[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIG588MzpU4408z9g1hA7t-P9NU766D9tzJljSrW9eRI":3,"$f7Ryq6zOdPHAjyt2HMFafQ3LfMiHHwNLCFJYN7l-f5Q8":100,"$fkVgrSEpn-LYCmkpuYFhR_Ha1a4yK0EHab9ulWH_ZiMA":105},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":15,"download_link":17,"security_score":18,"vuln_count":13,"unpatched_count":13,"last_vuln_date":19,"fetched_at":20,"discovery_status":21,"vulnerabilities":22,"developer":23,"crawl_stats":19,"alternatives":30,"analysis":31,"fingerprints":87},"admin-login-notifier","Admin Login Notifier","2.1","Evan Solomon","https:\u002F\u002Fprofiles.wordpress.org\u002Fevansolomon\u002F","\u003Cp>Notify a site administrator when someone tries to login to the site as “admin” (the username).  The plugin saves the password the would-be login tried to use, which allows the site administrator to make fun of bots.  Attempted passwords can be seen in the WordPress dashboard and will be emailed to a site admin once per day.\u003C\u002Fp>\n","Notify a site administrator when someone tries to login to the site as \"admin\" (the username).  The plugin saves the password the would-be l …",10,3984,0,"2012-07-11T02:25:00.000Z","",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-notifier.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":24,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":26,"avg_security_score":18,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},"evansolomon",6,170,30,84,"2026-05-20T01:25:18.913Z",[],{"attackSurface":32,"codeSignals":58,"taintFlows":75,"riskAssessment":76,"analyzedAt":86},{"hooks":33,"ajaxHandlers":52,"restRoutes":53,"shortcodes":54,"cronEvents":55,"entryPointCount":13,"unprotectedCount":13},[34,40,45,49],{"type":35,"name":36,"callback":37,"file":38,"line":39},"action","init","check_version_update","admin-login-notifier.php",22,{"type":41,"name":42,"callback":43,"priority":11,"file":38,"line":44},"filter","authenticate","check_login_attempt",25,{"type":35,"name":46,"callback":47,"priority":11,"file":38,"line":48},"admin_menu","submenu",26,{"type":35,"name":50,"callback":50,"priority":11,"file":38,"line":51},"aln_send_daily_email",27,[],[],[],[56],{"hook":50,"callback":50,"file":38,"line":57},101,{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":62,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":73,"bundledLibraries":74},[],{"prepared":13,"raw":13,"locations":61},[],{"escaped":63,"rawEcho":64,"locations":65},13,3,[66,69,71],{"file":38,"line":67,"context":68},74,"raw output",{"file":38,"line":70,"context":68},82,{"file":38,"line":72,"context":68},91,1,[],[],{"summary":77,"deductions":78},"The 'admin-login-notifier' v2.1 plugin exhibits a generally strong security posture based on the static analysis. There are no identified dangerous functions, SQL queries are all prepared, and a high percentage of output is properly escaped. Furthermore, there are no external HTTP requests or file operations, and no critical or high-severity taint flows were detected. The plugin also has a clean vulnerability history with no recorded CVEs, suggesting good past security practices.\n\nHowever, a significant concern is the complete lack of nonce checks across all entry points. While the analysis shows zero unprotected AJAX handlers and REST API routes, the absence of nonces in any form introduces a potential for CSRF attacks if any of these entry points were to evolve or if a future update introduces them without adequate protection. The presence of only one capability check also indicates that the plugin might not be granular enough in its access controls, although the limited entry points mitigate this risk in the current version.\n\nOverall, the plugin is well-developed from a security perspective regarding direct code vulnerabilities. The primary area of concern lies in the foundational security mechanism of nonce verification, which is entirely missing. While the current attack surface and vulnerability history are positive, this omission represents a significant potential weakness that could be exploited if the plugin's functionality expands or if certain edge cases exist not captured by the static analysis.",[79,81,83],{"reason":80,"points":11},"Missing nonce checks on entry points",{"reason":82,"points":64},"Low number of capability checks",{"reason":84,"points":85},"81% output properly escaped (risk for remaining 19%)",2,"2026-04-16T12:26:44.784Z",{"wat":88,"direct":93},{"assetPaths":89,"generatorPatterns":90,"scriptPaths":91,"versionParams":92},[],[],[],[],{"cssClasses":94,"htmlComments":95,"htmlAttributes":96,"restEndpoints":97,"jsGlobals":98,"shortcodeOutput":99},[4],[],[],[],[],[],{"error":101,"url":102,"statusCode":103,"statusMessage":104,"message":104},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fadmin-login-notifier\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":64,"versions":106},[107,114,121],{"version":6,"download_url":108,"svn_tag_url":109,"released_at":19,"has_diff":110,"diff_files_changed":111,"diff_lines":19,"trac_diff_url":112,"vulnerabilities":113,"is_current":101},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-notifier.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-login-notifier\u002Ftags\u002F2.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-login-notifier%2Ftags%2F2&new_path=%2Fadmin-login-notifier%2Ftags%2F2.1",[],{"version":115,"download_url":116,"svn_tag_url":117,"released_at":19,"has_diff":110,"diff_files_changed":118,"diff_lines":19,"trac_diff_url":119,"vulnerabilities":120,"is_current":110},"2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-notifier.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-login-notifier\u002Ftags\u002F2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-login-notifier%2Ftags%2F1.0&new_path=%2Fadmin-login-notifier%2Ftags%2F2",[],{"version":122,"download_url":123,"svn_tag_url":124,"released_at":19,"has_diff":110,"diff_files_changed":125,"diff_lines":19,"trac_diff_url":19,"vulnerabilities":126,"is_current":110},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-notifier.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-login-notifier\u002Ftags\u002F1.0\u002F",[],[]]