[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1_3g2lGWeGv8kzLXVuWGsAXTBHMqF7_8qZ1CCi0qFWg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":49,"analysis":142,"fingerprints":216},"wp-tesseract","WP Tesseract","1.0.2","tattersoftware","https:\u002F\u002Fprofiles.wordpress.org\u002Ftattersoftware\u002F","\u003Cp>A plugin for extracting text from attached images using \u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FOptical_character_recognition\" rel=\"nofollow ugc\">OCR\u003C\u002Fa> via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftesseract-ocr\u002F\" rel=\"nofollow ugc\">Tesseract\u003C\u002Fa>.\u003Cbr \u002F>\nThis plugin adds a new post named for each image upload containing any recognized text characters within the file.\u003Cbr \u002F>\nThis text can then be edited for accuracy and used elsewhere on the site.\u003C\u002Fp>\n\u003Cp>The OCR plugin requires a supported version of PHP with the GD extension and the following command line utility:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftesseract-ocr\" rel=\"nofollow ugc\">Tesseract\u003C\u002Fa> for the actual OCR\u003Cbr \u002F>\nThis utility must be manually installed on your server and executable by PHP.\u003Cbr \u002F>\n\u003Cstrong>This process, and consequently this plugin, is recommended only for advanced users.\u003C\u002Fstrong>\u003C\u002Fp>\n","A plugin for extracting text from attached images using OCR via Tesseract.",50,2828,0,"2020-08-13T13:04:00.000Z","5.5.0","2.9","7.2",[19,20,21,22,23],"attachments","images","media","ocr","optical-text-recognition","https:\u002F\u002Fgithub.com\u002Ftattersoftware\u002Fwp-tesseract","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-tesseract.1.0.4.zip",63,1,"2025-09-26 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-60176","wp-tesseract-authenticated-administrator-stored-cross-site-scripting","WP Tesseract \u003C= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The WP Tesseract plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.0.2","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-29 21:08:45",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd989b1ee-13c0-4da1-80dd-38d2202f2ce7?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},30,68,"2026-04-04T07:04:27.653Z",[50,70,88,107,126],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":58,"num_ratings":60,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":67,"download_link":68,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"image-sizes-panel","Image Sizes Panel","0.4","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cp>Display a meta box when viewing a media item in the admin that display all generated images sizes.\u003C\u002Fp>\n","Display a meta box when viewing a media item in the admin that display all generated images sizes.",100,5362,3,"2022-02-22T00:05:00.000Z","5.9.13","3.9","",[19,20,21,66],"sizes","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-sizes-panel\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-sizes-panel.0.4.zip",85,{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":46,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":62,"requires_at_least":82,"requires_php":64,"tags":83,"homepage":86,"download_link":87,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"auto-delete-unattached-media","Auto Delete Unattached Media","1.0","Wong Siong Kiat","https:\u002F\u002Fprofiles.wordpress.org\u002Fwongsiongkiat\u002F","\u003Cp>Auto Delete Unattached Media is a plugin that will automatically delete unattached\u002Funused media\u002Fimages\u002Fattachments every minute. It will be supported and maintained until at least 2022, or as long as is necessary.\u003C\u002Fp>\n\u003Cp>Once activated, it will work silently in the background. There is no other configuration, the auto delete unattached media settings screens are enabled or disabled by either enabling or disabling this plugin. I recommend you deactivate this plugin when there are no unused media\u002Fimages\u002Fattachments left.\u003C\u002Fp>\n","Automatically delete unattached\u002Funused media\u002Fimages\u002Fattachments every minute silently in the background.",4408,60,2,"2022-02-03T01:58:00.000Z","4.9",[19,20,21,84,85],"unattached","unused","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauto-delete-unattached-media\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-delete-unattached-media.1.0.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":13,"num_ratings":13,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":105,"download_link":106,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"air-download-attachments","AIR Download Attachments","1.0.1","Dan Zakirov","https:\u002F\u002Fprofiles.wordpress.org\u002Falexodiy\u002F","\u003Cp>The AIR Download Attachments plugin adds a “Download All Attachments” button to posts, allowing users to download all attached images as a zip archive.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Adds a “Download All Attachments” button to the post content.\u003C\u002Fli>\n\u003Cli>Creates a zip archive containing all attached images.\u003C\u002Fli>\n\u003Cli>Automatically generates a temporary folder for storing the zip archive.\u003C\u002Fli>\n\u003Cli>Provides localized translations for the plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>If you wish to help translate this plugin, you are most welcome!\u003Cbr \u002F>\nTo contribute, please visit \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fair-download-attachments\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>\u003C\u002Fp>\n","The AIR Download Attachments plugin adds a \"Download All Attachments\" button to posts, allowing users to download all attached images as a z &hellip;",10,1043,"2023-11-26T10:41:00.000Z","6.4.8","4.8","5.6",[19,103,20,21,104],"download","zip","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fair-download-attachments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fair-download-attachments.1.0.1.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":96,"downloaded":115,"rating":13,"num_ratings":13,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":123,"download_link":124,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":125},"image-copyright-manager","Image Copyright Manager","1.4.0","jespermhl","https:\u002F\u002Fprofiles.wordpress.org\u002Fjespermhl\u002F","\u003Cp>Image Copyright Manager adds a custom field for copyright information to WordPress media attachments. This allows you to store copyright details for your images and other media files, and display them on your website using shortcodes. Version 1.3.0 introduces advanced SEO fields for “Creator” and “Copyright Notice” which are automatically output as JSON-LD for Google Image SEO.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add copyright information to any media file in WordPress\u003C\u002Fli>\n\u003Cli>Automatic Metadata Extraction (EXIF, IPTC, XMP) from Lightroom and other software\u003C\u002Fli>\n\u003Cli>Complete Google Image SEO support (Creator, Copyright Notice, Credit Text, License URL, Acquire License URL)\u003C\u002Fli>\n\u003Cli>Automatic JSON-LD Schema.org output for Google Image SEO license badge\u003C\u002Fli>\n\u003Cli>Support for HTML links in copyright information\u003C\u002Fli>\n\u003Cli>Integrated into Media Modal and Edit Media screen\u003C\u002Fli>\n\u003Cli>Shortcode to display all media with copyright information\u003C\u002Fli>\n\u003Cli>Translation ready\u003C\u002Fli>\n\u003Cli>Secure and follows WordPress coding standards\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode Usage\u003C\u002Fh4>\n\u003Cp>Display all media with copyright information:\u003C\u002Fp>\n\u003Cpre>[imagcoma]\u003C\u002Fpre>\n\u003Cp>Customize the display:\u003C\u002Fp>\n\u003Cpre>[imagcoma orderby=\"title\" order=\"ASC\"]\u003C\u002Fpre>\n\u003Cp>Customize heading and texts:\u003C\u002Fp>\n\u003Cpre>[imagcoma heading=\"Image Sources\" heading_tag=\"h2\"]\u003C\u002Fpre>\n\u003Cp>Fully customized example:\u003C\u002Fp>\n\u003Cpre>[imagcoma heading=\"Photo Credits\" heading_tag=\"h4\" no_sources_text=\"No images found\" copyright_label=\"Source:\" view_media_text=\"View Image\"]\u003C\u002Fpre>\n\u003Ch4>Shortcode Parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>orderby\u003C\u002Fcode> – Sort by date, title, etc. (default: date)\u003C\u002Fli>\n\u003Cli>\u003Ccode>order\u003C\u002Fcode> – ASC or DESC (default: DESC)\u003C\u002Fli>\n\u003Cli>\u003Ccode>heading\u003C\u002Fcode> – Custom heading text (default: “Image Sources”)\u003C\u002Fli>\n\u003Cli>\u003Ccode>heading_tag\u003C\u002Fcode> – HTML heading tag: h1, h2, h3, h4, h5, h6 (default: h3)\u003C\u002Fli>\n\u003Cli>\u003Ccode>no_sources_text\u003C\u002Fcode> – Text displayed when no sources are found (default: “No image sources with copyright information found.”)\u003C\u002Fli>\n\u003Cli>\u003Ccode>copyright_label\u003C\u002Fcode> – Label for copyright information (default: “Copyright:”)\u003C\u002Fli>\n\u003Cli>\u003Ccode>view_media_text\u003C\u002Fcode> – Text for the “View Media” link (default: “View Media”)\u003C\u002Fli>\n\u003C\u002Ful>\n","Add copyright information to WordPress media files with a custom field and display them using shortcodes. Now includes JSON-LD for Image SEO.",582,"2026-02-18T00:07:00.000Z","6.9.4","6.4","7.4",[19,121,20,21,122],"copyright","metadata","https:\u002F\u002Fmahelwebdesign.com\u002Fimage-copyright-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-copyright-manager.1.4.0.zip","2026-03-15T14:54:45.397Z",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":96,"downloaded":134,"rating":13,"num_ratings":13,"last_updated":135,"tested_up_to":136,"requires_at_least":16,"requires_php":64,"tags":137,"homepage":140,"download_link":141,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"move-images-between-pages","Move Images Between Pages","1.1","Johnathon Williams","https:\u002F\u002Fprofiles.wordpress.org\u002Foddjar\u002F","\u003Cp>This plugin allows you to quickly reattach images to different pages in your WordPress installation. It places a simple drop-down menu in the edit media screen that lists all of the pages in your WordPress site and allows you to reattach the given image to a new page. Note that this plugin only works for images that are attached to pages. It ignores images that are attached to posts.\u003C\u002Fp>\n","This plugin allows you to quickly reattach images to different pages in your WordPress installation.",2610,"2014-01-23T17:39:00.000Z","3.7.41",[19,138,20,21,139],"galleries","pages","http:\u002F\u002Foddjar.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmove-images-between-pages.1.1.zip",{"attackSurface":143,"codeSignals":177,"taintFlows":197,"riskAssessment":198,"analyzedAt":215},{"hooks":144,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":13,"unprotectedCount":13},[145,151,154,156,160,164,168,171],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","plugins_loaded","anonymous","includes\\class-wp-tesseract.php",141,{"type":146,"name":152,"callback":148,"file":149,"line":153},"admin_enqueue_scripts",156,{"type":146,"name":152,"callback":148,"file":149,"line":155},157,{"type":146,"name":157,"callback":158,"file":149,"line":159},"admin_menu","add_menu",160,{"type":146,"name":161,"callback":162,"file":149,"line":163},"admin_init","register_settings",163,{"type":146,"name":165,"callback":166,"file":149,"line":167},"add_attachment","analyze_image",166,{"type":146,"name":169,"callback":148,"file":149,"line":170},"wp_enqueue_scripts",180,{"type":146,"name":169,"callback":148,"file":149,"line":172},181,[],[],[],[],{"dangerousFunctions":178,"sqlUsage":184,"outputEscaping":186,"fileOperations":60,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":196},[179],{"fn":180,"file":181,"line":182,"context":183},"exec","admin\\class-wp-tesseract-admin.php",230,"exec($command, $output, $return);",{"prepared":13,"raw":13,"locations":185},[],{"escaped":13,"rawEcho":60,"locations":187},[188,192,194],{"file":189,"line":190,"context":191},"admin\\partials\\wp-tesseract-admin-display.php",35,"raw output",{"file":189,"line":193,"context":191},39,{"file":189,"line":195,"context":191},43,[],[],{"summary":199,"deductions":200},"The wp-tesseract v1.0.2 plugin presents a mixed security posture. On the positive side, its static analysis shows no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in zero identified entry points and no unprotected ones. Furthermore, all SQL queries appear to be properly prepared, mitigating a common class of vulnerabilities. The absence of external HTTP requests also reduces the risk of server-side request forgery or infection from compromised external resources.\n\nHowever, significant concerns arise from several code signals. The presence of the 'exec' function is a critical red flag, as it can be exploited for remote code execution if improperly handled. Compounding this, 100% of output escaping is missing, meaning any data processed and displayed by the plugin is vulnerable to Cross-Site Scripting (XSS) attacks. The plugin also performs file operations without clear indication of their security context or sanitization.\n\nThe vulnerability history, particularly the existence of one unpatched medium severity CVE related to XSS, reinforces the output escaping concerns. The fact that this vulnerability is recent and unpatched is a major risk. While the attack surface seems limited in terms of direct entry points, the combination of a dangerous function ('exec'), lack of output escaping, and an existing XSS vulnerability, which is a common vulnerability type for this plugin, indicates a substantial risk of compromise.",[201,204,207,210,213],{"reason":202,"points":203},"Unpatched CVE",18,{"reason":205,"points":206},"Dangerous function: exec",15,{"reason":208,"points":209},"Output escaping: 0% properly escaped",9,{"reason":211,"points":212},"Missing Nonce checks",5,{"reason":214,"points":212},"Missing Capability checks","2026-03-16T21:55:53.860Z",{"wat":217,"direct":226},{"assetPaths":218,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[219,220],"\u002Fwp-content\u002Fplugins\u002Fwp-tesseract\u002Fcss\u002Fwp-tesseract-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-tesseract\u002Fjs\u002Fwp-tesseract-admin.js",[],[220],[224,225],"wp-tesseract\u002Fcss\u002Fwp-tesseract-admin.css?ver=","wp-tesseract\u002Fjs\u002Fwp-tesseract-admin.js?ver=",{"cssClasses":227,"htmlComments":228,"htmlAttributes":229,"restEndpoints":230,"jsGlobals":231,"shortcodeOutput":233},[],[],[],[],[232],"window.jquery",[]]