[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTEu0wcd8FofLE3vNMR_dQ7KYnwQMYj5dALDnRnSLcj0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":63,"fingerprints":323},"wpcos","WPCOS腾讯云对象存储COS","4.8","老蒋和他的小伙伴","https:\u002F\u002Fprofiles.wordpress.org\u002Flaobuluo\u002F","\u003Cp>WordPress COS（简称:WPCOS），基于腾讯云COS存储与WordPress实现静态资源到COS存储中。提高网站项目的访问速度，以及静态资源的安全存储功能。\u003C\u002Fp>\n\u003Ch3>插件特点\u003C\u002Fh3>\n\u003Col>\n\u003Cli>新增支持腾讯云数据万象 设置水印、编辑图片、压缩WEBP等（取消）\u003C\u002Fli>\n\u003Cli>支持已有图片编辑功能\u003C\u002Fli>\n\u003Cli>支持自定义域名设置\u003C\u002Fli>\n\u003Cli>支持一键替换静态本地化至对象存储远程URL\u003C\u002Fli>\n\u003Cli>支持一键禁止缩略图\u003C\u002Fli>\n\u003Cli>支持自定义任意对象存储目录，一个存储桶可以多网站\u003C\u002Fli>\n\u003Cli>支持自动文件重命名\u003C\u002Fli>\n\u003Cli>支持本地和对象存储分离和同步\u003C\u002Fli>\n\u003Cli>优化重构加速上传\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>WPCOS插件安装方法：\u003Ca href=\"https:\u002F\u002Fwww.lezaiyun.com\u002F1093.html\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.lezaiyun.com\u002F1093.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>网站支持\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.laojiang.me\u002F\" title=\"老蒋玩运营\" rel=\"nofollow ugc\">老蒋玩运营\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.zhujipingjia.com\u002F\" title=\"主机评价网\" rel=\"nofollow ugc\">主机评价网\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>欢迎加入插件和站长微信公众号：老蒋朋友圈（公众号）\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress COS（简称:WPCOS），基于腾讯云COS存储与WordPress实现静态资源到COS存储中。提高网站项目的访问速度，以及静态资源的安全存储功能。",300,16355,74,6,"2026-02-08T12:09:00.000Z","6.9.4","6.0.1","7.4",[20,21,22,23,24],"%e8%85%be%e8%ae%af%e4%ba%91cos","%e8%85%be%e8%ae%af%e4%ba%91wordpress","%e8%85%be%e8%ae%af%e4%ba%91%e5%ad%98%e5%82%a8","%e8%85%be%e8%ae%af%e4%ba%91%e5%ad%98%e5%82%a8%e5%88%86%e7%a6%bb","%e8%85%be%e8%ae%af%e4%ba%91%e5%af%b9%e8%b1%a1%e5%ad%98%e5%82%a8","https:\u002F\u002Fwww.lezaiyun.com\u002F1093.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcos.4.8.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"laobuluo",12,4450,30,94,"2026-04-04T22:34:20.072Z",[40],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":27,"num_ratings":14,"last_updated":50,"tested_up_to":16,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":59,"download_link":60,"security_score":27,"vuln_count":61,"unpatched_count":28,"last_vuln_date":62,"fetched_at":30},"sync-qcloud-cos","Sync QCloud COS","2.6.6","沈唁","https:\u002F\u002Fprofiles.wordpress.org\u002Fshenyanzhi\u002F","\u003Cp>使用腾讯云对象存储服务 COS 作为附件存储空间。(Using Tencent Cloud Object Storage Service COS as Attachment Storage Space.)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>依赖腾讯云 COS 服务：https:\u002F\u002Fcloud.tencent.com\u002Fproduct\u002Fcos\u003C\u002Fli>\n\u003Cli>使用说明：https:\u002F\u002Fcloud.tencent.com\u002Fproduct\u002Fcos\u002Fdetails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>插件特点\u003C\u002Fh3>\n\u003Col>\n\u003Cli>可配置是否上传缩略图和是否保留本地备份\u003C\u002Fli>\n\u003Cli>本地删除可同步删除腾讯云对象存储 COS 中的文件\u003C\u002Fli>\n\u003Cli>支持腾讯云对象存储 COS 绑定的个性域名\u003C\u002Fli>\n\u003Cli>支持替换数据库中旧的资源链接地址\u003C\u002Fli>\n\u003Cli>支持北京、上海、广州、香港、法兰克福等完整地域使用\u003C\u002Fli>\n\u003Cli>支持同步历史附件到 COS\u003C\u002Fli>\n\u003Cli>支持验证桶名是否填写正确\u003C\u002Fli>\n\u003Cli>支持腾讯云数据万象 CI 图片处理\u003C\u002Fli>\n\u003Cli>支持上传文件自动重命名\u003C\u002Fli>\n\u003Cli>支持媒体库编辑\u003C\u002Fli>\n\u003Cli>支持腾讯云数据万象图片极智压缩\u003C\u002Fli>\n\u003Cli>支持文件预览\u003C\u002Fli>\n\u003Cli>支持文本内容审核\u003C\u002Fli>\n\u003Cli>支持原图保护\u003C\u002Fli>\n\u003Cli>支持数据监控\u003C\u002Fli>\n\u003Cli>支持使用 \u003Ccode>wp-cli\u003C\u002Fcode> 命令上传\u002F删除文件\u003C\u002Fli>\n\u003Cli>支持上传文件到存储桶子目录\u003C\u002Fli>\n\u003Cli>支持多站点\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>插件更多详细介绍和安装：\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsy-records\u002Fsync-qcloud-cos\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsy-records\u002Fsync-qcloud-cos\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>作者博客\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fqq52o.me\" title=\"沈唁志\" rel=\"nofollow ugc\">沈唁志\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>欢迎加入沈唁的 WordPress 云存储全家桶 QQ 交流群：887595381\u003C\u002Fp>\n","使用腾讯云对象存储服务 COS 作为附件存储空间。(Using Tencent Cloud Object Storage Service COS as Attachment Storage Space.)",400,22702,"2025-12-05T03:13:00.000Z","4.6","7.2",[54,55,56,57,58],"cos","%e8%85%be%e8%ae%af%e4%ba%91","qcloud","tencent","%e5%af%b9%e8%b1%a1%e5%ad%98%e5%82%a8","https:\u002F\u002Fqq52o.me\u002F2518.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsync-qcloud-cos.2.6.6.zip",1,"2022-02-17 00:00:00",{"attackSurface":64,"codeSignals":132,"taintFlows":264,"riskAssessment":312,"analyzedAt":322},{"hooks":65,"ajaxHandlers":128,"restRoutes":129,"shortcodes":130,"cronEvents":131,"entryPointCount":28,"unprotectedCount":28},[66,72,76,80,85,90,93,97,100,104,108,112,116,120,123],{"type":67,"name":68,"callback":69,"file":70,"line":71},"filter","big_image_size_threshold","__return_false","wpcos.php",16,{"type":67,"name":73,"callback":74,"priority":28,"file":70,"line":75},"wp_handle_upload_prefilter","wpcos_boost_upload_resources_prefilter",18,{"type":67,"name":77,"callback":78,"priority":61,"file":70,"line":79},"wp_handle_upload","wpcos_boost_upload_resources",19,{"type":81,"name":82,"callback":83,"file":70,"line":84},"action","upgrader_process_complete","wpcos_upgrade_options",21,{"type":67,"name":86,"callback":87,"priority":88,"file":70,"line":89},"sanitize_file_name","wpcos_sanitize_file_name",10,22,{"type":67,"name":77,"callback":91,"file":70,"line":92},"wpcos_upload_attachments",24,{"type":67,"name":94,"callback":95,"file":70,"line":96},"wp_update_attachment_metadata","wpcos_upload_and_thumbs",26,{"type":67,"name":98,"callback":95,"file":70,"line":99},"wp_generate_attachment_metadata",28,{"type":67,"name":101,"callback":102,"file":70,"line":103},"wp_save_image_editor_file","wpcos_save_image_editor_file",29,{"type":67,"name":105,"callback":106,"file":70,"line":107},"wp_unique_filename","wpcos_unique_filename",32,{"type":81,"name":109,"callback":110,"file":70,"line":111},"delete_attachment","wpcos_delete_remote_attachment",33,{"type":81,"name":113,"callback":114,"file":70,"line":115},"admin_menu","wpcos_add_setting_page",34,{"type":67,"name":117,"callback":118,"priority":88,"file":70,"line":119},"plugin_action_links","wpcos_plugin_action_links",35,{"type":67,"name":94,"callback":121,"file":70,"line":122},"wpcos_image_editor_file_save",60,{"type":81,"name":124,"callback":125,"file":126,"line":127},"admin_enqueue_scripts","wpcos_scripts_styles","wpcos_actions.php",263,[],[],[],[],{"dangerousFunctions":133,"sqlUsage":139,"outputEscaping":141,"fileOperations":262,"externalRequests":28,"nonceChecks":61,"capabilityChecks":61,"bundledLibraries":263},[134],{"fn":135,"file":136,"line":137,"context":138},"exec","sdk\\cos-php-sdk-v5\\src\\Qcloud\\Cos\\Tests\\Test.php",41,"exec(\"dd if=\u002Fdev\u002Furandom of=\". $filename. \" bs=1 count=\". (string)$size);",{"prepared":28,"raw":28,"locations":140},[],{"escaped":71,"rawEcho":142,"locations":143},58,[144,147,149,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,260],{"file":136,"line":145,"context":146},127,"raw output",{"file":136,"line":148,"context":146},142,{"file":136,"line":150,"context":146},162,{"file":136,"line":152,"context":146},185,{"file":136,"line":154,"context":146},227,{"file":136,"line":156,"context":146},246,{"file":136,"line":158,"context":146},284,{"file":136,"line":160,"context":146},303,{"file":136,"line":162,"context":146},322,{"file":136,"line":164,"context":146},341,{"file":136,"line":166,"context":146},360,{"file":136,"line":168,"context":146},381,{"file":136,"line":170,"context":146},432,{"file":136,"line":172,"context":146},464,{"file":136,"line":174,"context":146},506,{"file":136,"line":176,"context":146},521,{"file":136,"line":178,"context":146},553,{"file":136,"line":180,"context":146},610,{"file":136,"line":182,"context":146},652,{"file":136,"line":184,"context":146},716,{"file":136,"line":186,"context":146},763,{"file":136,"line":188,"context":146},815,{"file":136,"line":190,"context":146},830,{"file":136,"line":192,"context":146},844,{"file":136,"line":194,"context":146},891,{"file":136,"line":196,"context":146},917,{"file":136,"line":198,"context":146},938,{"file":136,"line":200,"context":146},972,{"file":136,"line":202,"context":146},985,{"file":136,"line":204,"context":146},999,{"file":136,"line":206,"context":146},1025,{"file":136,"line":208,"context":146},1049,{"file":136,"line":210,"context":146},1073,{"file":136,"line":212,"context":146},1090,{"file":136,"line":214,"context":146},1112,{"file":136,"line":216,"context":146},1148,{"file":136,"line":218,"context":146},1164,{"file":136,"line":220,"context":146},1180,{"file":136,"line":222,"context":146},1197,{"file":136,"line":224,"context":146},1220,{"file":136,"line":226,"context":146},1236,{"file":136,"line":228,"context":146},1256,{"file":136,"line":230,"context":146},1269,{"file":136,"line":232,"context":146},1287,{"file":136,"line":234,"context":146},1317,{"file":136,"line":236,"context":146},1351,{"file":136,"line":238,"context":146},1387,{"file":136,"line":240,"context":146},1408,{"file":136,"line":242,"context":146},1429,{"file":136,"line":244,"context":146},1471,{"file":136,"line":246,"context":146},1492,{"file":136,"line":248,"context":146},1513,{"file":136,"line":250,"context":146},1534,{"file":136,"line":252,"context":146},1590,{"file":136,"line":254,"context":146},1625,{"file":136,"line":256,"context":146},1678,{"file":258,"line":259,"context":146},"wpcos_setting_page.php",75,{"file":258,"line":261,"context":146},189,15,[],[265,298],{"entryPoint":266,"graph":267,"unsanitizedCount":28,"severity":297},"wpcos_setting_page (wpcos_setting_page.php:2)",{"nodes":268,"edges":292},[269,274,279,282,284,287],{"id":270,"type":271,"label":272,"file":258,"line":273},"n0","source","$_POST",27,{"id":275,"type":276,"label":277,"file":258,"line":103,"wp_function":278},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":280,"type":271,"label":281,"file":258,"line":36},"n2","$_POST['upload_url_path']",{"id":283,"type":276,"label":277,"file":258,"line":36,"wp_function":278},"n3",{"id":285,"type":271,"label":286,"file":258,"line":273},"n4","$_POST (x5)",{"id":288,"type":276,"label":289,"file":258,"line":290,"wp_function":291},"n5","echo() [XSS]",79,"echo",[293,295,296],{"from":270,"to":275,"sanitized":294},true,{"from":280,"to":283,"sanitized":294},{"from":285,"to":288,"sanitized":294},"low",{"entryPoint":299,"graph":300,"unsanitizedCount":28,"severity":297},"\u003Cwpcos_setting_page> (wpcos_setting_page.php:0)",{"nodes":301,"edges":308},[302,303,304,305,306,307],{"id":270,"type":271,"label":272,"file":258,"line":273},{"id":275,"type":276,"label":277,"file":258,"line":103,"wp_function":278},{"id":280,"type":271,"label":281,"file":258,"line":36},{"id":283,"type":276,"label":277,"file":258,"line":36,"wp_function":278},{"id":285,"type":271,"label":286,"file":258,"line":273},{"id":288,"type":276,"label":289,"file":258,"line":290,"wp_function":291},[309,310,311],{"from":270,"to":275,"sanitized":294},{"from":280,"to":283,"sanitized":294},{"from":285,"to":288,"sanitized":294},{"summary":313,"deductions":314},"The \"wpcos\" plugin v4.8 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history (CVEs), suggesting a generally well-maintained codebase. The limited attack surface, with zero unprotected entry points across AJAX, REST API, shortcodes, and cron events, further strengthens its security profile.\n\nHowever, the static analysis reveals significant areas of concern. The presence of the `exec()` function is a critical red flag, as it can be exploited for remote code execution if not handled with extreme care and robust input sanitization. Furthermore, a very low percentage (22%) of output escaping is a substantial risk for cross-site scripting (XSS) vulnerabilities, particularly given the number of file operations and other code signals that might involve user-supplied data. While taint analysis shows no critical or high-severity unsanitized flows, this could be due to the limited number of flows analyzed or that the `exec()` function is not directly reachable by user input in the analyzed paths.\n\nIn conclusion, while the plugin's clean vulnerability history and secure handling of SQL queries are commendable, the identified dangerous function (`exec`) and the high rate of unescaped output represent serious potential security weaknesses. The plugin's strengths lie in its minimal attack surface and good SQL practices, but these are overshadowed by the risks associated with arbitrary code execution and XSS. Further investigation into the usage of `exec` and the context of all outputs is strongly recommended.",[315,317,319],{"reason":316,"points":75},"Dangerous function detected (exec)",{"reason":318,"points":262},"Low output escaping rate (22%)",{"reason":320,"points":321},"High number of file operations without detailed sanitization context",5,"2026-03-16T19:52:18.633Z",{"wat":324,"direct":331},{"assetPaths":325,"generatorPatterns":327,"scriptPaths":328,"versionParams":329},[326],"\u002Fwp-content\u002Fplugins\u002Fwpcos\u002Fsdk\u002Fcos-php-sdk-v5\u002Fvendor\u002Fautoload.php",[],[],[330],"wpcos\u002Fstyle.css?ver=",{"cssClasses":332,"htmlComments":333,"htmlAttributes":334,"restEndpoints":335,"jsGlobals":336,"shortcodeOutput":337},[],[],[],[],[],[]]