[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDXBEcTRCD9OQCH2nBmcGfrYkvTlrqP7160MJTiQY7EI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":32,"analysis":47,"fingerprints":166},"wp-s3-backups","WP S3 Backups","0.3.0","DanCoulter","https:\u002F\u002Fprofiles.wordpress.org\u002Fdancoulter\u002F","\u003Cp>Using this plugin, you can easily and automatically backup important parts of\u003Cbr \u002F>\nyour WordPress install to Amazon S3.  Amazon S3 is an extremely cheap service\u003Cbr \u002F>\nthat is easy to set up.  For pennies a month, you can make sure that your\u003Cbr \u002F>\nimportant files will be kept safe.\u003C\u002Fp>\n\u003Cp>Important caveat: this plugin currently has to be run on a linux server.\u003Cbr \u002F>\nAlso, the wp-content\u002Fuploads folder has to be server-writable or it won’t be\u003Cbr \u002F>\nable to create the zips for backup.\u003C\u002Fp>\n","Automatically back up important bits of your WordPress install to Amazon S3.",30,7638,0,"2009-12-14T09:17:00.000Z","2.9.2","2.8","",[19],"backup-automatic-s3-zip-backups-scheduled","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-s3-backups\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-s3-backups.0.3.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":22,"avg_patch_time_days":11,"trust_score":30,"computed_at":31},"dancoulter",7,640,84,"2026-04-04T15:14:15.757Z",[33],{"slug":34,"name":35,"version":36,"author":7,"author_profile":8,"description":37,"short_description":10,"active_installs":38,"downloaded":39,"rating":40,"num_ratings":41,"last_updated":42,"tested_up_to":43,"requires_at_least":16,"requires_php":17,"tags":44,"homepage":45,"download_link":46,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24},"automatic-wordpress-backup","Automatic WordPress Backup","2.0.3","\u003Cp>Using this plugin, you can easily and automatically backup important parts of\u003Cbr \u002F>\nyour WordPress install to Amazon S3.  Amazon S3 is an extremely cheap service\u003Cbr \u002F>\nthat is easy to set up.  For pennies a month, you can make sure that your\u003Cbr \u002F>\nimportant files will be kept safe.\u003C\u002Fp>\n\u003Cp>Important caveat: this plugin currently has to be run on a linux server.\u003Cbr \u002F>\nAlso, the wp-content\u002Fuploads folder has to be server-writable or it won’t be\u003Cbr \u002F>\nable to create the zips for backup.\u003C\u002Fp>\n\u003Cp>For full info and installation instructions, visit http:\u002F\u002Fwww.webdesigncompany.net\u002Fautomatic-wordpress-backup\u002F\u003C\u002Fp>\n",300,53087,100,2,"2010-08-11T07:37:00.000Z","3.0.5",[19],"http:\u002F\u002Fwww.webdesigncompany.net\u002Fautomatic-wordpress-backup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-wordpress-backup.2.0.3.zip",{"attackSurface":48,"codeSignals":77,"taintFlows":116,"riskAssessment":143,"analyzedAt":165},{"hooks":49,"ajaxHandlers":71,"restRoutes":72,"shortcodes":73,"cronEvents":74,"entryPointCount":13,"unprotectedCount":13},[50,56,60,64,68],{"type":51,"name":52,"callback":53,"file":54,"line":55},"action","admin_notices","newBucketWarning","wp-s3-backups.php",61,{"type":57,"name":58,"callback":58,"file":54,"line":59},"filter","cron_schedules",291,{"type":51,"name":61,"callback":62,"file":54,"line":63},"admin_menu","add_settings_page",292,{"type":51,"name":65,"callback":66,"file":54,"line":67},"s3-backup","backup",293,{"type":51,"name":69,"callback":69,"file":54,"line":70},"init",294,[],[],[],[75],{"hook":65,"callback":65,"file":54,"line":76},45,{"dangerousFunctions":78,"sqlUsage":86,"outputEscaping":92,"fileOperations":114,"externalRequests":87,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":115},[79,83],{"fn":80,"file":54,"line":81,"context":82},"shell_exec",253,"$result = shell_exec('mysqldump --single-transaction -h ' . DB_HOST . ' -u ' . DB_USER . ' --passwor",{"fn":80,"file":54,"line":84,"context":85},274,"$result = shell_exec('zip -r ' . $file . ' uploads');",{"prepared":13,"raw":87,"locations":88},1,[89],{"file":54,"line":90,"context":91},252,"$wpdb->get_col() with variable interpolation",{"escaped":13,"rawEcho":93,"locations":94},10,[95,98,100,102,104,106,108,110,111,113],{"file":54,"line":96,"context":97},65,"raw output",{"file":54,"line":99,"context":97},110,{"file":54,"line":101,"context":97},111,{"file":54,"line":103,"context":97},121,{"file":54,"line":105,"context":97},125,{"file":54,"line":107,"context":97},136,{"file":54,"line":109,"context":97},149,{"file":54,"line":109,"context":97},{"file":54,"line":112,"context":97},205,{"file":54,"line":112,"context":97},6,[],[117,135],{"entryPoint":118,"graph":119,"unsanitizedCount":87,"severity":134},"init (wp-s3-backups.php:41)",{"nodes":120,"edges":131},[121,126],{"id":122,"type":123,"label":124,"file":54,"line":125},"n0","source","$_POST['s3-new-bucket']",55,{"id":127,"type":128,"label":129,"file":54,"line":125,"wp_function":130},"n1","sink","update_option() [Settings Manipulation]","update_option",[132],{"from":122,"to":127,"sanitized":133},false,"low",{"entryPoint":136,"graph":137,"unsanitizedCount":87,"severity":134},"\u003Cwp-s3-backups> (wp-s3-backups.php:0)",{"nodes":138,"edges":141},[139,140],{"id":122,"type":123,"label":124,"file":54,"line":125},{"id":127,"type":128,"label":129,"file":54,"line":125,"wp_function":130},[142],{"from":122,"to":127,"sanitized":133},{"summary":144,"deductions":145},"The \"wp-s3-backups\" plugin v0.3.0 presents a concerning security posture despite a clean vulnerability history. The static analysis reveals significant weaknesses that could be exploited. Notably, the presence of the `shell_exec` function, an unescaped output for all identified outputs, and a complete lack of nonce and capability checks on its entry points are major red flags. This means that potentially any user could trigger dangerous commands or manipulate plugin behavior without proper authorization.\n\nThe taint analysis, while not identifying critical or high severity issues, did reveal flows with unsanitized paths, which is troubling given the other identified code weaknesses. The plugin's SQL queries are also not using prepared statements, increasing the risk of SQL injection vulnerabilities. Coupled with file operation capabilities and external HTTP requests, these factors indicate a high potential for unauthorized code execution, data manipulation, or information disclosure.\n\nWhile the plugin has no recorded CVEs, this should not be interpreted as a sign of robust security. The identified code signals suggest that vulnerabilities are likely present and simply have not been discovered or reported. The plugin's current state, with numerous insecure coding practices, warrants a cautious approach and suggests it is not suitable for production environments without significant remediation.",[146,149,151,153,155,158,160,163],{"reason":147,"points":148},"Dangerous function shell_exec used",15,{"reason":150,"points":148},"No output escaping",{"reason":152,"points":93},"No nonce checks",{"reason":154,"points":93},"No capability checks",{"reason":156,"points":157},"SQL queries not using prepared statements",8,{"reason":159,"points":28},"Unsanitized paths in taint flows",{"reason":161,"points":162},"File operations present",5,{"reason":164,"points":162},"External HTTP requests present","2026-03-16T22:36:22.079Z",{"wat":167,"direct":176},{"assetPaths":168,"generatorPatterns":171,"scriptPaths":172,"versionParams":173},[169,170],"\u002Fwp-content\u002Fplugins\u002Fwp-s3-backups\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-s3-backups\u002Fjs\u002Fs3b.js",[],[170],[174,175],"wp-s3-backups\u002Fcss\u002Fstyle.css?ver=","wp-s3-backups\u002Fjs\u002Fs3b.js?ver=",{"cssClasses":177,"htmlComments":179,"htmlAttributes":181,"restEndpoints":184,"jsGlobals":185,"shortcodeOutput":188},[178],"s3-warning",[180],"\u003C!--WPS3BU::backup() -->",[182,183],"id=\"s3-warning\"","id=\"new-s3-bucket\"",[],[186,187],"var ajaxTarget = ","var nonce = ",[]]