[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRh5WnnfRncQeUy9og0Dtmxr6tFPCQ9YMIPPDH1Xrsjw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":148,"fingerprints":336},"z-authorized-downloads","Zodan Authorized Downloads","1.2.7","martenmoolenaar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmartenmoolenaar\u002F","\u003Cp>This plugin allows site admins to protect specific attachment file types (e.g. Pdf, Doc(x)) from direct access. Instead, the files are served through WordPress, allowing you to check if a user is logged in or has the required permissions before granting access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Adds a checkbox to media attachments to mark them as “Authorized only”.\u003Cbr \u002F>\n* Creates an internal page and rewrite rules to intercept requests to protected file types.\u003Cbr \u002F>\n* Checks user login status (or other custom logic you add) before serving files.\u003Cbr \u002F>\n* Provides a settings page to specify which file types should be protected.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under GPLv2 or later.\u003C\u002Fp>\n","Protect documents from unauthorized download.",0,508,"2026-01-08T15:59:00.000Z","6.9.4","5.5","",[18,19,20,21,22],"attachments","authorization","downloads","files","protected-downloads","https:\u002F\u002Fplugins.zodan.nl\u002Fwordpress-authorized-downloads","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fz-authorized-downloads.1.2.7.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},6,80,30,94,"2026-04-04T16:51:56.472Z",[36,59,84,104,126],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":31,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":15,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":11,"last_vuln_date":58,"fetched_at":27},"file-upload-types","File Upload Types by WPForms","1.5.0","Jared Atchison","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaredatch\u002F","\u003Ch3>WordPress File Upload Types Plugin\u003C\u002Fh3>\n\u003Cp>Do you want to let your WordPress website accept uploads from your users for more file types and to freely upload files? We created the File Upload Types plugin to make it simple for anyone to easily add support for any file types with any extension or MIME type.\u003C\u002Fp>\n\u003Ch4>How WordPress File Uploads Work\u003C\u002Fh4>\n\u003Cp>By default, WordPress only allows \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FUploading_Files#About_Uploading_Files_on_Dashboard\" rel=\"nofollow ugc\">certain file types\u003C\u002Fa> to be uploaded to your website’s media library.\u003C\u002Fp>\n\u003Cp>If someone tries to upload a file type outside of these whitelisted WordPress file extensions, this can be the cause of the \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fcommon-wordpress-errors-and-how-to-fix-them\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"common WordPress error\" rel=\"friend nofollow ugc\">common WordPress error\u003C\u002Fa> \u003Ccode>Sorry, this file type is not permitted for security reasons\u003C\u002Fcode> message.\u003C\u002Fp>\n\u003Cp>It can be frustrating if you’ve \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002Fhow-to-create-a-file-upload-form-in-wordpress\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtypes&utm_content=readme\" rel=\"friend\" title=\"\ncreated a file upload form\">created a file upload form\u003C\u002Fa> in WordPress but the file type you want to accept is a file extension that’s not allowed.\u003C\u002Fp>\n\u003Cp>This plugin lets your website upload more file types beyond the limited file extension types that WordPress allows by default.\u003C\u002Fp>\n\u003Ch4>How does the File Upload Types plugin work?\u003C\u002Fh4>\n\u003Cp>The File Upload Types plugin works by letting you adjust the internal file whitelist, letting you manually control which types of file extensions your WordPress website can upload.\u003C\u002Fp>\n\u003Cp>This way, you can accept any file type through your website and\u002For any contact form plugin like \u003Ca href=\"https:\u002F\u002Fwww.wpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtypes&utm_content=readme\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What file types can I upload to WordPress with this plugin?\u003C\u002Fh4>\n\u003Cp>The File Upload Types plugin lets you allow uploads of any file extension, including custom file types.\u003C\u002Fp>\n\u003Cp>Some common file extension types this plugin lets you add that WordPress doesn’t support natively include:\u003C\u002Fp>\n\u003Cp>.ai\u003Cbr \u002F>\n.zip\u003Cbr \u002F>\n.xml\u003Cbr \u002F>\n.svg\u003Cbr \u002F>\n.csv\u003Cbr \u002F>\n.mobi\u003Cbr \u002F>\n.cad\u003Cbr \u002F>\n.dwg\u003Cbr \u002F>\n.dxf\u003C\u002Fp>\n\u003Cp>…and any other file extensions that exist, including custom file types.\u003C\u002Fp>\n\u003Cp>We hope that you find the File Upload Types plugin helpful!\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was created by the team behind \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – the best drag & drop form builder for WordPress.\u003C\u002Fp>\n\u003Ch3>What’s Next\u003C\u002Fh3>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – The best WordPress Contact Form Plugin.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Foptinmonster.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get more email subscribers with the most popular conversion optimization plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – See the stats that matter and grow your business with confidence. Best Google Analytics plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.seedprod.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"SeedProd\" rel=\"friend nofollow ugc\">SeedProd\u003C\u002Fa> – Jumpstart your website with the #1 Coming Soon & Maintenance Mode plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmailsmtp.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" rel=\"nofollow ugc\">WP Mail SMTP\u003C\u002Fa> – Improve email deliverability for your contact form with the most popular SMTP plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frafflepress.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" rel=\"nofollow ugc\">RafflePress\u003C\u002Fa> – The Best WordPress giveaway and contest plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa> to learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">WordPress tutorials\u003C\u002Fa> and find out about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"Best WordPress plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","Easily allow WordPress to accept and upload any file type extension or MIME type, including custom file types.",30000,242227,20,"2024-10-23T14:00:00.000Z","6.6.5","7.0",[18,51,21,52,53],"file-upload","mime","upload","https:\u002F\u002Fwpforms.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffile-upload-types.1.5.0.zip",91,1,"2024-10-24 20:07:47",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":79,"download_link":80,"security_score":81,"vuln_count":82,"unpatched_count":11,"last_vuln_date":83,"fetched_at":27},"download-attachments","Download Attachments","1.3.2","dFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fdfactory\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.dfactory.co\u002Fproducts\u002Fdownload-attachments\u002F\" rel=\"nofollow ugc\">Download Attachments\u003C\u002Fa> is a new approach to managing downloads in WordPress. Instead of bloated interface it enables simple, drag & drop and AJAX driven metabox where you can insert and manage your Media Library files and automatically or manually display them after, before or inside posts content.\u003C\u002Fp>\n\u003Cp>For more information, check out plugin page at \u003Ca href=\"http:\u002F\u002Fwww.dfactory.co\u002F\" rel=\"nofollow ugc\">dFactory\u003C\u002Fa> site.\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatic or manual download links display\u003C\u002Fli>\n\u003Cli>Select post types where Download Attachments should be used\u003C\u002Fli>\n\u003Cli>Select list, table or sortable, dynamic table display style\u003C\u002Fli>\n\u003Cli>Downloads count\u003C\u002Fli>\n\u003Cli>Advanced attachments sorting\u003C\u002Fli>\n\u003Cli>Most Downloaded Attachments widget\u003C\u002Fli>\n\u003Cli>Drag & drop files ordering\u003C\u002Fli>\n\u003Cli>Based on Media Library attachments\u003C\u002Fli>\n\u003Cli>Easy customisation of Frontend & Backend display\u003C\u002Fli>\n\u003Cli>Pretty URLs for download links\u003C\u002Fli>\n\u003Cli>Encrypt URLs by default\u003C\u002Fli>\n\u003Cli>Customizable tamplates engine\u003C\u002Fli>\n\u003Cli>Custom download slug\u003C\u002Fli>\n\u003Cli>Custom permission for metabox display\u003C\u002Fli>\n\u003Cli>Option to exclude selected attachments from display\u003C\u002Fli>\n\u003Cli>Option to select from all Media Library files or only those attached to a post\u003C\u002Fli>\n\u003Cli>2 shortcodes\u003C\u002Fli>\n\u003Cli>5 functions and multiple filter hooks for developers\u003C\u002Fli>\n\u003Cli>Option to use attachment caption and\u002For description for download links description\u003C\u002Fli>\n\u003Cli>Compatible with WPML & Polylang\u003C\u002Fli>\n\u003Cli>.pot file for translations included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get involved\u003C\u002Fh4>\n\u003Cp>Feel free to contribute to the source code on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdfactoryplugins\" rel=\"nofollow ugc\">dFactory GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Download Attachments is a new approach to managing downloads in WordPress. It allows you to easily add and display download links in any post or page.",9000,214951,90,46,"2025-11-15T13:33:00.000Z","6.8.5","6.0","7.0.0",[76,18,77,78,21],"attachment","download","file","http:\u002F\u002Fwww.dfactory.co\u002Fproducts\u002Fdownload-attachments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-attachments.1.3.2.zip",97,3,"2025-06-19 00:00:00",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":31,"num_ratings":94,"last_updated":95,"tested_up_to":14,"requires_at_least":96,"requires_php":16,"tags":97,"homepage":99,"download_link":100,"security_score":101,"vuln_count":102,"unpatched_count":11,"last_vuln_date":103,"fetched_at":27},"wp-downloadmanager","WP-DownloadManager","1.69.1","Lester Chan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgamerz\u002F","\u003Ch3>General Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>You Need To Re-Generate The Permalink \u003Ccode>WP-Admin -> Settings -> Permalinks -> Save Changes\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>To embed a specific file to be downloaded into a post\u002Fpage, use \u003Ccode>[download id=\"2\"]\u003C\u002Fcode> where 2 is your file id.\u003C\u002Fli>\n\u003Cli>To embed multiple files to be downloaded into a post\u002Fpage, use \u003Ccode>[download id=\"1,2,3\"]\u003C\u002Fcode> where 1,2,3 are your file ids.\u003C\u002Fli>\n\u003Cli>To limit the number of embedded downloads shown for each post in a post stream, use the \u003Ccode>stream_limit\u003C\u002Fcode> option.\n\u003Col>\n\u003Cli>Example: \u003Ccode>[download id=\"2\" stream_limit=\"4\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>This will only display the first 4 downloads for the post when rendered in a post stream, and display the full list of downloads when viewing the single post.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>To sort embedded downloads, use the \u003Ccode>sort_by\u003C\u002Fcode> and \u003Ccode>sort_order\u003C\u002Fcode> options.\n\u003Col>\n\u003Cli>Example: \u003Ccode>[download id=\"2\" sort_by=\"file_id\" sort_order=\"asc\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>This will sort the embedded downloads by file ID in ascending order.\u003C\u002Fli>\n\u003Cli>Valid values for \u003Ccode>sort_by\u003C\u002Fcode> are: \u003Ccode>file_id\u003C\u002Fcode>, \u003Ccode>file\u003C\u002Fcode>, \u003Ccode>file_name\u003C\u002Fcode>, \u003Ccode>file_size\u003C\u002Fcode>, \u003Ccode>file_date\u003C\u002Fcode>, and \u003Ccode>file_hits\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>To choose what to display within the embedded file, use \u003Ccode>[download id=\"1\" display=\"both\"]\u003C\u002Fcode> where 1 is your file id and both will display both the file name and file desccription, whereas name will only display the filename. Note that this will overwrite the “Download Embedded File” template you have in your Download Templates.\u003C\u002Fli>\n\u003Cli>To embed files as well as categories, use \u003Ccode>[download id=\"1,2,3\" category=\"4,5,6\"]\u003C\u002Fcode> where 1,2,3 are your file id and 4,5,6 are your category ids.\u003C\u002Fli>\n\u003Cli>If you are using Default Permalinks, the file direct download link will be \u003Ccode>http:\u002F\u002Fyoursite.com\u002Findex.php?dl_id=2\u003C\u002Fcode>. If you are using Nice Permalinks, the file direct download link will be \u003Ccode>http:\u002F\u002Fyoursite.com\u002Fdownload\u002F2\u002F\u003C\u002Fcode>, where yoursite.com is your WordPress URL and 2 is your file id.\u003C\u002Fli>\n\u003Cli>The direct download category link will be \u003Ccode>http:\u002F\u002Fyoursite.com\u002Fdownloads\u002F?dl_cat=3\u003C\u002Fcode>, where yoursite.com is your WordPress URL, downloads is your Downloads Page name and 3 is your download category id.\u003C\u002Fli>\n\u003Cli>In order to upload the files straight to the downloads folder, the folder must be first CHMOD to 777. You can specify which folder to be the downloads folder in Download Options.\u003C\u002Fli>\n\u003Cli>You can configure the Download Options in \u003Ccode>WP-Admin -> Downloads -> Download Options\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>You can configure the Download Templates in \u003Ccode>WP-Admin -> Downloads -> Download Templates\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Downloads Page\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to \u003Ccode>WP-Admin -> Pages -> Add New\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Type any title you like in the post’s title area\u003C\u002Fli>\n\u003Cli>If you \u003Ccode>ARE\u003C\u002Fcode> using nice permalinks, after typing the title, WordPress will generate the permalink to the page. You will see an ‘Edit’ link just beside the permalink.\u003C\u002Fli>\n\u003Cli>Click ‘Edit’ and type in \u003Ccode>downloads\u003C\u002Fcode> in the text field and click ‘Save’.\u003C\u002Fli>\n\u003Cli>Type \u003Ccode>[page_download]\u003C\u002Fcode> in the post’s content area.\u003C\u002Fli>\n\u003Cli>You can also use \u003Ccode>[page_download category=\"1\"]\u003C\u002Fcode>, this will display all downloads in Category ID 1.\u003C\u002Fli>\n\u003Cli>Click ‘Publish’\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Download Stats (With Widgets)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to \u003Ccode>WP-Admin -> Appearance -> Widgets\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>The widget name is \u003Ccode>Downloads\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-downloadmanager\" title=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-downloadmanager\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-downloadmanager\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-downloadmanager\u002Fi18n\u002F\" title=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-downloadmanager\u002Fi18n\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-downloadmanager\u002Fi18n\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Plugin icon by \u003Ca href=\"http:\u002F\u002Fwww.freepik.com\" rel=\"nofollow ugc\">Freepik\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\" rel=\"nofollow ugc\">Flaticon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Icons courtesy of \u003Ca href=\"http:\u002F\u002Fwww.famfamfam.com\u002F\" title=\"FamFamFam\" rel=\"nofollow ugc\">FamFamFam\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Download Icon by \u003Ca href=\"http:\u002F\u002Fwww.imvain.com\u002F\"\" title=\"Ryan Zimmerman\" rel=\"nofollow ugc\">Ryan Zimmerman\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a simple download manager to your WordPress blog.",3000,308742,37,"2026-02-13T01:54:00.000Z","4.0",[77,20,78,21,98],"manager","https:\u002F\u002Flesterchan.net\u002Fportfolio\u002Fprogramming\u002Fphp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-downloadmanager.1.69.1.zip",89,10,"2026-02-17 21:55:19",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":16,"tags":119,"homepage":123,"download_link":124,"security_score":125,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"media-vault","Media Vault","0.8.12","Max GJ Panas","https:\u002F\u002Fprofiles.wordpress.org\u002Fmax-gjp\u002F","\u003Ch4>Protected Attachment Files\u003C\u002Fh4>\n\u003Cp>Media Vault cordons off a section of your WordPress uploads folder and secures it, protecting all files within by passing requests for them through a \u003Cem>powerful, flexible and completely customizable\u003C\u002Fem> set of permission checks.\u003C\u002Fp>\n\u003Cp>After activating the plugin, to protect attachment files with Media Vault you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>use the \u003Cem>Media Uploader admin page\u003C\u002Fem> to upload new protected attachments,\u003C\u002Fli>\n\u003Cli>use the \u003Cem>Media Vault metabox\u003C\u002Fem> to toggle file protection on the ‘Edit Media’ admin page,\u003C\u002Fli>\n\u003Cli>use the the \u003Cem>Media Vault Protection Settings\u003C\u002Fem> fields in the new Media Modal, or, \u003C\u002Fli>\n\u003Cli>using \u003Cem>bulk actions\u003C\u002Fem> in your Media Library page, you can change file protection on multiple pre-existing attachments at once.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default the only permission check that the plugin does on media files is that the user requesting them be logged in. You can change this \u003Cem>default\u003C\u002Fem> behavior from the ‘Media Settings’ page in the ‘Settings’ menu of the WordPress Admin. You can also change the restrictions set on attachments on an individual basis by means of either the Media Vault metabox on the ‘Edit Media’ page or the Media Vault Protection Settings fields in the new Media Modal.\u003C\u002Fp>\n\u003Cp>You can also write your own custom restrictions using the \u003Ccode>mgjp_mv_add_permission()\u003C\u002Fcode> function. See \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Frestrict-only-for-subscribers?replies=5\" rel=\"ugc\">this support question\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Ch4>Safe Download Links\u003C\u002Fh4>\n\u003Cp>Creating a cross-browser compatible download link for a file is a harder task than might be expected. Media Vault handles this for you, and it does so while preserving all the file security features discussed earlier like blocking downloads to people who should not have access to the file.\u003C\u002Fp>\n\u003Cp>The download links are available through a simple shortcode that you can use in your post\u002Fpage editor screen:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[mv_dl_links ids=\"1,2,3\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>where ‘ids’ are the comma separated list of attachment ids you would like to make available for download in the list.\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> Plugin comes with styles ready for WordPress 3.8+!\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem>  \u003Cstrong>Now supports WordPress MultiSite!\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect attachment files from direct access using powerful and flexible restrictions. Offer safe download links for any file in your uploads folder.",800,17132,88,27,"2014-02-18T16:48:00.000Z","3.7.41","3.5.0",[18,20,120,121,122],"media","protection","security","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-vault\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-vault.0.8.12.zip",85,{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":136,"num_ratings":137,"last_updated":138,"tested_up_to":139,"requires_at_least":140,"requires_php":141,"tags":142,"homepage":16,"download_link":146,"security_score":147,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"hotlink-file-prevention","Hotlink File Prevention","2.0.0","swinggraphics","https:\u002F\u002Fprofiles.wordpress.org\u002Fswinggraphics\u002F","\u003Cp>Hotlink File Prevention (HFP) offers simple hotlink protection that can be turned on\u002Foff for individual files in the WordPress media library.\u003C\u002Fp>\n\u003Cp>“Hotlinking” is when a file, such as an image or PDF, is linked to from another website or entered manually in a web browser’s location bar. HFP only allows your file to be viewed on your website.\u003C\u002Fp>\n\u003Cp>Hotlink protection is provided via \u003Ccode>.htaccess\u003C\u002Fcode> rules in the \u003Ccode>wp-content\u002Fuploads\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Ch3>Basic Usage\u003C\u002Fh3>\n\u003Cp>Once the HFP plugin is activated, you will have two new features in the media library:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Within the Screen Options tab (list view only), check box for the “Hotlink Prevention” column.\u003C\u002Fli>\n\u003Cli>To protect a file, edit the file and scroll down to the checkbox labelled “Hotlink Protection”.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Any asset that is checked will have “Yes” displayed in the “Hotlink Prevention” column; otherwise, this column will be blank.\u003C\u002Fp>\n\u003Ch4>Note about “Open in new tab” option\u003C\u002Fh4>\n\u003Cp>When you use the “Open in new tab” option for links, WordPress adds \u003Ccode>rel=\"noreferrer\"\u003C\u002Fcode>, which effectively makes the link act like direct access, and the link will be blocked for files protected using HFP.\u003C\u002Fp>\n","Simple hotlink protection for individual files in the media library.",700,7815,98,7,"2024-04-15T22:00:00.000Z","6.5.8","4.6","5.6",[143,18,21,144,145],"admin","hotlink","images","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotlink-file-prevention.2.0.0.zip",92,{"attackSurface":149,"codeSignals":221,"taintFlows":268,"riskAssessment":326,"analyzedAt":335},{"hooks":150,"ajaxHandlers":211,"restRoutes":218,"shortcodes":219,"cronEvents":220,"entryPointCount":57,"unprotectedCount":11},[151,157,161,164,169,173,176,180,184,187,191,195,199,202,206],{"type":152,"name":153,"callback":154,"file":155,"line":156},"action","add_meta_boxes","setup_attachment_metaboxes","z-authorized-downloads.php",38,{"type":152,"name":158,"callback":159,"priority":102,"file":155,"line":160},"save_post_attachment","save_attachment_meta_box_data",39,{"type":152,"name":162,"callback":159,"priority":102,"file":155,"line":163},"edit_attachment",40,{"type":165,"name":166,"callback":167,"priority":102,"file":155,"line":168},"filter","attachment_fields_to_edit","add_field_to_media_modal",42,{"type":165,"name":170,"callback":171,"priority":102,"file":155,"line":172},"attachment_fields_to_save","save_field_from_media_modal",43,{"type":152,"name":174,"callback":175,"file":155,"line":70},"admin_enqueue_scripts","z_enqueue_media_grid_js",{"type":165,"name":177,"callback":178,"priority":102,"file":155,"line":179},"wp_prepare_attachment_for_js","z_prepare_attachment_for_js",47,{"type":165,"name":181,"callback":182,"file":155,"line":183},"manage_media_columns","closure",51,{"type":152,"name":185,"callback":182,"priority":102,"file":155,"line":186},"manage_media_custom_column",56,{"type":152,"name":188,"callback":189,"file":155,"line":190},"admin_menu","register_settings_page",72,{"type":152,"name":192,"callback":193,"file":155,"line":194},"admin_init","register_settings",73,{"type":152,"name":174,"callback":196,"priority":197,"file":155,"line":198},"admins_css",11,75,{"type":152,"name":192,"callback":200,"file":155,"line":201},"zad_handle_clear_log_request",78,{"type":152,"name":203,"callback":204,"file":155,"line":205},"template_redirect","handle_protected_request",82,{"type":165,"name":207,"callback":208,"priority":209,"file":155,"line":210},"admin_footer_text","z_admin_footer_print_thankyou",900,143,[212],{"action":213,"nopriv":214,"callback":215,"hasNonce":214,"hasCapCheck":216,"file":155,"line":217},"zad_view_log",false,"zad_ajax_view_log",true,79,[],[],[],{"dangerousFunctions":222,"sqlUsage":223,"outputEscaping":226,"fileOperations":82,"externalRequests":11,"nonceChecks":224,"capabilityChecks":266,"bundledLibraries":267},[],{"prepared":224,"raw":11,"locations":225},2,[],{"escaped":32,"rawEcho":227,"locations":228},18,[229,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264],{"file":155,"line":230,"context":231},64,"raw output",{"file":155,"line":233,"context":231},146,{"file":155,"line":235,"context":231},198,{"file":155,"line":237,"context":231},217,{"file":155,"line":239,"context":231},242,{"file":155,"line":241,"context":231},243,{"file":155,"line":243,"context":231},245,{"file":155,"line":245,"context":231},246,{"file":155,"line":247,"context":231},247,{"file":155,"line":249,"context":231},248,{"file":155,"line":251,"context":231},249,{"file":155,"line":253,"context":231},250,{"file":155,"line":255,"context":231},251,{"file":155,"line":257,"context":231},253,{"file":155,"line":259,"context":231},254,{"file":155,"line":261,"context":231},255,{"file":155,"line":263,"context":231},627,{"file":155,"line":265,"context":231},792,5,[],[269,309],{"entryPoint":270,"graph":271,"unsanitizedCount":266,"severity":308},"handle_protected_request (z-authorized-downloads.php:495)",{"nodes":272,"edges":303},[273,278,284,287,291,294,298],{"id":274,"type":275,"label":276,"file":155,"line":277},"n0","source","$_GET (x3)",501,{"id":279,"type":280,"label":281,"file":155,"line":282,"wp_function":283},"n1","sink","header() [Header Injection]",619,"header",{"id":285,"type":275,"label":286,"file":155,"line":277},"n2","$_GET",{"id":288,"type":280,"label":289,"file":155,"line":263,"wp_function":290},"n3","echo() [XSS]","echo",{"id":292,"type":275,"label":286,"file":155,"line":293},"n4",507,{"id":295,"type":296,"label":297,"file":155,"line":293},"n5","transform","→ get_attachment_by_filename()",{"id":299,"type":280,"label":300,"file":155,"line":301,"wp_function":302},"n6","get_results() [SQLi]",731,"get_results",[304,305,306,307],{"from":274,"to":279,"sanitized":214},{"from":285,"to":288,"sanitized":214},{"from":292,"to":295,"sanitized":214},{"from":295,"to":299,"sanitized":214},"high",{"entryPoint":310,"graph":311,"unsanitizedCount":57,"severity":308},"\u003Cz-authorized-downloads> (z-authorized-downloads.php:0)",{"nodes":312,"edges":321},[313,314,315,317,318,319,320],{"id":274,"type":275,"label":276,"file":155,"line":277},{"id":279,"type":280,"label":281,"file":155,"line":282,"wp_function":283},{"id":285,"type":275,"label":316,"file":155,"line":277},"$_GET (x2)",{"id":288,"type":280,"label":289,"file":155,"line":263,"wp_function":290},{"id":292,"type":275,"label":286,"file":155,"line":293},{"id":295,"type":296,"label":297,"file":155,"line":293},{"id":299,"type":280,"label":300,"file":155,"line":301,"wp_function":302},[322,323,324,325],{"from":274,"to":279,"sanitized":216},{"from":285,"to":288,"sanitized":216},{"from":292,"to":295,"sanitized":214},{"from":295,"to":299,"sanitized":214},{"summary":327,"deductions":328},"The \"z-authorized-downloads\" plugin v1.2.7 exhibits a generally good security posture, with no recorded vulnerabilities and strong adherence to several security best practices. The absence of known CVEs and a history of security issues suggests a well-maintained codebase.  The plugin also demonstrates good practices by utilizing prepared statements for its SQL queries and implementing both nonce and capability checks for its AJAX handler, indicating an effort to protect against common web vulnerabilities.\n\nHowever, the static analysis reveals two critical taint flows with unsanitized paths. While the overall attack surface is small and protected, these taint flows represent a significant concern as they indicate that user-supplied data might be used in a way that could lead to path traversal or other file-related vulnerabilities, despite no direct file operation exploits being explicitly identified. The moderate rate of proper output escaping (63%) also suggests a potential for cross-site scripting (XSS) vulnerabilities, although the severity is not quantified in the provided data.\n\nIn conclusion, the plugin's lack of vulnerability history is a strong positive. Nevertheless, the identified critical taint flows with unsanitized paths are a notable weakness that requires immediate attention. The moderate output escaping also warrants review. Addressing these specific issues will significantly improve the plugin's security.",[329,332,333],{"reason":330,"points":331},"Critical taint flow with unsanitized path",15,{"reason":330,"points":331},{"reason":334,"points":266},"Moderate output escaping (37% not properly escaped)","2026-03-17T06:52:34.854Z",{"wat":337,"direct":347},{"assetPaths":338,"generatorPatterns":340,"scriptPaths":341,"versionParams":343},[339],"\u002Fwp-content\u002Fplugins\u002Fz-authorized-downloads\u002Fassets\u002Fadmin-styles.css",[],[342],"\u002Fwp-content\u002Fplugins\u002Fz-authorized-downloads\u002Fassets\u002Fz-authorized-downloads-media-grid.js",[344,345,346],"z-authorized-downloads\u002Fstyle.css?ver=","z-authorized-downloads\u002Fassets\u002Fadmin-styles.css?ver=","z-authorized-downloads\u002Fassets\u002Fz-authorized-downloads-media-grid.js?ver=",{"cssClasses":348,"htmlComments":351,"htmlAttributes":354,"restEndpoints":356,"jsGlobals":357,"shortcodeOutput":359},[349,350],"dashicons-lock","dashicons-unlock",[352,353],"\u003C!-- BEGIN Zodan Authorized Downloads -->","\u003C!-- END Zodan Authorized Downloads -->",[355],"data-z-protected",[],[358],"window.z_attachment_data",[]]