[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDo72QWEgUSXb_m8scghOz2XFj0fZiof716qPTB9sJLM":3,"$f_R6_n6de2DW_SXG9lMw6vPjO6or7cMfYPoCUJxK5A68":282,"$fymRb4T4vUlwHFnTcLQMcjWpVFd0xQW00nEAZmhuqzBM":286},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":38,"analysis":121,"fingerprints":257},"wp-post-import","WP Post Import","1.0","Kudosta","https:\u002F\u002Fprofiles.wordpress.org\u002Fkudosta\u002F","\u003Cp>This plugin allows you to import new posts or update existing custom posts using csv \u002F xls \u002F xlsx files.\u003Cbr \u002F>\nIf you want to import any posts using xls \u002F csv files, then go ahead and use this plugin !!!\u003C\u002Fp>\n","Adds ability to insert and updates posts or any custom post.",10,2009,0,"2022-04-14T08:50:00.000Z","5.9.13","4.8","5.5.4",[19,20,4,21,22],"wordpress-csv-import","wordpress-xlsx-import","xls","xlsx","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-post-import.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"kudosta",2,40,89,30,86,"2026-05-20T03:56:16.697Z",[39,58,74,90,107],{"slug":40,"name":41,"version":6,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":23,"tags":53,"homepage":23,"download_link":57,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"export-2-excel","Export to Excel","Kapil Chugh","https:\u002F\u002Fprofiles.wordpress.org\u002Fkapilchugh\u002F","\u003Cp>Wouldn’t it be super-convenient if you could export your blog or website to MS Excel? Now it’s possible! Use Export 2 Excel to convert your data into native MS Excel formats and experience true portability.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Col>\n\u003Cli>Supports both WordPress and WordPress Multisite.\u003C\u002Fli>\n\u003Cli>Supports both .xls and .xlsx files.\u003C\u002Fli>\n\u003Cli>Convert whatever you want: posts, pages, and custom post types, comments authors.\u003C\u002Fli>\n\u003Cli>Simplicity redefined: no need for complex settings or writing code.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fblockquote>\n\u003Cp>Install Export 2 Excel now and see how easy it makes everything!\u003C\u002Fp>\n","A plugin which allows you to download your posts, pages, custom post types, comments authors to .xls or .xlsx format.",200,29304,48,21,"2014-06-11T10:21:00.000Z","3.9.40","3.0",[54,55,56,21,22],"excel","export","spreadsheet","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-2-excel.1.0.zip",{"slug":59,"name":60,"version":6,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":11,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":52,"requires_php":23,"tags":68,"homepage":71,"download_link":72,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":73},"import-excel","Import Excel","gans5131","https:\u002F\u002Fprofiles.wordpress.org\u002Fgans5131\u002F","\u003Cp>Plugin for import tables (xlsx) in site database.\u003C\u002Fp>\n\u003Cp>Мinimum functionality – minimum load on the site.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_swNTQfYtwQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>General Settings\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_swNTQfYtwQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Plugin for import tables (xlsx) in site database",3310,"2016-08-15T16:54:00.000Z","4.6.30",[54,69,70,22],"import","table","https:\u002F\u002Fprog-web.ru\u002Fblog\u002Fimport-excel-vyivod-tabliczyi-iz-bazyi.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimport-excel.1.0.zip","2026-03-15T15:16:48.613Z",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":11,"downloaded":82,"rating":13,"num_ratings":13,"last_updated":83,"tested_up_to":15,"requires_at_least":23,"requires_php":23,"tags":84,"homepage":87,"download_link":88,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":89},"spreadsheet-block","Spreadsheet block","1.0.3","Sjeiti","https:\u002F\u002Fprofiles.wordpress.org\u002Fsjeiti\u002F","\u003Cp>The spreadsheet block reads xlsx files and converts it into a live table.\u003Cbr \u002F>\nYou can specify what cells should be editable. Editing fields will affect existing cell calculations.\u003C\u002Fp>\n\u003Cp>For some reason WordPress prohibits the upload of \u003Ccode>xslx\u003C\u002Fcode> files. You can workaround this issue by renaming the file to \u003Ccode>xls\u003C\u002Fcode> (for now).\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>To use simply add a block to a page or post and choose ‘Spreadsheet block’. Upload an xls or xlsx spreadsheet file from the sidebar.\u003C\u002Fp>\n\u003Cp>From the cell options (in the block) you can set which cells are editable and which cells will be rendered as table head.\u003C\u002Fp>\n\u003Cp>Click the eye behind a sheet name to make specific sheets invisible.\u003C\u002Fp>\n\u003Ch3>Versioning and issues\u003C\u002Fh3>\n\u003Cp>The main CVS repo for this plugin \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSjeiti\u002Fwp-spreadsheet-block\" rel=\"nofollow ugc\">is on Github\u003C\u002Fa>. The version up on WordPress is a distilled build of the major tags.\u003Cbr \u002F>\nIf you have any issues or suggestions please put them on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSjeiti\u002Fwp-spreadsheet-block\u002Fissues\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","Allows you to use uploaded xlsx files as blocks.",994,"2022-04-08T08:33:00.000Z",[85,86,56,21,22],"block","csv","https:\u002F\u002Fgithub.com\u002FSjeiti\u002Fwp-spreadsheet-block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspreadsheet-block.1.0.3.zip","2026-04-06T09:54:40.288Z",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":13,"downloaded":25,"rating":13,"num_ratings":13,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":23,"download_link":105,"security_score":106,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"seganiko-fast-import-for-woocommerce","Seganiko Fast Import for WooCommerce","1.2.18","Serhii Nikolaienko","https:\u002F\u002Fprofiles.wordpress.org\u002Fseganiko\u002F","\u003Cp>Seganiko Fast Import for WooCommerce is a lightweight tool for importing and updating WooCommerce products from XLSX or CSV files. Designed for store managers who need to update large catalogs quickly and reliably.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Import products from XLSX or CSV (UTF-8)\u003C\u002Fli>\n\u003Cli>Supported fields: name, SKU, price, weight, description, images, categories, and custom meta fields\u003C\u002Fli>\n\u003Cli>SKU-based update — existing products are updated, no duplicates created\u003C\u002Fli>\n\u003Cli>Batch processing (up to 400 rows per batch) with real-time AJAX progress bar\u003C\u002Fli>\n\u003Cli>Support for simple products, variable products, and variations\u003C\u002Fli>\n\u003Cli>Custom meta fields — both flat values and array (serialized) format\u003C\u002Fli>\n\u003Cli>Bulk media loader — import images from external URLs or upload a ZIP archive\u003C\u002Fli>\n\u003Cli>Video support in the media loader — mp4, webm, mov and other formats; video is attached per product SKU\u003C\u002Fli>\n\u003Cli>Optional bulk image optimization (ShortPixel integration)\u003C\u002Fli>\n\u003Cli>Compatible with WooCommerce HPOS (custom order tables)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Requirements:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WooCommerce 9.3.3 or later\u003C\u002Fli>\n\u003Cli>WordPress 6.2 or later\u003C\u002Fli>\n\u003Cli>PHP 8.0 or later\u003C\u002Fli>\n\u003Cli>PHP ZipArchive extension (required for XLSX import)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Prepare your file:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Supported formats: XLSX and CSV (UTF-8 encoding).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Required column:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>sku\u003C\u002Fcode> — used to match existing products; if a product with this SKU exists it is updated, otherwise a new product is created\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Optional columns:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>name\u003C\u002Fcode> — product title\u003C\u002Fli>\n\u003Cli>\u003Ccode>price\u003C\u002Fcode> — regular price (numeric)\u003C\u002Fli>\n\u003Cli>\u003Ccode>weight\u003C\u002Fcode> — weight in kg (numeric)\u003C\u002Fli>\n\u003Cli>\u003Ccode>description\u003C\u002Fcode> — product description (HTML allowed)\u003C\u002Fli>\n\u003Cli>\u003Ccode>images\u003C\u002Fcode> — one or more image URLs separated by a pipe \u003Ccode>|\u003C\u002Fcode> (first image becomes the featured image)\u003C\u002Fli>\n\u003Cli>\u003Ccode>categories\u003C\u002Fcode> — category names separated by \u003Ccode>\u002F\u003C\u002Fcode> (hierarchy) or \u003Ccode>,\u003C\u002Fcode> (multiple categories)\u003C\u002Fli>\n\u003Cli>Any extra column is saved as a product meta field under the column name\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Import flow:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Upload the XLSX\u002FCSV file on the Import tab\u003C\u002Fli>\n\u003Cli>Review column mapping on the Mapping tab if needed\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Start Import\u003C\u002Fstrong> — the batch runner processes rows in groups of 400 and shows progress in real time\u003C\u002Fli>\n\u003Cli>When finished, a summary shows how many products were created, updated, and skipped\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Media Loader tab:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Paste product SKUs with their image\u002Fvideo URLs to bulk-attach media\u003C\u002Fli>\n\u003Cli>Or upload a ZIP archive — the loader matches files inside to products by SKU\u003C\u002Fli>\n\u003Cli>Video files (mp4, webm, mov, etc.) are attached to the product gallery per SKU\u002Ffilename\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Logs:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Import logs are saved to \u003Ccode>\u002Fwp-content\u002Fuploads\u002Fseganiko-fiw-logs\u002F\u003C\u002Fcode> and are also shown in the admin UI. Each log entry records the SKU, action (created\u002Fupdated\u002Fskipped\u002Ferror), and a short message.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin optionally connects to the ShortPixel Image Optimizer API to compress and optimize product images during the bulk media import process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002F\" rel=\"nofollow ugc\">ShortPixel\u003C\u002Fa> — an image optimization and compression service.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it is used for:\u003C\u002Fstrong> When the user enables the “Optimize images with ShortPixel” option in the Media Loader settings and provides a valid ShortPixel API key, uploaded product images are sent to ShortPixel for lossy or lossless compression before being stored in the WordPress media library.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent:\u003C\u002Fstrong> The plugin sends the publicly accessible URL of each uploaded image along with the user’s ShortPixel API key and optimization preferences (compression type, EXIF handling). No personal user data is transmitted.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Data is sent only when the site administrator has explicitly enabled ShortPixel optimization in the Media Loader settings tab and triggers a bulk media import. No data is sent if the feature is not enabled.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service endpoint:\u003C\u002Fstrong> \u003Ccode>https:\u002F\u002Fapi.shortpixel.com\u002Fv2\u002Freducer.php\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Ftos\" rel=\"nofollow ugc\">https:\u002F\u002Fshortpixel.com\u002Ftos\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fshortpixel.com\u002Fprivacy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Seganiko \u002F Project BGL.\u003Cbr \u002F>\nText Domain: seganiko-fast-import-for-woocommerce\u003C\u002Fp>\n","Fast WooCommerce product importer from XLSX\u002FCSV with SKU-based updates, batch processing, and bulk media loader.","2026-03-25T13:24:00.000Z","6.9.4","6.2","8.0",[86,69,103,104,22],"products","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseganiko-fast-import-for-woocommerce.1.2.18.zip",100,{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":13,"downloaded":115,"rating":13,"num_ratings":13,"last_updated":116,"tested_up_to":99,"requires_at_least":117,"requires_php":101,"tags":118,"homepage":119,"download_link":120,"security_score":106,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":89},"sextant-export","Sextant Export & Import","2.0.0","astraiosplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fastraiosplugins\u002F","\u003Cp>Navigate your WooCommerce data with the precision of a master mariner. \u003Cstrong>Sextant Export & Import\u003C\u002Fstrong> is the essential navigational tool for store owners who need to move order data, products, and customer records between vessels without losing their way.\u003C\u002Fp>\n\u003Cp>Just as a traditional sextant allows a sailor to find their exact position by the stars, this plugin gives you total orientation over your store’s data. Whether you are migrating to a new “port” (website) or simply need to keep your “logbooks” (spreadsheets) updated, Sextant ensures a smooth voyage.\u003C\u002Fp>\n\u003Ch4>Key Features for a Smooth Voyage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Precise Navigation:\u003C\u002Fstrong> Export exactly what you need with granular filters—no more drifting in a sea of unnecessary data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Steady Course:\u003C\u002Fstrong> Import data with confidence. Our mapping system ensures every piece of information lands exactly where it should.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight Vessel:\u003C\u002Fstrong> Built for speed and efficiency, ensuring your server’s performance stays on an even keel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clear Horizon:\u003C\u002Fstrong> A clean, intuitive interface that doesn’t require a captain’s license to operate.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Stop guessing your position and start exporting with professional accuracy. Set your course with Sextant Export & Import today.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Export\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All products exported to a clean .xlsx file — opens in Excel, LibreOffice, Google Sheets\u003C\u002Fli>\n\u003Cli>Simple and variable products supported — variants go on a separate sheet, linked to their parent\u003C\u002Fli>\n\u003Cli>Choose which fields to include: ID, SKU, name, prices, stock, categories, tags, images, permalink\u003C\u002Fli>\n\u003Cli>Filter by product type, status, or category before exporting\u003C\u002Fli>\n\u003Cli>Product count validation — compares raw database count against WooCommerce API count and warns if they differ\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Import\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Upload the exported .xlsx file (or any file matching its column structure) to update products in bulk\u003C\u002Fli>\n\u003Cli>Choose which fields to import — only the columns you select will be updated\u003C\u002Fli>\n\u003Cli>Supported fields: SKU, product name, status, short description, full description, regular price, sale price, stock status, stock quantity, weight, categories, tags, and permalink (slug)\u003C\u002Fli>\n\u003Cli>Preview changes before committing — see exactly what will be updated\u003C\u002Fli>\n\u003Cli>Products are matched by WooCommerce ID — safe and unambiguous\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Built for reliability\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Three-layer safety system — disengages automatically if something goes wrong, protecting your store from downtime\u003C\u002Fli>\n\u003Cli>Built-in error reporting — email a diagnostic report to the developer directly from your admin panel\u003C\u002Fli>\n\u003Cli>No Composer dependencies, no external libraries, no bloat\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Part of the Sextant platform by Astraios.no\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>Know your position. Chart your course.\u003C\u002Fem>\u003C\u002Fp>\n","Export and import WooCommerce products via Excel. Edit your products in Excel, then import changes straight back. Free, no account required.",60,"2026-03-29T18:29:00.000Z","5.8",[54,55,69,104,22],"https:\u002F\u002Fastraios.no\u002Fsextant-export-woocommerce-excel\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsextant-export.zip",{"attackSurface":122,"codeSignals":144,"taintFlows":219,"riskAssessment":246,"analyzedAt":256},{"hooks":123,"ajaxHandlers":133,"restRoutes":141,"shortcodes":142,"cronEvents":143,"entryPointCount":32,"unprotectedCount":13},[124,129],{"type":125,"name":126,"callback":127,"file":128,"line":49},"action","admin_enqueue_scripts","wppi_plugin_scripts","wp-post-import.php",{"type":125,"name":130,"callback":131,"file":128,"line":132},"admin_menu","wppi_add_import_menu",23,[134,139],{"action":135,"nopriv":136,"callback":135,"hasNonce":137,"hasCapCheck":136,"file":128,"line":138},"wppi_show_data",false,true,27,{"action":135,"nopriv":137,"callback":135,"hasNonce":137,"hasCapCheck":136,"file":128,"line":140},29,[],[],[],{"dangerousFunctions":145,"sqlUsage":187,"outputEscaping":190,"fileOperations":211,"externalRequests":13,"nonceChecks":32,"capabilityChecks":13,"bundledLibraries":212},[146,151,155,158,162,166,169,173,177,180,184],{"fn":147,"file":148,"line":149,"context":150},"unserialize","Classes\\PHPExcel\\CachedObjectStorage\\APC.php",152,"$this->currentObject = unserialize($obj);",{"fn":147,"file":152,"line":153,"context":154},"Classes\\PHPExcel\\CachedObjectStorage\\DiscISAM.php",118,"$this->currentObject = unserialize(fread($this->fileHandle, $this->cellCache[$pCoord]['sz']));",{"fn":147,"file":156,"line":157,"context":150},"Classes\\PHPExcel\\CachedObjectStorage\\Memcache.php",156,{"fn":147,"file":159,"line":160,"context":161},"Classes\\PHPExcel\\CachedObjectStorage\\MemoryGZip.php",93,"$this->currentObject = unserialize(gzinflate($this->cellCache[$pCoord]));",{"fn":147,"file":163,"line":164,"context":165},"Classes\\PHPExcel\\CachedObjectStorage\\MemorySerialized.php",91,"$this->currentObject = unserialize($this->cellCache[$pCoord]);",{"fn":147,"file":167,"line":168,"context":154},"Classes\\PHPExcel\\CachedObjectStorage\\PHPTemp.php",113,{"fn":147,"file":170,"line":171,"context":172},"Classes\\PHPExcel\\CachedObjectStorage\\SQLite.php",112,"$this->currentObject = unserialize($cellResult);",{"fn":147,"file":174,"line":175,"context":176},"Classes\\PHPExcel\\CachedObjectStorage\\SQLite3.php",144,"$this->currentObject = unserialize($cellData['value']);",{"fn":147,"file":178,"line":179,"context":150},"Classes\\PHPExcel\\CachedObjectStorage\\Wincache.php",154,{"fn":147,"file":181,"line":182,"context":183},"Classes\\PHPExcel\\Worksheet.php",2895,"$this->{$key} = unserialize(serialize($val));",{"fn":147,"file":185,"line":186,"context":183},"Classes\\PHPExcel.php",881,{"prepared":188,"raw":13,"locations":189},15,[],{"escaped":191,"rawEcho":192,"locations":193},84,8,[194,198,199,202,204,206,207,209],{"file":195,"line":196,"context":197},"Classes\\PHPExcel\\CalcEngine\\Logger.php",123,"raw output",{"file":195,"line":196,"context":197},{"file":200,"line":201,"context":197},"Classes\\PHPExcel\\Chart\\Renderer\\jpgraph.php",865,{"file":203,"line":11,"context":197},"template\\post_import_form.php",{"file":203,"line":205,"context":197},103,{"file":203,"line":205,"context":197},{"file":203,"line":208,"context":197},124,{"file":128,"line":210,"context":197},685,105,[213,216],{"name":214,"version":26,"knownCves":215},"dompdf",[],{"name":217,"version":26,"knownCves":218},"TCPDF",[],[220,238],{"entryPoint":221,"graph":222,"unsanitizedCount":13,"severity":237},"wppi_import_file (wp-post-import.php:72)",{"nodes":223,"edges":235},[224,229],{"id":225,"type":226,"label":227,"file":128,"line":228},"n0","source","$_POST (x4)",97,{"id":230,"type":231,"label":232,"file":128,"line":233,"wp_function":234},"n1","sink","get_results() [SQLi]",406,"get_results",[236],{"from":225,"to":230,"sanitized":137},"low",{"entryPoint":239,"graph":240,"unsanitizedCount":13,"severity":237},"\u003Cwp-post-import> (wp-post-import.php:0)",{"nodes":241,"edges":244},[242,243],{"id":225,"type":226,"label":227,"file":128,"line":228},{"id":230,"type":231,"label":232,"file":128,"line":233,"wp_function":234},[245],{"from":225,"to":230,"sanitized":137},{"summary":247,"deductions":248},"The wp-post-import v1.0 plugin exhibits a mixed security posture. On the positive side, its vulnerability history is clean, with no recorded CVEs, suggesting good past security practices or limited exposure. The static analysis also indicates strong SQL hygiene, with all queries using prepared statements, and a very high rate of output escaping. Furthermore, the attack surface is relatively small, with only two AJAX entry points and no exposed REST API routes, shortcodes, or cron events.\n\nHowever, there are significant concerns that temper this otherwise positive outlook. The presence of 11 dangerous function calls, particularly `unserialize`, without further context on how it's used, raises a red flag. If `unserialize` is used on user-supplied input, it could lead to Remote Code Execution (RCE) vulnerabilities. The complete absence of capability checks for its two AJAX handlers is a critical oversight. This means that any user, regardless of their role, could potentially trigger these handlers, leading to unauthorized actions or data manipulation. While taint analysis found no immediate issues, the presence of `unserialize` and the lack of capability checks for entry points create a significant latent risk.\n\nIn conclusion, while the plugin has a clean history and good practices in SQL and output escaping, the lack of capability checks on its AJAX handlers and the potential risk associated with `unserialize` are serious weaknesses. These issues, if exploited, could compromise the integrity and security of a WordPress site. The absence of capability checks on entry points is a fundamental security flaw that needs immediate attention.",[249,251,253],{"reason":250,"points":188},"AJAX handlers lack capability checks",{"reason":252,"points":11},"Dangerous function 'unserialize' used",{"reason":254,"points":255},"Bundled libraries may be outdated",3,"2026-03-16T23:08:32.397Z",{"wat":258,"direct":266},{"assetPaths":259,"generatorPatterns":263,"scriptPaths":264,"versionParams":265},[260,261,262],"assets\u002Fcss\u002Fstyle.css","assets\u002Fjs\u002Fwppostimport.js","assets\u002Fjs\u002Fxlsx.full.min.js",[],[262,261],[],{"cssClasses":267,"htmlComments":270,"htmlAttributes":275,"restEndpoints":277,"jsGlobals":279,"shortcodeOutput":281},[268,269],"wppi-file-input","wppi-submit-button",[271,272,273,274],"Import form submit  .","Import csv, xlsx file functionality .","Create posts by csv,xlsx file .","Create posts by csv file .",[276],"data-nonce",[278],"\u002Fwp-json\u002Fwp-post-import\u002Fv1\u002Fimport",[280],"wppijs_ajax_object",[],{"error":137,"url":283,"statusCode":284,"statusMessage":285,"message":285},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-post-import\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":287},[]]