[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7z1L4_my1vLC4_ytJdo0zQeLx7YFlWL7Qb9YQuS0M3Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":52,"analysis":154,"fingerprints":214},"auto-login-when-resister","Enable\u002FDisable Auto Login when Register","1.0.0","Aftab Husain","https:\u002F\u002Fprofiles.wordpress.org\u002Famu02aftab\u002F","\u003Cp>The plugin provides feature to enable\u002Fdisable auto login when user register\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Feature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable \u002Fdisable auto login from admin\u003C\u002Fli>\n\u003C\u002Ful>\n","The plugin provides feature to enable\u002Fdisable auto login when user register",300,9887,100,3,"2022-07-25T05:48:00.000Z","6.0.11","3.5.0","",[20,21,22],"auto-login-after-registration","registration","signup","https:\u002F\u002Faftabhusain.wordpress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-login-when-resister.zip",64,1,"2023-04-17 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2023-0522","enabledisable-auto-login-when-register-cross-site-request-forgery","Enable\u002FDisable Auto Login when Register \u003C= 1.1.0 Cross-Site Request Forgery","The Enable\u002FDisable Auto Login when Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation when updating plugin settings. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.1.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1fa45fa7-b1da-42f0-945b-2a6b0db5ba91?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"amu02aftab",5,2590,75,30,77,"2026-04-04T14:21:29.105Z",[53,75,99,117,136],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":13,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":71,"download_link":72,"security_score":73,"vuln_count":74,"unpatched_count":74,"last_vuln_date":35,"fetched_at":28},"allow-multiple-accounts","Allow Multiple Accounts","3.0.4","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>Allow multiple user accounts to be created, registered, and updated having the same email address.\u003C\u002Fp>\n\u003Cp>By default, WordPress only allows a specific email address to be used for a single user account. This plugin removes that restriction.\u003C\u002Fp>\n\u003Cp>The plugin’s settings page (accessed via Users -> Multiple Accounts or via the Settings link next to the plugin on the Manage Plugins page) provides the ability to allow only certain email addresses the ability to have multiple accounts (such as if you only want admins to have that ability; by default all email addresses can be used more than once). You may also specify a limit to the number of accounts an email address can have (by default there is no limit).\u003C\u002Fp>\n\u003Cp>The settings page also provides a table listing all user accounts that share email addresses (see screenshot).\u003C\u002Fp>\n\u003Cp>Compatible with Multisite and BuddyPress as well.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fallow-multiple-accounts\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fallow-multiple-accounts\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Template Tags\u003C\u002Fh3>\n\u003Cp>The plugin provides three optional template tags for use in your theme templates.\u003C\u002Fp>\n\u003Ch4>Functions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>\u003C?php c2c_count_multiple_accounts( $email ); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Returns a count of the number of users associated with the given email.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u003C?php c2c_get_users_by_email( $email ); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Returns the users associated with the given email.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u003C?php c2c_has_multiple_accounts( $email ); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Returns a boolean indicating if the given email is associated with more than one user account.\u003C\u002Fp>\n\u003Ch4>Arguments\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>$email\u003C\u002Fcode> (string)\u003Cbr \u002F>\nAn email address.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>The plugin exposes three filters for hooking. Typically, customizations utilizing these hooks would be put into your active theme’s functions.php file, or used by another plugin.\u003C\u002Fp>\n\u003Ch4>c2c_count_multiple_accounts (filter)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_count_multiple_accounts’ hook allows you to use an alternative approach to safely invoke \u003Ccode>c2c_count_multiple_accounts()\u003C\u002Fcode> in such a way that if the plugin were deactivated or deleted, then your calls to the function won’t cause errors in your site.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>same as for \u003Ccode>c2c_count_multiple_accounts()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>Instead of:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo c2c_count_multiple_accounts( $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Do:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo apply_filters( 'c2c_count_multiple_accounts', $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>c2c_get_users_by_email (filter)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_get_users_by_email’ hook allows you to use an alternative approach to safely invoke \u003Ccode>c2c_get_users_by_email()\u003C\u002Fcode> in such a way that if the plugin were deactivated or deleted, then your calls to the function won’t cause errors in your site.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>same as for \u003Ccode>c2c_get_users_by_email()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>Instead of:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo c2c_get_users_by_email( $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Do:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo apply_filters( 'c2c_get_users_by_email', $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>c2c_has_multiple_accounts (filter)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_has_multiple_accounts’ hook allows you to use an alternative approach to safely invoke \u003Ccode>c2c_has_multiple_accounts()\u003C\u002Fcode> in such a way that if the plugin were deactivated or deleted, then your calls to the function won’t cause errors in your site.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>same as for \u003Ccode>c2c_has_multiple_accounts()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>Instead of:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo c2c_has_multiple_accounts( $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Do:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo apply_filters( 'c2c_has_multiple_accounts', $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Allow multiple user accounts to be created, registered, and updated having the same email address.",10000,79839,22,"2017-11-28T17:31:00.000Z","4.2.39","3.6",[68,69,70,21,22],"account","email","multiple-accounts","http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fallow-multiple-accounts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fallow-multiple-accounts.3.0.4.zip",85,0,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":97,"download_link":98,"security_score":13,"vuln_count":74,"unpatched_count":74,"last_vuln_date":35,"fetched_at":28},"customer-email-verification-for-woocommerce","Customer Email Verification for WooCommerce","2.6.9","Zorem","https:\u002F\u002Fprofiles.wordpress.org\u002Fzorem\u002F","\u003Cp>Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🔑 OTP-Based Email Verification:\u003C\u002Fstrong> Customers must verify their email with an OTP before completing registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📩 Email Verification Popup:\u003C\u002Fstrong> The verification popup appears instantly after entering an email address and clicking the verify button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>❌ No Account Creation Without Verification:\u003C\u002Fstrong> Users cannot create an account unless they verify their email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Customizable Verification Popup:\u003C\u002Fstrong> Modify the popup’s design and messages to match your brand.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>✉️ Customizable Verification Email:\u003C\u002Fstrong> Customize the OTP email template, subject, and message.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Resend OTP Option:\u003C\u002Fstrong> Customers can resend the OTP if they didn’t receive the initial email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Admin Verification Control:\u003C\u002Fstrong> View and manage email verification statuses from the WordPress admin panel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔓 Role-Based Verification Skipping:\u003C\u002Fstrong> Skip email verification for selected user roles. Redirect users to any page after successful email verification.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>Customer Email Verification for WooCommerce is built to integrate smoothly with plugins that follow WooCommerce’s standard registration and checkout templates. It also works with various social media login plugins, providing flexibility and convenience for users.\u003C\u002Fp>\n\u003Cp>The following plugins have been tested and confirmed to be fully compatible:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout WC\u003C\u002Fli>\n\u003Cli>WooCommerce Social Login\u003C\u002Fli>\n\u003Cli>Nextend Social Login and Register\u003C\u002Fli>\n\u003Cli>WooCommerce Memberships\u003C\u002Fli>\n\u003Cli>WooCommerce Checkout & Funnel Builder by CartFlows\u003C\u002Fli>\n\u003Cli>Affiliate For WooCommerce\u003C\u002Fli>\n\u003Cli>Smart Manager\u003C\u002Fli>\n\u003Cli>Cashier\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a complete list of compatible plugins and more details, please visit our \u003Ca href=\"https:\u002F\u002Fdocs.zorem.com\u002Fdocs\u002Fcustomer-email-verification-pro\u002Fcompatibility\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>We also offer a Pro version!\u003C\u002Fh3>\n\u003Ch3>Customer Email Verification PRO\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>📦 OTP Verification for Checkout:\u003C\u002Fstrong> Enforce email verification for guest users before completing a purchase.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛍️ Enable Checkout Verification:\u003C\u002Fstrong> Choose to verify emails on the cart page or only for free orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔢 OTP Length Customization:\u003C\u002Fstrong> Select between 4-digit or 6-digit OTP codes for verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⏳ OTP Expiration Control:\u003C\u002Fstrong> Set expiration time for OTPs (e.g., 72 hours) to enhance security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Verification Email Resend Limit:\u003C\u002Fstrong> Restrict the number of OTP resend attempts to prevent abuse.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Login Authentication Options:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Notify users when they log in from a new device or browser.\u003C\u002Fli>\n\u003Cli>Require OTP verification for logins from an unrecognized device, location, or after a set period.\u003C\u002Fli>\n\u003Cli>Define specific conditions for unrecognized logins, such as logging in from a new device or a location not used before.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Advanced Customization:\u003C\u002Fstrong> More control over email templates and verification popups.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fcustomer-email-verification\u002F\" rel=\"nofollow ugc\">Get CEV PRO >\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Other Plugins by zorem\u003C\u002Fh3>\n\u003Cp>Optimize your WooCommerce store with our plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fwoocommerce-advanced-shipment-tracking\u002F\" rel=\"nofollow ugc\">Advanced Shipment Tracking Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-local-pickup-pro\u002F\" rel=\"nofollow ugc\">Zorem Local Pickup Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsms-for-woocommerce\u002F\" rel=\"nofollow ugc\">SMS for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fcountry-based-restriction-for-woocommerce\u002F\" rel=\"nofollow ugc\">Country Based Restriction for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsales-by-country-for-woocommerce\u002F\" rel=\"nofollow ugc\">Sales By Country for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-returns\u002F\" rel=\"nofollow ugc\">Zorem Returns\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Femail-reports-for-woocommerce\u002F\" rel=\"nofollow ugc\">Email Reports for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fview-as-customer-for-woocommerce\u002F\" rel=\"nofollow ugc\">View as Customer for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore more at \u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002F\" rel=\"nofollow ugc\">zorem.com\u003C\u002Fa>\u003C\u002Fp>\n","Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.",2000,62784,88,19,"2026-02-17T05:37:00.000Z","6.9.4","5.3","7.2",[92,93,94,95,96],"customer-verification","email-address-verification","registration-verification","woocommerce","woocommerce-signup-spam","https:\u002F\u002Fwww.zorem.com\u002Fproducts\u002Fcustomer-email-verification-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomer-email-verification-for-woocommerce.2.6.9.zip",{"slug":100,"name":101,"version":102,"author":57,"author_profile":58,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":115,"download_link":116,"security_score":73,"vuln_count":74,"unpatched_count":74,"last_vuln_date":35,"fetched_at":28},"restrict-usernames","Restrict Usernames","3.7","\u003Cp>This plugin allows you to restrict the usernames that new users may use when registering for your site.\u003C\u002Fp>\n\u003Cp>If open registration is enabled for your site (via Settings -> General -> Membership (“Anyone can register”)), WordPress allows visitors to register for an account on your blog. By default, any username they choose is allowed so long as it isn’t an already existing account and it doesn’t include invalid (i.e. non-alphanumeric) characters.\u003C\u002Fp>\n\u003Cp>Possible reasons for wanting to restrict certain usernames:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent usernames that contain foul, offensive, or otherwise undesired words\u003C\u002Fli>\n\u003Cli>Prevent squatting on usernames that you may want to use in the future (but don’t want to actually create the account for just yet) (essentially placing a hold on the username)\u003C\u002Fli>\n\u003Cli>Prevent official-sounding usernames from being used (i.e. help, support, pr, info, sales)\u003C\u002Fli>\n\u003Cli>Prevent official username syntax from being used (i.e. if all of your administrators use a prefix to identify themselves, you don’t want a visitor to use that prefix)\u003C\u002Fli>\n\u003Cli>Prevent spaces from being used in a username (which WordPress allows by default)\u003C\u002Fli>\n\u003Cli>Require that a username starts with, ends with, or contain one of a set of substrings (i.e. “support_”, “admin_”)\u003C\u002Fli>\n\u003Cli>Require a minimum number of characters for usernames\u003C\u002Fli>\n\u003Cli>Limit usernames to a maximum number of characters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When attempting to register with a restricted username, the visitor will be given an error notice that says:\u003Cbr \u002F>\nERROR: This username is invalid. Please enter a valid username.\u003C\u002Fp>\n\u003Cp>NOTE: This plugin does not put any restrictions on usernames that the admin chooses for users when creating user accounts from within the WordPress admin. This only restricts the names that users choose themselves when registering for your site.\u003C\u002Fp>\n\u003Cp>SPECIAL NOTE: Many membership plugins implement their own user registration handling that often bypasses checks (and hooks) performed by WordPress. As such, it is unlikely that the plugin is compatible with them without special plugin-specific amendments.\u003C\u002Fp>\n\u003Cp>Compatible with Multisite and BuddyPress as well.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Frestrict-usernames\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frestrict-usernames\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Frestrict-usernames\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>The plugin exposes one filter for hooking. Typically, customizations utilizing this hook would be put into your active theme’s functions.php file, or used by another plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>c2c_restrict_usernames-validate (filter)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The ‘c2c_restrict_usernames-validate’ hook allows you to add your own customized checks for the username being registered. You can add additional restrictions or override the assessment performed by the plugin.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$valid (boolean): The assessment by the plugin about the validity of the username based on settings. True means username can be used.\u003C\u002Fli>\n\u003Cli>$username (string): The username being registered.\u003C\u002Fli>\n\u003Cli>$settings (array): The plugin’s settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F**\n * Add custom checks on usernames.\n *\n * Specifically, prevent use of usernames ending in numbers.\n *\n * @param bool   $valid    True if the username is valid, false if not.\n * @param string $username The username.\n * @param array  $options  Plugin options.\n *\u002F\nfunction my_restrict_usernames_check( $valid, $username, $options ) {\n    \u002F\u002F Only do additional checking if the plugin has already performed its\n    \u002F\u002F checks and deemed the username valid.\n    if ( $valid ) {\n        \u002F\u002F Don't allow usernames to end in numbers.\n        if ( preg_match( '\u002F[0-9]+$\u002F', $username ) ) {\n            $valid = false;\n        }\n    }\n    return $valid;\n}\nadd_filter( 'c2c_restrict_usernames-validate', 'my_restrict_usernames_check', 10, 3 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Restrict the usernames that new users may use when registering for your site.",24271,72,14,"2018-06-21T05:36:00.000Z","4.9.29","4.7",[21,112,22,113,114],"restrictions","username","users","http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Frestrict-usernames\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-usernames.3.7.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":125,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":18,"download_link":135,"security_score":73,"vuln_count":74,"unpatched_count":74,"last_vuln_date":35,"fetched_at":28},"simple-subscriber-signup-widget","Simple Subscriber Signup Widget","1.0.1","miocene22","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiocene22\u002F","\u003Cp>This simple plugin gives you the wonderful benefit of a really simple signup widget for your WordPress site to allow you to accept signups to your blog. The signup works over AJAX so no leaving the page. Registration attempts are responded to with a confirmation or error message. All input is sanitized and validated using native WordPress methods.\u003C\u002Fp>\n\u003Cp>Those who register will be added straight to the subscribers list and given a randomly-generated password (which they can change via WordPress’s password recovery if they choose).\u003C\u002Fp>\n\u003Cp>This is great for exporting the list for use on mailing services like MailChimp or in conjunction with another WordPress plugin to update your subscribers via email.\u003C\u002Fp>\n\u003Cp>The widget is marked-up for Bootstrap 3 and also utilises a Font Awesome spinner icon although you can apply your own CSS as desired and these packages are not required.\u003C\u002Fp>\n\u003Cp>You can set whether to accept a name along with email. If you opt to hide the name field then the username will be derived from the email address.\u003C\u002Fp>\n","A simple plugin to allow visitors to submit their email and name and be added to the subscribers list",80,5431,2,"2014-04-17T09:29:00.000Z","3.7.41","3.0.1",[132,21,22,133,134],"register","subscribe","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-subscriber-signup-widget.zip",{"slug":20,"name":137,"version":6,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":13,"num_ratings":26,"last_updated":144,"tested_up_to":145,"requires_at_least":17,"requires_php":18,"tags":146,"homepage":150,"download_link":151,"security_score":152,"vuln_count":26,"unpatched_count":26,"last_vuln_date":153,"fetched_at":28},"Auto Login After Registration","Cynob IT Consultancy","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetattingo-technologies\u002F","\u003Cp>This plugin allows users to easily add a simple user registration form and login form  anywhere on their site using simple shortcode.\u003Cbr \u002F>\nAnd provide setting to ‘Auto Login After Registration’.\u003C\u002Fp>\n\u003Cp>Follow the follwing steps –\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Upload the folder “auto-login-after-registration” to “\u002Fwp-content\u002Fplugins\u002F”\u003C\u002Fli>\n\u003Cli>Activate the plugin through the “Plugins” menu in WordPress\u003C\u002Fli>\n\u003Cli>Enable\u002F disable ‘Auto Login After Registration’ setting by going WP-admin ->Auto Login after Register \u003C\u002Fli>\n\u003Cli>\n\u003Cp>For registrtion form use below shortcode\u003C\u002Fp>\n\u003Cp>[registration-form]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For login form use below  shortcode\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[login-form]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This plugin allows users to easily add a simple user registration form and login form  anywhere on their site using simple shortcode.",50,7007,"2016-08-20T05:08:00.000Z","4.6.30",[147,21,148,22,149],"login","registration-form","user-registartion","http:\u002F\u002Fwww.netattingo.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-login-after-registration.zip",63,"2025-07-08 00:00:00",{"attackSurface":155,"codeSignals":171,"taintFlows":178,"riskAssessment":199,"analyzedAt":213},{"hooks":156,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":74,"unprotectedCount":74},[157,163],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","admin_menu","aft_options_menu","auto-login-when-resister.php",21,{"type":158,"name":164,"callback":165,"file":161,"line":166},"user_register","alwr_auto_user_auto_log_in",51,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":74,"externalRequests":74,"nonceChecks":74,"capabilityChecks":74,"bundledLibraries":177},[],{"prepared":74,"raw":74,"locations":174},[],{"escaped":14,"rawEcho":74,"locations":176},[],[],[179],{"entryPoint":180,"graph":181,"unsanitizedCount":26,"severity":198},"\u003Cauto_login_when_register_setting> (pages\\auto_login_when_register_setting.php:0)",{"nodes":182,"edges":195},[183,189],{"id":184,"type":185,"label":186,"file":187,"line":188},"n0","source","$_POST","pages\\auto_login_when_register_setting.php",11,{"id":190,"type":191,"label":192,"file":187,"line":193,"wp_function":194},"n1","sink","update_option() [Settings Manipulation]",16,"update_option",[196],{"from":184,"to":190,"sanitized":197},false,"low",{"summary":200,"deductions":201},"The \"auto-login-when-resister\" plugin v1.0.0 exhibits a mixed security posture. On the positive side, static code analysis reveals no dangerous functions, all SQL queries use prepared statements, and all identified outputs are properly escaped. There are also no file operations or external HTTP requests, and no bundled libraries, which minimizes certain attack vectors. However, the complete absence of nonce checks and capability checks across all entry points is a significant concern, as it implies that any potential functionality could be triggered without proper authorization.\n\nThe taint analysis shows one flow with unsanitized paths, although it is not rated as critical or high severity. This could still indicate a potential weakness depending on the nature of the unsanitized path. The most concerning aspect is the plugin's vulnerability history, which includes one unpatched medium severity CVE related to Cross-Site Request Forgery (CSRF). This suggests that the plugin has had known security flaws in the past, and one of them remains unaddressed, making it a target for attackers.\n\nIn conclusion, while the plugin demonstrates good practices in certain areas of code hygiene, the lack of authorization checks and the presence of an unpatched CSRF vulnerability present significant risks. Users should be aware of these potential weaknesses and consider the implications before deploying this plugin, especially on sensitive websites.",[202,205,208,211],{"reason":203,"points":204},"Unpatched Medium Severity CVE",15,{"reason":206,"points":207},"Flow with unsanitized paths (Taint Analysis)",8,{"reason":209,"points":210},"Missing nonce checks on all entry points",10,{"reason":212,"points":210},"Missing capability checks on all entry points","2026-03-16T20:07:29.582Z",{"wat":215,"direct":220},{"assetPaths":216,"generatorPatterns":217,"scriptPaths":218,"versionParams":219},[],[],[],[],{"cssClasses":221,"htmlComments":222,"htmlAttributes":223,"restEndpoints":224,"jsGlobals":225,"shortcodeOutput":226},[],[],[],[],[],[]]