[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZiudQzJbTMebJgcdEoVsJ4MAvxq0afHkIRodOPOsWB8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":63,"crawl_stats":38,"alternatives":71,"analysis":173,"fingerprints":494},"ajax-login-and-registration-modal-popup","AJAX Login and Registration modal popup + inline form","2.26","Max K","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaminskym\u002F","\u003Cp>Easy to integrate modal with Login and Registration features + inline form using shortcode. Compatible with any theme.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemo.maxim-kaminsky.com\u002Flrm\u002F\" rel=\"nofollow ugc\">DEMO >>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Easy to integrate (as modal or inline via shortcode)\u003C\u002Fli>\n\u003Cli>Well customized\u003C\u002Fli>\n\u003Cli>100% responsive\u003C\u002Fli>\n\u003Cli>Beautifully coded\u003C\u002Fli>\n\u003Cli>Compatible with other plugins (WooCommerce, BuddyPress, Ultimate Member, WPML, etc)\u003C\u002Fli>\n\u003Cli>Tested with the latest WP version\u003C\u002Fli>\n\u003Cli>Compatible with the Gutenberg\u003C\u002Fli>\n\u003Cli>Possible to replace wp-login.php with a custom “Login”, “Registration” and “Reset password” pages\u003C\u002Fli>\n\u003Cli>Skins support (1 default skin + 2 new in a PRO version) + possible to customize Skins colors via WP Customizer\u003C\u002Fli>\n\u003Cli>Powerful after-login\u002Fregistration\u002Flogout actions (reload, redirects, etc)\u003C\u002Fli>\n\u003Cli>Role-based redirects (in PRO)\u003C\u002Fli>\n\u003Cli>In-build reCaptcha & MatchCaptcha (in PRO)\u003C\u002Fli>\n\u003Cli>Google Authenticator plugin & Wordfence 2FA support (in PRO)\u003C\u002Fli>\n\u003Cli>Developer support (via forums or personal via email for PRO users)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Customization options:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>You can add your custom CSS selectors to attach modal\u003C\u002Fli>\n\u003Cli>All texts\u002Fmessages can be edited\u002Ftranslated in settings\u003C\u002Fli>\n\u003Cli>Emails (for registration and lost password) can customized in settings7\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Free version compatible with (and other, this is 100% tested):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-lockdown\u002F\" rel=\"ugc\">Login LockDown\u003C\u002Fa> (limit login attempts count)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-facebook-login\u002F\" rel=\"ugc\">WP Facebook Login\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-vote.net\u002Fwordpress-voting-plugin\u002F\" rel=\"nofollow ugc\">WP Foto Vote contests\u003C\u002Fa> (photo contest plugin from author of this plugin ☺)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F\" rel=\"ugc\">All In One WP Security & Firewall\u003C\u002Fa> (tested with “Renamed Login Page”)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feonet-manual-user-approve\u002F\" rel=\"ugc\">Eonet Manual User Approve\u003C\u002Fa>: review user before they an sign in – \u003Ca href=\"https:\u002F\u002Fdocs.maxim-kaminsky.com\u002Flrm\u002Fkb\u002Fhow-to-manually-review-new-users-registrations\u002F\" rel=\"nofollow ugc\">tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpml.org\u002F\" rel=\"nofollow ugc\">WPML\u003C\u002Fa>: Multi-language support – \u003Ca href=\"https:\u002F\u002Fdocs.maxim-kaminsky.com\u002Flrm\u002Fkb\u002Fmulti-language-support-via-wpml\u002F\" rel=\"nofollow ugc\">tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fweglot\u002F\" rel=\"ugc\">Weglot translation plugin\u003C\u002Fa> – \u003Ca href=\"https:\u002F\u002Fdocs.maxim-kaminsky.com\u002Flrm\u002Fkb\u002Fweglot-support\u002F\" rel=\"nofollow ugc\">tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fs2member\u002F\" rel=\"ugc\">s2member\u003C\u002Fa> plugin: tweaks for login process\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnew-user-approve\u002F\" rel=\"ugc\">New User Approve \u003C\u002Fa> plugin: review approve new users registrations\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Roadmap\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>+Allow including form to page content (without modal) (done in version 1.41)\u003C\u002Fli>\n\u003Cli>+Colors\u002Fstyles customizer [implemented via WP Customizer]\u003C\u002Fli>\n\u003Cli>+Documentation and Videos [done] – https:\u002F\u002Fdocs.maxim-kaminsky.com\u002Flrm\u002F\u003C\u002Fli>\n\u003Cli>+WooCommerce Login\u002FRegistration form integration (done in PRO version 1.28)\u003C\u002Fli>\n\u003Cli>Registration Form builder\u003C\u002Fli>\n\u003Cli>+Settings Import\u002FExport [done]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PRO features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>6-month personal support from the developer via Email\u003C\u002Fli>\n\u003Cli>Troubleshooting problems and conflicts with other plugins\u002Fthemes\u003C\u002Fli>\n\u003Cli>Unlimited plugin updates\u003C\u002Fli>\n\u003Cli>Compatibility with other popular plugins (list below)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>The PRO version extra features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Allow user to set a custom password (not randomly generated) during registration\u003C\u002Fli>\n\u003Cli>Redirect the user to the specified page after login\u002Fregistration\u002Flogout (for example to the User Profile)\u003C\u002Fli>\n\u003Cli>User verification via click on the link in registration email\u003C\u002Fli>\n\u003Cli>Email only registration – hide username filed from registration form\u003C\u002Fli>\n\u003Cli>Customize button color in \u003Ca href=\"https:\u002F\u002Fdocs.maxim-kaminsky.com\u002Flrm\u002Fkb\u002Fhow-to-customize-form-colors-pro-only\u002F\" rel=\"nofollow ugc\">WP Customizer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmaxim-kaminsky.com\u002Fshop\u002Fcontact-me\u002F\" rel=\"nofollow ugc\">Request other feature >>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>The PRO version is 100% tested and are compatible with a following plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Wordfence & Wordfence Login Security\u003C\u002Fa>\u003C\u002Fstrong> (2 factor login – \u003Ca href=\"https:\u002F\u002Fdocs.maxim-kaminsky.com\u002Flrm\u002Fkb\u002F2-factor-login-otp-verification\u002F\" rel=\"nofollow ugc\">example\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>\u003C\u002Fstrong> (show modal when clicked “Add to cart” in list or single product or in Cart when click “Process to Checkout”, option to replace WC account login\u002Fregistration form to plugin ajax form)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fsensei\u002F\" rel=\"nofollow ugc\">WooCommerce Sensei\u003C\u002Fa> (fix for Login process)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-recaptcha-integration\u002F\" rel=\"ugc\">WP reCaptcha Integration\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Finvisible-recaptcha\u002F\" rel=\"ugc\">Invisible reCaptcha\u003C\u002Fa>\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fdocs.maxim-kaminsky.com\u002Flrm\u002Fkb\u002Fhow-to-set-up-invisible-recaptcha\u002F\" rel=\"nofollow ugc\">tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" rel=\"ugc\">BuddyPress\u003C\u002Fa>\u003C\u002Fstrong> (\u003Ca href=\"https:\u002F\u002Fmonosnap.com\u002Ffile\u002F3RNMa7Wl3EYWidw9znAJbgJ5QVL7oy\" rel=\"nofollow ugc\">replace default registration form with BuddyPress one >>\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">UltimateMember\u003C\u002Fa>\u003C\u002Fstrong> (\u003Ca href=\"https:\u002F\u002Fmonosnap.com\u002Ffile\u002Fa2RxnzawR2N9qBdyKJMxh8J5ALuaYs\" rel=\"nofollow ugc\">replace default registration form with UltimateMember one >>\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcaptcha\u002F\" rel=\"ugc\">Captcha\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freally-simple-captcha\u002F\" rel=\"ugc\">Really Simple CAPTCHA\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fru.wordpress.org\u002Fplugins\u002Fcaptcha-bank\u002F\" rel=\"nofollow ugc\">Captcha bank\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-social-login\u002F\" rel=\"ugc\">WordPress Social Login\u003C\u002Fa> (social login buttons below login\u002Fregister form)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faccesspress-social-login-lite\u002F\" rel=\"ugc\">Social Login WordPress Plugin – AccessPress\u003C\u002Fa> (social login buttons below login\u002Fregister form)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsuper-socializer\u002F\" rel=\"ugc\">WordPress Social Share, Social Login and Social Comments Plugin – Super Socializer\u003C\u002Fa> (social login buttons below login\u002Fregister form, social share, etc)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsuper-socializer\u002F\" rel=\"ugc\">WordPress Social Share, Social Login and Social Comments Plugin – Super Socializer\u003C\u002Fa> (social login buttons below login\u002Fregister form, social share, etc)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fsupport\u002Fsso\u002F\" rel=\"nofollow ugc\">Jetpack – SSO login\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fmonosnap.com\u002Ffile\u002F4Na5FYYONRj79jnLBmQFK3hjnMJQDR\" rel=\"nofollow ugc\">WordPress.com login button >>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-vendors\u002F\" rel=\"ugc\">WC Vendors & WC Vendors Pro\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fmonosnap.com\u002Ffile\u002FTmpY4bYTHwF36ouN6fGpdjKZi5k3jz\" rel=\"nofollow ugc\">Apply to become vendor checkbox >>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailchimp-for-wp\u002F\" rel=\"ugc\">MailChimp for WordPress\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fmonosnap.com\u002Ffile\u002FsVpsvTnIzQoplRA7ap3IBPfb81kPuV\" rel=\"nofollow ugc\">Subscribe to newsletter checkbox >>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoogle-authenticator\u002F\" rel=\"ugc\">Google Authenticator\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fdocs.maxim-kaminsky.com\u002Flrm\u002Fkb\u002F2-factor-login-otp-verification\u002F\" rel=\"nofollow ugc\">Google Authenticator field during the login\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002Fadd-ons\u002Fuser-registration\u002F\" rel=\"nofollow ugc\">Gravity Forms + Gravity Forms User Registration Add-On\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fdocs.maxim-kaminsky.com\u002Flrm\u002Fkb\u002Fgravity-forms-integration\u002F\" rel=\"nofollow ugc\">Replace with Gravity Forms registration form\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads – soon\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmaxim-kaminsky.com\u002Fshop\u002Fcontact-me\u002F\" rel=\"nofollow ugc\">Request other plugin >>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmaxim-kaminsky.com\u002Fshop\u002Fproduct\u002Fajax-login-and-registration-modal-popup-pro\u002F\" rel=\"nofollow ugc\">GET PRO >>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemo.maxim-kaminsky.com\u002Flrm\u002Fpro\u002F\" rel=\"nofollow ugc\">PRO DEMO >>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>With Theme my login (TML) plugin (3 Password fields on the Create Account tab, if enable password field in LRM and TML)\u003C\u002Fli>\n\u003C\u002Ful>\n","Easy to integrate modal with Login and Registration features.",4000,182119,94,120,"2025-11-12T16:18:00.000Z","6.9.0","4.1","7.0",[20,21,22,23,24],"login","lost-password","modal","register","registration","https:\u002F\u002Fmaxim-kaminsky.com\u002Fshop\u002Fproduct\u002Fajax-login-and-registration-modal-popup-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-login-and-registration-modal-popup.zip",99,2,0,"2024-11-12 13:26:21","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-8874","ajax-login-and-registration-modal-popup-inline-form-reflected-cross-site-scripting","AJAX Login and Registration modal popup + inline form \u003C= 2.24 - Reflected Cross-Site Scripting","The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=2.24","2.25","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-12-20 20:40:49",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc11a561a-c798-46e7-bf2d-12933978aa29?source=api-prod",38,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":44,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2024-33918","ajax-login-and-registration-modal-popup-inline-form-authenticated-author-stored-cross-site-scripting","AJAX Login and Registration modal popup + inline form \u003C= 2.23 - Authenticated (Author+) Stored Cross-Site Scripting","The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.23","2.24",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-04-29 00:00:00","2024-05-20 19:14:34",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9eeee18d-a035-4de6-a2fc-19479387c4df?source=api-prod",22,{"slug":64,"display_name":7,"profile_url":8,"plugin_count":65,"total_installs":66,"avg_security_score":67,"avg_patch_time_days":68,"trust_score":69,"computed_at":70},"kaminskym",3,4010,95,30,91,"2026-04-04T01:13:49.658Z",[72,91,113,134,157],{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":29,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":89,"download_link":90,"security_score":81,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"loginregistration-form","EasySecure LoginRegistration Form – Inline & Modal Popup","1.1.2","imminentsoftwares","https:\u002F\u002Fprofiles.wordpress.org\u002Fimminentsoftware\u002F","\u003Cp>\u003Cstrong>EasySecure LoginRegistration Form – Inline & Modal Popup\u003C\u002Fstrong> is a modern, lightweight, and security-focused WordPress authentication plugin that allows users to log in, register, and reset passwords directly from the frontend using AJAX — without page reloads.\u003C\u002Fp>\n\u003Cp>Designed for performance and usability, the plugin supports both inline forms via shortcode and modal popup login triggers. It includes advanced security features like \u003Cstrong>Google reCAPTCHA v3\u003C\u002Fstrong> and \u003Cstrong>mandatory email verification\u003C\u002Fstrong>, ensuring only verified users can access your website.\u003C\u002Fp>\n\u003Cp>With customizable fields, email templates, redirection settings, and flexible design options, EasySecure helps you create a seamless and professional login experience on any WordPress site.\u003C\u002Fp>\n\u003Cp>Perfect for membership sites, business websites, communities, and eCommerce platforms.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>AJAX-based login, registration, and password reset  \u003C\u002Fli>\n\u003Cli>Inline form shortcode & modal popup trigger  \u003C\u002Fli>\n\u003Cli>Mandatory email verification (admin and user controlled)  \u003C\u002Fli>\n\u003Cli>Custom registration fields (text, number, email, dropdown, checkbox)  \u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3 integration for spam protection  \u003C\u002Fli>\n\u003Cli>Fully customizable email notifications  \u003C\u002Fli>\n\u003Cli>Redirect control after login, logout, and registration  \u003C\u002Fli>\n\u003Cli>Option to change the form’s primary theme color  \u003C\u002Fli>\n\u003Cli>Tab display type selector (icons or text for Login\u002FRegister tabs)  \u003C\u002Fli>\n\u003Cli>Custom logo upload for branded authentication forms  \u003C\u002Fli>\n\u003Cli>Fully responsive, mobile-friendly design  \u003C\u002Fli>\n\u003Cli>Compatible with any WordPress theme  \u003C\u002Fli>\n\u003Cli>Lightweight, fast, and built for performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong> to detect and prevent spam and automated abuse.\u003Cbr \u002F>\nThe user’s reCAPTCHA token is securely sent to Google for verification.\u003C\u002Fp>\n\u003Cp>Service Provider: Google\u003Cbr \u002F>\nTerms of Service: https:\u002F\u002Fpolicies.google.com\u002Fterms\u003Cbr \u002F>\nPrivacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n","Secure AJAX Login & Registration Plugin with Email Verification, Custom Fields, Modal Popup, Google reCAPTCHA, and Full Redirection Control.",579,100,1,"2026-02-10T08:14:00.000Z","6.9.4","6.0","8.0",[88,20,21,22,24],"ajax","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginregistration-form.1.1.2.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":13,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":89,"tags":105,"homepage":108,"download_link":109,"security_score":110,"vuln_count":111,"unpatched_count":29,"last_vuln_date":112,"fetched_at":31},"clean-login","Clean Login","1.14.6","Alberto Hornero","https:\u002F\u002Fprofiles.wordpress.org\u002Fhornero\u002F","\u003Cp>\u003Cstrong>Try it out on your free dummy site: Click here => \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fclean-login\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.tastewp.com\u002Fclean-login\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Responsive Frontend Login and Registration plugin. A plugin for displaying login, register, editor and restore password forms through shortcodes.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>[clean-login]\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cem>[clean-login-edit]\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cem>[clean-login-register]\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cem>[clean-login-restore]\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Basics\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add your login form in the frontend easily (page or post)\u003C\u002Fli>\n\u003Cli>And also the registration and the lost password form\u003C\u002Fli>\n\u003Cli>If user is logged in, the user will see a custom profile and will be able to edit his\u002Fher data in another front-end form\u003C\u002Fli>\n\u003Cli>One shortcode per form, you only need to create a page or post and apply this shortcode to create each form you want\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Style\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Every form created is responsive\u003C\u002Fli>\n\u003Cli>CSS adapted to each theme\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Spam protection\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Register form protected with CAPTCHA and  Google reCaptcha (as an option)\u003C\u002Fli>\n\u003Cli>Forms are also protected by Honeypot antispam protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Internacionalization\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WMPL ready with \u003Ca href=\"http:\u002F\u002Fwpml.org\u002Fplugin\u002Fclean-login\u002F\" rel=\"nofollow ugc\">oficial certification\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>.po\u002F.mo template included\u003C\u002Fli>\n\u003Cli>Many languages included by default\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>More features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Auto status checker\u003C\u002Fli>\n\u003Cli>Hide admin bar for non-admin users as an option\u003C\u002Fli>\n\u003Cli>Disable dashboard access as an option\u003C\u002Fli>\n\u003Cli>Standby user role for new user registration. With no capabilities, to allow admin approval of users optionally\u003C\u002Fli>\n\u003Cli>Auto linked forms, if you place a shortcode in a page\u002Fpost the link between them will be automatically generated\u003C\u002Fli>\n\u003Cli>And yes, this is WordPress 4.6 ready! Also compatible with WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage and Settings\u003C\u002Fh3>\n\u003Cp>Please, refer to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclean-login\u002Finstallation\u002F\" rel=\"ugc\">Installation section\u003C\u002Fa>\u003C\u002Fp>\n","A plugin for displaying useful forms in front-end only using shortcodes. Login, Registration, Profile Editor and Lost Password forms",6000,487594,143,"2024-08-28T22:33:00.000Z","6.6.5","3.4",[106,107,20,21,24],"editor","form","https:\u002F\u002Fcodection.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-login.1.14.6.zip",87,5,"2024-08-29 21:08:00",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":89,"tags":128,"homepage":131,"download_link":132,"security_score":133,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"security-protection","Security-Protection","2.3","webvitaly","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebvitaly\u002F","\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fwordpress\u002Fplugins\u002Fsecurity-protection\u002F\" title=\"Security-Protection\" rel=\"nofollow ugc\">Security-Protection\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fdonate\u002F\" title=\"Donate\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fwordpress\u002Fplugins\u002F\" title=\"WordPress plugins\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Why humans should prove that they are humans by filling captchas? Lets bots prove that they are not bots with adding javascript to their user-agents!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security-Protection blocks and stops brute-force attacks.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-protection\u002Ffaq\u002F\" rel=\"ugc\">Want to read more how Security-Protection plugin works\u003C\u002Fa>?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>no captcha\u003C\u002Fstrong>, because brute-force attacks is not users’ problem\u003C\u002Fli>\n\u003Cli>\u003Cstrong>no options\u003C\u002Fstrong>, because it is great to forget about brute-force attacks completely\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin is easy to use: just install it and it just works.\u003C\u002Fp>\n\u003Cp>Important: \u003Cstrong>delete ‘admin’ username\u003C\u002Fstrong> if you have it on your site. More than 90% of brute-force attacks try to crack the ‘admin’ username.\u003C\u002Fp>\n\u003Cp>Few of the most commonly used and worst passwords. Do not use them or similar:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>123456\u003C\u002Fli>\n\u003Cli>p@s$w0rd\u003C\u002Fli>\n\u003Cli>qwerty\u003C\u002Fli>\n\u003Cli>qwe123\u003C\u002Fli>\n\u003Cli>admin123\u003C\u002Fli>\n\u003Cli>iloveyou\u003C\u002Fli>\n\u003Cli>letmein\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Useful:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpage-list\u002F\" title=\"list of pages with shortcodes\" rel=\"ugc\">“Page-list” – show list of pages with shortcodes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fiframe\u002F\" title=\"embed content\" rel=\"ugc\">“Iframe” – embed content\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fweb-profile.net\u002Fwordpress\u002Fplugins\u002F\" title=\"WordPress Pro plugins\" rel=\"nofollow ugc\">WordPress Pro plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Protection from login, registration and reset-password brute-force attacks. No captcha.",400,15407,86,11,"2020-09-05T16:59:00.000Z","5.5.18","3.0",[129,130,20,23,24],"brute-force","bruteforce","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-protection\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-protection.2.3.zip",85,{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":81,"num_ratings":28,"last_updated":144,"tested_up_to":145,"requires_at_least":146,"requires_php":147,"tags":148,"homepage":154,"download_link":155,"security_score":156,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"nss-wooregistration-form","Nss Wooregistration Form","2.2.1","saiful.total","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaifultotal\u002F","\u003Cp>If you have woo-commerce\u002FeCommerce business & integrated with WordPress. This is a simple woo-commerce user registration plugin you can use it easily.\u003C\u002Fp>\n\u003Cp>Go to the woo-commerce settings->account\u002Fprivacy tab then select a checkbox which is “Allow customers to create an account on the “My Account page”. It will be automatically added a my-account page which is so easy nothing to create a new page. So you can just active and open my-account page.\u003C\u002Fp>\n\u003Cp>How to use Recaptcha?\u003C\u002Fp>\n\u003Cp>Go to this \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\" rel=\"nofollow ugc\">Google Recaptcha\u003C\u002Fa>. Firstly register your site domain then create a new ‘site key’ and ‘secret key’. See our screenshot.\u003C\u002Fp>\n\u003Cp>I think it will help your projects for new user registration. 🙂\u003C\u002Fp>\n\u003Ch3>Demo : \u003Ca href=\"https:\u002F\u002Feclippermedia.com\u002Fplugin\u002Fmy-account\u002F\" rel=\"nofollow ugc\">Link\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Thank you.\u003C\u002Fp>\n\u003Cp>Major features in woocommerce registration:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Woocommerce my-account page in added to registration form\u003C\u002Fli>\n\u003Cli>Easy to customization & went to change code.\u003C\u002Fli>\n\u003Cli>Many custom options of woocommerce registration form.\u003C\u002Fli>\n\u003Cli>Have google rechaptha v2.\u003C\u002Fli>\n\u003C\u002Ful>\n","Custom woocommerce login\u002Fregistration form with custom fields.",70,4112,"2025-01-20T11:28:00.000Z","6.7.5","3.0.1","7.4",[149,150,151,152,153],"login-registration","simple-register-form","woocommerce-form","woocommerce-register","woocommerce-registration-form","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnss-wooregistration-form","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnss-wooregistration-form.zip",92,{"slug":158,"name":159,"version":160,"author":161,"author_profile":162,"description":163,"short_description":164,"active_installs":165,"downloaded":166,"rating":81,"num_ratings":82,"last_updated":89,"tested_up_to":167,"requires_at_least":168,"requires_php":89,"tags":169,"homepage":89,"download_link":171,"security_score":81,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":172},"cubeaccount","CubeAccount Frontend Login","1.0","Jonathan Lau","https:\u002F\u002Fprofiles.wordpress.org\u002Flauweijie7715\u002F","\u003Cp>CubeAccount Frontend Login lets your users login and register from the frontend of your site.\u003C\u002Fp>\n\u003Cp>The WordPress dashboard and admin bar can be hidden completely from your users.\u003Cbr \u002F>\nUsers trying to reach wp-login.php directly would be redirected to your custom login page.\u003C\u002Fp>\n\u003Cp>Installation is as easy as activating the plugin.\u003C\u002Fp>\n\u003Cp>If permalinks are enabled, login and registration URLs would be rewritten to \u002Flogin and \u002Fregistration automatically.\u003C\u002Fp>\n\u003Cp>Works well with other plugins that adds features to the login and registration form.\u003C\u002Fp>\n","CubeAccount Frontend Login lets your users login and register from the frontend of your site. The WordPress dashboard and admin bar can be hidden comp &hellip;",10,6139,"3.2.1","2.2",[170,20,23,24],"frontend","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcubeaccount.zip","2026-03-15T10:48:56.248Z",{"attackSurface":174,"codeSignals":317,"taintFlows":446,"riskAssessment":484,"analyzedAt":493},{"hooks":175,"ajaxHandlers":280,"restRoutes":305,"shortcodes":306,"cronEvents":314,"entryPointCount":315,"unprotectedCount":316},[176,182,187,193,195,200,203,207,211,214,217,220,224,227,229,234,237,242,246,250,254,258,262,264,267,271,276],{"type":177,"name":178,"callback":179,"priority":124,"file":180,"line":181},"action","plugins_loaded","get","ajax-login-registration-modal-popup.php",54,{"type":177,"name":183,"callback":184,"file":185,"line":186},"admin_init","add_nav_menu_meta_boxes","includes\\class-admin-menus.php",15,{"type":188,"name":189,"callback":190,"file":191,"line":192},"filter","send_password_change_email","__return_false","includes\\class-ajax.php",319,{"type":188,"name":189,"callback":190,"file":191,"line":194},590,{"type":188,"name":196,"callback":197,"priority":198,"file":191,"line":199},"wp_redirect","wp_redirect__filter",9999,808,{"type":188,"name":201,"callback":190,"priority":27,"file":191,"line":202},"ws_plugin__s2member_login_redirect",821,{"type":188,"name":204,"callback":190,"file":205,"line":206},"eonet_mua_avoid_password_reset","includes\\class-core.php",24,{"type":177,"name":208,"callback":209,"priority":111,"file":205,"line":210},"wp_enqueue_scripts","enqueue_assets",29,{"type":177,"name":212,"callback":213,"priority":82,"file":205,"line":68},"wp_footer","wp_footer__action",{"type":177,"name":215,"callback":215,"file":205,"line":216},"init",32,{"type":177,"name":218,"callback":218,"priority":27,"file":205,"line":219},"template_redirect",33,{"type":177,"name":221,"callback":222,"file":205,"line":223},"lrm_login_form","form_fblogin__action",36,{"type":177,"name":225,"callback":222,"file":205,"line":226},"lrm_register_form",37,{"type":177,"name":228,"callback":222,"file":205,"line":48},"lrm_lostpassword_form",{"type":177,"name":230,"callback":231,"priority":232,"file":205,"line":233},"wp_loaded","process_ajax",9,42,{"type":177,"name":215,"callback":235,"priority":165,"file":205,"line":236},"init_action",55,{"type":188,"name":238,"callback":239,"file":240,"line":241},"wp_mail_content_type","set_mail_type","includes\\class-mailer.php",48,{"type":188,"name":243,"callback":244,"file":245,"line":165},"new_user_approve_pending_message","registration_needs_approval","includes\\class-new_user_approve.php",{"type":188,"name":247,"callback":248,"priority":27,"file":249,"line":186},"login_url","custom_login_url","includes\\class-pages-manager.php",{"type":188,"name":251,"callback":252,"priority":27,"file":249,"line":253},"register_url","custom_register_url",16,{"type":188,"name":255,"callback":256,"priority":27,"file":249,"line":257},"wp_new_user_notification_email","wp_new_user_notification_email__filter",18,{"type":177,"name":259,"callback":260,"file":261,"line":219},"admin_menu","register_menu","includes\\class-settings.php",{"type":177,"name":215,"callback":263,"file":261,"line":223},"register_settings",{"type":177,"name":265,"callback":266,"file":261,"line":48},"admin_notices","beg_for_review",{"type":177,"name":268,"callback":269,"file":261,"line":270},"underdev\u002Fsettings\u002Fenqueue_scripts","settings_enqueue_scripts",82,{"type":188,"name":272,"callback":273,"file":274,"line":275},"override_load_textdomain","override_load_textdomain__filter2","includes\\class-wpml.php",65,{"type":177,"name":277,"callback":278,"priority":232,"file":279,"line":65},"customize_register","closure","skins\\add-customizer-panel.php",[281,286,290,294,298,302],{"action":282,"nopriv":283,"callback":20,"hasNonce":284,"hasCapCheck":284,"file":205,"line":285},"lrm_login",true,false,174,{"action":287,"nopriv":283,"callback":288,"hasNonce":284,"hasCapCheck":284,"file":205,"line":289},"lrm_signup","signup",175,{"action":291,"nopriv":283,"callback":292,"hasNonce":284,"hasCapCheck":284,"file":205,"line":293},"lrm_lostpassword","lostpassword",176,{"action":295,"nopriv":283,"callback":296,"hasNonce":284,"hasCapCheck":284,"file":205,"line":297},"lrm_password_reset","password_reset",177,{"action":299,"nopriv":284,"callback":300,"hasNonce":283,"hasCapCheck":283,"file":301,"line":186},"lrm_import","AJAX_process_import","includes\\class-import-export.php",{"action":303,"nopriv":284,"callback":304,"hasNonce":283,"hasCapCheck":283,"file":301,"line":253},"lrm_export","AJAX_process_export",[],[307,311],{"tag":308,"callback":309,"file":205,"line":310},"lrm_form","shortcode",26,{"tag":228,"callback":312,"file":205,"line":313},"lostpassword_shortcode",27,[],8,4,{"dangerousFunctions":318,"sqlUsage":319,"outputEscaping":321,"fileOperations":29,"externalRequests":29,"nonceChecks":316,"capabilityChecks":65,"bundledLibraries":445},[],{"prepared":29,"raw":29,"locations":320},[],{"escaped":322,"rawEcho":323,"locations":324},220,74,[325,329,331,333,335,337,339,340,343,345,347,349,351,354,356,357,358,360,362,363,364,365,366,368,369,370,372,374,376,377,378,379,380,382,384,386,387,388,389,390,391,393,395,396,397,399,401,402,403,405,406,407,409,410,411,412,413,415,416,418,420,422,424,426,428,430,431,434,435,437,439,441,442,443],{"file":326,"line":327,"context":328},"includes\\class-debug.php",39,"raw output",{"file":326,"line":330,"context":328},41,{"file":240,"line":332,"context":328},134,{"file":334,"line":241,"context":328},"includes\\settings\\class-settings-field--redirects.php",{"file":334,"line":336,"context":328},104,{"file":338,"line":206,"context":328},"includes\\settings\\class-settings-field--select-pro.php",{"file":338,"line":216,"context":328},{"file":341,"line":342,"context":328},"includes\\settings\\class-settings-field--textarea-html-extended.php",17,{"file":344,"line":342,"context":328},"includes\\settings\\class-settings-field--textarea-html.php",{"file":346,"line":186,"context":328},"includes\\settings\\class-settings-field--textarea.php",{"file":348,"line":310,"context":328},"views\\admin\\settings-page.php",{"file":348,"line":350,"context":328},72,{"file":352,"line":353,"context":328},"views\\form-parts\\login.php",13,{"file":352,"line":355,"context":328},14,{"file":352,"line":355,"context":328},{"file":352,"line":355,"context":328},{"file":352,"line":359,"context":328},20,{"file":352,"line":361,"context":328},21,{"file":352,"line":361,"context":328},{"file":352,"line":361,"context":328},{"file":352,"line":206,"context":328},{"file":352,"line":68,"context":328},{"file":352,"line":367,"context":328},31,{"file":352,"line":223,"context":328},{"file":352,"line":226,"context":328},{"file":352,"line":371,"context":328},53,{"file":352,"line":373,"context":328},75,{"file":375,"line":111,"context":328},"views\\form-parts\\lost-password.php",{"file":375,"line":232,"context":328},{"file":375,"line":165,"context":328},{"file":375,"line":165,"context":328},{"file":375,"line":165,"context":328},{"file":375,"line":381,"context":328},35,{"file":375,"line":383,"context":328},43,{"file":385,"line":186,"context":328},"views\\form-parts\\register.php",{"file":385,"line":359,"context":328},{"file":385,"line":48,"context":328},{"file":385,"line":327,"context":328},{"file":385,"line":327,"context":328},{"file":385,"line":327,"context":328},{"file":385,"line":392,"context":328},56,{"file":385,"line":394,"context":328},57,{"file":385,"line":394,"context":328},{"file":385,"line":394,"context":328},{"file":385,"line":398,"context":328},61,{"file":385,"line":400,"context":328},62,{"file":385,"line":400,"context":328},{"file":385,"line":142,"context":328},{"file":385,"line":404,"context":328},71,{"file":385,"line":404,"context":328},{"file":385,"line":404,"context":328},{"file":385,"line":408,"context":328},84,{"file":385,"line":133,"context":328},{"file":385,"line":133,"context":328},{"file":385,"line":133,"context":328},{"file":385,"line":110,"context":328},{"file":385,"line":414,"context":328},96,{"file":385,"line":414,"context":328},{"file":385,"line":417,"context":328},98,{"file":385,"line":419,"context":328},110,{"file":385,"line":421,"context":328},112,{"file":385,"line":423,"context":328},130,{"file":385,"line":425,"context":328},138,{"file":385,"line":427,"context":328},156,{"file":429,"line":316,"context":328},"views\\form-parts\\tabs.php",{"file":429,"line":232,"context":328},{"file":432,"line":433,"context":328},"views\\restore-password.php",19,{"file":432,"line":383,"context":328},{"file":432,"line":436,"context":328},52,{"file":432,"line":438,"context":328},77,{"file":440,"line":82,"context":328},"views\\settings-page.php",{"file":440,"line":381,"context":328},{"file":440,"line":327,"context":328},{"file":440,"line":444,"context":328},47,[],[447,464,472],{"entryPoint":448,"graph":449,"unsanitizedCount":29,"severity":463},"AJAX_process_import (includes\\class-import-export.php:89)",{"nodes":450,"edges":461},[451,455],{"id":452,"type":453,"label":454,"file":301,"line":336},"n0","source","$_POST",{"id":456,"type":457,"label":458,"file":301,"line":459,"wp_function":460},"n1","sink","update_option() [Settings Manipulation]",125,"update_option",[462],{"from":452,"to":456,"sanitized":283},"low",{"entryPoint":465,"graph":466,"unsanitizedCount":29,"severity":463},"\u003Cclass-import-export> (includes\\class-import-export.php:0)",{"nodes":467,"edges":470},[468,469],{"id":452,"type":453,"label":454,"file":301,"line":336},{"id":456,"type":457,"label":458,"file":301,"line":459,"wp_function":460},[471],{"from":452,"to":456,"sanitized":283},{"entryPoint":473,"graph":474,"unsanitizedCount":29,"severity":463},"\u003Crestore-password> (views\\restore-password.php:0)",{"nodes":475,"edges":482},[476,478],{"id":452,"type":453,"label":477,"file":432,"line":165},"$_GET (x2)",{"id":456,"type":457,"label":479,"file":432,"line":480,"wp_function":481},"echo() [XSS]",83,"echo",[483],{"from":452,"to":456,"sanitized":283},{"summary":485,"deductions":486},"The \"ajax-login-and-registration-modal-popup\" plugin v2.26 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, using prepared statements exclusively, and has no file operations or external HTTP requests, which are common vectors for vulnerabilities. The plugin also shows a reasonable effort in implementing nonce and capability checks.\n\nHowever, several concerns emerge from the static analysis. The plugin has a notable attack surface with 8 entry points, of which 4 (specifically AJAX handlers) lack authentication checks. This is a significant concern as it exposes core functionality to potential abuse by unauthenticated users. While taint analysis found no critical or high severity issues, and all known CVEs are patched, the history of 2 medium severity Cross-site Scripting (XSS) vulnerabilities, with the most recent being in late 2024, indicates a recurring pattern of input sanitization issues that require diligent attention.\n\nOverall, the plugin has strengths in its secure handling of database interactions and lack of risky external dependencies. Nevertheless, the presence of unprotected AJAX endpoints and the historical tendency towards XSS vulnerabilities necessitate ongoing vigilance. The developers should prioritize implementing robust authentication and authorization checks for all AJAX handlers and continue to focus on thorough output escaping to mitigate the risk of XSS.",[487,489,491],{"reason":488,"points":165},"Unprotected AJAX handlers",{"reason":490,"points":315},"Potential for XSS based on history",{"reason":492,"points":111},"Moderate unescaped output percentage","2026-03-16T18:16:40.732Z",{"wat":495,"direct":510},{"assetPaths":496,"generatorPatterns":502,"scriptPaths":503,"versionParams":504},[497,498,499,500,501],"\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fcss\u002Flogin-register-modal.css","\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fcss\u002Flrm.css","\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fjs\u002Flogin-register-modal.js","\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fjs\u002Flogin-register-modal.min.js","\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fjs\u002Frestore-password.js",[],[],[505,506,507,508,509],"\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fcss\u002Flogin-register-modal.css?ver=","\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fcss\u002Flrm.css?ver=","\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fjs\u002Flogin-register-modal.js?ver=","\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fjs\u002Flogin-register-modal.min.js?ver=","\u002Fwp-content\u002Fplugins\u002Fajax-login-and-registration-modal-popup\u002Fassets\u002Fjs\u002Frestore-password.js?ver=",{"cssClasses":511,"htmlComments":518,"htmlAttributes":521,"restEndpoints":527,"jsGlobals":528,"shortcodeOutput":530},[512,513,514,515,516,517],"lrm-login","lrm-register","lrm-lostpassword","lrm_modal","lrm-wrap","lrm-restore-password-wrap",[519,520],"\u003C!-- The login\u002Fregister modal box -->","\u003C!-- Modal content-->",[522,523,524,525,526],"data-default-tab","data-logged-in-message","data-role","data-role-silent","data-redirect-to",[],[529],"LRM_AJAX_URL",[531,532],"[lrm_form]","[lrm_lostpassword_form]"]