[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYHlo4i4V3AaWVWOdJEYW7q1CdDkdu7FlJMrjYIhhANc":3,"$fucGBfGWdg3C3vtRGv_NRViQyAGKfg7P8AOsObWpnJWk":253,"$fvCdcVnjdkZJ5CKlvZjWRe-PG8C3ZsJnBdecXQv2h_yk":258},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":39,"analysis":130,"fingerprints":226},"better-passwords","Better Passwords","1.8","bettersecurity","https:\u002F\u002Fprofiles.wordpress.org\u002Fbettersecurity\u002F","\u003Cp>This plugin sets a default minimum password length of 10 characters, to ensure that passwords are suitably long that they are hard to guess.  However, it does not insist on any complexity rules, such as digits and special characters, as length is the most important thing when making a password hard to guess.\u003C\u002Fp>\n\u003Cp>This plugin uses Troy Hunt’s \u003Ca href=\"https:\u002F\u002Fhaveibeenpwned.com\u002FPasswords\" rel=\"nofollow ugc\">Pwned Passwords API\u003C\u002Fa> in order to check a user’s potential password against a corpus of breached passwords.\u003C\u002Fp>\n\u003Cp>The password itself is never sent to any third party, only a partial hash is sent. This means that the password entered will always be private.\u003C\u002Fp>\n\u003Cp>As an added bonus, this plugin also upgrades the hashing algorithm used when storing your password in the database. This is a secure one-way hash created using the \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FBcrypt\" rel=\"nofollow ugc\">Bcrypt\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FArgon2\" rel=\"nofollow ugc\">Argon2\u003C\u002Fa> algorithm.\u003C\u002Fp>\n","Stop use of a bad passwords, including those in the Have I Been Pwned? breached password database",200,39595,100,3,"2024-09-28T09:41:00.000Z","6.6.5","4.0","7.0",[20,21,22,23,24],"better","haveibeenpwned","passwords","pwned","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.zip",92,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},5,440,30,88,"2026-05-19T23:56:21.510Z",[40,62,80,100,116],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":25,"tags":55,"homepage":59,"download_link":60,"security_score":61,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wc-password-strength-settings","Password Strength Settings for WooCommerce","3.0.1","Danny Santoro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielsantoro\u002F","\u003Cp>Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.\u003C\u002Fp>\n\u003Ch3>What does this plugin do?\u003C\u002Fh3>\n\u003Cp>WooCommerce has an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between five password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielSantoro\u002Fwc-password-strength-settings\u002Fwiki\u002FHow-Password-Strength-is-Determined\" rel=\"nofollow ugc\">please read the documentation here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s New?\u003C\u002Fh4>\n\u003Cp>Version 3.0.0 is a bit of a rewrite to bring the plugin up to modern coding standards. Functionality should not be impacted, but if it is, please reach out on the support forums.\u003C\u002Fp>\n\u003Cp>Version 3.0.1 is simply a hotfix declaring compatibility with WooCommerce HPOS. Since this plugin doesn’t touch anything with the orders or order metadata, it shouldn’t be impacted at all. \u003Cem>However\u003C\u002Fem>, if you notice any issues then please reach out via the contact form on my website.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – \u003Cem>especially\u003C\u002Fem> for administrators!\u003C\u002Fp>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to remove “- Please enter a stronger password.” that is added by WordPress.\u003C\u002Fli>\n\u003Cli>Nothing else at the moment, but let me know if you have any ideas.\u003C\u002Fli>\n\u003C\u002Ful>\n","Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.",10000,177306,90,24,"2023-10-11T20:51:00.000Z","6.3.8","5.8",[56,22,24,57,58],"accounts","users","woocommerce","https:\u002F\u002Fdanielsantoro.com\u002Fproject\u002Fwoocommerce-password-strength-settings-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-password-strength-settings.zip",85,{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":34,"last_updated":73,"tested_up_to":74,"requires_at_least":17,"requires_php":75,"tags":76,"homepage":25,"download_link":79,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,58543,84,"2026-02-17T09:27:00.000Z","6.9.4","8.1",[77,78,22,24,57],"login","membership","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":13,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":25,"download_link":99,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"passwords-evolved","Passwords Evolved","1.4.0","Carl Alexander","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarlalexander\u002F","\u003Cp>\u003Cstrong>Important Notice:\u003C\u002Fstrong> This plugin is no longer supported on wordpress.org. Please open issues on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcarlalexander\u002Fpasswords-evolved\u002Fissues\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The goal of this plugin is to shore up the WordPress authentication using standard security practice recommendations. At this time, the plugin improves WordPress authentication by doing the following:\u003C\u002Fp>\n\u003Ch4>Enforcing uncompromised passwords\u003C\u002Fh4>\n\u003Cp>This plugin prevents someone from using passwords that have appeared in data breaches. Whenever someone logs into a WordPress site, it’ll verify their password using the \u003Ca href=\"https:\u002F\u002Fhaveibeenpwned.com\u002FAPI\u002Fv2\" rel=\"nofollow ugc\">Have I been pwned? API\u003C\u002Fa>. If their password appeared in a data breach, the plugin will prevent them from logging in until they reset their password.\u003C\u002Fp>\n\u003Cp>By default, this level of enforcement is only done on an account that has the “\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FRoles_and_Capabilities#Administrator\" rel=\"nofollow ugc\">administrator\u003C\u002Fa>” role. You can change which roles have their passwords enforced from the settings page. For people that have a role where there’s no password enforcement, the plugin will show a warning when they log in with a compromised password.\u003C\u002Fp>\n\u003Cp>The enforcement of uncompromised password also extends to when someone resets or changes their password. That said, in those situations, using an uncompromised password is mandatory. Someone will never be able to reset or change their password to one that’s appeared in a security breach. (As long as the plugin is able to contact the API.)\u003C\u002Fp>\n\u003Ch4>Using stronger password hashing\u003C\u002Fh4>\n\u003Cp>The plugin also encrypts passwords using either the \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FBcrypt\" rel=\"nofollow ugc\">bcrypt\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FArgon2\" rel=\"nofollow ugc\">Argon2\u003C\u002Fa> hashing functions. These are the strongest hashing functions available in PHP. Argon2 is available natively starting with PHP 7.2, but the plugin can also encrypt passwords on older PHP versions using the \u003Ca href=\"https:\u002F\u002Flibsodium.org\" rel=\"nofollow ugc\">libsodium\u003C\u002Fa> compatibility layer introduced in WordPress 5.2.\u003C\u002Fp>\n\u003Cp>You don’t have to do anything to convert your password hash to a stronger encryption standard. The plugin will take care of converting it the next time that you log in after installing the plugin. If you decide to remove the plugin, your password will continue working and remain encrypted until you reset it.\u003C\u002Fp>\n\u003Cp>It’s also worth noting that using a stronger hashing function is only important in the advent of a data breach. A stronger password hashing function makes decrypting the passwords from the data breach a lot harder to do. This combined with the enforcement of uncompromised passwords will help ensure that those passwords are never decrypted. (Or at least without significant effort.)\u003C\u002Fp>\n","A reimagining of WordPress authentication using modern security practices.",2000,26683,2,"2025-03-23T02:54:00.000Z","6.8.0","5.2","5.6",[96,97,98,24],"authentication","have-i-been-pwned","password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpasswords-evolved.1.4.0.zip",{"slug":101,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":13,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":25,"tags":113,"homepage":114,"download_link":115,"security_score":61,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-bcrypt","1.0.1","harrym","https:\u002F\u002Fprofiles.wordpress.org\u002Fharrym\u002F","\u003Cp>WordPress uses phpass to store passwords. Because WordPress has to work everywere, it uses the portable version of phpass,\u003Cbr \u002F>\nwhich uses MD5 to hash passwords. MD5 is not a very good hashing algorithm for passwords, because it’s relatively fast.\u003C\u002Fp>\n\u003Cp>This plugin switches over to bcrypt, which is the algorithm recommended by phpass, and is a much better option for password\u003Cbr \u002F>\nstorage because it is much slower to produce. This makes it much harder for an attacker who’s managed to access your hashed\u003Cbr \u002F>\npasswords to obtain plain text passwords by brute-forcing, or by trying passwords from a dictionary.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: this plugin requires PHP 5.3.0 or newer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Be aware that if you use this plugin and then move to a host that does not support bcrypt, you will need to reset any user\u003Cbr \u002F>\naccount that you want to log in with.\u003C\u002Fp>\n","wp bcrypt switches WordPress's password hashes from MD5 to bcrypt, making it harder for them to be brute-forced if they are leaked.",300,13973,4,"2014-06-05T15:25:00.000Z","3.9.40","3.4",[22,24],"http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-bcrypt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-bcrypt.1.0.1.zip",{"slug":117,"name":118,"version":119,"author":7,"author_profile":8,"description":120,"short_description":121,"active_installs":13,"downloaded":122,"rating":13,"num_ratings":123,"last_updated":15,"tested_up_to":16,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":25,"download_link":129,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"better-headers","Better Headers","2.1","\u003Cp>This plugin does not make any changes to your server configuration, such as the .htaccess file, but instead sends the headers as part of the WordPress page response.  The reason for this is that many of them are not valid for assets such as stylesheets and images, but are sent anyway if the server configuration method is used.\u003C\u002Fp>\n\u003Cp>Unlike many security plugins, these headers are also sent for your admin panel, where security is arguably the most important.\u003C\u002Fp>\n\u003Cp>Headers that can be set include…\u003Cbr \u002F>\n* Feature-Policy\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* Strict-Transport-Security\u003Cbr \u002F>\n* X-Frame-Options\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* X-XSS-Protection\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* Expect-CT\u003C\u002Fp>\n","Improve the security of your website by easily setting HTTP response headers to enable browser protection",3004,1,"5.0",[20,126,127,128,24],"headers","options","policy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-headers.zip",{"attackSurface":131,"codeSignals":159,"taintFlows":184,"riskAssessment":212,"analyzedAt":225},{"hooks":132,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":28,"unprotectedCount":28},[133,139,142,147,151],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","validate_password_reset","better_pass_validate","better-passwords.php",77,{"type":134,"name":140,"callback":136,"file":137,"line":141},"user_profile_update_errors",78,{"type":143,"name":144,"callback":145,"file":137,"line":146},"filter","whitelist_options","closure",98,{"type":134,"name":148,"callback":149,"file":137,"line":150},"admin_menu","better_pass_menus",226,{"type":134,"name":152,"callback":153,"file":137,"line":154},"admin_init","better_pass_settings",227,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":28,"externalRequests":123,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":183},[],{"prepared":90,"raw":28,"locations":162},[],{"escaped":90,"rawEcho":164,"locations":165},8,[166,169,171,173,175,177,179,181],{"file":137,"line":167,"context":168},109,"raw output",{"file":137,"line":170,"context":168},113,{"file":137,"line":172,"context":168},115,{"file":137,"line":174,"context":168},118,{"file":137,"line":176,"context":168},121,{"file":137,"line":178,"context":168},194,{"file":137,"line":180,"context":168},205,{"file":137,"line":182,"context":168},209,[],[185,204],{"entryPoint":186,"graph":187,"unsanitizedCount":123,"severity":203},"better_pass_validate (better-passwords.php:22)",{"nodes":188,"edges":200},[189,194],{"id":190,"type":191,"label":192,"file":137,"line":193},"n0","source","$_POST",35,{"id":195,"type":196,"label":197,"file":137,"line":198,"wp_function":199},"n1","sink","wp_remote_get() [SSRF]",52,"wp_remote_get",[201],{"from":190,"to":195,"sanitized":202},false,"medium",{"entryPoint":205,"graph":206,"unsanitizedCount":123,"severity":203},"\u003Cbetter-passwords> (better-passwords.php:0)",{"nodes":207,"edges":210},[208,209],{"id":190,"type":191,"label":192,"file":137,"line":193},{"id":195,"type":196,"label":197,"file":137,"line":198,"wp_function":199},[211],{"from":190,"to":195,"sanitized":202},{"summary":213,"deductions":214},"The \"better-passwords\" plugin version 1.8 exhibits a generally strong security posture with several positive indicators. The static analysis reveals no dangerous functions, no SQL queries that are not using prepared statements, no file operations, and no external HTTP requests that pose a direct security risk. Furthermore, the plugin has no recorded vulnerability history, suggesting a consistent track record of secure development.  \n\nHowever, there are significant concerns that temper this positive outlook. The lack of nonce checks and capability checks across all identified entry points (even though the attack surface is reported as zero) is a critical weakness. This implies that any potential future additions to the attack surface, or if the current reporting is incomplete, would be immediately vulnerable to CSRF and unauthorized access. The taint analysis showing two flows with unsanitized paths, even without critical or high severity, indicates potential risks if these paths are ever exposed. The low percentage of properly escaped output (20%) also presents a risk of XSS vulnerabilities.  \n\nIn conclusion, while the plugin has a clean history and avoids many common pitfalls, the absence of fundamental security checks like nonce and capability checks is a major red flag. The identified taint flows and insufficient output escaping also require immediate attention. The plugin demonstrates good intentions by using prepared statements and avoiding dangerous functions, but these strengths are overshadowed by critical omissions in security best practices for handling user input and ensuring proper authorization.",[215,218,220,223],{"reason":216,"points":217},"No nonce checks present",10,{"reason":219,"points":217},"No capability checks present",{"reason":221,"points":222},"Taint flows with unsanitized paths (2)",6,{"reason":224,"points":34},"Low output escaping (20%)","2026-03-16T20:14:34.691Z",{"wat":227,"direct":234},{"assetPaths":228,"generatorPatterns":231,"scriptPaths":232,"versionParams":233},[229,230],"\u002Fwp-content\u002Fplugins\u002Fbetter-passwords\u002Ficon-36x36.png","\u002Fwp-content\u002Fplugins\u002Fbetter-passwords\u002Fheader.png",[],[],[],{"cssClasses":235,"htmlComments":236,"htmlAttributes":247,"restEndpoints":250,"jsGlobals":251,"shortcodeOutput":252},[],[237,238,239,240,241,242,243,244,245,246],"\u003C!--BEGIN: better-passwords-->","\u003C!--\u002FEND: better-passwords-->","\u003C!--BEGIN: Settings-->","\u003C!--\u002FEND: Settings-->","\u003C!--BEGIN: Password Settings-->","\u003C!--\u002FEND: Password Settings-->","\u003C!--BEGIN: Minimum Password Length-->","\u003C!--\u002FEND: Minimum Password Length-->","\u003C!--BEGIN: Hashing Algorithm-->","\u003C!--\u002FEND: Hashing Algorithm-->",[248,249],"name=\"better-passwords-settings[better-passwords-min-length]\"","name=\"better-passwords-settings[better-passwords-algorithm]\"",[],[],[],{"error":254,"url":255,"statusCode":256,"statusMessage":257,"message":257},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbetter-passwords\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":259,"versions":260},9,[261,267,274,281,288,295,302,309,316],{"version":6,"download_url":262,"svn_tag_url":263,"released_at":29,"has_diff":202,"diff_files_changed":264,"diff_lines":29,"trac_diff_url":265,"vulnerabilities":266,"is_current":254},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.1.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-passwords\u002Ftags\u002F1.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-passwords%2Ftags%2F1.7&new_path=%2Fbetter-passwords%2Ftags%2F1.8",[],{"version":268,"download_url":269,"svn_tag_url":270,"released_at":29,"has_diff":202,"diff_files_changed":271,"diff_lines":29,"trac_diff_url":272,"vulnerabilities":273,"is_current":202},"1.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-passwords\u002Ftags\u002F1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-passwords%2Ftags%2F1.6&new_path=%2Fbetter-passwords%2Ftags%2F1.7",[],{"version":275,"download_url":276,"svn_tag_url":277,"released_at":29,"has_diff":202,"diff_files_changed":278,"diff_lines":29,"trac_diff_url":279,"vulnerabilities":280,"is_current":202},"1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-passwords\u002Ftags\u002F1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-passwords%2Ftags%2F1.5&new_path=%2Fbetter-passwords%2Ftags%2F1.6",[],{"version":282,"download_url":283,"svn_tag_url":284,"released_at":29,"has_diff":202,"diff_files_changed":285,"diff_lines":29,"trac_diff_url":286,"vulnerabilities":287,"is_current":202},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-passwords\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-passwords%2Ftags%2F1.4&new_path=%2Fbetter-passwords%2Ftags%2F1.5",[],{"version":289,"download_url":290,"svn_tag_url":291,"released_at":29,"has_diff":202,"diff_files_changed":292,"diff_lines":29,"trac_diff_url":293,"vulnerabilities":294,"is_current":202},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-passwords\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-passwords%2Ftags%2F1.3&new_path=%2Fbetter-passwords%2Ftags%2F1.4",[],{"version":296,"download_url":297,"svn_tag_url":298,"released_at":29,"has_diff":202,"diff_files_changed":299,"diff_lines":29,"trac_diff_url":300,"vulnerabilities":301,"is_current":202},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-passwords\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-passwords%2Ftags%2F1.2&new_path=%2Fbetter-passwords%2Ftags%2F1.3",[],{"version":303,"download_url":304,"svn_tag_url":305,"released_at":29,"has_diff":202,"diff_files_changed":306,"diff_lines":29,"trac_diff_url":307,"vulnerabilities":308,"is_current":202},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-passwords\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-passwords%2Ftags%2F1.1&new_path=%2Fbetter-passwords%2Ftags%2F1.2",[],{"version":310,"download_url":311,"svn_tag_url":312,"released_at":29,"has_diff":202,"diff_files_changed":313,"diff_lines":29,"trac_diff_url":314,"vulnerabilities":315,"is_current":202},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-passwords\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-passwords%2Ftags%2F1.0&new_path=%2Fbetter-passwords%2Ftags%2F1.1",[],{"version":317,"download_url":318,"svn_tag_url":319,"released_at":29,"has_diff":202,"diff_files_changed":320,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":321,"is_current":202},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-passwords.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-passwords\u002Ftags\u002F1.0\u002F",[],[]]