,"ajaxHandlers":102,"restRoutes":103,"shortcodes":104,"cronEvents":105,"entryPointCount":106,"unprotectedCount":106},[58,64,70,74,78,82,86,90,93,98],{"type":59,"name":60,"callback":61,"file":62,"line":63},"action","admin_head","wp_cmu_load_css","wp-copy-media-url.php",81,{"type":65,"name":66,"callback":67,"priority":68,"file":62,"line":69},"filter","plugin_row_meta","wp_cmu_add_meta_links",10,82,{"type":65,"name":71,"callback":72,"priority":68,"file":62,"line":73},"plugin_action_links","wp_cmu_details_link",84,{"type":65,"name":75,"callback":76,"priority":68,"file":62,"line":77},"wp_prepare_attachment_for_js","wp_cmu_filter_wp_prepare_attachment_for_js",85,{"type":59,"name":79,"callback":80,"file":62,"line":81},"print_media_templates","wp_cmu_print_media_templates",86,{"type":65,"name":83,"callback":84,"priority":68,"file":62,"line":85},"media_row_actions","wp_cmu_library_listing",88,{"type":59,"name":87,"callback":88,"file":62,"line":89},"attachment_submitbox_misc_actions","wp_cmu_on_edit_media_screen",89,{"type":59,"name":79,"callback":91,"file":62,"line":92},"wp_cmu_print_media_templates_two_column",90,{"type":59,"name":94,"callback":95,"priority":96,"file":62,"line":97},"admin_init","init_plugin",20,460,{"type":59,"name":99,"callback":100,"file":62,"line":101},"admin_menu","wp_cmu_option_menu",463,[],[],[],[],0,{"dangerousFunctions":108,"sqlUsage":109,"outputEscaping":111,"fileOperations":106,"externalRequests":106,"nonceChecks":106,"capabilityChecks":148,"bundledLibraries":149},[],{"prepared":106,"raw":106,"locations":110},[],{"escaped":48,"rawEcho":112,"locations":113},19,[114,117,119,120,122,124,125,126,128,129,131,133,134,136,138,140,142,144,146],{"file":62,"line":115,"context":116},109,"raw output",{"file":62,"line":118,"context":116},191,{"file":62,"line":118,"context":116},{"file":62,"line":121,"context":116},258,{"file":62,"line":123,"context":116},285,{"file":62,"line":123,"context":116},{"file":62,"line":123,"context":116},{"file":62,"line":127,"context":116},376,{"file":62,"line":127,"context":116},{"file":62,"line":130,"context":116},399,{"file":62,"line":132,"context":116},400,{"file":62,"line":132,"context":116},{"file":62,"line":135,"context":116},530,{"file":62,"line":137,"context":116},534,{"file":62,"line":139,"context":116},538,{"file":62,"line":141,"context":116},542,{"file":62,"line":143,"context":116},549,{"file":62,"line":145,"context":116},553,{"file":62,"line":147,"context":116},557,2,[],[151,169,181],{"entryPoint":152,"graph":153,"unsanitizedCount":106,"severity":168},"wp_cmu_display_in_listing (wp-copy-media-url.php:247)",{"nodes":154,"edges":165},[155,160],{"id":156,"type":157,"label":158,"file":62,"line":159},"n0","source","$_REQUEST",248,{"id":161,"type":162,"label":163,"file":62,"line":121,"wp_function":164},"n1","sink","echo() [XSS]","echo",[166],{"from":156,"to":161,"sanitized":167},true,"low",{"entryPoint":170,"graph":171,"unsanitizedCount":106,"severity":168},"wp_cmu_options (wp-copy-media-url.php:476)",{"nodes":172,"edges":179},[173,176],{"id":156,"type":157,"label":174,"file":62,"line":175},"$_POST[$key]",498,{"id":161,"type":162,"label":177,"file":62,"line":175,"wp_function":178},"update_option() [Settings Manipulation]","update_option",[180],{"from":156,"to":161,"sanitized":167},{"entryPoint":182,"graph":183,"unsanitizedCount":106,"severity":168},"\u003Cwp-copy-media-url> (wp-copy-media-url.php:0)",{"nodes":184,"edges":192},[185,187,188,190],{"id":156,"type":157,"label":186,"file":62,"line":159},"$_REQUEST (x2)",{"id":161,"type":162,"label":163,"file":62,"line":121,"wp_function":164},{"id":189,"type":157,"label":174,"file":62,"line":175},"n2",{"id":191,"type":162,"label":177,"file":62,"line":175,"wp_function":178},"n3",[193,194],{"from":156,"to":161,"sanitized":167},{"from":189,"to":191,"sanitized":167},{"summary":196,"deductions":197},"The wp-copy-media-url v2.1 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no identified dangerous functions, raw SQL queries, or file operations, and all SQL queries utilize prepared statements. There are also no identified flows with unsanitized paths in the taint analysis, indicating a generally clean code execution path. However, a significant concern arises from the vulnerability history, which shows one known unpatched medium severity vulnerability, specifically a Cross-Site Request Forgery (CSRF). This indicates a potential for an attacker to trick authenticated users into performing unintended actions.  Furthermore, the low percentage of properly escaped output (17%) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, although no specific flows were identified in the provided taint analysis. The absence of nonce checks and the limited capability checks (2) on the plugin's entry points also contribute to a weaker defense against certain attack vectors, especially when coupled with the existing CSRF vulnerability. Overall, while the plugin shows good practices in handling data and avoiding direct code execution vulnerabilities, the unpatched CSRF and potential XSS risks due to insufficient output escaping, coupled with a limited defense on entry points, warrant caution.",[198,201,203],{"reason":199,"points":200},"Unpatched medium severity CVE",15,{"reason":202,"points":14},"Low output escaping percentage",{"reason":204,"points":14},"No nonce checks on entry points","2026-03-16T20:24:37.520Z",{"wat":207,"direct":216},{"assetPaths":208,"generatorPatterns":211,"scriptPaths":212,"versionParams":213},[209,210],"\u002Fwp-content\u002Fplugins\u002Fwp-copy-media-url\u002Fcss\u002Fwp-copy-media-url.css","\u002Fwp-content\u002Fplugins\u002Fwp-copy-media-url\u002Fjs\u002Fwp-copy-media-url.js",[],[210],[214,215],"wp-copy-media-url\u002Fjs\u002Fwp-copy-media-url.js?ver=","wp-copy-media-url\u002Fcss\u002Fwp-copy-media-url.css?ver=",{"cssClasses":217,"htmlComments":221,"htmlAttributes":236,"restEndpoints":238,"jsGlobals":239,"shortcodeOutput":241},[218,219,220],"wp-cmu-copy-btn","wp-cmu-copy-btn-list","thumbnail-wp-cmu-copy-btn",[222,223,224,225,226,227,228,229,230,231,232,233,234,235],"\u003C!-- FOR THE RESTRICTION OF DIRECTLY ACCESS OF THE CLASS -->","\u003C!-- Plugin Activation -->","\u003C!-- Plugin deactivation -->","\u003C!-- Stores the class instance. -->","\u003C!-- Returns the instance of this class. -->","\u003C!-- Initialize the plugin. -->","\u003C!-- Initialises the WP actions. -->","\u003C!-- Load required media files -->","\u003C!-- Load css with setting -->","\u003C!-- Add plugin links -->","\u003C!-- Add Settings link -->","\u003C!-- Add Plugin Details link -->","\u003C!-- This function is used to add custom class in the grid view -->","\u003C!-- This function is used to add Copy URL link in the Media grid view -->",[237],"data-copied-text",[],[240],"wp_cmu_settings",[]]