[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fllzLO4IUakPvDC0krVnyGmi9_mw9etrpOKqvnVuQthk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":140,"fingerprints":319},"wp-easy-uploader","WP Easy Uploader","1.0.11","Chris Jean","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrisjean\u002F","\u003Cp>\u003Cstrong>WP Easy Uploader\u003C\u002Fstrong> was created to make the life of WordPress bloggers easier by allowing an Administrator to add plugins, themes, and any type of file to WordPress directly from inside WordPress. You no longer have to load up an FTP client just to try out that latest plugin or to upload a text document for people to download.\u003C\u002Fp>\n\u003Ch4>Current Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Upload any type of file to either the standard Uploads directory (just as images do when you are creating posts and pages) or to a path of your choosing.\u003C\u002Fli>\n\u003Cli>Manual paths are automatically created if they don’t exist.\u003C\u002Fli>\n\u003Cli>Easily upload plugins directly to the plugins directory and theme files directly to the themes directory.\u003C\u002Fli>\n\u003Cli>You can select to have archives automatically extracted to their destination. This means that plugins and themes will be taken care of for you, but it also means that you can zip up a large set of files and upload them quickly into a folder on your site. Currently zip, tar, gz, tar.gz, tgz, and tar.bz2 archives are supported.\u003C\u002Fli>\n\u003Cli>Options for overwriting existing files, renaming the fle if a file with that name already exists (or if overwriting fails), removal of the archive after file extraction, and forcing extracted files to be contained in a folder.\u003C\u002Fli>\n\u003Cli>Now supports WordPress Mu.\u003C\u002Fli>\n\u003Cli>Now supports internationalization. The PO file is available in the lang directory. Currently, Turkish (tr), mainland Chinese (zhCN), Brazilian Portuguese (ptBR), German (deDE), Indonesian (idID), and Spanish (esES) translations are available.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cp>Many of the features offered by this plugin are now offered in the core of WordPress. For example, the latest versions of WordPress can now install plugins and themes from the admin interface. You can install plugins by going to \u003Cstrong>Plugins > Add New\u003C\u002Fstrong> and themes by going to \u003Cstrong>Appearance > Add New Themes\u003C\u002Fstrong>. Thus, this plugin may have limited added value for you.\u003C\u002Fp>\n\u003Cp>This plugin is currently useful for doing the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Installing plugins and themes without downloading the files first and then having to upload them back to the server.\u003C\u002Fli>\n\u003Cli>Uploading large batches of files easily by first zipping the files and then having \u003Cstrong>WP Easy Uploader\u003C\u002Fstrong> unzip them into the destination directory.\u003C\u002Fli>\n\u003Cli>Load files to specific locations on your site when FTP may be restricted or blocked by the local network.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customizable permissions to allow for users with privileges below Administrator to upload files. My idea is for Administrators to have full access to all the uploader’s functionality while people below Administrator won’t have access to upload themes, plugins, or to manual paths and won’t be able to overwrite files or extract archives.\u003C\u002Fli>\n\u003Cli>If the above is implemented, I’d like to provide a menu of options for tailoring what minimum access level is required to access each function.\u003C\u002Fli>\n\u003Cli>Also if the first item is implemented, I’d like to add logging in order to keep track of who uploaded what and when. This would be useful for keeping track of anyone (such as a contributor) who is using the file space inappropriately.\u003C\u002Fli>\n\u003Cli>Track the uploaded files so that they can be removed later on. This is in response to how some people have permissions issues where their FTP\u002FSSH user is different from the user that the webserver runs as.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PHP 4+\u003C\u002Fli>\n\u003Cli>WordPress 2.2+\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version History\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>1.0.1 – 2008-06-27 – Initial release version\u003C\u002Fli>\n\u003Cli>1.0.2 – 2008-06-28 – Updated to support WordPress Mu\u003C\u002Fli>\n\u003Cli>1.0.3 – 2008-06-30 – Added support for PHP 4\u003C\u002Fli>\n\u003Cli>1.0.4 – 2008-07-02 – Fixed compatibility bug with the BackUpWordPress plugin\u003C\u002Fli>\n\u003Cli>1.0.5 – 2008-07-02 – Internationalized the plugin. Now it’s ready for translators.\u003C\u002Fli>\n\u003Cli>1.0.6 – 2008-07-06 – Added Turkish and Spanish translations. Fixed compatibility issue with the WeatherIcon plugin. Fixed parsing error with Windows servers.\u003C\u002Fli>\n\u003Cli>1.0.7 – 2008-07-08 – Added mainland Chinese and Brazilian Portuguese translations. Added 2.6 support.\u003C\u002Fli>\n\u003Cli>1.0.7a – 2008-07-10 – Added German translation.\u003C\u002Fli>\n\u003Cli>1.0.7b – 2008-07-21 – Added Indonesian translation.\u003C\u002Fli>\n\u003Cli>1.0.8 – 2008-09-27 – Added file required by PEAR in fringe cases.\u003C\u002Fli>\n\u003Cli>1.0.8a – 2009-07-17 – Updated listed compatibility to WordPress version 2.8.1\u003C\u002Fli>\n\u003Cli>1.0.9 – 2009-07-17 – WordPress no longer likes letters in versions, so here’s version 1.0.9. 🙂\u003C\u002Fli>\n\u003Cli>1.0.10 – 2009-07-20 – Updated listed compatibility to WordPress version 2.8.2\u003C\u002Fli>\n\u003Cli>1.0.11 – 2009-07-20 – readme.txt update\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>More Information\u003C\u002Fh3>\n\u003Cp>For more information about this plugin and its development, visit the \u003Ca href=\"http:\u002F\u002Fgaarai.com\u002Fwp-easy-uploader\u002F\" title=\"wp easy uploader home page\" rel=\"nofollow ugc\">WP Easy Uploader Home Page\u003C\u002Fa>.\u003C\u002Fp>\n","Easily upload any type of content without the need for FTP. You can even upload plugin and theme archives, and the files will be extracted for you.",600,108123,74,3,"2009-07-20T19:05:00.000Z","2.8.2","2.2","",[20,21,22,23,24],"archives","ftp","plugins","themes","upload","http:\u002F\u002Fgaarai.com\u002Fwp-easy-uploader\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-easy-uploader.1.0.11.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"chrisjean",4,70830,30,84,"2026-04-04T06:48:56.320Z",[40,64,84,103,121],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":61,"download_link":62,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"media-sync","Media Sync","1.4.9","erolsk8","https:\u002F\u002Fprofiles.wordpress.org\u002Ferolsk8\u002F","\u003Cp>This plugin allows you to examine all files within the \u003Ccode>uploads\u003C\u002Fcode> directory to determine which ones are present in the Media Library and which ones are just sitting there unused. You can then choose the files you want to import into the database, thereby including them in the Media Library.\u003C\u002Fp>\n\u003Cp>Moreover, you can utilize FTP to upload files directly to the \u003Ccode>uploads\u003C\u002Fcode> directory and subsequently add these files to the Media Library avoiding any file size limitations.\u003C\u002Fp>\n\u003Ch4>Disclaimers\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>“1 file first”\u003Cbr \u002F>\nPlease try to import only one file first – to see if it works as you expected.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>“All at once”\u003Cbr \u002F>\nThis plugin is designed for scanning, selecting, and importing \u003Cstrong>all files at once\u003C\u002Fstrong>. However, based on your server’s configuration, memory, and timeout challenges may arise with extensive file quantities. To mitigate this, a newly revamped \u003Ca href=\"https:\u002F\u002Fmediasyncplugin.com\u002F?utm_source=readme&utm_medium=base_plugin&utm_campaign=aao\" rel=\"nofollow ugc\">pro version\u003C\u002Fa> employs incremental directory scans to effectively tackle these issues.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>“Your setup is unique”\u003Cbr \u002F>\nPlease be aware that every WordPress installation is unique, and there may be instances where this plugin does not function as expected. Should this occur, we recommend enabling the debugging feature in the plugin’s settings to identify the issue. After investigating, kindly provide a detailed description of your findings in the Support section (or \u003Ca href=\"https:\u002F\u002Fusers.freemius.com\u002Fstore\u002F6428\u002Fsupport\" rel=\"nofollow ugc\">here\u003C\u002Fa> if you’re using pro version). The more comprehensive the details, the higher the likelihood of resolving the problem effectively.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Ignored files\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>various hidden files (.DS_Store, .htaccess),\u003C\u002Fli>\n\u003Cli>WP generated thumbnails (files ending with for example -100×100.jpg),\u003C\u002Fli>\n\u003Cli>WP generated scaled images (files ending with -scaled),\u003C\u002Fli>\n\u003Cli>optimized .webp versions of original images (.jpg.webp),\u003C\u002Fli>\n\u003Cli>retina thumbnails (-100×100@2x.jpg).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These can be modified and enhanced using the new advanced filters available in the \u003Ca href=\"https:\u002F\u002Fmediasyncplugin.com\u002F?utm_source=readme&utm_medium=base_plugin&utm_campaign=df\" rel=\"nofollow ugc\">pro version\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Media Sync Pro features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Revised incremental scan\u003C\u002Fstrong>: Allows scanning and importing unlimited number of files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quick single directory rescan\u003C\u002Fstrong>: Easily rescan one directory to find new files or apply a different filter without reloading the whole page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced filters\u003C\u002Fstrong>: Find any file by customizing all default filters, search for a specific file type (images, videos, etc.), skip by tailor-made rules, or enter any custom pattern.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Schedule automatic imports\u003C\u002Fstrong>: Select a desired interval and let the plugin automatically import any new files it finds.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import logs\u003C\u002Fstrong>: View the history of manual or scheduled imports.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit plugin access\u003C\u002Fstrong>: Limit plugin access to a specific role.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Get \u003Ca href=\"https:\u002F\u002Fmediasyncplugin.com\u002F?utm_source=readme&utm_medium=base_plugin&utm_campaign=pfl\" rel=\"nofollow ugc\">pro version here\u003C\u002Fa>.\u003C\u002Fp>\n","Simple plugin to scan \"uploads\" directory and bring those files into Media Library.",40000,527569,94,82,"2025-11-25T08:11:00.000Z","6.9.4","5.3","7.1",[21,57,58,59,60],"import","media","server","uploads","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-sync\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-sync.1.4.9.zip",100,{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":50,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":18,"tags":78,"homepage":82,"download_link":83,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"automatic-updater","Advanced Automatic Updates","1.0.2","Gary Pendergast","https:\u002F\u002Fprofiles.wordpress.org\u002Fpento\u002F","\u003Cp>Advanced Automatic Updates adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also supports installing major releases, plugins, themes, or even regular SVN checkouts!\u003C\u002Fp>\n\u003Cp>If you’re working on a WordPress Multisite install, it will properly restrict the options page to your Network Admin.\u003C\u002Fp>\n\u003Cp>While this will be useful for the vast majority of sites, please exercise caution, particularly if you have any custom themes or plugins running on your site.\u003C\u002Fp>\n","Adds extra options to WordPress' built-in Automatic Updates feature.",30000,255107,61,"2021-06-04T00:46:00.000Z","5.0.25","3.7",[79,22,80,23,81],"core","stable","updates","http:\u002F\u002Fpento.net\u002Fprojects\u002Fautomatic-updater-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-updater.1.0.2.zip",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":53,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":101,"download_link":102,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bulk-media-register","Bulk Media Register","1.41","Katsushi Kawamori","https:\u002F\u002Fprofiles.wordpress.org\u002Fkatsushi-kawamori\u002F","\u003Cp>Bulk register files on the server to the Media Library.\u003C\u002Fp>\n\u003Ch4>Register to media library\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Maintain folder structure.\u003C\u002Fli>\n\u003Cli>This create a thumbnail of the image file.\u003C\u002Fli>\n\u003Cli>This create a metadata(Images, Videos, Audios).\u003C\u002Fli>\n\u003Cli>Change the date\u002Ftime.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Sibling plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmoving-media-library\u002F\" rel=\"ugc\">Moving Media Library\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-from-ftp\u002F\" rel=\"ugc\">Media from FTP\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-from-zip\u002F\" rel=\"ugc\">Media from ZIP\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you want to use a multi-byte file name, use UTF-8. The file name is used as the title during registration, but is sanitized and changed to a different file name.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FVa92SMlFDxk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Bulk register files on the server to the Media Library.",8000,122281,90,22,"2025-11-25T21:42:00.000Z","4.6","8.0",[100,21,57,58,60],"files","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbulk-media-register\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-media-register.1.41.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":63,"num_ratings":113,"last_updated":114,"tested_up_to":53,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":18,"download_link":120,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"upload-larger-plugins","Upload Larger Plugins","2.0","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Cp>This plugin replaces the built-in WordPress plugin uploader with one that allows you to upload a plugin of any size.\u003C\u002Fp>\n\u003Cp>This is something you might need if your web hosting has a low maximum file upload limit (some default PHP installs have 2MB), and the plugin you wish to install is too large for this.\u003C\u002Fp>\n\u003Cp>It accomplishes this task by replacing WordPress’s default plugin uploader with a more sophisticated component that can upload larger files in chunks. You just install this plugin, activate it, and that’s it – you can now get back to the real work.\u003C\u002Fp>\n\u003Cp>Want to see some more quality plugins and products?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca title=\"WordPress backup, clone and restoration\" href=\"https:\u002F\u002Fupdraftplus.com\u002F\" rel=\"nofollow ugc\">UpdraftPlus – best WordPress backup, clone and restore plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca title=\"WooCommerce extensions for WordPress\" href=\"https:\u002F\u002Fwww.simbahosting.co.uk\u002Fs3\u002Fshop\u002F\" rel=\"nofollow ugc\">Some other premium WordPress plugins (mostly WooCommerce extensions)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson#content-plugins\" rel=\"nofollow ugc\">Other free plugins on my WordPress profile page\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright 2014- David Anderson\u003C\u002Fp>\n\u003Cp>MIT License:\u003C\u002Fp>\n\u003Cp>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and\u002For sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\u003C\u002Fp>\n\u003Cp>The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\u003C\u002Fp>\n","Install plugins of any size (i.e. work around web hosting limits)",7000,144485,20,"2025-11-17T22:15:00.000Z","3.3",[117,118,119,104],"plugins-installation","plupload","upload-file-limit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupload-larger-plugins.2.0.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":63,"num_ratings":131,"last_updated":132,"tested_up_to":53,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":138,"download_link":139,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"kp-zip-downloader","KP Zip Downloader","1.0.3","Kalpesh Prajapati","https:\u002F\u002Fprofiles.wordpress.org\u002Fkprajapati22\u002F","\u003Cp>KP Zip Downloader provides an easy way to download installed plugins and themes as ZIP files directly from your WordPress admin dashboard. This tool is particularly useful for developers, site administrators, or anyone needing to quickly access the source files for migration or backup purposes.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Download any installed plugin as a ZIP file.\u003C\u002Fli>\n\u003Cli>Download any installed theme as a ZIP file.\u003C\u002Fli>\n\u003Cli>Fully integrated with the WordPress admin dashboard.\u003C\u002Fli>\n\u003Cli>Simple and intuitive user interface.\u003C\u002Fli>\n\u003Cli>Lightweight and efficient.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows administrators to download installed plugins and themes as ZIP files directly from the WordPress dashboard.",2000,9366,1,"2025-12-06T19:54:00.000Z","5.0","7.4",[136,22,23,137],"download","zip","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkp-zip-downloader","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkp-zip-downloader.1.0.3.zip",{"attackSurface":141,"codeSignals":157,"taintFlows":222,"riskAssessment":309,"analyzedAt":318},{"hooks":142,"ajaxHandlers":153,"restRoutes":154,"shortcodes":155,"cronEvents":156,"entryPointCount":28,"unprotectedCount":28},[143,149],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","plugins_loaded","init","wp-easy-uploader.php",128,{"type":144,"name":150,"callback":151,"file":147,"line":152},"admin_menu","addPages",139,[],[],[],[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":161,"fileOperations":219,"externalRequests":131,"nonceChecks":220,"capabilityChecks":14,"bundledLibraries":221},[],{"prepared":28,"raw":28,"locations":160},[],{"escaped":131,"rawEcho":162,"locations":163},34,[164,168,171,173,175,177,178,179,181,182,184,186,188,190,192,193,194,196,197,198,199,200,201,202,204,206,207,209,210,211,212,213,215,217],{"file":165,"line":166,"context":167},"pear\\File\\Archive\\Writer\\Output.php",86,"raw output",{"file":169,"line":170,"context":167},"pear\\PEAR.php",176,{"file":147,"line":172,"context":167},312,{"file":147,"line":174,"context":167},317,{"file":147,"line":176,"context":167},318,{"file":147,"line":176,"context":167},{"file":147,"line":176,"context":167},{"file":147,"line":180,"context":167},341,{"file":147,"line":180,"context":167},{"file":147,"line":183,"context":167},378,{"file":147,"line":185,"context":167},382,{"file":147,"line":187,"context":167},396,{"file":147,"line":189,"context":167},400,{"file":147,"line":191,"context":167},428,{"file":147,"line":191,"context":167},{"file":147,"line":191,"context":167},{"file":147,"line":195,"context":167},429,{"file":147,"line":195,"context":167},{"file":147,"line":195,"context":167},{"file":147,"line":195,"context":167},{"file":147,"line":195,"context":167},{"file":147,"line":195,"context":167},{"file":147,"line":195,"context":167},{"file":147,"line":203,"context":167},430,{"file":147,"line":205,"context":167},439,{"file":147,"line":205,"context":167},{"file":147,"line":208,"context":167},440,{"file":147,"line":208,"context":167},{"file":147,"line":208,"context":167},{"file":147,"line":208,"context":167},{"file":147,"line":208,"context":167},{"file":147,"line":214,"context":167},441,{"file":147,"line":216,"context":167},501,{"file":147,"line":218,"context":167},509,49,2,[],[223,256],{"entryPoint":224,"graph":225,"unsanitizedCount":34,"severity":255},"uploadsPage (wp-easy-uploader.php:203)",{"nodes":226,"edges":249},[227,232,236,241,244,247],{"id":228,"type":229,"label":230,"file":147,"line":231},"n0","source","$_POST (x2)",266,{"id":233,"type":234,"label":235,"file":147,"line":231},"n1","transform","→ showStatusMessage()",{"id":237,"type":238,"label":239,"file":147,"line":216,"wp_function":240},"n2","sink","echo() [XSS]","echo",{"id":242,"type":229,"label":230,"file":147,"line":243},"n3",280,{"id":245,"type":234,"label":246,"file":147,"line":243},"n4","→ showErrorMessage()",{"id":248,"type":238,"label":239,"file":147,"line":218,"wp_function":240},"n5",[250,252,253,254],{"from":228,"to":233,"sanitized":251},false,{"from":233,"to":237,"sanitized":251},{"from":242,"to":245,"sanitized":251},{"from":245,"to":248,"sanitized":251},"medium",{"entryPoint":257,"graph":258,"unsanitizedCount":308,"severity":255},"\u003Cwp-easy-uploader> (wp-easy-uploader.php:0)",{"nodes":259,"edges":297},[260,263,264,267,271,273,277,279,281,283,285,287,289,292,295],{"id":228,"type":229,"label":261,"file":147,"line":262},"$_POST (x5)",239,{"id":233,"type":238,"label":239,"file":147,"line":189,"wp_function":240},{"id":237,"type":229,"label":265,"file":147,"line":266},"$_POST",229,{"id":242,"type":238,"label":268,"file":147,"line":269,"wp_function":270},"file_get_contents() [SSRF\u002FLFI]",546,"file_get_contents",{"id":245,"type":229,"label":265,"file":147,"line":272},228,{"id":248,"type":238,"label":274,"file":147,"line":275,"wp_function":276},"fopen() [File Access]",611,"fopen",{"id":278,"type":229,"label":230,"file":147,"line":231},"n6",{"id":280,"type":234,"label":235,"file":147,"line":231},"n7",{"id":282,"type":238,"label":239,"file":147,"line":216,"wp_function":240},"n8",{"id":284,"type":229,"label":230,"file":147,"line":243},"n9",{"id":286,"type":234,"label":246,"file":147,"line":243},"n10",{"id":288,"type":238,"label":239,"file":147,"line":218,"wp_function":240},"n11",{"id":290,"type":229,"label":230,"file":147,"line":291},"n12",574,{"id":293,"type":234,"label":294,"file":147,"line":291},"n13","→ writeFile()",{"id":296,"type":238,"label":274,"file":147,"line":275,"wp_function":276},"n14",[298,300,301,302,303,304,305,306,307],{"from":228,"to":233,"sanitized":299},true,{"from":237,"to":242,"sanitized":299},{"from":245,"to":248,"sanitized":299},{"from":278,"to":280,"sanitized":251},{"from":280,"to":282,"sanitized":251},{"from":284,"to":286,"sanitized":251},{"from":286,"to":288,"sanitized":251},{"from":290,"to":293,"sanitized":251},{"from":293,"to":296,"sanitized":251},6,{"summary":310,"deductions":311},"The \"wp-easy-uploader\" v1.0.11 plugin presents a mixed security posture. On the positive side, the plugin demonstrates a strong commitment to secure coding practices by avoiding known dangerous functions, exclusively using prepared statements for SQL queries, and implementing nonce and capability checks on its identified entry points. The absence of recorded CVEs and a clean vulnerability history is also a significant strength, suggesting a relatively stable and well-maintained codebase.\n\nHowever, the static analysis reveals notable areas of concern. The low percentage of properly escaped output (3%) is a significant red flag. This indicates that a large proportion of data outputted by the plugin may not be properly sanitized, potentially leading to cross-site scripting (XSS) vulnerabilities if user-controlled input is reflected without adequate escaping. Furthermore, the taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths. While these might be low risk in this specific version, they indicate potential for insecure file handling if inputs are not rigorously validated.\n\nIn conclusion, while the plugin has strengths in its SQL handling and general security checks, the prevalence of unescaped output and the presence of unsanitized paths in taint analysis warrant careful consideration. The lack of historical vulnerabilities is reassuring, but the static code analysis suggests that further hardening, particularly around output escaping, is advisable to mitigate potential XSS risks.",[312,315],{"reason":313,"points":314},"Low percentage of properly escaped output",8,{"reason":316,"points":317},"Flows with unsanitized paths identified",5,"2026-03-16T19:27:41.403Z",{"wat":320,"direct":329},{"assetPaths":321,"generatorPatterns":324,"scriptPaths":325,"versionParams":326},[322,323],"\u002Fwp-content\u002Fplugins\u002Fwp-easy-uploader\u002Fjs\u002Fwp-easy-uploader.js","\u002Fwp-content\u002Fplugins\u002Fwp-easy-uploader\u002Fcss\u002Fwp-easy-uploader.css",[],[322],[327,328],"wp-easy-uploader\u002Fjs\u002Fwp-easy-uploader.js?ver=","wp-easy-uploader\u002Fcss\u002Fwp-easy-uploader.css?ver=",{"cssClasses":330,"htmlComments":341,"htmlAttributes":343,"restEndpoints":346,"jsGlobals":347,"shortcodeOutput":349},[331,332,333,334,335,336,337,338,339,340],"wp-easy-uploader-wrap","wp-easy-uploader-title","wp-easy-uploader-file-upload-form","wp-easy-uploader-upload-field","wp-easy-uploader-destination-selection","wp-easy-uploader-destination-selection-input","wp-easy-uploader-destination-path-input","wp-easy-uploader-overwriteFile-input","wp-easy-uploader-renameIfExists-input","wp-easy-uploader-submit-button",[342],"\u003C!-- Global options for WP Easy Uploader -->",[344,345],"data-plugin-path","data-plugin-url",[],[348],"WP_Easy_Uploader",[]]