[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fELfjc7qeVagL3VCweUiHbUOpLH-IhoLtcHvINcDdzaA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":35,"analysis":58,"fingerprints":200},"wp-easy-tools-compression","WP Easy Tools Compression","1.0","bastikikang","https:\u002F\u002Fprofiles.wordpress.org\u002Fbastikikang\u002F","\u003Cp>dietIMAGE uses smart lossy compression techniques to reduce the file size of your PNG files. By selectively decreasing the number of colours in the image, fewer bytes are required to store the data. The effect is nearly invisible but it makes a very large difference in file size!\u003C\u002Fp>\n\u003Cp>Features :\u003C\u002Fp>\n\u003Cp>Image Compression\u003Cbr \u002F>\n– Easy to compressed your media image\u003Cbr \u002F>\n– Bulk compression\u003Cbr \u002F>\n-Auto compression of your media image\u003Cbr \u002F>\n-Restore original image\u003Cbr \u002F>\n-ON\u002FOff auto compression\u003C\u002Fp>\n\u003Cp>HTML\u002FCSS and Javascript Compression\u003Cbr \u002F>\n-Compressed HTML\u002FCSS and javascript\u003Cbr \u002F>\n-On\u002FOff HTML\u002FCSS and javascript compressed\u003C\u002Fp>\n\u003Cp>WP THEME CSS\u003Cbr \u002F>\n-Compressed style.css of your theme\u003C\u002Fp>\n","dietIMAGE uses smart lossy compression techniques to reduce the file size of your PNG files. By selectively decreasing the number of colours in the im …",10,2042,20,1,"2014-01-09T02:23:00.000Z","3.7.41","3.0.1","",[20,21,22,23,24],"compress-css","compress-html","compress-image-file","compress-javascript","compressed-jpeg","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-easy-tools-compression.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,84,"2026-04-04T06:00:44.274Z",[36],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":18,"download_link":56,"security_score":57,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"we-minify-html","WE – Minify HTML","1.2.5","wordpresteem","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpresteem\u002F","\u003Cp>WE – Minify HTML will help in Compacting HTML code, including any inline JavaScript and CSS contained in it,can save many bytes of data. 1. It removes HTML comments, except MSIE conditional comments. 2. Remove any space before the end of self-closing XHTML tags. 3. WE Minify HTML plugin won’t work with all cache services, and in fact can make it slower. 4. Easy to use, simply install and activate.\u003C\u002Fp>\n","WE - Minify HTML will help in Compacting HTML code, including any inline JavaScript and CSS contained in it,can save many bytes of data. 1.",60,3690,100,3,"2025-03-03T07:50:00.000Z","7.2.2","5.1","5.6.3",[21,53,54,55],"html","minification","optimization","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwe-minify-html.zip",92,{"attackSurface":59,"codeSignals":104,"taintFlows":147,"riskAssessment":184,"analyzedAt":199},{"hooks":60,"ajaxHandlers":93,"restRoutes":101,"shortcodes":102,"cronEvents":103,"entryPointCount":66,"unprotectedCount":66},[61,67,71,76,80,85,89],{"type":62,"name":63,"callback":64,"priority":11,"file":65,"line":66},"filter","wp_generate_attachment_metadata","wtc_after_upload","models\\wtc_media.php",2,{"type":62,"name":68,"callback":69,"file":65,"line":70},"manage_media_columns","wtc_column",79,{"type":72,"name":73,"callback":74,"priority":11,"file":65,"line":75},"action","manage_media_custom_column","wtc_value",80,{"type":72,"name":77,"callback":78,"file":65,"line":79},"delete_attachment","wtc_delete_attachment",113,{"type":72,"name":81,"callback":82,"file":83,"line":84},"admin_menu","wtc_admin_menu","wp-easy-tools.php",18,{"type":72,"name":86,"callback":87,"file":83,"line":88},"admin_enqueue_scripts","wtc_admin_assets",53,{"type":62,"name":90,"callback":91,"priority":11,"file":83,"line":92},"stylesheet_uri","wtc_template_directory",103,[94,98],{"action":95,"nopriv":96,"callback":95,"hasNonce":96,"hasCapCheck":96,"file":83,"line":97},"wtc_ajax_admin",false,63,{"action":95,"nopriv":99,"callback":95,"hasNonce":96,"hasCapCheck":96,"file":83,"line":100},true,64,[],[],[],{"dangerousFunctions":105,"sqlUsage":106,"outputEscaping":109,"fileOperations":145,"externalRequests":47,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":146},[],{"prepared":107,"raw":27,"locations":108},4,[],{"escaped":14,"rawEcho":110,"locations":111},16,[112,116,118,120,123,125,126,128,129,132,134,135,137,139,141,143],{"file":113,"line":114,"context":115},"ajax\\wtc_ajax_admin.php",12,"raw output",{"file":113,"line":117,"context":115},31,{"file":113,"line":119,"context":115},37,{"file":121,"line":122,"context":115},"css\\wtc_css.php",52,{"file":65,"line":124,"context":115},98,{"file":65,"line":46,"context":115},{"file":65,"line":127,"context":115},101,{"file":65,"line":92,"context":115},{"file":130,"line":131,"context":115},"models\\wtc_settings.php",23,{"file":130,"line":133,"context":115},32,{"file":130,"line":119,"context":115},{"file":130,"line":136,"context":115},42,{"file":130,"line":138,"context":115},69,{"file":130,"line":140,"context":115},76,{"file":130,"line":142,"context":115},83,{"file":130,"line":144,"context":115},107,19,[],[148,173],{"entryPoint":149,"graph":150,"unsanitizedCount":66,"severity":172},"compress_single_image (ajax\\wtc_ajax_admin.php:262)",{"nodes":151,"edges":169},[152,157,163,165],{"id":153,"type":154,"label":155,"file":113,"line":156},"n0","source","$_SERVER",310,{"id":158,"type":159,"label":160,"file":113,"line":161,"wp_function":162},"n1","sink","file_put_contents() [File Write]",331,"file_put_contents",{"id":164,"type":154,"label":155,"file":113,"line":156},"n2",{"id":166,"type":159,"label":167,"file":113,"line":161,"wp_function":168},"n3","fopen() [File Access]","fopen",[170,171],{"from":153,"to":158,"sanitized":96},{"from":164,"to":166,"sanitized":96},"medium",{"entryPoint":174,"graph":175,"unsanitizedCount":66,"severity":172},"\u003Cwtc_ajax_admin> (ajax\\wtc_ajax_admin.php:0)",{"nodes":176,"edges":181},[177,178,179,180],{"id":153,"type":154,"label":155,"file":113,"line":156},{"id":158,"type":159,"label":160,"file":113,"line":161,"wp_function":162},{"id":164,"type":154,"label":155,"file":113,"line":156},{"id":166,"type":159,"label":167,"file":113,"line":161,"wp_function":168},[182,183],{"from":153,"to":158,"sanitized":96},{"from":164,"to":166,"sanitized":96},{"summary":185,"deductions":186},"The \"wp-easy-tools-compression\" plugin v1.0 exhibits a concerning security posture due to significant vulnerabilities in its attack surface and code handling. While it correctly utilizes prepared statements for SQL queries and avoids dangerous functions, these strengths are overshadowed by critical weaknesses.  The plugin exposes two AJAX handlers without any authentication or capability checks, creating a substantial entry point for potential unauthorized actions. Furthermore, the taint analysis revealed two flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, represent a latent risk that could be exploited if combined with other factors or if the analysis depth was insufficient.\n\nThe lack of nonce checks on AJAX handlers is a particularly worrying sign, as this is a fundamental WordPress security mechanism designed to prevent Cross-Site Request Forgery (CSRF) attacks. Coupled with the absence of capability checks, attackers could potentially trigger these AJAX actions without proper authorization, leading to unintended consequences. The very low percentage of properly escaped output (6%) also indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site.  The plugin's history of zero known CVEs is positive, but given the current code analysis findings, this may reflect a lack of thorough external auditing rather than inherent security. In conclusion, while the plugin demonstrates good practices in database interaction, its handling of user input and authentication for its entry points is severely lacking, presenting a significant risk to WordPress installations.",[187,189,191,193,196],{"reason":188,"points":11},"AJAX handlers without auth checks",{"reason":190,"points":11},"AJAX handlers without nonce checks",{"reason":192,"points":11},"Capability checks are missing",{"reason":194,"points":195},"Low output escaping percentage",8,{"reason":197,"points":198},"Unsanitized paths in taint flows",5,"2026-03-17T00:57:19.289Z",{"wat":201,"direct":209},{"assetPaths":202,"generatorPatterns":205,"scriptPaths":206,"versionParams":207},[203,204],"\u002Fwp-content\u002Fplugins\u002Fwp-easy-tools-compression\u002Fassets\u002Fcss\u002Fwtc_admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-easy-tools-compression\u002Fassets\u002Fjs\u002Fwtc_admin.js",[],[204],[208],"wp-easy-tools-compression\u002Fassets\u002Fjs\u002Fwtc_admin.js?ver=1.0",{"cssClasses":210,"htmlComments":213,"htmlAttributes":214,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":219},[211,212],"wtc_media_restore","wtc_media",[],[215,216],"id","rev",[],[],[]]