[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuiclB-wRrjYRkkasGoocYH-zsle5iqkptBCAXxCRU1E":3,"$f3C-1tJVL3viCJ9CUI8fSL_tTZfbZMfupZk5g05bYUgM":430,"$ftt0wna6FpGuzeH6Y7lfNNlXu-amJxrbyIAD9TT6R1p4":434},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":56,"crawl_stats":37,"alternatives":63,"analysis":170,"fingerprints":386},"admin-safety-guard","Admin Safety Guard β€” Login Security & 2FA","1.2.6","Themepaste","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemepaste\u002F","\u003Cp>\u003Cstrong>Admin Safety Guard\u003C\u002Fstrong> is a complete WordPress security helper focused on securing the login flow and hardening the admin area β€” without sacrificing usability or performance. It ships with a clean UI, smart defaults, and guardrails against the most common attacks (brute force, credential stuffing, bot logins, and XML-RPC abuse). You also get granular control over the login experience (custom URL, redirects, branding, and more).\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FKFNUmTHtODE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Whether you need to block suspicious IPs, enforce two-factor authentication, or ship a branded login for clients, \u003Cstrong>Admin Safety Guard\u003C\u002Fstrong> has you covered.\u003C\u002Fp>\n\u003Ch3>🌟 Admin Safety Guard Pro\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fthemepaste.com\u002Fproduct\u002Fadmin-safety-guard-pro\" rel=\"nofollow ugc\">Admin Safety Guard Pro\u003C\u002Fa>\u003C\u002Fstrong> takes your security and customization to the next level. It strengthens defenses against unauthorized access, brute-force attacks, and data risks while giving you deeper control over how users log in and interact with your admin area. The Pro version also adds flexible design tools and smart automations β€” a complete solution for both \u003Cstrong>security\u003C\u002Fstrong> and \u003Cstrong>convenience\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>πŸ‘₯ Who Should Use Admin Safety Guard?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Admin Safety Guard\u003C\u002Fstrong> is perfect for users who need more control, security, and customization in their WordPress admin area:\u003C\u002Fp>\n\u003Cp>πŸ‘©β€πŸ’» \u003Cstrong>Freelancers & Developers:\u003C\u002Fstrong> Add backend security and branding to client sitesβ€”no heavy coding.\u003Cbr \u002F>\n🏒 \u003Cstrong>Agencies & Teams:\u003C\u002Fstrong> Secure multiple websites with a single workflow and consistent branding.\u003Cbr \u002F>\nπŸ”’ \u003Cstrong>Site Owners:\u003C\u002Fstrong> Protect dashboards from brute-force attacks and unauthorized logins.\u003Cbr \u002F>\n🧩 \u003Cstrong>Plugin\u002FTheme Authors:\u003C\u002Fstrong> Add layered protection in demo or test environments.\u003Cbr \u002F>\nπŸ“ˆ \u003Cstrong>Online Businesses:\u003C\u002Fstrong> Secure customer data with 2FA, CAPTCHA, and password protection.\u003Cbr \u002F>\nπŸŽ“ \u003Cstrong>Educators & Bloggers:\u003C\u002Fstrong> Maintain a professional look while increasing security.\u003C\u002Fp>\n\u003Ch3>βœ… Free Features at a Glance\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Hide Admin Bar (with conditions) \u003C\u002Fli>\n\u003Cli>Dashboard Overview (in progress) \u003C\u002Fli>\n\u003Cli>Change Login URL \u003C\u002Fli>\n\u003Cli>Redirect After Login \u002F Logout \u003C\u002Fli>\n\u003Cli>Limit Login Attempts \u003C\u002Fli>\n\u003Cli>CAPTCHA Protection \u003C\u002Fli>\n\u003Cli>Login Logs & Activity Tracking \u003C\u002Fli>\n\u003Cli>IP Blocking \u003C\u002Fli>\n\u003Cli>Two-Factor Authentication (2FA) \u003C\u002Fli>\n\u003Cli>Password Protection \u003C\u002Fli>\n\u003Cli>Disable XML-RPC \u003C\u002Fli>\n\u003Cli>Add Custom Logo on Login Form \u003C\u002Fli>\n\u003Cli>Custom Logo & Branding \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>πŸ’Ž Premium Feature List\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Passwordless Login \u003C\u002Fli>\n\u003Cli>2FA via Mobile App (TOTP) \u003C\u002Fli>\n\u003Cli>CSRF Protection \u003C\u002Fli>\n\u003Cli>Database Table Prefix Check \u003C\u002Fli>\n\u003Cli>Whitelist IP Addresses \u003C\u002Fli>\n\u003Cli>Hide Admin Bar\u003C\u002Fli>\n\u003Cli>WP Directory File Permissions Check \u003C\u002Fli>\n\u003Cli>Social Login (Google, Facebook, etc.) \u003C\u002Fli>\n\u003Cli>Disallow Unauthorized REST Requests\u003C\u002Fli>\n\u003Cli>Password Strength Tool \u003C\u002Fli>\n\u003Cli>Provide Login Template (ready-made) \u003C\u002Fli>\n\u003Cli>Customize Design Pro (advanced styling) \u003C\u002Fli>\n\u003Cli>Email Notification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Free Feature Details\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>πŸ‘€ Hide Admin Bar (With Conditions):\u003C\u002Fstrong> Hide the admin bar selectively for specific users or roles.\u003Cbr \u002F>\n\u003Cstrong>πŸ“Š Dashboard Overview:\u003C\u002Fstrong> Visualize user activity and security stats in one glance.\u003Cbr \u002F>\n\u003Cstrong>πŸ”— Change Login URL:\u003C\u002Fstrong> Customize the default \u003Ccode>wp-login.php\u003C\u002Fcode> to block automated bots.\u003Cbr \u002F>\n\u003Cstrong>πŸ” Redirect After Login\u002FLogout:\u003C\u002Fstrong> Redirect users to any page after login\u002Flogout.\u003Cbr \u002F>\n\u003Cstrong>πŸ“‹ Limit Login Attempts:\u003C\u002Fstrong> Block repeated failed logins to prevent brute-force attacks.\u003Cbr \u002F>\n\u003Cstrong>πŸ€– CAPTCHA Protection:\u003C\u002Fstrong> Stop bots with reCAPTCHA or similar human verifications.\u003Cbr \u002F>\n\u003Cstrong>πŸ•΅οΈβ€β™‚οΈ Login Logs & Activity Tracking:\u003C\u002Fstrong> Track user login times and backend actions.\u003Cbr \u002F>\n\u003Cstrong>β›” IP Blocking:\u003C\u002Fstrong> Block access by IP address to prevent hostile logins.\u003Cbr \u002F>\n\u003Cstrong>πŸ” Two-Factor Authentication (2FA):\u003C\u002Fstrong> Add extra verification layers to secure logins.\u003Cbr \u002F>\n\u003Cstrong>πŸ›‚ Password Protection:\u003C\u002Fstrong> Protect private pages or areas with a password.\u003Cbr \u002F>\n\u003Cstrong>βš™οΈ Disable XML-RPC:\u003C\u002Fstrong> Disable vulnerable XML-RPC endpoints to stop exploits.\u003Cbr \u002F>\n\u003Cstrong>πŸ–ΌοΈ Custom Logo on Login Form:\u003C\u002Fstrong> Replace WordPress logo with your brand.\u003Cbr \u002F>\n\u003Cstrong>🏷️ Custom Branding:\u003C\u002Fstrong> Apply your own design across login and admin pages.\u003C\u002Fp>\n\u003Ch4>πŸ” Pro Feature Details\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>πŸ”‘ Passwordless Login:\u003C\u002Fstrong> Secure email-based login with one-time magic linksβ€”no password required.\u003Cbr \u002F>\n\u003Cstrong>πŸ“± 2FA via Mobile App:\u003C\u002Fstrong> Add app-based Two-Factor Authentication (Google Authenticator \u002F Authy).\u003Cbr \u002F>\n\u003Cstrong>🧩 CSRF Protection:\u003C\u002Fstrong> Prevent Cross-Site Request Forgery attacks with token verification.\u003Cbr \u002F>\n\u003Cstrong>πŸ—ƒοΈ Database Table Prefix Check:\u003C\u002Fstrong> Detects and helps change the insecure \u003Ccode>wp_\u003C\u002Fcode> prefix.\u003Cbr \u002F>\n\u003Cstrong>🌐 Whitelist IP Addresses:\u003C\u002Fstrong> Restrict admin access to trusted IPs only.\u003Cbr \u002F>\n\u003Cstrong>πŸ§‘β€πŸ’» Hide Admin Bar (Conditional):\u003C\u002Fstrong> Show or hide admin bar for specific roles or users.\u003Cbr \u002F>\n\u003Cstrong>πŸ—‚οΈ WP Directory File Permissions Check:\u003C\u002Fstrong> Scans and verifies file and directory permissions.\u003Cbr \u002F>\n\u003Cstrong>🌍 Social Login:\u003C\u002Fstrong> Allow users to log in with Google, Facebook, or Twitter accounts.\u003Cbr \u002F>\n\u003Cstrong>🚫 Disallow Unauthorized REST Requests:\u003C\u002Fstrong> Restrict REST API access conditionally.\u003Cbr \u002F>\n\u003Cstrong>πŸ’ͺ Password Strength Tool:\u003C\u002Fstrong> Enforce strong password rules for better protection.\u003Cbr \u002F>\n\u003Cstrong>🎨 Provide Login Template:\u003C\u002Fstrong> Instantly apply stylish, ready-to-use login templates.\u003Cbr \u002F>\n\u003Cstrong>🧰 Customize Design Pro:\u003C\u002Fstrong> Fully customize admin and login design with a simple UI.\u003Cbr \u002F>\n\u003Cstrong>πŸ“§ Email Notification:\u003C\u002Fstrong> Receive and customize security alerts directly to your inbox.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Explore Pro Features: \u003Ca href=\"https:\u002F\u002Fthemepaste.com\u002Fproduct\u002Fadmin-safety-guard-pro\" rel=\"nofollow ugc\">Admin Safety Guard Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For any issues, questions, or feature requests, please reach out via \u003Ca href=\"https:\u002F\u002Fthemepaste.com\u002Fcontact\" rel=\"nofollow ugc\">Support\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the following third-party and external services:\u003C\u002Fp>\n\u003Cp>1) Google reCAPTCHA (Google LLC)\u003C\u002Fp>\n\u003Cp>Purpose:\u003Cbr \u002F>\nUsed to protect forms from spam and automated abuse.\u003C\u002Fp>\n\u003Cp>When it is used:\u003Cbr \u002F>\n– When reCAPTCHA is enabled in plugin settings\u003Cbr \u002F>\n– On login forms and support forms protected by reCAPTCHA\u003C\u002Fp>\n\u003Cp>What data is sent:\u003Cbr \u002F>\n– User IP address\u003Cbr \u002F>\n– reCAPTCHA response token generated by Google\u003Cbr \u002F>\n– Browser information as required by Google reCAPTCHA\u003C\u002Fp>\n\u003Cp>Service provider:\u003Cbr \u002F>\nGoogle LLC\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\nhttps:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\nhttps:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>2) ThemePaste API (Plugin Author Service)\u003C\u002Fp>\n\u003Cp>Purpose:\u003Cbr \u002F>\nUsed for:\u003Cbr \u002F>\n– Collecting optional admin email addresses for plugin updates and notifications\u003Cbr \u002F>\n– Sending support requests from the plugin support form\u003Cbr \u002F>\n– Collecting optional feedback when a user attempts to deactivate the plugin\u003Cbr \u002F>\n– Managing plugin-related notifications (only if the user provides contact details)\u003C\u002Fp>\n\u003Cp>When it is used:\u003Cbr \u002F>\n– When a user submits the built-in support form\u003Cbr \u002F>\n– When a user opts to send diagnostic information\u003Cbr \u002F>\n– Submitting the optional deactivation feedback form\u003C\u002Fp>\n\u003Cp>What data is sent:\u003Cbr \u002F>\n– Name\u003Cbr \u002F>\n– Email address\u003Cbr \u002F>\n– Phone number (if provided)\u003Cbr \u002F>\n– Message content\u003Cbr \u002F>\n– Site URL\u003Cbr \u002F>\n– Plugin name\u003Cbr \u002F>\n– Feedback text (if provided)\u003Cbr \u002F>\n– Support message content\u003Cbr \u002F>\n– Deactivation reason (if provided)\u003C\u002Fp>\n\u003Cp>No data is sent without user action.\u003C\u002Fp>\n\u003Cp>Service provider:\u003Cbr \u002F>\nThemePaste.com\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\nhttps:\u002F\u002Fthemepaste.com\u002Fterms-condition\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\nhttps:\u002F\u002Fthemepaste.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Development \u002F Source Code\u003C\u002Fh3>\n\u003Cp>This plugin includes compiled JavaScript bundles in:\u003Cbr \u002F>\n– assets\u002Fadmin\u002Fbuild\u002F*.bundle.js\u003C\u002Fp>\n\u003Cp>The original (human-readable) source files are included in this plugin under:\u003Cbr \u002F>\n– spa\u002Fadmin\u002F\u003C\u002Fp>\n\u003Cp>Build Tools\u003Cbr \u002F>\n– Node.js (LTS recommended)\u003Cbr \u002F>\n– npm\u003Cbr \u002F>\n– Webpack + Babel\u003C\u002Fp>\n\u003Cp>Source Entry Points\u003Cbr \u002F>\nThe admin SPA bundles are built from the following entry points:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>spa\u002Fadmin\u002Flogin-template\u002FMain.jsx -> assets\u002Fadmin\u002Fbuild\u002FloginTemplate.bundle.js\u003C\u002Fli>\n\u003Cli>spa\u002Fadmin\u002Flogin-logs-activity\u002FMain.jsx -> assets\u002Fadmin\u002Fbuild\u002FloginLogActivity.bundle.js\u003C\u002Fli>\n\u003Cli>spa\u002Fadmin\u002Fanalytics\u002FMain.jsx -> assets\u002Fadmin\u002Fbuild\u002Fanalytics.bundle.js\u003C\u002Fli>\n\u003Cli>spa\u002Fadmin\u002Fsecurity-core\u002FMain.jsx -> assets\u002Fadmin\u002Fbuild\u002FsecurityCore.bundle.js\u003C\u002Fli>\n\u003Cli>spa\u002Fadmin\u002Ffirewall-malware\u002FMain.jsx -> assets\u002Fadmin\u002Fbuild\u002FfirewallMalware.bundle.js\u003C\u002Fli>\n\u003Cli>spa\u002Fadmin\u002Fprivacy-hardening\u002FMain.jsx -> assets\u002Fadmin\u002Fbuild\u002FprivacyHardening.bundle.js\u003C\u002Fli>\n\u003Cli>spa\u002Fadmin\u002Fmonitoring-analytics\u002FMain.jsx -> assets\u002Fadmin\u002Fbuild\u002FmonitoringAnalytics.bundle.js\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Install Dependencies\u003Cbr \u002F>\nFrom the plugin root directory (or the directory where package.json exists):\u003C\u002Fp>\n\u003Cp>1) Install dependencies:\u003Cbr \u002F>\n npm install\u003C\u002Fp>\n\u003Cp>Build (Production)\u003Cbr \u002F>\nTo generate the production bundles:\u003C\u002Fp>\n\u003Cp>npm run build\u003C\u002Fp>\n\u003Cp>Output Location\u003Cbr \u002F>\nWebpack outputs the compiled bundles to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>assets\u002Fadmin\u002Fbuild\u002F[name].bundle.js\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Important Notes\u003Cbr \u002F>\n– Do not edit files in assets\u002Fadmin\u002Fbuild\u002F directly. They are generated files.\u003Cbr \u002F>\n– Edit the source files under spa\u002Fadmin\u002F and re-run the build command.\u003Cbr \u002F>\n– For WordPress.org distribution, production builds should be used (mode=production).\u003C\u002Fp>\n\u003Ch3>Links\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fthemepaste.com\" rel=\"nofollow ugc\">Website\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fthemepaste.com\u002Fproduct-doc\u002Fhide-admin-bar-pro\u002F?doc_id=389\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fthemepaste.com\u002Fproduct\u002Fadmin-safety-guard-pro\" rel=\"nofollow ugc\">Pro Version\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fthemepaste\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fuk.pinterest.com\u002Fthemepaste\u002F\" rel=\"nofollow ugc\">Pinterest\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fthemepaste\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.instagram.com\u002Fthemepasteuk\" rel=\"nofollow ugc\">Instagram\u003C\u002Fa>\u003C\u002Fp>\n","Admin Safety Guard secures WordPress: limit logins, 2FA, reCAPTCHA, IP block, disable XML-RPC, activity logs, custom URLs and branding.",20,1605,100,4,"2026-03-10T09:03:00.000Z","6.9.4","5.8","7.0",[20,4,21,22,23],"2fa","limit-login-attempts","login-security","recaptcha","http:\u002F\u002Fthemepaste.com\u002Fproduct\u002Fthemepaste-secure-admin-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.2.6.zip",78,1,"2026-03-16 00:00:00","2026-04-06T09:54:40.288Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":47,"research_verified":48,"research_rounds_completed":49,"research_plan":50,"research_summary":51,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":52,"research_model_used":53,"research_started_at":54,"research_completed_at":55,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2026-25471","admin-safety-guard-login-security-2fa-missing-authorization","Admin Safety Guard β€” Login Security & 2FA \u003C= 1.2.6 - Missing Authorization","The Admin Safety Guard β€” Login Security & 2FA plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=1.2.6","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-03-27 20:53:27",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F74b4a2c0-a3c1-4049-aea7-133408ebdf32?source=api-prod",[],"researched",false,3,"This exploitation research plan target CVE-2026-25471 in the **Admin Safety Guard β€” Login Security & 2FA** plugin. The vulnerability is a \"Missing Authorization\" flaw, which typically means an administrative function is exposed via a `wp_ajax_nopriv_` hook or a REST API route without a `current_user_can()` check.\n\n---\n\n### 1. Vulnerability Summary\nThe **Admin Safety Guard** plugin (up to version 1.2.6) registers one or more AJAX handlers or REST API endpoints that perform sensitive administrative actions (e.g., modifying security settings, clearing logs, or whitelisting IPs). Because these handlers are registered for unauthenticated users (`wp_ajax_nopriv_`) and fail to verify the caller's capabilities, an unauthenticated attacker can manipulate the plugin's security configurations.\n\n### 2. Attack Vector Analysis\n* **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n* **Action:** Likely `asg_save_settings`, `asg_clear_logs`, or `asg_update_whitelist` (inferred; agent must verify via `grep`).\n* **Authentication:** None (Unauthenticated).\n* **Vulnerable Parameter:** Likely a `settings` array or individual configuration keys passed via `$_POST`.\n* **Preconditions:** The plugin must be active.\n\n### 3. Code Flow (Inferred)\n1. **Registration:** The plugin uses `add_action( 'wp_ajax_nopriv_VULNERABLE_ACTION', 'callback_function' )`.\n2. **Entry Point:** An unauthenticated HTTP POST request is sent to `admin-ajax.php?action=VULNERABLE_ACTION`.\n3. **Missing Check:** The `callback_function` calls `check_ajax_referer()` (verifying the nonce) but fails to call `current_user_can( 'manage_options' )`.\n4. **Sink:** The function proceeds to call `update_option()` or `global $wpdb; $wpdb->query(...)` to modify plugin state.\n\n### 4. Nonce Acquisition Strategy\nMissing Authorization vulnerabilities often still require a valid Nonce for CSRF protection. To exploit this as an unauthenticated user, we must find where the plugin leaks the nonce to the frontend.\n\n1. **Identify the Script\u002FVariable:** Search for `wp_localize_script` in the plugin code to find the JS object containing the nonce.\n * *Search command:* `grep -rn \"wp_localize_script\" .`\n2. **Determine the Triggering Content:** Identify if the script is enqueued on the homepage or requires a specific shortcode.\n * *Search command:* `grep -rn \"add_shortcode\" .`\n3. **Extraction Steps:**\n * **Step A:** Create a page with the identified shortcode (if necessary):\n `wp post create --post_type=page --post_status=publish --post_content='[shortcode_found]'`\n * **Step B:** Use `browser_navigate` to view the page.\n * **Step C:** Use `browser_eval` to extract the nonce.\n * *Example Variable (verify in source):* `window.asg_vars?.nonce` or `window.asg_ajax_object?.security`.\n\n### 5. Exploitation Strategy\nOnce the action name and nonce are identified, follow these steps:\n\n1. **Discovery:** Run the following to find the specific vulnerable action:\n ```bash\n grep -r \"wp_ajax_nopriv_\" .\n ```\n Examine the callback functions. Look for those that update options but lack `current_user_can`.\n\n2. **Target Action (Example: `asg_save_settings`):**\n If the function is `asg_save_settings_callback`, look at the `$_POST` parameters it expects (e.g., `settings_data`).\n\n3. **HTTP Request via `http_request`:**\n ```javascript\n \u002F\u002F Example Payload to disable a security feature (e.g., 2FA)\n {\n \"method\": \"POST\",\n \"url\": \"http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-ajax.php\",\n \"headers\": {\n \"Content-Type\": \"application\u002Fx-www-form-urlencoded\"\n },\n \"body\": \"action=asg_save_settings&security=EXTRACTED_NONCE&asg_options[enable_2fa]=0\"\n }\n ```\n\n### 6. Test Data Setup\n1. **Install Plugin:** Ensure `admin-safety-guard` v1.2.6 is installed.\n2. **Configure Settings:** Use WP-CLI to enable a security setting that you intend to disable via the exploit:\n `wp option update asg_settings '{\"enable_2fa\":\"1\", \"whitelist_ip\":\"\"}' --format=json`\n3. **Create Nonce Source:** If the nonce is only on specific pages, create that page:\n `wp post create --post_type=page --post_title=\"Security\" --post_status=publish --post_content='[asg_login_form]'` (Example shortcode).\n\n### 7. Expected Results\n* **Response:** The server should return a `200 OK` or a JSON success message (e.g., `{\"success\":true}`).\n* **State Change:** The targeted WordPress option (e.g., `asg_settings`) is updated in the database, effectively disabling security controls.\n\n### 8. Verification Steps\nAfter the `http_request`, verify the change via WP-CLI:\n```bash\n# Check if the setting was modified\nwp option get asg_settings --format=json\n```\nIf the exploit was to whitelist an IP, check the specific option or database table:\n```bash\nwp db query \"SELECT * FROM wp_options WHERE option_name = 'asg_whitelist'\"\n```\n\n### 9. Alternative Approaches\n* **REST API:** If no AJAX handlers are found, search for `register_rest_route`. Look for routes where `permission_callback` is set to `__return_true` or is missing.\n * *Search command:* `grep -rn \"register_rest_route\" . -A 5`\n* **Direct Option Update:** Some plugins use `admin_init` hooks that don't check for AJAX\u002FREST context. Check for functions hooked to `admin_init` that process `$_POST` directly.\n * *Search command:* `grep -rn \"add_action.*admin_init\" .` (Note: `admin_init` also runs on `admin-ajax.php`).","The Admin Safety Guard β€” Login Security & 2FA plugin for WordPress is vulnerable to unauthorized access because it registers administrative AJAX actions for unauthenticated users without performing capability checks. This allows unauthenticated attackers to modify security configurations, such as disabling Two-Factor Authentication or clearing security logs.","To exploit this vulnerability, an unauthenticated attacker first obtains a valid AJAX nonce by inspecting the frontend of the site, where the plugin localizes script variables (e.g., in a JS object like asg_vars). Using this nonce, the attacker sends a POST request to \u002Fwp-admin\u002Fadmin-ajax.php with an action parameter corresponding to an administrative function (such as asg_save_settings) and parameters intended to overwrite security options. Because the plugin uses wp_ajax_nopriv_ hooks and lacks current_user_can() checks in the callback functions, the request is processed despite the lack of authentication.","gemini-3-flash-preview","2026-04-18 03:30:34","2026-04-18 03:30:54",{"slug":57,"display_name":7,"profile_url":8,"plugin_count":58,"total_installs":11,"avg_security_score":59,"avg_patch_time_days":60,"trust_score":61,"computed_at":62},"themepaste",2,89,30,86,"2026-05-19T16:32:41.636Z",[64,90,111,133,152],{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":79,"download_link":85,"security_score":86,"vuln_count":14,"unpatched_count":87,"last_vuln_date":88,"fetched_at":89},"dologin","DoLogin Security","4.3","WPDO","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdo5ea\u002F","\u003Cp>In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited.\u003C\u002Fp>\n\u003Cp>Limit the number of login attempts through both the login and the auth cookies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Two-factor Authentication login.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Text SMS message passcode for 2nd step verification support.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cloudflare Turnstile (better than Google reCAPTCHA).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GeoLocation (Continent\u002FCountry\u002FCity) or IP range to limit login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Passwordless login link.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support Whitelist and Blacklist.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WooCommerce Login supported.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>XMLRPC gateway protection.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'your plugin name or tag' ) : '';\u003C\u002Fcode> to generate one passwordless login link for the current user.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'note\u002Ftip for this generation', $user_id ) : '';\u003C\u002Fcode> to generate a passwordless login link for the user which ID is \u003Ccode>$user_id\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The generated one-time used link will be expired after 7 days.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Define const \u003Ccode>SILENCE_INSTALL\u003C\u002Fcode> to avoid redirecting to setting page after installtion.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CLI\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>List all passwordless links: \u003Ccode>wp dologin list\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Generate a passwordless link for one username (for the login name \u003Ccode>root\u003C\u002Fcode>): \u003Ccode>wp dologin gen root\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Delete a passwordless link w\u002F the ID in list (for the record w\u002F ID 5): \u003Ccode>wp dologin del 5\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How GeoLocation works\u003C\u002Fh4>\n\u003Cp>When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist\u002Fblacklist to decide if allow login attempts.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>The online IP lookup service is provided by https:\u002F\u002Fwww.doapi.us. The provider’s privacy policy is https:\u002F\u002Fwww.doapi.us\u002Fprivacy.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin.\u003C\u002Fp>\n","Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent\u002FCountry\u002FCity)\u002FIP range to limit login attempts.",7000,164314,90,13,"2025-06-11T14:21:00.000Z","6.8.5","4.0","",[81,82,83,84,22],"2fa-login","cloudflare-turnstile-recaptcha","easy-login","geolocation-login-limit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdologin.4.3.zip",98,0,"2023-10-24 00:00:00","2026-04-16T10:56:18.058Z",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":18,"tags":105,"homepage":79,"download_link":109,"security_score":110,"vuln_count":87,"unpatched_count":87,"last_vuln_date":37,"fetched_at":89},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1246273,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7",[20,106,22,107,108],"captcha","security","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":13,"num_ratings":121,"last_updated":122,"tested_up_to":16,"requires_at_least":123,"requires_php":124,"tags":125,"homepage":129,"download_link":130,"security_score":131,"vuln_count":14,"unpatched_count":87,"last_vuln_date":132,"fetched_at":89},"melapress-login-security","Melapress Login Security","2.3.0","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Cp>\u003Cstrong> COMPREHENSIVE WORDPRESS LOGIN SECURITY PLUGIN \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa> enables you to effortlessly set login security policies that put you firmly in the driver’s seat of your WordPress sites. Policies are highly customizable and granular and can be implemented by user role or site-wide for complete control over the security of your WordPress login processes.\u003C\u002Fp>\n\u003Cp>Use the free edition of Melapress Login Security to implement WordPress password requirements such as minimum length and complexity rules. The plugin also allows you to set password expiration policies, prevent password reuse, limit failed login attempts, and automatically disable inactive user accounts, among other things. This helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent unauthorized login attempts\u003C\u002Fli>\n\u003Cli>Protect against brute force attacks\u003C\u002Fli>\n\u003Cli>Comply with GDPR with a login consent notice\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>πŸ” Features list\u003C\u002Fh3>\n\u003Cp>A secure WordPress login starts right here. Explore all of the features included with the free edition of \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa>:\u003C\u002Fp>\n\u003Ch3>Set password policies\u003C\u002Fh3>\n\u003Cp>Strong passwords are your first line of defense against bad actors looking to gain access to your site. Set password requirement policies to make sure users set strong passwords. Set policies by user role or site-wide and define policy priority for users with multiple roles.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set minimum password length\u003C\u002Fli>\n\u003Cli>Require uppercase and lowercase characters, numbers, and special characters\u003C\u002Fli>\n\u003Cli>Set an automatic password expiration policy and advise users when their password is about to expire\u003C\u002Fli>\n\u003Cli>Disallow users from reusing passwords\u003C\u002Fli>\n\u003Cli>Provide users with helpful instructions during the password configuration stage\u003C\u002Fli>\n\u003Cli>Disable password reset links\u003C\u002Fli>\n\u003Cli>Mandate WordPress password reset on the first login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Limit login attempts\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fmelapress-login-security-failed-logins-policy-wordpress\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Limit failed login attempts\u003C\u002Fa> and put an end to brute force attacks. Protect your login form by automatically disabling user accounts after a number of failed login attempts. Choose between manual unlocking by an admin or automatic unlocking after a cooldown period.\u003C\u002Fp>\n\u003Ch3>Temporary login without password\u003C\u002Fh3>\n\u003Cp>Provide temporary and secure login access to third parties, like developers, editors, employees or others, without a password. It works by providing the user with a temporary login link that expires after a certain amount of time, or after a number of uses. This prevents you from having to create new user accounts manually, while simultaneously reducing the security risks associated with old, unused user accounts.\u003C\u002Fp>\n\u003Ch3>Change WordPress login URL\u003C\u002Fh3>\n\u003Cp>Easily deploy security-by-obscurity tactics and change your WordPress login page URL using a plugin! Hiding the default login page from hackers makes it more difficult to find, potentially reducing brute force attacks and other unauthorized access attempts. After you change the default wp-admin URL, you can set a 404 for the old login page or redirect it to any page of your choosing.\u003C\u002Fp>\n\u003Ch3>Limit login page access by IP address(es)\u003C\u002Fh3>\n\u003Cp>Limit access to the WordPress login page by IP address(es) for additional security.\u003C\u002Fp>\n\u003Ch3>GDPR login page consent notice\u003C\u002Fh3>\n\u003Cp>Easily meet GDPR requirements by adding a GDPR consent notice to the login page. This is required for GDPR and PCI DSS compliance, thus ensuring your WordPress site login page is in compliance.\u003C\u002Fp>\n\u003Ch3>Emergency password reset\u003C\u002Fh3>\n\u003Cp>Discovered suspicious behavior? Reset all users’ passwords with just one click and regain instant control.\u003C\u002Fp>\n\u003Ch3>Upgrade to Melapress Login Security Premium and get even more benefits.\u003C\u002Fh3>\n\u003Cp>The premium edition of Melapress Login Security comes bundled with even more features, which enable you to take your WordPress website login security to the next level. Disable inactive WordPress user accounts and force passwords to be reset once accounts have been unlocked. Inactive accounts can be managed within a single dashboard for increased efficiency and faster response times. Moreover, you can set accounts to be locked out after a number of failed login attempts and customize the duration and method of unlocking them.\u003C\u002Fp>\n\u003Ch3>Premium features list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Everything included in the free edition\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manually lock user accounts\u003C\u002Fstrong> to immediately prevent login access for rarely used accounts or users on extended leave\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add an extra security layer with security questions\u003C\u002Fstrong> users must answer when performing sensitive actions such as password resets and account unlocks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Receive email alerts for unrecognized device logins\u003C\u002Fstrong>, with the option to remotely terminate the session\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Control user session duration\u003C\u002Fstrong> by extending or shortening session timeouts to balance security and convenience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click integration with third-party plugins\u003C\u002Fstrong> such as WooCommerce, LearnDash, MemberPress, and many others\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatically \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Finactive-users-wordpress\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">disable inactive WordPress users\u003C\u002Fa>\u003C\u002Fstrong> after a configurable period of inactivity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Apply Geo-blocking rules\u003C\u002Fstrong> to allow or block login access based on specific countries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fmelapress-login-security-limit-login-ips\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Restrict users’ login to specific IP addresses\u003C\u002Fa>\u003C\u002Fstrong>, including support for multiple allowed IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Frestrict-users-log-in-time-wordpress-website\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Restrict WordPress user login times\u003C\u002Fa>\u003C\u002Fstrong> by day and\u002For hours\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit login credentials\u003C\u002Fstrong> to email address, username, or both\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add a GDPR consent notice\u003C\u002Fstrong> to the WordPress login page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View detailed user security reports\u003C\u002Fstrong>, including last activity, password age, and expired passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Receive weekly email summary reports\u003C\u002Fstrong> covering password resets, password changes, user account lockouts, and more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>|πŸ’Ž \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">UPGRADE TO PREMIUM\u003C\u002Fa> |\u003C\u002Fp>\n\u003Ch3>Why you should use Melapress Login Security\u003C\u002Fh3>\n\u003Cp>Melapress Login Security is a WordPress plugin built from the ground up to help you improve the security of your user accounts and secure your WordPress login. Supercharge login credentials for maximum effectiveness and put a stop to unlimited login attempts, weak passwords, and inactive users. Set up policies to reduce your attack surface area such as login times restrictions, change the WordPress login URL, and much more.\u003C\u002Fp>\n\u003Ch3>Free and premium support\u003C\u002Fh3>\n\u003Cp>Support for the free edition of Melapress Login Security is free on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmelapress-login-security\u002F\" rel=\"ugc\">WordPress support forums\u003C\u002Fa>. Premium world-class support via one-to-one email is available to the Premium users – \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">upgrade to premium\u003C\u002Fa> to benefit from priority support.\u003C\u002Fp>\n\u003Cp>For any other queries, feedback, or if you simply want to get in touch with us, please use our \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcontact\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">contact form\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh4>\n\u003Cp>Melapress builds high-quality WordPress security & admin plugins such as \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">WP 2FA\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-user-roles-editor\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Melapress Role Editor\u003C\u002Fa>,and \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">WP Activity Log\u003C\u002Fa>, the #1 user-rated activity log plugin for WordPress.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Visit our website\u003C\u002Fa> to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.\u003C\u002Fp>\n\u003Ch3>Install the plugin from within WordPress\u003C\u002Fh3>\n\u003Cp>Keeping a secure WordPress login page is easy with \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa>. Simply:\u003C\u002Fp>\n\u003Col>\n\u003Cli>From your WordPress dashboard, navigate to Plugins > Add New\u003C\u002Fli>\n\u003Cli>Search for β€œ\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa>”\u003C\u002Fli>\n\u003Cli>Install & activate \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa> from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Install the plugin manually (via file upload)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the Melapress Login Security plugin through the Plugins page in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n","Enforce WordPress login and password security policies to protect user accounts and prevent unauthorized logins.",2000,25268,17,"2026-02-09T18:02:00.000Z","5.5","7.3",[126,21,127,128,22],"brute-force","limit-logins","login","https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmelapress-login-security.2.3.0.zip",91,"2025-07-25 16:23:06",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":143,"num_ratings":144,"last_updated":145,"tested_up_to":77,"requires_at_least":146,"requires_php":79,"tags":147,"homepage":79,"download_link":150,"security_score":13,"vuln_count":27,"unpatched_count":87,"last_vuln_date":151,"fetched_at":29},"cartpauj-register-captcha","Cartpauj Register Captcha","2.0.1","cartpauj","https:\u002F\u002Fprofiles.wordpress.org\u002Fcartpauj\u002F","\u003Cp>Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress’s default registration form. There are no settings to configure. Just activate and watch those SPAM sign-ups fade away! Requires openssl PHP library.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds CAPTCHA to the WordPress register sign-up form.\u003C\u002Fli>\n\u003Cli>NO settings or configurations to deal with.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>Built with a modified version of Phoca Captcha PHP library\u003Cbr \u002F>\nIcon by \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\u002Fauthors\u002Ffreepik\" rel=\"nofollow ugc\">Freepik\u003C\u002Fa>\u003C\u002Fp>\n","Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress' default registration form.",1000,38973,84,24,"2025-05-20T23:09:00.000Z","6.0",[106,22,148,23,149],"protection","turnstile","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcartpauj-register-captcha.2.0.1.zip","2023-08-21 00:00:00",{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":159,"active_installs":141,"downloaded":160,"rating":13,"num_ratings":49,"last_updated":161,"tested_up_to":162,"requires_at_least":163,"requires_php":123,"tags":164,"homepage":168,"download_link":169,"security_score":110,"vuln_count":87,"unpatched_count":87,"last_vuln_date":37,"fetched_at":89},"power-captcha-recaptcha","Power Captcha reCAPTCHA","1.1.0","Denis AlemΓ‘n","https:\u002F\u002Fprofiles.wordpress.org\u002Fdenisaleman\u002F","\u003Cp>Protect your WordPress, WooCommerce, and Contact Form 7 forms from spam, brute-force attacks, and fake accounts using Google reCAPTCHA.\u003C\u002Fp>\n\u003Cp>Power Captcha reCAPTCHA supports 3 Google reCAPTCHA types integrated into 6 common WordPress forms, including login and comment forms, 7 WooCommerce forms, and Contact Form 7.\u003C\u002Fp>\n\u003Ch3>3 CAPTCHA Types\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Score-based (v3) CAPTCHA.\u003C\u002Fstrong> Seamless detection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>β€œI’m not a robot” CAPTCHA checkbox.\u003C\u002Fstrong> Verification requests with a challenge.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Invisible reCAPTCHA.\u003C\u002Fstrong> Improved, challenge-based CAPTCHA without a checkbox.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>6 WordPress Forms\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Register form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comment form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lost password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Register form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>7 WooCommerce Forms\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Register form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checkout form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Review form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lost password form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact Form 7\u003C\u002Fh3>\n\u003Cp>As of version 1.0.7, Power Captcha reCAPTCHA integrates with Contact Form 7. You can easily add the Power Captcha reCAPTCHA field to your Contact Form 7 forms.\u003C\u002Fp>\n\u003Ch3>Activity Report\u003C\u002Fh3>\n\u003Cp>The Activity Report feature for the plugin provides users with a detailed overview of captcha interactions. It tracks and displays the number of solved, failed, and empty captchas, offering a daily breakdown to monitor performance trends. Stay informed with clear insights into your captcha performance.\u003C\u002Fp>\n","Protect WordPress\u002FWooCommerce\u002FContact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.",6309,"2025-03-09T01:27:00.000Z","6.8.0","5.0",[165,106,166,167,22],"anti-spam-security","comment-form","google-recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpower-captcha-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpower-captcha-recaptcha.1.1.0.zip",{"attackSurface":171,"codeSignals":246,"taintFlows":294,"riskAssessment":376,"analyzedAt":385},{"hooks":172,"ajaxHandlers":212,"restRoutes":213,"shortcodes":239,"cronEvents":240,"entryPointCount":245,"unprotectedCount":87},[173,179,183,186,188,192,197,200,204,206,208],{"type":174,"name":175,"callback":176,"file":177,"line":178},"action","login_init","closure","app\u002FClasses\u002FAdmin.php",36,{"type":180,"name":181,"callback":176,"file":177,"line":182},"filter","wp_headers",38,{"type":180,"name":184,"callback":176,"file":185,"line":61},"login_headerurl","app\u002FClasses\u002FFeatures\u002FCustomize.php",{"type":180,"name":184,"callback":176,"file":185,"line":187},119,{"type":174,"name":189,"callback":176,"file":190,"line":191},"admin_notices","app\u002FClasses\u002FFeatures\u002FLimitLoginAttempts.php",129,{"type":174,"name":193,"callback":194,"file":195,"line":196},"login_form","show_recaptcha_error","app\u002FClasses\u002FFeatures\u002FRecaptcha.php",63,{"type":174,"name":198,"callback":194,"file":195,"line":199},"register_form",64,{"type":174,"name":201,"callback":176,"file":202,"line":203},"login_message","app\u002FClasses\u002FFeatures\u002FTwoFactorAuth.php",193,{"type":174,"name":201,"callback":176,"file":202,"line":205},213,{"type":174,"name":201,"callback":176,"file":202,"line":207},235,{"type":174,"name":209,"callback":210,"file":211,"line":121},"rest_api_init","register_routes","app\u002FClasses\u002FRestApi.php",[],[214,219,223,227,231,235],{"namespace":215,"route":216,"methods":217,"callback":176,"permissionCallback":176,"file":211,"line":101},"secure-admin\u002Fv1","\u002Fsuccess-logins",[218],"GET",{"namespace":215,"route":220,"methods":221,"callback":176,"permissionCallback":176,"file":211,"line":222},"\u002Ffailed-logins",[218],39,{"namespace":215,"route":224,"methods":225,"callback":176,"permissionCallback":176,"file":211,"line":226},"\u002Fblock-users",[218],53,{"namespace":215,"route":228,"methods":229,"callback":176,"permissionCallback":176,"file":211,"line":230},"\u002Fdahboard\u002Flimit-login-attempts",[218],67,{"namespace":215,"route":232,"methods":233,"callback":176,"permissionCallback":176,"file":211,"line":234},"\u002Ffailed-logins\u002Fcount",[218],81,{"namespace":215,"route":236,"methods":237,"callback":176,"permissionCallback":176,"file":211,"line":238},"\u002F2fa\u002Fapp\u002Fusers",[218],95,[],[241],{"hook":242,"callback":242,"file":243,"line":244},"remove_old_block_users_data","app\u002FClasses\u002FCron.php",44,6,{"dangerousFunctions":247,"sqlUsage":248,"outputEscaping":251,"fileOperations":87,"externalRequests":14,"nonceChecks":14,"capabilityChecks":245,"bundledLibraries":293},[],{"prepared":249,"raw":87,"locations":250},26,[],{"escaped":252,"rawEcho":121,"locations":253},347,[254,257,259,262,264,265,268,271,273,275,278,281,284,285,287,288,290],{"file":202,"line":255,"context":256},110,"raw output",{"file":202,"line":258,"context":256},111,{"file":260,"line":261,"context":256},"views\u002Fsettings\u002Flayout.php",35,{"file":260,"line":263,"context":256},37,{"file":260,"line":182,"context":256},{"file":266,"line":267,"context":256},"views\u002Fsettings\u002Fpages\u002F2fa-using-mobile-app.php",51,{"file":269,"line":270,"context":256},"views\u002Fsettings\u002Fpages\u002F_social-login.php",48,{"file":272,"line":267,"context":256},"views\u002Fsettings\u002Fpages\u002Fcommon.php",{"file":274,"line":244,"context":256},"views\u002Fsettings\u002Fpages\u002Fcustomize.php",{"file":276,"line":277,"context":256},"views\u002Fsettings\u002Fpages\u002Fprivacy-hardening.php",45,{"file":279,"line":280,"context":256},"views\u002Fsettings\u002Fpages\u002Fweb-application-firewall.php",52,{"file":282,"line":283,"context":256},"views\u002Fsettings\u002Fparts\u002Fmain.php",23,{"file":282,"line":101,"context":256},{"file":282,"line":286,"context":256},33,{"file":282,"line":182,"context":256},{"file":289,"line":222,"context":256},"views\u002Fsettings\u002Fparts\u002Fsidebar.php",{"file":291,"line":292,"context":256},"views\u002Fsettings\u002Fsupport.php",122,[],[295,313,321,335,343,354,368],{"entryPoint":296,"graph":297,"unsanitizedCount":87,"severity":312},"render_otp_input (app\u002FClasses\u002FFeatures\u002FTwoFactorAuth.php:86)",{"nodes":298,"edges":309},[299,303],{"id":300,"type":301,"label":302,"file":202,"line":131},"n0","source","$_GET",{"id":304,"type":305,"label":306,"file":202,"line":307,"wp_function":308},"n1","sink","echo() [XSS]",159,"echo",[310],{"from":300,"to":304,"sanitized":311},true,"low",{"entryPoint":314,"graph":315,"unsanitizedCount":87,"severity":312},"\u003CTwoFactorAuth> (app\u002FClasses\u002FFeatures\u002FTwoFactorAuth.php:0)",{"nodes":316,"edges":319},[317,318],{"id":300,"type":301,"label":302,"file":202,"line":131},{"id":304,"type":305,"label":306,"file":202,"line":307,"wp_function":308},[320],{"from":300,"to":304,"sanitized":311},{"entryPoint":322,"graph":323,"unsanitizedCount":87,"severity":312},"process_form (app\u002FClasses\u002FFormProcessor.php:9)",{"nodes":324,"edges":333},[325,329],{"id":300,"type":301,"label":326,"file":327,"line":328},"$_POST","app\u002FClasses\u002FFormProcessor.php",27,{"id":304,"type":305,"label":330,"file":327,"line":331,"wp_function":332},"update_option() [Settings Manipulation]",105,"update_option",[334],{"from":300,"to":304,"sanitized":311},{"entryPoint":336,"graph":337,"unsanitizedCount":87,"severity":312},"\u003CFormProcessor> (app\u002FClasses\u002FFormProcessor.php:0)",{"nodes":338,"edges":341},[339,340],{"id":300,"type":301,"label":326,"file":327,"line":328},{"id":304,"type":305,"label":330,"file":327,"line":331,"wp_function":332},[342],{"from":300,"to":304,"sanitized":311},{"entryPoint":344,"graph":345,"unsanitizedCount":87,"severity":312},"\u003Csupport> (views\u002Fsettings\u002Fsupport.php:0)",{"nodes":346,"edges":352},[347,350],{"id":300,"type":301,"label":348,"file":291,"line":349},"$_POST (x4)",152,{"id":304,"type":305,"label":306,"file":291,"line":351,"wp_function":308},157,[353],{"from":300,"to":304,"sanitized":311},{"entryPoint":355,"graph":356,"unsanitizedCount":27,"severity":367},"tpsa_track_failed_login_24hr (app\u002FClasses\u002FFeatures\u002FLimitLoginAttempts.php:179)",{"nodes":357,"edges":365},[358,361],{"id":300,"type":301,"label":359,"file":190,"line":360},"$_SERVER",194,{"id":304,"type":305,"label":362,"file":190,"line":363,"wp_function":364},"get_row() [SQLi]",198,"get_row",[366],{"from":300,"to":304,"sanitized":48},"high",{"entryPoint":369,"graph":370,"unsanitizedCount":27,"severity":367},"\u003CLimitLoginAttempts> (app\u002FClasses\u002FFeatures\u002FLimitLoginAttempts.php:0)",{"nodes":371,"edges":374},[372,373],{"id":300,"type":301,"label":359,"file":190,"line":360},{"id":304,"type":305,"label":362,"file":190,"line":363,"wp_function":364},[375],{"from":300,"to":304,"sanitized":48},{"summary":377,"deductions":378},"The plugin 'admin-safety-guard' v1.2.7 exhibits a generally good security posture with several strengths, including 100% prepared SQL statements and 95% properly escaped output. All identified entry points (REST API routes and cron events) have corresponding permission or nonce checks, indicating a conscious effort to secure these vectors. The absence of dangerous functions and file operations is also positive.\n\nHowever, two taint flows with unsanitized paths and a history of a medium severity vulnerability raise concerns. While the static analysis didn't flag critical or high severity taint flows, the presence of 'unsanitized paths' suggests potential issues where user-supplied data could be used in a way that leads to unintended file system access or manipulation. The past medium vulnerability, although not explicitly detailed, implies that authorization issues have been a problem in the past, which warrants careful monitoring.\n\nOverall, the plugin demonstrates strong adherence to secure coding practices in many areas. The primary risks lie in the subtle taint flow issues and the historical vulnerability pattern. Addressing the two unsanitized path flows is crucial to mitigate potential security weaknesses. The plugin's active development and regular security checks, evidenced by the recent vulnerability in 2026, are positive signs, but vigilance remains necessary, especially considering the past authorization issues.",[379,382],{"reason":380,"points":381},"Unsanitized path taint flows (2)",10,{"reason":383,"points":384},"Known unpatched CVE (1 medium)",15,"2026-04-16T11:26:26.359Z",{"wat":387,"direct":414},{"assetPaths":388,"generatorPatterns":400,"scriptPaths":401,"versionParams":402},[389,390,391,392,393,394,395,396,397,398,399],"\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fcss\u002Fsettings.css","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fcss\u002Ffields.css","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fcss\u002Fdeactivate.css","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FloginLogActivity.bundle.js","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002Fanalytics.bundle.js","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FsecurityCore.bundle.js","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FfirewallMalware.bundle.js","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FtwoFAUsingMobileApp.bundle.js","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FprivacyHardening.bundle.js","\u002Fwp-content\u002Fplugins\u002Fadmin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FloginTemplate.bundle.js",[],[],[403,404,405,406,407,408,409,410,411,412,413],"admin-safety-guard\u002Fassets\u002Fadmin\u002Fcss\u002Fsettings.css?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fcss\u002Ffields.css?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fcss\u002Fdeactivate.css?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fjs\u002Fadmin.js?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FloginLogActivity.bundle.js?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002Fanalytics.bundle.js?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FsecurityCore.bundle.js?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FfirewallMalware.bundle.js?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FtwoFAUsingMobileApp.bundle.js?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FprivacyHardening.bundle.js?ver=","admin-safety-guard\u002Fassets\u002Fadmin\u002Fbuild\u002FloginTemplate.bundle.js?ver=",{"cssClasses":415,"htmlComments":420,"htmlAttributes":421,"restEndpoints":423,"jsGlobals":425,"shortcodeOutput":429},[416,417,418,419],"tpsa-settings","tpsa-fields","tpsa-deactivate","tpsa-admin",[],[422],"data-tpsa-id",[424],"\u002Fwp-json\u002Ftpsa\u002Fv1\u002Ffeedback",[426,427,428],"TPSA_ASSETS_URL","TPSA_PLUGIN_VERSION","TPSA_DEVS",[],{"error":311,"url":431,"statusCode":432,"statusMessage":433,"message":433},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fadmin-safety-guard\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":328,"versions":435},[436,442,450,458,466,474,482,490,498,506,514,522,530,538,546,554,562,569,577,585,593,601,609,617,625,633,641],{"version":6,"download_url":25,"svn_tag_url":437,"released_at":37,"has_diff":48,"diff_files_changed":438,"diff_lines":37,"trac_diff_url":439,"vulnerabilities":440,"is_current":311},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.2.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.2.5&new_path=%2Fadmin-safety-guard%2Ftags%2F1.2.6",[441],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":443,"download_url":444,"svn_tag_url":445,"released_at":37,"has_diff":48,"diff_files_changed":446,"diff_lines":37,"trac_diff_url":447,"vulnerabilities":448,"is_current":48},"1.2.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.2.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.2.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.2.4&new_path=%2Fadmin-safety-guard%2Ftags%2F1.2.5",[449],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":451,"download_url":452,"svn_tag_url":453,"released_at":37,"has_diff":48,"diff_files_changed":454,"diff_lines":37,"trac_diff_url":455,"vulnerabilities":456,"is_current":48},"1.2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.2.3&new_path=%2Fadmin-safety-guard%2Ftags%2F1.2.4",[457],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":459,"download_url":460,"svn_tag_url":461,"released_at":37,"has_diff":48,"diff_files_changed":462,"diff_lines":37,"trac_diff_url":463,"vulnerabilities":464,"is_current":48},"1.2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.2.2&new_path=%2Fadmin-safety-guard%2Ftags%2F1.2.3",[465],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":467,"download_url":468,"svn_tag_url":469,"released_at":37,"has_diff":48,"diff_files_changed":470,"diff_lines":37,"trac_diff_url":471,"vulnerabilities":472,"is_current":48},"1.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.2.1&new_path=%2Fadmin-safety-guard%2Ftags%2F1.2.2",[473],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":475,"download_url":476,"svn_tag_url":477,"released_at":37,"has_diff":48,"diff_files_changed":478,"diff_lines":37,"trac_diff_url":479,"vulnerabilities":480,"is_current":48},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.2.0&new_path=%2Fadmin-safety-guard%2Ftags%2F1.2.1",[481],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":483,"download_url":484,"svn_tag_url":485,"released_at":37,"has_diff":48,"diff_files_changed":486,"diff_lines":37,"trac_diff_url":487,"vulnerabilities":488,"is_current":48},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.9&new_path=%2Fadmin-safety-guard%2Ftags%2F1.2.0",[489],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":491,"download_url":492,"svn_tag_url":493,"released_at":37,"has_diff":48,"diff_files_changed":494,"diff_lines":37,"trac_diff_url":495,"vulnerabilities":496,"is_current":48},"1.1.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.8&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.9",[497],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":499,"download_url":500,"svn_tag_url":501,"released_at":37,"has_diff":48,"diff_files_changed":502,"diff_lines":37,"trac_diff_url":503,"vulnerabilities":504,"is_current":48},"1.1.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.7&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.8",[505],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":507,"download_url":508,"svn_tag_url":509,"released_at":37,"has_diff":48,"diff_files_changed":510,"diff_lines":37,"trac_diff_url":511,"vulnerabilities":512,"is_current":48},"1.1.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.6&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.7",[513],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":515,"download_url":516,"svn_tag_url":517,"released_at":37,"has_diff":48,"diff_files_changed":518,"diff_lines":37,"trac_diff_url":519,"vulnerabilities":520,"is_current":48},"1.1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.5&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.6",[521],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":523,"download_url":524,"svn_tag_url":525,"released_at":37,"has_diff":48,"diff_files_changed":526,"diff_lines":37,"trac_diff_url":527,"vulnerabilities":528,"is_current":48},"1.1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.4&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.5",[529],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":531,"download_url":532,"svn_tag_url":533,"released_at":37,"has_diff":48,"diff_files_changed":534,"diff_lines":37,"trac_diff_url":535,"vulnerabilities":536,"is_current":48},"1.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.3&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.4",[537],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":539,"download_url":540,"svn_tag_url":541,"released_at":37,"has_diff":48,"diff_files_changed":542,"diff_lines":37,"trac_diff_url":543,"vulnerabilities":544,"is_current":48},"1.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.2&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.3",[545],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":547,"download_url":548,"svn_tag_url":549,"released_at":37,"has_diff":48,"diff_files_changed":550,"diff_lines":37,"trac_diff_url":551,"vulnerabilities":552,"is_current":48},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.1&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.2",[553],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":555,"download_url":556,"svn_tag_url":557,"released_at":37,"has_diff":48,"diff_files_changed":558,"diff_lines":37,"trac_diff_url":559,"vulnerabilities":560,"is_current":48},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.1.0&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.1",[561],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":155,"download_url":563,"svn_tag_url":564,"released_at":37,"has_diff":48,"diff_files_changed":565,"diff_lines":37,"trac_diff_url":566,"vulnerabilities":567,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.9&new_path=%2Fadmin-safety-guard%2Ftags%2F1.1.0",[568],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":570,"download_url":571,"svn_tag_url":572,"released_at":37,"has_diff":48,"diff_files_changed":573,"diff_lines":37,"trac_diff_url":574,"vulnerabilities":575,"is_current":48},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.8&new_path=%2Fadmin-safety-guard%2Ftags%2F1.0.9",[576],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":578,"download_url":579,"svn_tag_url":580,"released_at":37,"has_diff":48,"diff_files_changed":581,"diff_lines":37,"trac_diff_url":582,"vulnerabilities":583,"is_current":48},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.7&new_path=%2Fadmin-safety-guard%2Ftags%2F1.0.8",[584],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":586,"download_url":587,"svn_tag_url":588,"released_at":37,"has_diff":48,"diff_files_changed":589,"diff_lines":37,"trac_diff_url":590,"vulnerabilities":591,"is_current":48},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.6&new_path=%2Fadmin-safety-guard%2Ftags%2F1.0.7",[592],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":594,"download_url":595,"svn_tag_url":596,"released_at":37,"has_diff":48,"diff_files_changed":597,"diff_lines":37,"trac_diff_url":598,"vulnerabilities":599,"is_current":48},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.5&new_path=%2Fadmin-safety-guard%2Ftags%2F1.0.6",[600],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":602,"download_url":603,"svn_tag_url":604,"released_at":37,"has_diff":48,"diff_files_changed":605,"diff_lines":37,"trac_diff_url":606,"vulnerabilities":607,"is_current":48},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.4&new_path=%2Fadmin-safety-guard%2Ftags%2F1.0.5",[608],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":610,"download_url":611,"svn_tag_url":612,"released_at":37,"has_diff":48,"diff_files_changed":613,"diff_lines":37,"trac_diff_url":614,"vulnerabilities":615,"is_current":48},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.3&new_path=%2Fadmin-safety-guard%2Ftags%2F1.0.4",[616],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":618,"download_url":619,"svn_tag_url":620,"released_at":37,"has_diff":48,"diff_files_changed":621,"diff_lines":37,"trac_diff_url":622,"vulnerabilities":623,"is_current":48},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.2&new_path=%2Fadmin-safety-guard%2Ftags%2F1.0.3",[624],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":626,"download_url":627,"svn_tag_url":628,"released_at":37,"has_diff":48,"diff_files_changed":629,"diff_lines":37,"trac_diff_url":630,"vulnerabilities":631,"is_current":48},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.1&new_path=%2Fadmin-safety-guard%2Ftags%2F1.0.2",[632],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":634,"download_url":635,"svn_tag_url":636,"released_at":37,"has_diff":48,"diff_files_changed":637,"diff_lines":37,"trac_diff_url":638,"vulnerabilities":639,"is_current":48},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fadmin-safety-guard%2Ftags%2F1.0.0&new_path=%2Fadmin-safety-guard%2Ftags%2F1.0.1",[640],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":642,"download_url":643,"svn_tag_url":644,"released_at":37,"has_diff":48,"diff_files_changed":645,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":646,"is_current":48},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-safety-guard.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fadmin-safety-guard\u002Ftags\u002F1.0.0\u002F",[],[647],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37}]