[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVhRsdwryg4M_8xh2XMaw329RMnvrNihW7s8zCKX_pjw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":55,"analysis":143,"fingerprints":367},"authenticator","Authenticator","1.3.1","Syde GmbH (formerly Inpsyde)","https:\u002F\u002Fprofiles.wordpress.org\u002Finpsyde\u002F","\u003Cp>This plugin allows you to make your WordPress site accessible to logged in users only. In other words, to view your site they have to create or have an account on your site and be logged in. No configuration necessary, simply activating – that’s all.\u003C\u002Fp>\n\u003Ch4>Crafted by Inpsyde\u003C\u002Fh4>\n\u003Cp>The team at \u003Ca href=\"https:\u002F\u002Finpsyde.com\" rel=\"nofollow ugc\">Inpsyde\u003C\u002Fa> is engineering the web and WordPress since 2006.\u003C\u002Fp>\n\u003Ch4>Donation?\u003C\u002Fh4>\n\u003Cp>You want to donate – we prefer a positive review, not more.\u003C\u002Fp>\n\u003Ch4>Bugs, technical hints or contribute\u003C\u002Fh4>\n\u003Cp>Please give me feedback, contribute and file technical bugs on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbueltge\u002FAuthenticator\" rel=\"nofollow ugc\">GitHub Repo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>License\u003C\u002Fh4>\n\u003Cp>Good news, this plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial blog. But if you enjoy this plugin, you can thank me and leave a \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=6069955\" rel=\"nofollow ugc\">small donation\u003C\u002Fa> for the time I’ve spent writing and supporting this plugin. And I really don’t want to know how many hours of my life this plugin has already eaten 😉\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>The plugin comes with various translations, please refer to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FInstalling_WordPress_in_Your_Language\" rel=\"nofollow ugc\">WordPress Codex\u003C\u002Fa> for more information about activating the translation. If you want to help to translate the plugin to your language, please have a look at the translation possibility in \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fauthenticator\" rel=\"nofollow ugc\">this page here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Donation?\u003C\u002Fh4>\n\u003Cp>You want to donate – we prefer a positive review, not more.\u003C\u002Fp>\n","This plugin allows you to make your WordPress site accessible to logged in users only.",1000,97533,100,8,"2026-01-21T07:23:00.000Z","6.9.4","5.0","5.6",[20,21,22,23,24],"access","accessible","authentification","login","members","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauthenticator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthenticator.1.3.1.zip",99,1,0,"2022-11-26 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2022-3994","authenticator-missing-authorization","Authenticator \u003C= 1.3.0 - Missing Authorization","The Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the regenerate_token function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to generate tokens.",null,"\u003C=1.3.0","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:N","Missing Authorization","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7f4df92b-b6b5-441e-a772-fed63cb83bf7?source=api-prod",423,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":47,"trust_score":53,"computed_at":54},"inpsyde",3,2300,92,73,"2026-04-04T06:16:48.044Z",[56,74,93,112,128],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":67,"tags":70,"homepage":67,"download_link":72,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":73},"sn-extend-authentication","SN Extend Authentication","1.3","pgautam","https:\u002F\u002Fprofiles.wordpress.org\u002Fpgautam\u002F","\u003Cp>This plugin allows admin to disable anonymous (non authenticated users) browsing of selective posts, pages, feeds or complete WordPress site.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Ch4>WordPress Integration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to install\u003C\u002Fli>\n\u003Cli>Plays well with other Plugins\u003C\u002Fli>\n\u003Cli>Supports regular WordPress widgets\u003C\u002Fli>\n\u003Cli>Site admin can turn on\u002Foff browsing on specific post\u002Fpages for non authenticated users.\u003C\u002Fli>\n\u003Cli>Site admin can turn on\u002Foff browsing for non authenticated users on complete website.\u003C\u002Fli>\n\u003Cli>Site admin can turn on\u002Foff feed reading for non authenticated users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Using the Plugin\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fsnideas.wordpress.com\u002F2013\u002F05\u002F19\u002Fsn-extend-authentication-5-minute-guide\u002F\" rel=\"nofollow ugc\">Configuration Instruction\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>For Advanced Users\u003C\u002Fh3>\n\u003Cp>Advanced users can edit the CSS for post\u002Fpage widget and ‘SN Authentication Settings’ page.\u003C\u002Fp>\n\u003Cp>We would appreciate your views and suggestions to make this plugin more useful. Please mail us at paritoshgautam@hotmail.com\u003C\u002Fp>\n","This plugin allows admin to disable anonymous (non authenticated users) browsing of selective posts, pages, feeds or complete WordPress site.",10,2410,5,"","3.7.41","2.8",[20,21,71,23,24],"authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsn-extend-authentication.1.3.zip","2026-03-15T14:44:11.924Z",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":13,"num_ratings":28,"last_updated":84,"tested_up_to":85,"requires_at_least":17,"requires_php":86,"tags":87,"homepage":91,"download_link":92,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"private-website","Private Website – Login Required","0.2.9","roehler","https:\u002F\u002Fprofiles.wordpress.org\u002Froehler\u002F","\u003Cp>\u003Cstrong>Private Website – Login Required\u003C\u002Fstrong> is a simple and straightforward WordPress plugin designed to restrict access to your website. By activating this plugin, users must be logged in to view any content on your site. This is ideal for websites that host sensitive or exclusive content and want to ensure that only authenticated users can access it.\u003C\u002Fp>\n\u003Cp>There are no complicated settings to configure. Simply activate the plugin to enforce the login requirement and deactivate it to remove the restriction.\u003C\u002Fp>\n\u003Cp>This plugin was developed by \u003Ca href=\"https:\u002F\u002Froehler.nrw\" rel=\"nofollow ugc\">Robin Oehler\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Private Website – Login Required uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK does not gather any data by default. The SDK only starts gathering basic telemetry data when a user allows it via the admin notice. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK DOES NOT IMMEDIATELY start gathering data, without confirmation from users in any case.\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Bugs & Feedback\u003C\u002Fh3>\n\u003Cp>Your feedback is important to me. If you find mistakes, have wishes, ideas, or suggestions, please send an email to \u003Ca href=\"mailto:mail@roehler.nrw\" rel=\"nofollow ugc\">mail@roehler.nrw\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Legal notice (German): \u003Ca href=\"https:\u002F\u002Froehler.nrw\u002Fimpressum\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Froehler.nrw\u002Fimpressum\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You are free to use it on any website across countries to protect the privacy of your users.\u003C\u002Fp>\n\u003Cp>Note: Activating this plugin cannot guarantee that your website is completely compliant with GDPR. When using Google Analytics, Facebook pixels, or other similar tools, additional measures may need to be taken.\u003C\u002Fp>\n","This plugin requires users to be logged in to view the website. Activate the plugin to enforce login, and deactivate it to remove the restriction.",200,2528,"2025-09-08T20:58:00.000Z","6.8.5","7.0",[23,24,88,89,90],"private","restrict-access","user-authentication","https:\u002F\u002Fwww.roehler.nrw","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivate-website.0.2.9.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":13,"downloaded":101,"rating":29,"num_ratings":29,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":67,"download_link":111,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"myasp-membership","MyASP MemberShip","1.0.6","myaspdev","https:\u002F\u002Fprofiles.wordpress.org\u002Fmyaspdev\u002F","\u003Cp>MyASP MemberShip Plugin is a membership site creation plug-in for \u003Ca href=\"https:\u002F\u002Fmyasp.jp\u002F\" rel=\"nofollow ugc\">MyASP\u003C\u002Fa> users.\u003C\u002Fp>\n\u003Cp>A subscription to \u003Ca href=\"https:\u002F\u002Fmyasp.jp\u002F\" rel=\"nofollow ugc\">MyASP\u003C\u002Fa> is required to use this plugin.\u003C\u002Fp>\n\u003Cp>User registration and management is done on MyASP side. (It is not stored in WordPress).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>What the plugin can do.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can create a membership site easily by using WordPress plugins and themes.\u003C\u002Fli>\n\u003Cli>You can manage public or members-only articles for each article.\u003C\u002Fli>\n\u003Cli>You can create paid articles by using MyASP’s payment functions (subscriptions, monthly billing, etc.)\u003C\u002Fli>\n\u003Cli>Use the MyASP registration form to register as a member\u003C\u002Fli>\n\u003Cli>You can create a page where only part of an article (the first half) is published and\u003Cbr \u002F>\nlogin is required to view the second half.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Handling of member information\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User registration and management is done on MyASP side. (It is not stored in WordPress).\u003C\u002Fli>\n\u003Cli>The configuration information of the article is sent to MyASP. \u003C\u002Fli>\n\u003Cli>This will be used to investigate any failures and to answer any questions about how to configure the settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Membership plugin for MyASP Users.",1998,"2025-06-11T02:33:00.000Z","6.7.5","5.9.4","7.3.33",[107,23,108,109,110],"access-control","member","membership","user-registration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmyasp-membership.1.0.6.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":64,"downloaded":120,"rating":13,"num_ratings":28,"last_updated":67,"tested_up_to":16,"requires_at_least":121,"requires_php":86,"tags":122,"homepage":125,"download_link":126,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":127},"admin-only-dashboard","Disable Dashboard Access","1.2.5","Ga Satrya","https:\u002F\u002Fprofiles.wordpress.org\u002Fgasatrya\u002F","\u003Cp>Remove dashboard access to non-admin users and easily control who can access your WordPress dashboard with simple configuration. By default, only administrators are allowed, but you can now whitelist specific trusted users by username—perfect for developers, VAs, or contractors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Whitelist specific users by username\u003C\u002Fli>\n\u003Cli>Session expiration controls (1-24 hours)\u003C\u002Fli>\n\u003Cli>Option to apply session timeout to administrators\u003C\u002Fli>\n\u003Cli>Custom redirect URL for blocked users\u003C\u002Fli>\n\u003Cli>Secure, validated, and sanitized settings\u003C\u002Fli>\n\u003Cli>Hide admin toolbar for non-authorized users\u003C\u002Fli>\n\u003Cli>Developer-friendly filters for advanced customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Why Choose Disable Dashboard Access?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Maximum Protection\u003C\u002Fstrong>: Instantly block unauthorized users from accessing sensitive dashboard areas.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Effortless Whitelisting\u003C\u002Fstrong>: Grant dashboard access to trusted users (developers, VAs, contractors) without changing their roles. Just add their usernames!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Security\u003C\u002Fstrong>: Automatically log out users after a set period for bulletproof session management. Choose from multiple timeout intervals and apply to all users or just non-admins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirects\u003C\u002Fstrong>: Guide blocked users to a branded page or helpful resource instead of the generic homepage.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Configuration Needed\u003C\u002Fstrong>: Works out of the box—only administrators can access the dashboard until you customize settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Website owners who want peace of mind\u003C\u002Fli>\n\u003Cli>Agencies and developers managing multiple sites\u003C\u002Fli>\n\u003Cli>Teams needing granular dashboard access\u003C\u002Fli>\n\u003Cli>Anyone serious about WordPress security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Protect your site, empower your workflow, and deliver a professional experience—all with one lightweight plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.ctaflow.com\u002Fplugins\u002Fadmin-only-dashboard\u002F\" rel=\"nofollow ugc\">Read more detail\u003C\u002Fa>\u003C\u002Fp>\n","Disable Dashboard Access: Only admins can access the dashboard by default. Whitelist trusted users easily, quick setup, and secure.",1872,"6.5",[20,123,23,109,124],"dashboard","restrict","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadmin-only\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-only-dashboard.1.2.5.zip","2026-03-15T10:48:56.248Z",{"slug":129,"name":130,"version":96,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":29,"downloaded":135,"rating":29,"num_ratings":29,"last_updated":136,"tested_up_to":16,"requires_at_least":17,"requires_php":67,"tags":137,"homepage":141,"download_link":142,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"lck-cloud-connector","LCK cloud Connector","LCK cloud","https:\u002F\u002Fprofiles.wordpress.org\u002Flckcloud\u002F","\u003Cp>\u003Cstrong>Securely turn your existing WordPress content into “Members Only” pages. This plugin provides professional access control and member management.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>“LCK cloud Connector” is an official plugin designed to integrate advanced membership features into your WordPress site without complex coding.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Roles of This Plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can easily set “access restrictions” for existing pages, posts, and categories. By implementing a system where only logged-in users can access specific content, you can properly control the range of information disclosure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security by Data Isolation:\u003C\u002Fstrong>\u003Cbr \u002F>\nUnlike standard membership plugins, it does not store sensitive member data (names, passwords, payment info, etc.) in your WordPress database. By isolating and managing data within the secure LCK cloud environment, you can minimize security risks for your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features and Solutions:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Membership Management:\u003C\u002Fstrong> Seamless integration and stable operation with LCK cloud.\u003Cbr \u002F>\n* \u003Cstrong>Access Control:\u003C\u002Fstrong> “Members Only” settings for individual pages or entire categories.\u003Cbr \u002F>\n* \u003Cstrong>Automatic Redirect:\u003C\u002Fstrong> Automatically guides non-logged-in users to the secure login screen.\u003Cbr \u002F>\n* \u003Cstrong>No-Code Design:\u003C\u002Fstrong> Admin interface that eliminates the need to edit WordPress \u003Ccode>functions.php\u003C\u002Fcode>.\u003Cbr \u002F>\n* \u003Cstrong>High Reliability:\u003C\u002Fstrong> Provided by a registered “Telecommunications Business Operator (Notification No. E-02-04640)” with the Kinki Bureau of Telecommunications in Japan.\u003C\u002Fp>\n\u003Cp>Ideal for corporate portals, member-only media, and internal document sharing sites. It supports smooth website operation as a secure “Membership Management WordPress” solution.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Related Resources:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.lck-cloud.jp\u002F\" rel=\"nofollow ugc\">LCK cloud Official Website\u003C\u002Fa> – Service details and features.\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.lck-cloud.jp\u002Fmembership-site-creation-guide.html\" rel=\"nofollow ugc\">Membership Site Building Guide\u003C\u002Fa> – Case studies and how to build a membership site.\u003C\u002Fp>\n\u003Ch3>日本語説明\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>WordPressサイトに閲覧制限とセキュアな会員管理機能を。既存のコンテンツを「ログイン限定」へ切り替えるためのプラグインです。\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>「LCK cloud Connector」は、既存のWordPressサイトを活用して、安全な会員制サイトを構築するための公式コネクタです。\u003C\u002Fp>\n\u003Cp>\u003Cstrong>【本プラグインの主な役割】\u003C\u002Fstrong>\u003Cbr \u002F>\n特別なカスタマイズを行うことなく、固定ページ、投稿、カテゴリーに対して「閲覧制限」を設定できます。 特定のユーザーのみがログインしてアクセスできる仕組みを導入することで、情報公開の範囲を適切に制御することが可能です。\u003C\u002Fp>\n\u003Cp>\u003Cstrong>【データ隔離によるセキュリティ設計】\u003C\u002Fstrong>\u003Cbr \u002F>\n会員の個人データ（名前、パスワード、決済情報等）をWordPress側のデータベース内に保持しない設計を採用しています。 国内の専用環境（LCK cloud）でデータを隔離して一元管理する仕組みにより、サイト運営におけるセキュリティのリスクを最小限に抑えられます。\u003C\u002Fp>\n\u003Cp>\u003Cstrong>【主な機能と運用ニーズへの対応】\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>会員管理 WordPress 連携:\u003C\u002Fstrong> LCK cloudとの同期による、安定したメンバーシップ運用。\u003Cbr \u002F>\n* \u003Cstrong>閲覧制限・アクセス制御:\u003C\u002Fstrong> ページやカテゴリー単位での「ログイン限定」設定機能。\u003Cbr \u002F>\n* \u003Cstrong>認証画面への誘導:\u003C\u002Fstrong> 未ログイン者が制限ページにアクセスした際の自動リダイレクト。\u003Cbr \u002F>\n* \u003Cstrong>ノーコード設計:\u003C\u002Fstrong> \u003Ccode>functions.php\u003C\u002Fcode> などのプログラム編集をせず、管理画面から設定可能。\u003Cbr \u002F>\n* \u003Cstrong>国内データセンターの利用:\u003C\u002Fstrong> 総務省近畿総合通信局届出済みの電気通信事業者（届出番号 E-02-04640）による提供・運営。\u003C\u002Fp>\n\u003Cp>法人向けのポータルサイト、会員限定のメディア、社内用資料共有サイトなど、高い信頼性と分かりやすい「会員サイトの作り方」を必要とする環境に適しています。 セキュリティと利便性の両立を目的とした「会員管理 WordPress」のソリューションとして、円滑なサイト運営を支援します。\u003C\u002Fp>\n\u003Cp>\u003Cstrong>【関連リソース】\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.lck-cloud.jp\u002F\" rel=\"nofollow ugc\">LCK cloud 公式サイト\u003C\u002Fa> – サービスの詳細はこちら\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.lck-cloud.jp\u002Fmembership-site-creation-guide.html\" rel=\"nofollow ugc\">会員サイト構築ガイド\u003C\u002Fa> – 具体的な導入事例や会員サイトの作り方を解説\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to LCK cloud to provide membership authentication and access control services.\u003Cbr \u002F>\n– Purpose: It is used to verify the user’s membership status and control access to restricted pages or categories.\u003Cbr \u002F>\n– Data sent: During access verification, the plugin sends the following data to the LCK cloud server: Registration Number (uno), Group ID (grp), Session ID (cid\u002Flck_cloud_in), and the current Request URL (r).\u003Cbr \u002F>\n– Service provider: LCK cloud\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fwww.lck-cloud.jp\u002Fagree.html\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fwww.lck-cloud.jp\u002Fprivacy.html\u003C\u002Fp>\n","Easily restrict access to your existing WordPress pages and posts. Official connector to build secure membership sites with LCK cloud.",202,"2026-02-09T02:06:00.000Z",[107,138,139,109,140],"login-redirect","member-management","security","https:\u002F\u002Fwww.lck-cloud.jp\u002Fplugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flck-cloud-connector.1.0.6.zip",{"attackSurface":144,"codeSignals":220,"taintFlows":262,"riskAssessment":352,"analyzedAt":366},{"hooks":145,"ajaxHandlers":211,"restRoutes":217,"shortcodes":218,"cronEvents":219,"entryPointCount":28,"unprotectedCount":29},[146,153,157,160,165,168,172,176,179,182,186,190,194,198,203,208],{"type":147,"name":148,"callback":149,"priority":150,"file":151,"line":152},"action","plugins_loaded","get_instance",11,"authenticator.php",23,{"type":147,"name":154,"callback":155,"file":151,"line":156},"template_redirect","anonymous",153,{"type":147,"name":158,"callback":155,"file":151,"line":159},"admin_init",155,{"type":161,"name":162,"callback":163,"file":151,"line":164},"filter","auth_cookie_expiration","filter_cookie_lifetime",159,{"type":147,"name":158,"callback":166,"file":151,"line":167},"init_settings",161,{"type":161,"name":169,"callback":170,"file":151,"line":171},"authenticator_get_options","get_options",162,{"type":147,"name":173,"callback":174,"file":151,"line":175},"init","protect_upload",165,{"type":147,"name":173,"callback":177,"file":151,"line":178},"disable_xmlrpc",166,{"type":147,"name":173,"callback":180,"file":151,"line":181},"authenticate_rest_api",167,{"type":147,"name":183,"callback":184,"file":151,"line":185},"login_footer","remove_back_to_blog_link",169,{"type":161,"name":187,"callback":188,"file":151,"line":189},"xmlrpc_enabled","__return_false",385,{"type":147,"name":191,"callback":192,"file":151,"line":193},"rest_authentication_errors","closure",399,{"type":147,"name":173,"callback":195,"file":196,"line":197},"check_get","inc\\class-Authenticator_Protect_Upload.php",16,{"type":147,"name":199,"callback":200,"file":201,"line":202},"admin_enqueue_scripts","load_scripts","inc\\class-Authenticator_Settings_UI.php",28,{"type":147,"name":204,"callback":205,"file":206,"line":207},"show_user_profile","add_custom_profile_fields","inc\\class-Authenticator_User_Profile.php",21,{"type":147,"name":209,"callback":205,"file":206,"line":210},"edit_user_profile",22,[212],{"action":213,"nopriv":214,"callback":213,"hasNonce":215,"hasCapCheck":215,"file":201,"line":216},"regenerate_token",false,true,29,[],[],[],{"dangerousFunctions":221,"sqlUsage":222,"outputEscaping":227,"fileOperations":28,"externalRequests":29,"nonceChecks":28,"capabilityChecks":228,"bundledLibraries":261},[],{"prepared":29,"raw":28,"locations":223},[224],{"file":151,"line":225,"context":226},481,"$wpdb->get_results() with variable interpolation",{"escaped":228,"rawEcho":197,"locations":229},4,[230,234,236,238,240,242,243,244,246,247,249,251,253,255,257,259],{"file":231,"line":232,"context":233},"inc\\class-Authenticator_Settings.php",139,"raw output",{"file":231,"line":235,"context":233},140,{"file":231,"line":237,"context":233},144,{"file":231,"line":239,"context":233},150,{"file":231,"line":241,"context":233},151,{"file":231,"line":159,"context":233},{"file":231,"line":171,"context":233},{"file":231,"line":245,"context":233},163,{"file":231,"line":181,"context":233},{"file":231,"line":248,"context":233},186,{"file":231,"line":250,"context":233},244,{"file":231,"line":252,"context":233},245,{"file":231,"line":254,"context":233},269,{"file":231,"line":256,"context":233},270,{"file":201,"line":258,"context":233},104,{"file":206,"line":260,"context":233},58,[],[263,281,297,307,318,326,340],{"entryPoint":264,"graph":265,"unsanitizedCount":28,"severity":280},"_exit_403 (authenticator.php:442)",{"nodes":266,"edges":278},[267,272],{"id":268,"type":269,"label":270,"file":151,"line":271},"n0","source","$_SERVER",444,{"id":273,"type":274,"label":275,"file":151,"line":276,"wp_function":277},"n1","sink","header() [Header Injection]",447,"header",[279],{"from":268,"to":273,"sanitized":214},"medium",{"entryPoint":282,"graph":283,"unsanitizedCount":28,"severity":280},"check_get (inc\\class-Authenticator_Protect_Upload.php:24)",{"nodes":284,"edges":294},[285,288,291],{"id":268,"type":269,"label":286,"file":196,"line":287},"$_GET['file']",27,{"id":273,"type":289,"label":290,"file":196,"line":287},"transform","→ get_file()",{"id":292,"type":274,"label":275,"file":196,"line":293,"wp_function":277},"n2",146,[295,296],{"from":268,"to":273,"sanitized":214},{"from":273,"to":292,"sanitized":214},{"entryPoint":298,"graph":299,"unsanitizedCount":28,"severity":280},"\u003Cclass-Authenticator_Protect_Upload> (inc\\class-Authenticator_Protect_Upload.php:0)",{"nodes":300,"edges":304},[301,302,303],{"id":268,"type":269,"label":286,"file":196,"line":287},{"id":273,"type":289,"label":290,"file":196,"line":287},{"id":292,"type":274,"label":275,"file":196,"line":293,"wp_function":277},[305,306],{"from":268,"to":273,"sanitized":214},{"from":273,"to":292,"sanitized":214},{"entryPoint":308,"graph":309,"unsanitizedCount":28,"severity":280},"auth_required (inc\\class-HTTP_Auth.php:101)",{"nodes":310,"edges":316},[311,314],{"id":268,"type":269,"label":270,"file":312,"line":313},"inc\\class-HTTP_Auth.php",103,{"id":273,"type":274,"label":275,"file":312,"line":315,"wp_function":277},109,[317],{"from":268,"to":273,"sanitized":214},{"entryPoint":319,"graph":320,"unsanitizedCount":28,"severity":280},"\u003Cclass-HTTP_Auth> (inc\\class-HTTP_Auth.php:0)",{"nodes":321,"edges":324},[322,323],{"id":268,"type":269,"label":270,"file":312,"line":313},{"id":273,"type":274,"label":275,"file":312,"line":315,"wp_function":277},[325],{"from":268,"to":273,"sanitized":214},{"entryPoint":327,"graph":328,"unsanitizedCount":29,"severity":339},"redirect (authenticator.php:248)",{"nodes":329,"edges":337},[330,333],{"id":268,"type":269,"label":331,"file":151,"line":332},"$_SERVER['REQUEST_URI']",294,{"id":273,"type":274,"label":334,"file":151,"line":335,"wp_function":336},"wp_redirect() [Open Redirect]",293,"wp_redirect",[338],{"from":268,"to":273,"sanitized":215},"low",{"entryPoint":341,"graph":342,"unsanitizedCount":29,"severity":339},"\u003Cauthenticator> (authenticator.php:0)",{"nodes":343,"edges":349},[344,345,346,347],{"id":268,"type":269,"label":331,"file":151,"line":332},{"id":273,"type":274,"label":334,"file":151,"line":335,"wp_function":336},{"id":292,"type":269,"label":270,"file":151,"line":271},{"id":348,"type":274,"label":275,"file":151,"line":276,"wp_function":277},"n3",[350,351],{"from":268,"to":273,"sanitized":215},{"from":292,"to":348,"sanitized":215},{"summary":353,"deductions":354},"The Authenticator plugin v1.3.1 exhibits a mixed security posture.  While it has a small attack surface and implements a reasonable number of capability checks and a nonce check, there are significant concerns stemming from its code analysis and vulnerability history.  The static analysis reveals that 100% of its SQL queries are not using prepared statements, which is a critical vulnerability vector for SQL injection.  Furthermore, a concerning 71% of analyzed taint flows have unsanitized paths, indicating potential for insecure data handling and path traversal issues, although no critical or high severity taint flows were specifically identified in this scan. The vulnerability history highlights a past high-severity vulnerability related to missing authorization, which is a common and dangerous class of flaws.  The fact that this high-severity vulnerability is now patched is positive, but the historical pattern of such issues warrants caution.  Overall, the plugin has strengths in limiting its direct attack surface, but the lack of prepared statements for SQL and the past authorization issues suggest that careful review and potential remediation are necessary to improve its security.",[355,357,360,363],{"reason":356,"points":64},"100% of SQL queries are not prepared",{"reason":358,"points":359},"5 out of 7 taint flows have unsanitized paths",7,{"reason":361,"points":362},"Past high severity vulnerability (missing authorization)",15,{"reason":364,"points":365},"Only 20% of outputs are properly escaped",6,"2026-03-16T18:42:28.099Z",{"wat":368,"direct":381},{"assetPaths":369,"generatorPatterns":374,"scriptPaths":375,"versionParams":376},[370,371,372,373],"\u002Fwp-content\u002Fplugins\u002Fauthenticator\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fauthenticator\u002Fcss\u002Fadmin-layout.css","\u002Fwp-content\u002Fplugins\u002Fauthenticator\u002Fcss\u002Fsettings.css","\u002Fwp-content\u002Fplugins\u002Fauthenticator\u002Fjs\u002Fadmin.js",[],[373],[377,378,379,380],"authenticator\u002Fcss\u002Fadmin.css?ver=","authenticator\u002Fcss\u002Fadmin-layout.css?ver=","authenticator\u002Fcss\u002Fsettings.css?ver=","authenticator\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":382,"htmlComments":384,"htmlAttributes":387,"restEndpoints":389,"jsGlobals":391,"shortcodeOutput":393},[383],"authenticator-settings-wrap",[385,386],"BEGIN: Authenticator Plugin","END: Authenticator Plugin",[388],"data-authenticator-nonce",[390],"\u002Fwp-json\u002Fauthenticator\u002Fv1\u002Fsettings",[392],"authenticator_admin_params",[]]