[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBzQ0pFeeSYAjojqauT8wP3kA9-ryIUNSbMLFO9WqDAk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":60,"crawl_stats":38,"alternatives":67,"analysis":167,"fingerprints":277},"announce-from-the-dashboard","Announce from the Dashboard","1.5.3","gqevu6bsiz","https:\u002F\u002Fprofiles.wordpress.org\u002Fgqevu6bsiz\u002F","\u003Cp>This plugin to show announce for per user roles.\u003C\u002Fp>\n\u003Cp>And, if you want to change plugin capability, please refer to this code.\u003C\u002Fp>\n\u003Cp>For example add filter:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function afd_custom_change_capability( $capability ) {\n    \u002F\u002F plugin minimum capability\n    $capability = 'edit_posts';\n    return $capability;\n}\nadd_filter( 'afd_capability_manager' , 'afd_custom_change_capability' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>And, if you want to add filter, please refer to this code.\u003C\u002Fp>\n\u003Cp>For example add filter:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function afd_custom_filter( $announces ) {\n    \u002F\u002F filter\n    return $announces;\n}\n\nadd_filter( 'afd_before_announce' , 'afd_custom_filter' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>日本語でのご説明(Japanese description)\u003C\u002Fh3>\n\u003Cp>このプラグインは、ダッシュボードにお知らせを表示するプラグインです。\u003Cbr \u002F>\nユーザーの権限グループ別に、編集者のみへの表示、\u003Cbr \u002F>\n投稿者と寄稿者と購読者のみに表示する設定もできます。\u003C\u002Fp>\n","Announcement to users on the Dashboard.",7000,24375,86,6,"2024-03-30T05:56:00.000Z","4.3.34","3.8","",[20,21,22,23,24],"admin","announce","dashboard","news","role","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fannounce-from-the-dashboard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fannounce-from-the-dashboard.1.5.3.zip",84,2,0,"2024-04-03 00:00:00","2026-03-15T15:16:48.613Z",[33,48],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-3030","announce-from-the-dashboard-authenticated-admin-stored-cross-site-scripting","Announce from the Dashboard \u003C= 1.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting","The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.5.2","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-04-04 01:56:57",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb0d1cf3b-5631-49bd-a7aa-86de2ee4b5b9?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2023-25716","announce-from-the-dashboard-authenticated-administrator-stored-cross-site-scripting","Announce from the Dashboard \u003C= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=1.5.1","1.5.2","2023-02-13 00:00:00","2024-01-22 19:56:02",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2b75dce8-3e31-45e8-b193-5df3e4391e56?source=api-prod",344,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":61,"total_installs":62,"avg_security_score":63,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},10,46850,87,183,70,"2026-04-04T03:56:21.319Z",[68,91,112,130,147],{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":78,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":18,"download_link":89,"security_score":90,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"role-based-redirect","Role Based Redirect","1.6","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>Role Based Redirect allows you to customize the login and logout redirection URLs based on user roles. Additionally, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Redirect users after login based on their role.\u003C\u002Fli>\n\u003Cli>Redirect users after logout based on their role.\u003C\u002Fli>\n\u003Cli>Hide the WordPress admin bar for selected user roles.\u003C\u002Fli>\n\u003Cli>Restrict dashboard access by user role.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is useful for membership sites, multi-role websites, or any WordPress setup where you want to provide a tailored user experience.\u003C\u002Fp>\n","Redirect users after login\u002Flogout by role. Optionally hide admin bar and block dashboard access for selected roles.",2000,24663,96,17,"2025-07-18T04:36:00.000Z","6.9.4","4.0","5.6",[85,86,87,24,88],"hide-admin-bar","redirection","restrict-dashboard","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frole-based-redirect.zip",100,{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":61,"downloaded":99,"rating":90,"num_ratings":100,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":108,"download_link":109,"security_score":110,"vuln_count":47,"unpatched_count":29,"last_vuln_date":111,"fetched_at":31},"pz-frontend-manager","PZ Frontend Manager","1.0.6","Project Zealous","https:\u002F\u002Fprofiles.wordpress.org\u002Fprojectzealous01\u002F","\u003Cp>PZ Frontend Manager is a free plugin that allows your clients to manage their users and posts without accessing the WordPress admin. That way, you can reduce the possibility of the error caused by accidental clicks and also reduce the confusion on your client’s end to not access pages that are not necessary to their needs or capabilities.\u003C\u002Fp>\n\u003Ch4>Key features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>User login and registration – Allow your visitors or site users to create their accounts by enabling your user registration in your Frontend Manager Settings. Verify their emails by enabling the account activation which will be sent to the email they have registered with.\u003C\u002Fli>\n\u003Cli>User Profile – Allow your users to customize their profiles. You can add more user information fields on their profile page to fill in. It also has a password field to allow your users to change their passwords anytime they want.\u003C\u002Fli>\n\u003Cli>Post Management – Add or manage your posts through the Frontend Manager with the same functionality as the wp-admin. Add your content and featured images and categorize your posts based on your preference. You can also create your categories and tags.\u003C\u002Fli>\n\u003Cli>User Management – Add or manage your user’s data including their passwords. You can add\u002Fupdate\u002Fremove fields based on your desired information from your users. \u003C\u002Fli>\n\u003Cli>User role capability – Control what can be accessed by the users based on their user role.\u003C\u002Fli>\n\u003C\u002Ful>\n","PZ Frontend Manager allows your clients to manage their platform without accessing the wp-admin dashboard.",1449,4,"2024-06-27T07:35:00.000Z","6.5.8","6.1","7.4",[20,22,106,107,24],"frontend","frontend-dashboard","https:\u002F\u002Fproj-z.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpz-frontend-manager.zip",91,"2024-07-01 00:00:00",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":61,"downloaded":120,"rating":29,"num_ratings":29,"last_updated":121,"tested_up_to":81,"requires_at_least":83,"requires_php":104,"tags":122,"homepage":128,"download_link":129,"security_score":90,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"user-profile-dashboard-fields-control","User Profile Fields Control","1.1.0","Priyank Sukhadiya","https:\u002F\u002Fprofiles.wordpress.org\u002Fpriyanksukhadiya\u002F","\u003Cp>The User Profile Fields Control plugin is designed for administrators who want more control over the WordPress user experience. This plugin enables you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hide or Show Profile Fields\u003C\u002Fstrong> – Customize user profile fields based on user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tailor the Dashboard\u003C\u002Fstrong> – Control which fields appear on the WordPress dashboard for each user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced User Management\u003C\u002Fstrong> – Improve the user experience by displaying only relevant information for each user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatible with Most Themes\u003C\u002Fstrong> – Works seamlessly with most WordPress themes, enhancing compatibility and ease of use.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With the User Profile Fields Control plugin, you can streamline WordPress user management and customize the experience for each role.\u003C\u002Fp>\n","The User Profile Fields Control plugin allows you to manage WordPress user profile fields with role-based customization.",695,"2025-12-04T15:57:00.000Z",[123,124,125,126,127],"admin-customization","dashboard-control","profile-fields","user-management","user-roles","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-profile-dashboard-fields-control","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-profile-dashboard-fields-control.1.1.0.zip",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":29,"downloaded":138,"rating":29,"num_ratings":29,"last_updated":139,"tested_up_to":140,"requires_at_least":141,"requires_php":18,"tags":142,"homepage":144,"download_link":145,"security_score":146,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"hide-dashboard-for-roles","Hide Dashboard for Roles","1.0","renemanqueros","https:\u002F\u002Fprofiles.wordpress.org\u002Frenemanqueros\u002F","\u003Cp>Prevents access to the Admin Dashboard, redirecting users to the site’s homepage.\u003Cbr \u002F>\nSend all support requests to hello@sagrev.solutions.\u003C\u002Fp>\n","Allows administrators to block access to Wordpress' admin dashboard based on the user's role.",1045,"2018-12-11T17:15:00.000Z","5.0.25","4.3",[20,22,143,24],"hide","https:\u002F\u002Fsagrev.solutions\u002Fproduct\u002Fdashboard-disable\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-dashboard-for-roles.zip",85,{"slug":148,"name":149,"version":133,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":29,"downloaded":154,"rating":90,"num_ratings":47,"last_updated":18,"tested_up_to":155,"requires_at_least":156,"requires_php":157,"tags":158,"homepage":164,"download_link":165,"security_score":90,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":166},"role-based-dashboard-notices","Role-Based Dashboard Notices","Toufique Alahi","https:\u002F\u002Fprofiles.wordpress.org\u002Ftoufiquealahi\u002F","\u003Cp>Role-Based Dashboard Notices allows administrators to create custom notices and display them in a clean, organized dashboard widget. The plugin provides a way to send notices to specific user roles, ensuring that the right information reaches the right users. Additionally, administrators can grant other users the ability to create and manage notices, giving them more control over who can communicate important updates within the WordPress dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create notices with a easy to use text editor.\u003C\u002Fli>\n\u003Cli>Display notices in a dashboard widget with a clean and responsive design.\u003C\u002Fli>\n\u003Cli>Action button for users such as Mark as read\u002Funread, Archive, Delete.\u003C\u002Fli>\n\u003Cli>Archive page with Unarchive option.\u003C\u002Fli>\n\u003Cli>Send notices to specific user roles.\u003C\u002Fli>\n\u003Cli>Set priority levels (High, Medium, Low) for notices.\u003C\u002Fli>\n\u003Cli>Change of color of notices based on priority level.\u003C\u002Fli>\n\u003Cli>Restrict who can send notices based on user roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>1. Internal Company Announcements:\u003C\u002Fstrong>\u003Cbr \u002F>\n   * Use the plugin to broadcast company-wide notices such as policy changes, important meetings, or HR updates. Target specific departments by sending notices only to users with specific roles like “Editor,” “Author,” or “Subscriber.”\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Client-Specific Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\n   * Agencies managing multiple client sites can use this plugin to send updates or alerts specifically to clients (e.g., “Client” role) without bothering other users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>3. Team Coordination:\u003C\u002Fstrong>\u003Cbr \u002F>\n   * Project managers can use this plugin to keep team members informed about project milestones, deadlines, or changes by sending notices only to users assigned specific roles like “Project Manager,” “Developer,” or “Designer.”\u003C\u002Fp>\n\u003Cp>\u003Cstrong>4. Educational Institutions:\u003C\u002Fstrong>\u003Cbr \u002F>\n   * Schools or universities can send important notices to students, teachers, and administrative staff, ensuring that only the relevant audience sees the notices.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>5. Event Management:\u003C\u002Fstrong>\u003Cbr \u002F>\n   * Event organizers can use the plugin to communicate with volunteers, attendees, and sponsors separately, ensuring each group gets the information they need.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the included \u003Ccode>LICENSE.txt\u003C\u002Fcode> file for more details.\u003C\u002Fp>\n","Create custom notices and display them in the dashboard for specific user roles.",630,"6.6.5","5.2","7.2",[159,160,161,162,163],"admin-notices","dashboard-notices","notices","notification-widget","role-based-notices","https:\u002F\u002Fwpblogr.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frole-based-dashboard-notices.1.0.zip","2026-03-15T10:48:56.248Z",{"attackSurface":168,"codeSignals":240,"taintFlows":268,"riskAssessment":269,"analyzedAt":276},{"hooks":169,"ajaxHandlers":236,"restRoutes":237,"shortcodes":238,"cronEvents":239,"entryPointCount":29,"unprotectedCount":29},[170,176,178,182,185,188,190,193,199,204,205,210,213,216,219,223,226,229,233],{"type":171,"name":172,"callback":173,"file":174,"line":175},"action","network_admin_menu","admin_menu","admin\\abstract-manager.php",54,{"type":171,"name":173,"callback":173,"file":174,"line":177},58,{"type":171,"name":179,"callback":180,"file":174,"line":181},"network_admin_notices","update_notices",109,{"type":171,"name":179,"callback":183,"file":174,"line":184},"error_notices",110,{"type":171,"name":186,"callback":180,"file":174,"line":187},"admin_notices",114,{"type":171,"name":186,"callback":183,"file":174,"line":189},115,{"type":171,"name":191,"callback":191,"file":174,"line":192},"admin_enqueue_scripts",118,{"type":171,"name":194,"callback":195,"priority":196,"file":197,"line":198},"admin_init","regist_init_action",20,"admin\\master.php",99,{"type":200,"name":201,"callback":201,"priority":61,"file":202,"line":203},"filter","plugin_row_meta","admin\\setup.php",90,{"type":171,"name":191,"callback":191,"file":202,"line":110},{"type":171,"name":206,"callback":207,"file":208,"line":209},"load-index.php","screen_dashboard","admin\\show-announce.php",250,{"type":171,"name":211,"callback":211,"file":208,"line":212},"admin_print_scripts",269,{"type":171,"name":186,"callback":214,"priority":198,"file":208,"line":215},"announce_notices",270,{"type":171,"name":217,"callback":217,"file":208,"line":218},"wp_dashboard_setup",271,{"type":171,"name":220,"callback":220,"priority":196,"file":221,"line":222},"plugins_loaded","announce-from-the-dashboard.php",78,{"type":171,"name":224,"callback":224,"priority":196,"file":221,"line":225},"setup_theme",79,{"type":171,"name":227,"callback":227,"priority":196,"file":221,"line":228},"after_setup_theme",80,{"type":171,"name":230,"callback":231,"priority":196,"file":221,"line":232},"init","wp_init",81,{"type":171,"name":234,"callback":234,"priority":196,"file":221,"line":235},"wp_loaded",82,[],[],[],[],{"dangerousFunctions":241,"sqlUsage":242,"outputEscaping":244,"fileOperations":47,"externalRequests":29,"nonceChecks":266,"capabilityChecks":47,"bundledLibraries":267},[],{"prepared":29,"raw":29,"locations":243},[],{"escaped":245,"rawEcho":246,"locations":247},194,7,[248,252,254,256,259,262,264],{"file":249,"line":250,"context":251},"admin\\manager-announce-settng.php",161,"raw output",{"file":208,"line":253,"context":251},323,{"file":208,"line":255,"context":251},374,{"file":257,"line":258,"context":251},"admin\\view\\elements\\announce-list.php",25,{"file":260,"line":261,"context":251},"admin\\view\\manager-announce-setting.php",23,{"file":260,"line":263,"context":251},468,{"file":260,"line":265,"context":251},600,5,[],[],{"summary":270,"deductions":271},"The 'announce-from-the-dashboard' plugin, version 1.5.3, exhibits a generally positive security posture based on the static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a strong indicator of a limited attack surface. Furthermore, the code signals reveal the absence of dangerous functions and SQL queries are all handled with prepared statements. The output escaping is also very well implemented, with 97% of outputs properly escaped. Taint analysis shows no critical or high severity flows, further bolstering confidence in the code's sanitization practices.\n\nHowever, the plugin's vulnerability history is a significant concern. With two known medium severity CVEs, both related to Cross-site Scripting (XSS), the plugin has a history of rendering user input insecurely. The fact that a vulnerability was disclosed as recently as April 3rd, 2024, suggests a potential ongoing maintenance or development issue. While there are currently no unpatched vulnerabilities, the pattern of past XSS issues warrants vigilance. The presence of only one file operation and five nonce checks, alongside one capability check, indicates a relatively simple feature set, but the historical vulnerability data overshadows these positive aspects.\n\nIn conclusion, while the static analysis of version 1.5.3 shows good security practices in its current implementation, the plugin's past vulnerability history, particularly concerning XSS, presents a notable risk. Users should be aware of this historical context and ensure the plugin is kept updated to the latest available version, even if no immediate unpatched vulnerabilities are present. The two medium severity XSS vulnerabilities in its history are the primary drivers of concern.",[272,274],{"reason":273,"points":196},"Two past medium XSS vulnerabilities",{"reason":275,"points":61},"A recent vulnerability disclosure (April 2024)","2026-03-16T18:01:29.045Z",{"wat":278,"direct":286},{"assetPaths":279,"generatorPatterns":282,"scriptPaths":283,"versionParams":284},[280,281],"\u002Fwp-content\u002Fplugins\u002Fannounce-from-the-dashboard\u002Fadmin\u002Fassets\u002Fjs\u002Fmanager.js","\u002Fwp-content\u002Fplugins\u002Fannounce-from-the-dashboard\u002Fadmin\u002Fassets\u002Fcss\u002Fmanager.css",[],[280],[285],"announce-from-the-dashboard\u002Fadmin\u002Fassets\u002Fjs\u002Fmanager.js?ver=",{"cssClasses":287,"htmlComments":289,"htmlAttributes":291,"restEndpoints":293,"jsGlobals":294,"shortcodeOutput":296},[288],"afd-message",[290],"\u003C!-- Announce from the Dashboard -->",[292],"data-afd-message-id",[],[295],"Afd",[]]