[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f45SnEbb_jYbv6Iyb8tZ0wzdYdYgEZ-Vzi5afV0e8e50":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":59,"crawl_stats":38,"alternatives":66,"analysis":172,"fingerprints":657},"wp-phpmyadmin-extension","WP phpMyAdmin","5.2.2.01","Puvox Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fpuvoxsoftware\u002F","\u003Ch4>[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 𝐵𝓎 𝒫𝓊𝓋𝑜𝓍 ] :\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>• Checked against vulnerability holes.\u003Cbr \u002F>\n  • No extra load\u002Fslowness to site.\u003Cbr \u002F>\n  • Does not collect & share private data.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Plugin Description\u003C\u002Fh4>\n\u003Cp>The famous database browser & manager (for MySQL & MariaDB) – use it inside WordPress Dashboard without an extra hassle.\u003C\u002Fp>\n\u003Ch3>NOTES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin has been started from 2018 year, and we have no connections to the old age’s vulnerable wp-phpMyAdmin plugin (published elsewhere by 3rd party scammers) . So, this current plugin is just a wrapper for official phpMyAdmin release and depends itself on the realiability & security of the \u003Ccode>phpMyAdmin\u003C\u002Fcode> itself. Also, initially we wanted to put PhpMyAdmin released \u003Ccode>.zip\u003C\u002Fcode> file untouched (to ensure the checksums are same) and unpack that \u003Ccode>.zip\u003C\u002Fcode> directly upon plugin’s installation, but unfortunately WordPress Plugin Team didn’t allow to put \u003Ccode>.zip\u003C\u002Fcode> file in the package (saying that SVN doesn’t like working with \u003Ccode>.zip\u003C\u002Fcode> files). Thus, we had to submit extracted PMA (but still original & untouched) to the repository.\u003C\u002Fli>\n\u003Cli>PHP >= 7.2.5 is required to for \u003Cstrong>phpMyAdmin\u003C\u002Fstrong> latest version (otherwise you will have option to use older version of PMA, which is not encouraged to be used).\u003C\u002Fli>\n\u003Cli>For the reason to make it compact, some unnecessary files (language files, OpenLayer\u002FGIS map lib, extra themes, etc) are removed.\u003C\u002Fli>\n\u003Cli>It’s recommended, that you enable the plugin only while you need to use PhpMyAdmin. Otherwise, for longer periods, you can deactivate plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Liability\u003C\u002Fh4>\n\u003Cp>We are not developers of PhpMyAdmin itself, neither affiliated with them. We just made this plugin as a wrapper (container) of official PhpMyAdmin, to make it possible to be installed as a WP plugin. However, we don’t monitor PhpMyAdmin package’s source code itself. We take no responsibility about this plugin. Use it at your own responsibility (However, as it’s also visible in stats, thousands of users are using this extendion and only few people have complained about errors).\u003C\u002Fp>\n\u003Ch4>Available Options\u003C\u002Fh4>\n\u003Cp>See all available options and their description on plugin’s settings page.\u003C\u002Fp>\n","[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 𝐵𝓎 𝒫𝓊𝓋𝑜𝓍 ] phpMyAdmin -  Database Browser & Manager (for MySQL & MariaDB)",50000,1055306,92,58,"2025-10-17T18:58:00.000Z","6.7.5","6.0","",[20,21,22,23,24],"database","manager","mysql","phpminiadmin","phpmyadmin","https:\u002F\u002Fpuvox.software\u002Fsoftware\u002Fwordpress-plugins\u002F?plugin=wp-phpmyadmin-extension","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-phpmyadmin-extension.zip",99,2,0,"2022-08-01 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"WF-0234419b-9e39-4153-a3b7-bb913f2b6bcd-wp-phpmyadmin-extension","wp-phpmyadmin-reflected-cross-site-scripting","WP phpMyAdmin \u003C= 5.2.0.3 - Reflected Cross-Site Scripting","The WP phpMyAdmin plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 5.2.0.3 due to the use of add_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=5.2.0.3","5.2.0.4","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0234419b-9e39-4153-a3b7-bb913f2b6bcd?source=api-prod",540,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":44,"published_date":30,"updated_date":45,"references":57,"days_to_patch":48},"CVE-2022-2407","wp-phpmyadmin-authenticated-administrator-stored-cross-site-scripting","WP phpMyAdmin \u003C= 5.2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting","The plugin WP phpMyAdmin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd056ad60-0102-490e-89a8-31fe6513645e?source=api-prod",{"slug":60,"display_name":7,"profile_url":8,"plugin_count":61,"total_installs":62,"avg_security_score":63,"avg_patch_time_days":48,"trust_score":64,"computed_at":65},"puvoxsoftware",16,51190,94,75,"2026-04-04T00:53:15.512Z",[67,91,112,135,155],{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":77,"num_ratings":78,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":86,"download_link":87,"security_score":88,"vuln_count":89,"unpatched_count":29,"last_vuln_date":90,"fetched_at":31},"wp-db-backup","Database Backup for WordPress","2.5.2","WP Engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpengine\u002F","\u003Cp>Backup your database instantly, send the backup via email, or schedule backups to run automatically.\u003C\u002Fp>\n\u003Cp>Database Backup for WordPress allows you to quickly back up your core WordPress database tables, and either download the backup as a gzipped file, or send it via email to an address you choose.\u003C\u002Fp>\n\u003Cp>By default, the plugin will always back up all the core WordPress database tables. However, you may also selectively back up any custom tables that might be created by other plugins\u003C\u002Fp>\n\u003Cp>Additional options include the ability to exclude spam comments from the comments table, or post revisions from the posts table, saving you space and bandwidth.\u003C\u002Fp>\n\u003Cp>You can also enable scheduled backups to run automatically at set intervals, and configure the email address to send the scheduled backups to.\u003C\u002Fp>\n\u003Ch4>Backup Before You Mess Up\u003C\u002Fh4>\n\u003Cp>Backups are the one thing you don’t think of until you need them. You might have the best web host, the most secure server, and a tried and tested process for running plugin, theme, or core updates. But all it takes is one little thing to go wrong, and you lose your entire website.\u003C\u002Fp>\n\u003Cp>You need a reliable and automated solution which backs up your WordPress data and sends it to an off-site location. Database Backup for WordPress is that solution.\u003C\u002Fp>\n\u003Ch4>Why You Should Back Up Your Website\u003C\u002Fh4>\n\u003Cp>As much planning as you do, any CMS like WordPress that stores its data in a database is vulnerable. Hardware, software, and security hiccups are rare, but they do happen. Even the best enterprise systems in the world have multiple levels of backup in place.\u003C\u002Fp>\n\u003Cp>Think about the data you store in your WordPress site. Your blog posts since the day you launched the site. Your customers, products, and order history if you run an ecommerce site. Backups are like implementing an insurance policy for your data. With backups, you have a reliable way of restoring that data if anything goes wrong.\u003C\u002Fp>\n\u003Cp>Simple, automated backups save you time and give you peace of mind that you are prepared for the worst case scenario, even if you never need it. Better to have it and not need it, than to not have it and suddenly need it.\u003C\u002Fp>\n\u003Ch4>Scheduled Backups\u003C\u002Fh4>\n\u003Cp>Depending on your needs, you might want to back up your database every few minutes, hourly, daily, weekly, or monthly. You’ll want to automate this process, or it becomes another possible point of failure.\u003C\u002Fp>\n\u003Cp>Scheduled backups give you peace of mind that your data is being backed up as much or as little as you need, without your intervention. By emailing the backups to an email address you choose, you can verify that the backup has run, and store it in a safe location.\u003C\u002Fp>\n\u003Ch3>Translators\u003C\u002Fh3>\n\u003Cp>Thanks to the following people for providing translation files for Database Backup for WordPress:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Abel Cheung\u003C\u002Fli>\n\u003Cli>Alejandro Urrutia\u003C\u002Fli>\n\u003Cli>Alexander Kanakaris\u003C\u002Fli>\n\u003Cli>Angelo Andrea Iorio\u003C\u002Fli>\n\u003Cli>Calle\u003C\u002Fli>\n\u003Cli>Daniel Erb\u003C\u002Fli>\n\u003Cli>Daniel Villoldo\u003C\u002Fli>\n\u003Cli>Diego Pierotto\u003C\u002Fli>\n\u003Cli>Eilif Nordseth\u003C\u002Fli>\n\u003Cli>Eric Lassauge\u003C\u002Fli>\n\u003Cli>Friedlich\u003C\u002Fli>\n\u003Cli>Gilles Wittezaele\u003C\u002Fli>\n\u003Cli>Icemanpro\u003C\u002Fli>\n\u003Cli>İzzet Emre Erkan\u003C\u002Fli>\n\u003Cli>Jong-In Kim\u003C\u002Fli>\n\u003Cli>Kaveh\u003C\u002Fli>\n\u003Cli>Kessia Pinheiro\u003C\u002Fli>\n\u003Cli>Kuratkoo\u003C\u002Fli>\n\u003Cli>Majed Alotaibi\u003C\u002Fli>\n\u003Cli>Michał Gołuński\u003C\u002Fli>\n\u003Cli>Michele Spagnuolo\u003C\u002Fli>\n\u003Cli>Paopao\u003C\u002Fli>\n\u003Cli>Philippe Galliard\u003C\u002Fli>\n\u003Cli>Robert Buj\u003C\u002Fli>\n\u003Cli>Roger\u003C\u002Fli>\n\u003Cli>Rune Gulbrandsøy\u003C\u002Fli>\n\u003Cli>Serge Rauber\u003C\u002Fli>\n\u003Cli>Sergey Biryukov\u003C\u002Fli>\n\u003Cli>Tai\u003C\u002Fli>\n\u003Cli>Timm Severin\u003C\u002Fli>\n\u003Cli>Tzafrir Rehan\u003C\u002Fli>\n\u003Cli>吴曦\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Past Contributors\u003C\u002Fh3>\n\u003Cp>filosofo, skippy, Firas, LaughingLizard, MtDewVirus, Podz, Ringmaster\u003C\u002Fp>\n","Database Backup for WordPress is your one-stop database backup solution for WordPress.",70000,3731269,90,66,"2022-05-26T11:49:00.000Z","6.0.11","3.6.0","5.3",[84,20,85,22],"backup","database-backup","https:\u002F\u002Fgithub.com\u002Fdeliciousbrains\u002Fwp-db-backup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-db-backup.2.5.2.zip",82,4,"2022-05-11 00:00:00",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":63,"last_updated":102,"tested_up_to":16,"requires_at_least":103,"requires_php":18,"tags":104,"homepage":107,"download_link":108,"security_score":109,"vuln_count":110,"unpatched_count":29,"last_vuln_date":111,"fetched_at":31},"wp-dbmanager","WP-DBManager","2.80.10","Lester Chan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgamerz\u002F","\u003Cp>Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop\u002Fempty tables and run selected queries. Supports automatic scheduling of backing up, optimizing and repairing of database.\u003C\u002Fp>\n\u003Ch3>General Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Activate \u003Ccode>WP-DBManager\u003C\u002Fcode> Plugin\u003C\u002Fli>\n\u003Cli>The script will automatically create a folder called \u003Ccode>backup-db\u003C\u002Fcode> in the wp-content folder if that folder is writable. If it is not created, please create the folder and ensure that the folder is writable\u003C\u002Fli>\n\u003Cli>Open \u003Ccode>Folder: wp-content\u002Fbackup-db\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>If you are on Apache, move the \u003Ccode>htaccess.txt\u003C\u002Fcode> file from \u003Ccode>Folder: wp-content\u002Fplugins\u002Fwp-dbmanager\u003C\u002Fcode> to \u003Ccode>Folder: wp-content\u002Fbackup-db\u002F.htaccess\u003C\u002Fcode> if it is not there already\u003C\u002Fli>\n\u003Cli>If you are on IIS, move the \u003Ccode>Web.config.txt\u003C\u002Fcode> file from \u003Ccode>Folder: wp-content\u002Fplugins\u002Fwp-dbmanager\u003C\u002Fcode> to \u003Ccode>Folder: wp-content\u002Fbackup-db\u002FWeb.config\u003C\u002Fcode> if it is not there already\u003C\u002Fli>\n\u003Cli>Move \u003Ccode>index.php\u003C\u002Fcode> file from \u003Ccode>Folder: wp-content\u002Fplugins\u002Fwp-dbmanager\u003C\u002Fcode> to \u003Ccode>Folder: wp-content\u002Fbackup-db\u002Findex.php\u003C\u002Fcode> if it is not there already\u003C\u002Fli>\n\u003Cli>Go to \u003Ccode>WP-Admin -> Database -> DB Options\u003C\u002Fcode> to configure the database options\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Build Status\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Flesterchan\u002Fwp-dbmanager\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-dbmanager\" title=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-dbmanager\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-dbmanager\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-dbmanager\u002Fi18n\u002F\" title=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-dbmanager\u002Fi18n\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-dbmanager\u002Fi18n\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Plugin icon by \u003Ca href=\"http:\u002F\u002Fwww.freepik.com\" rel=\"nofollow ugc\">Freepik\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\" rel=\"nofollow ugc\">Flaticon\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Note that this plugin passes your datababase password via –password in the command line of mysqldump. This is convenient but as a trade off, it is insecure.\u003C\u002Fli>\n\u003Cli>On some systems, your password becomes visible to system status programs such as ps that may be invoked by other users to display command lines. MySQL clients typically overwrite the command-line password argument with zeros during their initialization sequence. However, there is still a brief interval during which the value is visible. Also, on some systems this overwriting strategy is ineffective and the password remains visible to ps. Source: \u003Ca href=\"http:\u002F\u002Fdev.mysql.com\u002Fdoc\u002Frefman\u002F5.5\u002Fen\u002Fpassword-security-user.html\" rel=\"nofollow ugc\">End-User Guidelines for Password Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>If this is a concern to you, I recommend another database backup plugin called \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-db-backup\u002F\" rel=\"ugc\">WP-DB-Backup\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>To know about the difference between WP-DBManager and WP-DB-backup, checkout \u003Cstrong>What is the difference between WP-DBManager and WP-DB-Backup?\u003C\u002Fstrong> in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-dbmanager\u002Ffaq\u002F\" rel=\"ugc\">FAQ section\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Manages your WordPress database.",60000,3111416,88,"2024-11-24T13:36:00.000Z","4.0",[20,105,21,106,92],"manage","table","https:\u002F\u002Flesterchan.net\u002Fportfolio\u002Fprogramming\u002Fphp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dbmanager.2.80.10.zip",89,5,"2022-07-25 00:00:00",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":122,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":18,"download_link":132,"security_score":122,"vuln_count":133,"unpatched_count":29,"last_vuln_date":134,"fetched_at":31},"pexlechris-adminer","Database Manager – WP Adminer","4.3.3","Pexle Chris","https:\u002F\u002Fprofiles.wordpress.org\u002Fpexlechris\u002F","\u003Cp>The best database management tool for the best CMS.\u003C\u002Fp>\n\u003Cp>This plugin uses the tool \u003Ca href=\"https:\u002F\u002Fwww.adminer.org\u002F\" rel=\"nofollow ugc\">Adminer\u003C\u002Fa>, in order to give database access to administrators directly from the Dashboard.\u003Cbr \u002F>\nAs simple as the previous sentence!\u003C\u002Fp>\n\u003Cp>I am not the author of Adminer. I am only the author who does the WordPress integration with Adminer.\u003Cbr \u002F>\nAuthor of Adminer is Jakub Vrana and you can donate him from \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fdonate\u002F?item_name=Donation+to+Adminer&cmd=_donations&business=jakub%40vrana.cz\" rel=\"nofollow ugc\">there\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Compatible also with WordPress Multisite installations\u003C\u002Fp>\n\u003Ch3>WP Adminer access positions\u003C\u002Fh3>\n\u003Cp>You can access the WP Adminer from the below positions:\u003Cbr \u002F>\n1. WP Adminer URL in the Admin Bar\u003Cbr \u002F>\n2. WP Adminer Tools Page (Dashboard > Tools > WP Adminer)\u003C\u002Fp>\n\u003Ch3>Explore my other plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pexlechris.dev\u002Flibrary-viewer\u002Fwp-wpadminer\" rel=\"nofollow ugc\">Library Viewer\u003C\u002Fa>: With Library Viewer, you can display the containing files and the containing folders of a “specific folder” of your (FTP) server to your users in the front-end.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgift-wrapping-for-woocommerce\" rel=\"ugc\">Gift Wrapping for WooCommerce\u003C\u002Fa>: This plugin allows customers to select a gift wrapper for their orders, via a checkbox in the checkout page.\u003C\u002Fli>\n\u003C\u002Ful>\n","Manage the database from your WordPress Dashboard using Adminer.",20000,296374,100,27,"2026-03-13T07:59:00.000Z","6.9.4","4.7.0","7.0",[129,20,130,22,131],"adminer","mariadb","sql","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpexlechris-adminer.4.3.3.zip",1,"2022-08-16 00:00:00",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":13,"num_ratings":145,"last_updated":146,"tested_up_to":147,"requires_at_least":148,"requires_php":18,"tags":149,"homepage":152,"download_link":153,"security_score":154,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"sql-executioner","SQL Executioner","1.4","Justin Watt","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustincwatt\u002F","\u003Cp>Instead of needing a tool like \u003Ca href=\"http:\u002F\u002Fwww.phpmyadmin.net\u002Fhome_page\u002Findex.php\" rel=\"nofollow ugc\">phpMyAdmin\u003C\u002Fa>\u003Cbr \u002F>\nor the mysql command line client to view and modify your WordPress database,\u003Cbr \u002F>\nthe SQL Executioner allows you to run arbitrary SQL queries against your\u003Cbr \u002F>\nWordPress database from within the Admin. In many cases this allows you to bypass\u003Cbr \u002F>\nthe inherent limitations of the WordPress Admin interface, and use the full expressive\u003Cbr \u002F>\npower of SQL to analyze and update your blog’s database.\u003C\u002Fp>\n\u003Cp>To use simply install and visit the Tools > SQL Executioner page.\u003C\u002Fp>\n\u003Cp>If you’re interested in contributing to the code behind this plugin, it’s also hosted on GitHub:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fjustincwatt\u002Fwp-sql-executioner\u003C\u002Fp>\n","Execute arbitrary SQL queries against your WordPress database from the Admin.",2000,52946,11,"2016-09-28T07:27:00.000Z","4.6.30","3.0",[150,22,24,151,131],"dba","query","http:\u002F\u002Fjustinsomnia.org\u002F2008\u002F02\u002Fthe-wordpress-sql-executioner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsql-executioner.zip",85,{"slug":156,"name":157,"version":158,"author":159,"author_profile":160,"description":161,"short_description":162,"active_installs":163,"downloaded":164,"rating":122,"num_ratings":133,"last_updated":165,"tested_up_to":166,"requires_at_least":167,"requires_php":18,"tags":168,"homepage":170,"download_link":171,"security_score":154,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"run-sql-query","Run SQL Query","1.0.0","Fabricio Carella","https:\u002F\u002Fprofiles.wordpress.org\u002Fsefirost\u002F","\u003Cp>This plugin will allow you to execute any type of SQL query into the WordPress’s DB connecting through the driver provided by the MySQLi extension without the need to use another tool like phpMyAdmin.\u003C\u002Fp>\n\u003Cp>It also gives you the ability to export the results in a CSV format file.\u003C\u002Fp>\n\u003Cp>In order to access this plugin’s admin page (Tools -> Run SQL Query), your account needs to have the \u003Ccode>install_plugins\u003C\u002Fcode> capability, that means a Super Admin in the multi-site installation or an Admin in a single site.\u003C\u002Fp>\n\u003Cp>Feel free to contribute:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002FSefirost\u002Frun-sql-query\u003C\u002Fp>\n\u003Cp>Use on you own risk. Under no circumstances will the Author of this plugin assume responsibility or liability for any damages or destructive effects on the database resulting from the queries executed using this tool.\u003C\u002Fp>\n","Run SQL Query is a simple plugin to quickly execute any type of SQL query into the WordPress's DB and export the results in a CSV format file.",700,13655,"2016-08-01T19:42:00.000Z","4.5.33","4.4",[169,20,21,151,131],"admin","https:\u002F\u002Fgithub.com\u002FSefirost\u002Frun-sql-query","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frun-sql-query.zip",{"attackSurface":173,"codeSignals":298,"taintFlows":508,"riskAssessment":636,"analyzedAt":656},{"hooks":174,"ajaxHandlers":294,"restRoutes":295,"shortcodes":296,"cronEvents":297,"entryPointCount":29,"unprotectedCount":29},[175,181,184,189,194,197,203,205,208,211,213,217,220,223,226,228,231,233,235,238,241,244,247,250,254,258,263,265,269,272,275,279,282,285,287,291],{"type":176,"name":177,"callback":178,"priority":28,"file":179,"line":180},"action","admin_init","setup_definitions","index.php",74,{"type":176,"name":177,"callback":182,"priority":183,"file":179,"line":64},"if_needs_redirect_to_pma",3,{"type":176,"name":185,"callback":186,"priority":187,"file":179,"line":188},"wp_logout","logout_pma_clear",33,76,{"type":176,"name":190,"callback":191,"priority":133,"file":192,"line":193},"wp_head","closure","library.php",4768,{"type":176,"name":195,"callback":191,"priority":133,"file":192,"line":196},"admin_head",4769,{"type":176,"name":198,"callback":199,"priority":200,"file":201,"line":202},"wp_enqueue_scripts","my_styles_hook",9,"library_wp.php",73,{"type":176,"name":204,"callback":199,"priority":200,"file":201,"line":180},"admin_enqueue_scripts",{"type":176,"name":206,"callback":191,"file":201,"line":207},"admin_footer",148,{"type":176,"name":209,"callback":191,"file":201,"line":210},"init",163,{"type":176,"name":177,"callback":191,"file":201,"line":212},210,{"type":214,"name":215,"callback":191,"file":201,"line":216},"filter","mce_external_plugins",212,{"type":214,"name":218,"callback":191,"file":201,"line":219},"mce_buttons_2",213,{"type":214,"name":221,"callback":191,"file":201,"line":222},"tiny_mce_version",215,{"type":176,"name":224,"callback":191,"priority":133,"file":201,"line":225},"wp",231,{"type":176,"name":227,"callback":191,"priority":133,"file":201,"line":48},"plugins_loaded",{"type":176,"name":224,"callback":229,"file":201,"line":230},"my_flush__rewrite",550,{"type":176,"name":232,"callback":191,"file":201,"line":163},"wp_footer",{"type":176,"name":209,"callback":191,"file":201,"line":234},711,{"type":176,"name":236,"callback":191,"file":201,"line":237},"wp_loaded",854,{"type":176,"name":239,"callback":191,"file":201,"line":240},"shutdown",859,{"type":176,"name":209,"callback":242,"file":201,"line":243},"load_textdomain",1732,{"type":176,"name":195,"callback":245,"file":201,"line":246},"admin_head_func",1743,{"type":176,"name":248,"callback":191,"file":201,"line":249},"current_screen",1744,{"type":176,"name":224,"callback":251,"priority":252,"file":201,"line":253},"flush_checkpoint",999,1753,{"type":214,"name":255,"callback":256,"priority":133,"file":201,"line":257},"upload_mimes","upload_mimes_filter",1759,{"type":214,"name":259,"callback":260,"priority":261,"file":201,"line":262},"wp_handle_upload","wp_handle_upload_filter",10,1760,{"type":176,"name":209,"callback":191,"file":201,"line":264},1822,{"type":176,"name":266,"callback":267,"file":201,"line":268},"network_admin_menu","plugin__add_menu_or_submenu",1912,{"type":176,"name":270,"callback":267,"file":201,"line":271},"admin_menu",1914,{"type":176,"name":273,"callback":191,"file":201,"line":274},"activated_plugin",1916,{"type":176,"name":276,"callback":277,"file":201,"line":278},"network_admin_notices","admin_error_notice_pro",2103,{"type":176,"name":280,"callback":277,"file":201,"line":281},"admin_notices",2104,{"type":214,"name":283,"callback":191,"priority":261,"file":201,"line":284},"wp_php_error_message",2187,{"type":176,"name":232,"callback":191,"file":201,"line":286},2375,{"type":214,"name":288,"callback":289,"file":201,"line":290},"widget_text","do_shortcode",2399,{"type":214,"name":292,"callback":191,"file":201,"line":293},"site_transient_update_plugins",3266,[],[],[],[],{"dangerousFunctions":299,"sqlUsage":304,"outputEscaping":339,"fileOperations":506,"externalRequests":110,"nonceChecks":110,"capabilityChecks":89,"bundledLibraries":507},[300],{"fn":301,"file":192,"line":302,"context":303},"unserialize",3813,"if ( @unserialize($serialized_string) !== false ) \treturn $serialized_string;",{"prepared":305,"raw":306,"locations":307},46,14,[308,311,313,315,317,320,322,324,326,328,331,333,335,337],{"file":192,"line":309,"context":310},645,"$wpdb->query() with variable interpolation",{"file":201,"line":312,"context":310},784,{"file":201,"line":314,"context":310},785,{"file":201,"line":316,"context":310},1023,{"file":201,"line":318,"context":319},1224,"$wpdb->get_var() with variable interpolation",{"file":201,"line":321,"context":310},1353,{"file":201,"line":323,"context":310},1355,{"file":201,"line":325,"context":310},1368,{"file":201,"line":327,"context":310},1420,{"file":201,"line":329,"context":330},1421,"$wpdb->get_results() with variable interpolation",{"file":201,"line":332,"context":310},1430,{"file":201,"line":334,"context":310},1434,{"file":201,"line":336,"context":330},3058,{"file":201,"line":338,"context":310},3074,{"escaped":340,"rawEcho":341,"locations":342},80,83,[343,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,404,406,408,410,412,413,414,416,418,420,422,424,426,427,429,431,433,434,436,438,440,442,444,446,448,450,452,454,456,458,460,462,464,466,468,470,472,474,476,478,480,482,484,486,488,490,492,494,496,498,500,502,504],{"file":179,"line":344,"context":345},97,"raw output",{"file":179,"line":347,"context":345},554,{"file":179,"line":349,"context":345},560,{"file":179,"line":351,"context":345},571,{"file":179,"line":353,"context":345},575,{"file":179,"line":355,"context":345},576,{"file":179,"line":357,"context":345},591,{"file":179,"line":359,"context":345},592,{"file":179,"line":361,"context":345},598,{"file":179,"line":363,"context":345},603,{"file":179,"line":365,"context":345},608,{"file":179,"line":367,"context":345},614,{"file":179,"line":369,"context":345},633,{"file":192,"line":371,"context":345},480,{"file":192,"line":373,"context":345},2316,{"file":192,"line":375,"context":345},2915,{"file":192,"line":377,"context":345},3231,{"file":192,"line":379,"context":345},3238,{"file":192,"line":381,"context":345},3278,{"file":192,"line":383,"context":345},3391,{"file":192,"line":385,"context":345},3646,{"file":192,"line":387,"context":345},4194,{"file":192,"line":389,"context":345},4195,{"file":192,"line":391,"context":345},4245,{"file":192,"line":393,"context":345},4247,{"file":192,"line":395,"context":345},4442,{"file":192,"line":397,"context":345},4451,{"file":192,"line":399,"context":345},4453,{"file":192,"line":401,"context":345},4602,{"file":192,"line":403,"context":345},4694,{"file":192,"line":405,"context":345},4698,{"file":192,"line":407,"context":345},4705,{"file":192,"line":409,"context":345},4716,{"file":192,"line":411,"context":345},4722,{"file":192,"line":193,"context":345},{"file":192,"line":196,"context":345},{"file":192,"line":415,"context":345},5119,{"file":192,"line":417,"context":345},5121,{"file":201,"line":419,"context":345},396,{"file":201,"line":421,"context":345},401,{"file":201,"line":423,"context":345},410,{"file":201,"line":425,"context":345},442,{"file":201,"line":355,"context":345},{"file":201,"line":428,"context":345},655,{"file":201,"line":430,"context":345},660,{"file":201,"line":432,"context":345},674,{"file":201,"line":432,"context":345},{"file":201,"line":435,"context":345},1312,{"file":201,"line":437,"context":345},1317,{"file":201,"line":439,"context":345},1328,{"file":201,"line":441,"context":345},2320,{"file":201,"line":443,"context":345},2499,{"file":201,"line":445,"context":345},2513,{"file":201,"line":447,"context":345},2551,{"file":201,"line":449,"context":345},2553,{"file":201,"line":451,"context":345},2554,{"file":201,"line":453,"context":345},2582,{"file":201,"line":455,"context":345},2586,{"file":201,"line":457,"context":345},2589,{"file":201,"line":459,"context":345},2636,{"file":201,"line":461,"context":345},2656,{"file":201,"line":463,"context":345},2666,{"file":201,"line":465,"context":345},2671,{"file":201,"line":467,"context":345},2673,{"file":201,"line":469,"context":345},2700,{"file":201,"line":471,"context":345},2707,{"file":201,"line":473,"context":345},2754,{"file":201,"line":475,"context":345},2769,{"file":201,"line":477,"context":345},2782,{"file":201,"line":479,"context":345},2789,{"file":201,"line":481,"context":345},2790,{"file":201,"line":483,"context":345},2791,{"file":201,"line":485,"context":345},2796,{"file":201,"line":487,"context":345},2798,{"file":201,"line":489,"context":345},2806,{"file":201,"line":491,"context":345},2867,{"file":201,"line":493,"context":345},2981,{"file":201,"line":495,"context":345},2997,{"file":201,"line":497,"context":345},3006,{"file":201,"line":499,"context":345},3148,{"file":201,"line":501,"context":345},3393,{"file":201,"line":503,"context":345},3420,{"file":201,"line":505,"context":345},3423,38,[],[509,526,535,546,556,596,607,628],{"entryPoint":510,"graph":511,"unsanitizedCount":133,"severity":41},"force_redirect_to_https (library.php:103)",{"nodes":512,"edges":523},[513,518],{"id":514,"type":515,"label":516,"file":192,"line":517},"n0","source","$_SERVER['REQUEST_URI']",104,{"id":519,"type":520,"label":521,"file":192,"line":517,"wp_function":522},"n1","sink","header() [Header Injection]","header",[524],{"from":514,"to":519,"sanitized":525},false,{"entryPoint":527,"graph":528,"unsanitizedCount":133,"severity":41},"password_site (library.php:2312)",{"nodes":529,"edges":533},[530,532],{"id":514,"type":515,"label":516,"file":192,"line":531},2315,{"id":519,"type":520,"label":521,"file":192,"line":531,"wp_function":522},[534],{"from":514,"to":519,"sanitized":525},{"entryPoint":536,"graph":537,"unsanitizedCount":133,"severity":41},"redirect_to_https (library.php:3790)",{"nodes":538,"edges":544},[539,542],{"id":514,"type":515,"label":540,"file":192,"line":541},"$_SERVER",3793,{"id":519,"type":520,"label":521,"file":192,"line":543,"wp_function":522},3795,[545],{"from":514,"to":519,"sanitized":525},{"entryPoint":547,"graph":548,"unsanitizedCount":133,"severity":41},"redirect_to_nonwww (library.php:3800)",{"nodes":549,"edges":554},[550,552],{"id":514,"type":515,"label":540,"file":192,"line":551},3802,{"id":519,"type":520,"label":521,"file":192,"line":553,"wp_function":522},3804,[555],{"from":514,"to":519,"sanitized":525},{"entryPoint":557,"graph":558,"unsanitizedCount":200,"severity":41},"\u003Clibrary> (library.php:0)",{"nodes":559,"edges":590},[560,562,563,566,571,573,578,581,583,586],{"id":514,"type":515,"label":561,"file":192,"line":517},"$_SERVER['REQUEST_URI'] (x2)",{"id":519,"type":520,"label":521,"file":192,"line":517,"wp_function":522},{"id":564,"type":515,"label":540,"file":192,"line":565},"n2",256,{"id":567,"type":520,"label":568,"file":192,"line":569,"wp_function":570},"n3","wp_remote_get() [SSRF]",3066,"wp_remote_get",{"id":572,"type":515,"label":540,"file":192,"line":565},"n4",{"id":574,"type":520,"label":575,"file":192,"line":576,"wp_function":577},"n5","wp_remote_post() [SSRF]",3072,"wp_remote_post",{"id":579,"type":515,"label":580,"file":192,"line":541},"n6","$_SERVER (x2)",{"id":582,"type":520,"label":521,"file":192,"line":543,"wp_function":522},"n7",{"id":584,"type":515,"label":585,"file":192,"line":565},"n8","$_SERVER (x3)",{"id":587,"type":520,"label":588,"file":192,"line":391,"wp_function":589},"n9","echo() [XSS]","echo",[591,592,593,594,595],{"from":514,"to":519,"sanitized":525},{"from":564,"to":567,"sanitized":525},{"from":572,"to":574,"sanitized":525},{"from":579,"to":582,"sanitized":525},{"from":584,"to":587,"sanitized":525},{"entryPoint":597,"graph":598,"unsanitizedCount":29,"severity":606},"ajax_backend_call (library_wp.php:432)",{"nodes":599,"edges":603},[600,602],{"id":514,"type":515,"label":601,"file":201,"line":425},"$_POST['PRO_check_key']",{"id":519,"type":520,"label":588,"file":201,"line":425,"wp_function":589},[604],{"from":514,"to":519,"sanitized":605},true,"low",{"entryPoint":608,"graph":609,"unsanitizedCount":29,"severity":606},"\u003Clibrary_wp> (library_wp.php:0)",{"nodes":610,"edges":624},[611,612,613,616,620,623],{"id":514,"type":515,"label":601,"file":201,"line":425},{"id":519,"type":520,"label":588,"file":201,"line":425,"wp_function":589},{"id":564,"type":515,"label":614,"file":201,"line":615},"$_POST (x2)",1454,{"id":567,"type":520,"label":617,"file":201,"line":618,"wp_function":619},"get_var() [SQLi]",1456,"get_var",{"id":572,"type":515,"label":621,"file":201,"line":622},"$_POST",2527,{"id":574,"type":520,"label":588,"file":201,"line":475,"wp_function":589},[625,626,627],{"from":514,"to":519,"sanitized":605},{"from":564,"to":567,"sanitized":605},{"from":572,"to":574,"sanitized":605},{"entryPoint":629,"graph":630,"unsanitizedCount":28,"severity":54},"change_slug_2_old (library_wp.php:1451)",{"nodes":631,"edges":634},[632,633],{"id":514,"type":515,"label":614,"file":201,"line":615},{"id":519,"type":520,"label":617,"file":201,"line":618,"wp_function":619},[635],{"from":514,"to":519,"sanitized":525},{"summary":637,"deductions":638},"The \"wp-phpmyadmin-extension\" v5.2.2.01 plugin exhibits a mixed security posture. While it demonstrates some good practices, such as a significant percentage of SQL queries using prepared statements and the presence of nonce and capability checks, there are notable areas of concern. The static analysis reveals a dangerous function (`unserialize`) and a concerning number of flows with unsanitized paths, including one identified as high severity in the taint analysis.  This suggests a potential for vulnerabilities if user-controlled data is not handled rigorously before being passed to `unserialize` or within these unsanitized paths.\n\nThe vulnerability history, with two known CVEs, one high and one medium severity, and a common pattern of Cross-site Scripting (XSS) vulnerabilities, further reinforces the need for caution. The fact that the last vulnerability was in August 2022 and is currently unpatched is a significant red flag. While the static analysis doesn't explicitly point to XSS in this specific version's reported metrics, the historical trend indicates a recurring weakness in output sanitization or input validation. Overall, the plugin has strengths in its controlled entry points and SQL practices, but the presence of `unserialize`, unsanitized path flows, and a history of XSS vulnerabilities necessitate a cautious approach and thorough review, especially considering the unpatched CVE.",[639,642,645,648,651,653],{"reason":640,"points":641},"High severity taint flow found",12,{"reason":643,"points":644},"Unsanitized paths found in taint analysis",8,{"reason":646,"points":647},"Dangerous function: unserialize",7,{"reason":649,"points":650},"Vulnerability history: 1 High severity CVE",15,{"reason":652,"points":644},"Vulnerability history: 1 Medium severity CVE",{"reason":654,"points":655},"Output escaping: only 49% properly escaped",6,"2026-03-16T17:18:18.839Z",{"wat":658,"direct":664},{"assetPaths":659,"generatorPatterns":661,"scriptPaths":662,"versionParams":663},[660],"\u002Fwp-content\u002Fplugins\u002Fwp-phpmyadmin-extension\u002Fassets\u002Fmedia\u002Fmenu_icon.png",[],[],[],{"cssClasses":665,"htmlComments":666,"htmlAttributes":667,"restEndpoints":668,"jsGlobals":669,"shortcodeOutput":671},[],[],[],[],[670],"WpPhpMyAdminExtension",[]]