[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flApS7WoDARdpiiv7hm9huq55dDvhG2joj0wsmO7P4YY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":91,"crawl_stats":38,"alternatives":99,"analysis":205,"fingerprints":1655},"capability-manager-enhanced","PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus","2.40.0","PublishPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fpublishpress\u002F","\u003Cp>PublishPress Capabilities is the access control plugin for WordPress. You can control all the capabilities and permissions on your WordPress site. We built this user role editor plugin so you have an easy and powerful way to manage user capabilities.\u003C\u002Fp>\n\u003Cp>You can use PublishPress Capabilities to \u003Cstrong>manage all your WordPress user roles\u003C\u002Fstrong>, from Administrators and Editors to Authors, Contributors, Subscribers and custom roles. Each user role can have the exact capabilities that your site needs.\u003C\u002Fp>\n\u003Cp>PublishPress Capabilities can clean up your post editing screen, admin area, and even the Profile screen. You can decide what authors see when they’re writing posts. You can \u003Cstrong>hide any feature on the Gutenberg or Classic Editor screens\u003C\u002Fstrong>. You can remove items in the WordPress dashboard and inside user accounts screens.\u003C\u002Fp>\n\u003Cp>The Pro version of PublishPress Capabilities has many extra features, including the ability to edit admin menu links, clean up the post editing screen, block admin pages by URL, and much more.\u003C\u002Fp>\n\u003Ch3>PublishPress Capabilities Pro\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Upgrade to Capabilities Pro\u003C\u002Fstrong>\u003Cbr \u002F>\n  This plugin is the free version of PublishPress Capabilities. The Pro version of Capabilities has all the features you need to control permissions for your WordPress users. With Capabilities Pro you can manage access to posts, pages, media and custom post types. \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fcapabilities\" title=\"Capabilities Pro\" rel=\"nofollow ugc\">Click here to control access to your WordPress site with Capabilities Pro!\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>The Key Features of PublishPress Capabilities\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Roles\u003C\u002Fstrong>: You can edit, create, duplicate any WordPress user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Capabilities\u003C\u002Fstrong>: You can control all WordPress and plugin capabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editor Features\u003C\u002Fstrong>: You decide what users see when they’re writing posts in Gutenberg or the Classic Editor.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Features\u003C\u002Fstrong>: You can remove items from the WordPress admin, toolbar, and even dashboard widgets.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend Features\u003C\u002Fstrong>: This feature allows you to modify the site’s frontend by hiding or adding CSS.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Menus (Pro version)\u003C\u002Fstrong>: You can edit admin menu links and control who can access them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Profile Features\u003C\u002Fstrong>: You can hide features for users in the “Profile” screen.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirects\u003C\u002Fstrong>: You can hide features for users in the “Profile” screen.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Nav Menus\u003C\u002Fstrong>: You can restrict access to navigation menus by user role, or logged in status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Testing\u003C\u002Fstrong>: Safely test any user’s account without resetting their password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Notices\u003C\u002Fstrong>: Organize all the message and advertisements in your admin area.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Feature 1. Roles\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities gives you detailed control over all the permission levels on your WordPress site. You can edit user roles on your site, from Administrator and Editor to Contributor and Subscriber.\u003C\u002Fp>\n\u003Cp>With PublishPress Capabilities you can create or copy any existing WordPress user role. These roles can be customized in exactly the same way as the default WordPress roles. These new roles can be added to single sites or to an entire multisite network.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcapabilities-screen\u002F\" rel=\"nofollow ugc\">Click here to see how to manage user roles\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 2. Capabilities\u003C\u002Fh3>\n\u003Cp>With the Capabilities plugin, you can choose who can Publish, Read, Edit and Delete content. You can choose permissions for posts, pages, custom content types, categories, tags, and more.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fpermissions-start\u002F\" rel=\"nofollow ugc\">Click here to see how to manage capabilities\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Many WordPress users have sites with custom post types. This can be done using custom code, a theme, or with a plugin. No matter how your post type is created, PublishPress Capabilities lets you enforce and assign distinct capabilities for your post type.\u003C\u002Fp>\n\u003Cp>PublishPress Capabilities enables you to add extra permissions to the taxonomies on your site. This feature includes the default Categories and Tags, but also applies to other taxonomies. For example, in WooCommerce you can apply custom permissions to Product categories, Product tags, and Product shipping classes. You can enforce and assign “Manage”, “Edit” and “Assign” distinct capabilities for all your taxonomies.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Ftaxonomy-specific-capabilities\u002F\" rel=\"nofollow ugc\">Click here to learn about taxonomy permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 3. Editor Features\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities has an option called “Editor Features” allows you to clean up the post editing screen. You can decide what users see when they’re writing posts. You can hide anything on the Gutenberg or Classic Editor screens. You can hide boxes inside the sidebar such Tags, Categories, or Excerpt. You can the “Publish” button. You can even hide the post title, body, or permalink. This is a great alternative to plugins such as Adminimize.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Feditor-features\u002F\" rel=\"nofollow ugc\">Click here to learn about hiding editor features\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>WordPress has a feature called “metaboxes”. This is a strange name, but you have seen them often if you use WordPress. When a user edits a post, the edit screen has several default boxes: Status & visibility, Featured image, Categories, Tags, etc. These boxes are metaboxes. Plugins can add also add their own metaboxes. The Pro version of the PublishPress Capabilities plugin allows you to hide metaboxes for specific user roles.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fhide-metaboxes-in-wordpress-posts\u002F\" rel=\"nofollow ugc\">Click here to learn about hiding metaboxes\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 4. Admin Features\u003C\u002Fh3>\n\u003Cp>“Admin Features” allows you to hide features in the WordPress admin area and toolbar. You can decide what users see in your WordPress dashboard. You can use this option to hide all the links in the toolbar including “About WordPress”, “Visit Site” and more. You can also hide dashboard widgets such as “At a Glance”, “Quick Draft”, and “WordPress Events and News”.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fadmin-features-screen\u002F\" rel=\"nofollow ugc\">Click here to learn about removing toolbar items and dashboard widgets\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 5. Frontend Features\u003C\u002Fh3>\n\u003Cp>The “Frontend Features” screen allows you to modify the features that show on the frontend of your website. You can choose to  hide IDs or classes, add CSS styles, or add body classes. All of these changes can be targeted to specific user roles.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Ffrontend-features\u002F\" rel=\"nofollow ugc\">Click here to learn about frontend changes\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 6. WordPress Admin Menu Restrictions (Pro version)\u003C\u002Fh3>\n\u003Cp>With PublishPress Capabilities you can edit all your admin menu links. You can also restrict access to admin menu screens by user roles. This is useful because many plugin do not have any way to control who can access their admin screens.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fadmin-menus-screen\u002F\" rel=\"nofollow ugc\">Click to see how to block Admin menu access\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 7. Profile Features\u003C\u002Fh3>\n\u003Cp>“Profile Features” allows you to hide features in the “Profile” screen. You can decide what users see in their accounts.  This “Profile” area is used as a dumping ground for the settings of many different plugins.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fprofile-features\u002F\" rel=\"nofollow ugc\">Click here to learn about the Profile Features option\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 8. Nav Menu Restrictions\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities enables you to restrict access to navigation menus by roles, logged in and logged out users. This is useful because a default WordPress site does not give you way to control the visibility of your links.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fnav-menus\u002F\" rel=\"nofollow ugc\">Click to see how to block frontend menu access\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 9. Redirects\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities has a “Redirects” screen that allows you to control where users are sent before and after logging in to your site. There are four options available:\u003Cbr \u002F>\n* Login Redirect: Where users are sent when they log in.\u003Cbr \u002F>\n* Logout Redirect: Where users are sent when they log out.\u003Cbr \u002F>\n* Registration Redirect: Where users are sent when they register on your site.\u003Cbr \u002F>\n* First Login Redirect: Where users are sent when they log in to your site for the first time.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fredirects\u002F\" rel=\"nofollow ugc\">Click to see how to redirect users\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 10. User Testing \u002F User Switching\u003C\u002Fh3>\n\u003Cp>If you run a WordPress website which allows users to log in, you probably spend a lot of time answering account questions or solving website bugs for your users. Site administrators often have to browse their site and see exactly what the user sees. They need to test the user’s account without resetting their password. This is possible with PublishPress Capabilities.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fuser-testing\u002F\" rel=\"nofollow ugc\">Click here to learn about user testing\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 11. Admin Notices\u003C\u002Fh3>\n\u003Cp>This feature helps organize messages and advertisements in your WordPress admin area. It helps remove clutter from your WordPress experience. This feature will organize all these admin notices into a new area in the top-right corner of your screen. This “Admin Notices” area will show all the notices in a clean, organized area. Nothing is changed about the notices so you can deal with them as normal. The only difference is that you won’t be pestered by these notices on your main admin dashboard.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fadmin-notices-feature\u002F\" rel=\"nofollow ugc\">Click here to learn about Admin Notices\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PublishPress Capabilities is Safe to Use\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities is completely \u003Cstrong>safe to use\u003C\u002Fstrong>. Every time you change your site’s permissions, this plugin will take a backup that you can restore if anything goes wrong. You can use these backups to migrate your roles and permissions from one site to another.\u003C\u002Fp>\n\u003Cp>This security feature is also very helpful if you want to test out changes on your site, or if you’ve installed a new plugin that has changed your site’s permissions.\u003C\u002Fp>\n\u003Cp>Every time you change your permissions, the PublishPress Capabilities plugin will now automatically create a backup. If you make a mistake, go to the “Backup” menu link and you’ll be able to roll back to a previous version.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fbackup-restore-permissions\u002F\" rel=\"nofollow ugc\">Click here to see how to backup permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support for Media Library Permissions\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities enables you to decide who can upload, edit and delete files from your site’s Media Library. By default, only Administrators are able to delete files in your Media Library. Subscribers and Contributors are not even allowed to upload files. You can customize these permissions for the Media Library and also the Featured Image box.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcontrol-media-library-access\u002F\" rel=\"nofollow ugc\">Click here to learn about Media Library permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support for WooCommerce Permissions\u003C\u002Fh3>\n\u003Cp>We mentioned earlier that PublishPress Capabilities has special support for WooCommerce taxonomies. This is true for the rest of WooCommerce also. With PublishPress Capabilities you can control permissions for WooCommerce products, orders and coupons.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fwoocommerce-permissons\u002F\" rel=\"nofollow ugc\">Click here to learn about WooCommerce permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support for WordPress Multisite\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities allows you to control permissions on a single site or across your whole network. Every time you update permissions in PublishPress Capabilities, you can choose to sync those changes across your multisite network.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fmultisite-network\u002F\" rel=\"nofollow ugc\">Click here to learn about multisite permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Join PublishPress and get the Pro plugins\u003C\u002Fh3>\n\u003Cp>The Pro versions of the PublishPress plugins are well worth your investment. The Pro versions have extra features and faster support. \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Click here to join PublishPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Join PublishPress and you’ll get access to these ten Pro plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fauthors\" rel=\"nofollow ugc\">PublishPress Authors Pro\u003C\u002Fa> allows you to add multiple authors and guest authors to WordPress posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fblocks\" rel=\"nofollow ugc\">PublishPress Blocks Pro\u003C\u002Fa> has everything you need to build professional websites with the WordPress block editor.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fcapabilities\" rel=\"nofollow ugc\">PublishPress Capabilities Pro\u003C\u002Fa> is the plugin to manage your WordPress user roles, permissions, and capabilities.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fchecklists\" rel=\"nofollow ugc\">PublishPress Checklists Pro\u003C\u002Fa> enables you to define tasks that must be completed before content is published.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Ffuture\" rel=\"nofollow ugc\">PublishPress Future Pro\u003C\u002Fa> is the plugin for scheduling changes to your posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermissions\" rel=\"nofollow ugc\">PublishPress Permissions Pro\u003C\u002Fa>  is the plugin for restricted content and advanced WordPress permissions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpublishpress\" rel=\"nofollow ugc\">PublishPress Planner Pro\u003C\u002Fa> is the plugin for managing and scheduling WordPress content.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Frevisions\" rel=\"nofollow ugc\">PublishPress Revisions Pro\u003C\u002Fa> allows you to update your published pages with teamwork and precision.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fseries\" rel=\"nofollow ugc\">PublishPress Series Pro\u003C\u002Fa> enables you to group content together into a series.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fseries\" rel=\"nofollow ugc\">PublishPress Statuses Pro\u003C\u002Fa> enables you to create additional publishing steps for your posts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Together, these plugins are a suite of powerful publishing tools for WordPress. If you need to create a professional workflow in WordPress, with moderation, revisions, permissions and more… then you should try PublishPress.\u003C\u002Fp>\n\u003Ch3>Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports for PublishPress Capabilities are welcomed in our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpublishpress\u002Fpublishpress-capabilities\" rel=\"nofollow ugc\">repository on GitHub\u003C\u002Fa>. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed.\u003C\u002Fp>\n","PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.",100000,3929513,94,142,"2026-03-04T19:12:00.000Z","6.9.4","5.5","7.2.5",[20,21,22,23,24],"admin-menus","capabilities","permissions","user-role-editor","user-roles","https:\u002F\u002Fpublishpress.com\u002Fcapability-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcapability-manager-enhanced.2.40.0.zip",96,4,0,"2022-10-10 00:00:00","2026-03-15T15:16:48.613Z",[33,49,64,79],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2022-3366","publishpress-capabilities-authenticated-administrator-php-object-injection","PublishPress Capabilities \u003C= 2.5.1 - Authenticated (Administrator+) PHP Object Injection","The PublishPress Capabilities plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.5.1 via deserialization of untrusted input when processing an import file. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",null,"\u003C=2.5.1","2.5.2","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6da7046e-2717-4a3c-bba9-88f27de29ede?source=api-prod",470,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":45,"references":61,"days_to_patch":63},"WF-6ea36692-2bf3-490d-8293-7de6dcc5e5c9-capability-manager-enhanced","publishpress-capabilities-reflected-cross-site-scripting","PublishPress Capabilities \u003C= 2.3.2 - Reflected Cross-Site Scripting","The PublishPress Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a form action URL in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=2.3.2","2.3.3","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-01-13 00:00:00",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6ea36692-2bf3-490d-8293-7de6dcc5e5c9?source=api-prod",740,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":71,"cvss_score":72,"cvss_vector":73,"vuln_type":74,"published_date":75,"updated_date":45,"references":76,"days_to_patch":78},"CVE-2021-25032","publishpress-capabilities-unauthenticated-arbitrary-options-update","PublishPress Capabilities \u003C= 2.3 - Unauthenticated Arbitrary Options Update","The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.","\u003C2.3.1","2.3.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Missing Authorization","2021-12-08 00:00:00",[77],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcf3df923-9426-4e5b-ba59-eda0b5c18d40?source=api-prod",776,{"id":80,"url_slug":81,"title":82,"description":83,"plugin_slug":4,"theme_slug":38,"affected_versions":84,"patched_in_version":85,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":86,"published_date":87,"updated_date":45,"references":88,"days_to_patch":90},"WF-c48091fc-c11d-4753-9763-e1face3723fe-capability-manager-enhanced","publishpress-capabilities-authenticated-sql-injection","PublishPress Capabilities \u003C= 1.5.8 - Authenticated SQL Injection","The PublishPress Capabilities plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 1.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for role-editing-capable attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C1.5.9","1.5.9","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2018-06-20 00:00:00",[89],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc48091fc-c11d-4753-9763-e1face3723fe?source=api-prod",2043,{"slug":92,"display_name":7,"profile_url":8,"plugin_count":93,"total_installs":94,"avg_security_score":95,"avg_patch_time_days":96,"trust_score":97,"computed_at":98},"publishpress",11,272100,98,321,78,"2026-04-03T20:52:13.375Z",[100,123,146,163,185],{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":95,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":120,"download_link":121,"security_score":122,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"editorial-access-manager","Editorial Access Manager","0.3.2","Taylor Lovett","https:\u002F\u002Fprofiles.wordpress.org\u002Ftlovett1\u002F","\u003Cp>A simple plugin to let you control who has access to what posts. By default in WordPress, we can create users\u003Cbr \u002F>\nand assign them to roles. Roles are automatically assigned certain capabilities. See the codex article for a list of\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FRoles_and_Capabilities\" rel=\"nofollow ugc\">Roles and Capabilities\u003C\u002Fa>. Sometimes default roles are not enough,\u003Cbr \u002F>\nand we have one-off situations. Editorial Access Manager lets you set which users or roles have access to specific\u003Cbr \u002F>\nposts. Perhaps you have a user who is a Contributor, but you want them to have access to edit one specific page? This\u003Cbr \u002F>\nplugin can help you.\u003C\u002Fp>\n\u003Ch4>Configuration Overview\u003C\u002Fh4>\n\u003Cp>There are no overarching settings for this plugin. Simply go to the edit post screen in the WordPress admin and\u003Cbr \u002F>\nconfigure access settings in the “Editorial Access Manager” meta box in the sidebar.\u003C\u002Fp>\n\u003Ch4>Managing Access by Roles\u003C\u002Fh4>\n\u003Cp>In the “Editorial Access Manager” meta box, enable custom access management by “Roles”. Once enabled, the post can only be\u003Cbr \u002F>\nedited by users that fall into those roles. However, no matter what, the Administrator role can always edit any post.\u003Cbr \u002F>\nThis if for safety reasons. You can also only use roles that have the “edit_posts” capability; therefore “Subscriber” by\u003Cbr \u002F>\ndefault cannot be used.\u003C\u002Fp>\n\u003Ch4>Managing Access by Users\u003C\u002Fh4>\n\u003Cp>In the “Editorial Access Manager” meta box, enable custom access management by “Users”. Once enabled, the post can only be\u003Cbr \u002F>\nedited by designated users. However, no matter what, any administrator can edit any post. This if for safety reasons.\u003Cbr \u002F>\nYou can also only use users that have the “edit_others_posts” capability; therefore “Subscriber” users by default\u003Cbr \u002F>\ncannot be used.\u003C\u002Fp>\n\u003Cp>Fork the plugin on \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Feditorial-access-manager\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fp>\n","Allow for granular editorial access control for all post types in WordPress",80,6308,8,"2017-03-18T19:23:00.000Z","4.9.29","3.6","",[116,117,118,119,24],"editorial-access-management","role-management","user-capabilities","user-permissions","http:\u002F\u002Fwww.taylorlovett.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feditorial-access-manager.zip",85,{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":95,"num_ratings":133,"last_updated":134,"tested_up_to":16,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":141,"download_link":142,"security_score":143,"vuln_count":144,"unpatched_count":29,"last_vuln_date":145,"fetched_at":31},"members","Members – Membership & User Role Editor Plugin","3.2.19","Blair Williams","https:\u002F\u002Fprofiles.wordpress.org\u002Fsupercleanse\u002F","\u003Cp>Members is a roles and capabilities based WordPress membership plugin. It gives your users the ultimate member experience by giving you powerful tools to add roles and capabilities and assign them to your users.\u003C\u002Fp>\n\u003Cp>Members allows you to set permissions to restrict content on your site by providing a simple user interface (UI) for WordPress’ powerful roles and capabilities system, which has traditionally only been available to developers who know how to code this by hand.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Role Editor:\u003C\u002Fstrong> Allows you to edit, create, and delete roles as well as capabilities for these roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple User Roles:\u003C\u002Fstrong> Give one, two, or even more roles to any user.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Explicitly Deny Capabilities:\u003C\u002Fstrong> Deny specific capabilities to specific user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clone Roles:\u003C\u002Fstrong> Build a new role by cloning an existing role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Permissions \u002F Restricted Content:\u003C\u002Fstrong> Protect content to determine which users (by role) have access to post content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes:\u003C\u002Fstrong> Shortcodes to control who has access to content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widgets:\u003C\u002Fstrong> A login form widget and users widget to show in your theme’s sidebars.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Private Site:\u003C\u002Fstrong> You can make your site and its feed completely private if you want.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugin Integration:\u003C\u002Fstrong> Members is highly recommended by other WordPress developers. Many existing plugins integrate their custom roles and capabilities directly into it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Seamless MemberPress Integration\u003C\u002Fh4>\n\u003Cp>If you’re looking to build a business out of your membership site by creating paid memberships there’s no better way than to \u003Ca href=\"https:\u002F\u002Fmemberpress.com\u002Fplans\u002Fpricing\u002F?utm_source=members_plugin&utm_medium=link&utm_campaign=readme&utm_content=integration_1\" rel=\"nofollow ugc\">use MemberPress\u003C\u002Fa>. Members and \u003Ca href=\"https:\u002F\u002Fmemberpress.com\u002Fplans\u002Fpricing\u002F?utm_source=members_plugin&utm_medium=link&utm_campaign=readme&utm_content=integration_2\" rel=\"nofollow ugc\">MemberPress\u003C\u002Fa> work together to provide the ultimate member experience and will help you start and profit from your amazing WordPress membership sites!\u003C\u002Fp>\n\u003Ch4>All Add-ons are now included\u003C\u002Fh4>\n\u003Cp>Members now includes ALL of it’s add-ons completely free of charge! Here are some of the awesome features they add to Members:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Block Permissions:\u003C\u002Fstrong> Allows site owners to hide or show blocks based on user logged-in status, user role, or capability.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Caps:\u003C\u002Fstrong> Creates additional capabilities for control over WordPress’ privacy and personal data features (GDPR).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Access:\u003C\u002Fstrong> Allows site administrators to control which users have access to the WordPress admin via role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Core Create Caps:\u003C\u002Fstrong> Adds the create_posts and create_pages caps to posts\u002Fpages to separate them from their edit_* counterparts, providing more flexible editing capabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Categories and Tag Caps:\u003C\u002Fstrong> The Category and Tag Caps add-on creates custom capabilities for the core category and post tag taxonomies. This allows site owners to have precise control over who can manage, edit, delete, or assign categories\u002Ftags.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Levels:\u003C\u002Fstrong> Exposes the old user levels system, which fixes the WordPress author drop-down bug when users don’t have a role with one of the assigned levels.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Hierarchy:\u003C\u002Fstrong> Creates a hierarchical roles system.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ACF Integration:\u003C\u002Fstrong> Creates custom capabilities for the Advanced Custom Fields (ACF) plugin for managing with the Members plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>EDD Integration:\u003C\u002Fstrong> Integrates the Easy Digital Downloads plugin capabilities into the Members plugin’s role manager.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GiveWP Integration:\u003C\u002Fstrong> Integrates the GiveWP and GiveWP Recurring Donations plugin capabilities into the Members plugin’s role manager.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Meta Box Integration:\u003C\u002Fstrong> Integrates the Meta Box plugin capabilities into the Members plugin’s role manager.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Integration:\u003C\u002Fstrong> Integrates the WooCommerce plugin capabilities into the Members plugin’s role manager.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more info, visit the \u003Ca href=\"https:\u002F\u002Fmembers-plugin.com\u002F?utm_source=members_plugin&utm_medium=link&utm_campaign=readme&utm_content=learn_more\" rel=\"nofollow ugc\">Members plugin home page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Like this plugin?\u003C\u002Fh3>\n\u003Cp>The Members plugin is a massive project with 1,000s of lines of code to maintain. A major update can take weeks or months of work. We don’t make any money directly from this plugin while other, similar plugins charge substantial fees to even download them or get updates. Please consider helping the cause by:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmemberpress.com\u002F?utm_source=members_plugin&utm_medium=link&utm_campaign=readme&utm_content=memberpress_upgrade\" rel=\"nofollow ugc\">Adding MemberPress\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmembers\u002Freviews\u002F?filter=5#new-post\" rel=\"ugc\">Rating the plugin\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you need plugin support from us, you can \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmembers\u002F\" rel=\"ugc\">visit our support page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Plugin Development\u003C\u002Fh3>\n\u003Cp>If you’re a theme author, plugin author, or just a code hobbyist, you can follow the development of this plugin on it’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcaseproof\u002Fmembers\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","The best WordPress membership and user role editor plugin. User Roles & Capabilities editor helps you restrict content in just a few clicks.",300000,6754890,1242,"2026-02-13T16:00:00.000Z","6.0","7.4",[138,21,139,22,140],"access","memberships","roles","https:\u002F\u002Fmembers-plugin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmembers.3.2.19.zip",99,1,"2024-12-10 00:00:00",{"slug":147,"name":148,"version":149,"author":7,"author_profile":8,"description":150,"short_description":151,"active_installs":152,"downloaded":153,"rating":154,"num_ratings":155,"last_updated":156,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":157,"homepage":160,"download_link":161,"security_score":162,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"press-permit-core","PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags","4.6.4","\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermissions\" rel=\"nofollow ugc\">PublishPress Permissions\u003C\u002Fa> allows you to enable or deny access to posts, pages, categories, tags and more. You can apply these permissions for user roles, individual users, and even custom groups.\u003C\u002Fp>\n\u003Cp>With PublishPress Permissions, you can control who can view and edit your WordPress content. You can choose who can access images and files in your site’s Media Library. For example, you can deny all direct access to files for logged out users.\u003C\u002Fp>\n\u003Cp>The Pro version of PublishPress Permissions has many advanced features such as teaser previews of restricted content, custom WordPress statuses, and automatically creating personal posts for users.\u003C\u002Fp>\n\u003Ch3>PublishPress Permissions Pro\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Upgrade to Permissions Pro\u003C\u002Fstrong>\u003Cbr \u002F>\n  This plugin is the free version of PublishPress Permissions. The Pro version of Permissions has all the features you need to control permissions for your WordPress users. With Permissions Pro you can manage access to posts, pages, media, taxonomies and custom post types. \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermisssions\" title=\"Permissions Pro\" rel=\"nofollow ugc\">Click here to control access to your WordPress site with Permissions Pro!\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key Features in PublishPress Permissions\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Viewing permissions\u003C\u002Fstrong>: Every post, page, and taxonomy term has a box where you can choose who can read this content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editing permissions\u003C\u002Fstrong>: Every post, page, and taxonomy term has a box where you can choose who can edit this content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media Library permissions\u003C\u002Fstrong>: You decide who gets to edit and view image files and documents in your Media Library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide other users’ posts\u003C\u002Fstrong>: You can prevent users from seeing posts by other users in the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create user groups\u003C\u002Fstrong>: Build groups of users who can be given their own custom permissions. Two default groups include Logged in and Logged out users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show teasers for restricted content (Pro version)\u003C\u002Fstrong>: Have teaser text that is publicly available, followed by private content that is restricted to only your site’s users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Personal posts for each user (Pro version)\u003C\u002Fstrong>: You can automatically create individual posts for your users so they have their own private content to edit or read.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Publishing statuses (Pro version)\u003C\u002Fstrong>: Go beyond “Draft”, “Pending Review” and “Published” with your own custom, and far more advanced, workflow.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visibility statuses (Pro version)\u003C\u002Fstrong>: Create visibility options for your content. One example is a “Premium” status that makes content visible only for paying members. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editorial Circles and Visibility Circles (Pro version)\u003C\u002Fstrong>: Restrict users to editing or viewing posts that were authored by other users in the same group.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration with other plugins (Pro version)\u003C\u002Fstrong>: The Permissions plugin integrates with other popular plugins including bbPress, BuddyPress, WPML, and Relevanssi.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Feature 1. Viewing Permissions for WordPress Content\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions enables you to customize viewing access for WordPress content. Open any post and you’ll see a box with the label, “Permissions: Read this Post”. This box allows you to choose “Enabled” or “Blocked” for any user role, individual user, or user group. You can also set permissions for all users who are guests, and those who are logged in.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fviewing-permissions\u002F\" rel=\"nofollow ugc\">Click here to see how to control viewing permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 2. Editing Permissions for WordPress Content\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions allows you to customize the editing permissions for all your content. Open a Post, Page, Category, Tag, or custom post type and you can decide who is allowed to edit that content. You can even prevent users from editing child pages of a specific parent page. Open any content item and you’ll see a box with a label like this: “Permissions: Edit this Post”. This box allows you to choose “Enabled” or “Blocked” for any user role, individual user, or user group.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fediting-permissions\u002F\" rel=\"nofollow ugc\">Click here to see how to control editing permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 3. Access Permissions for the Media Library\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions gives you detailed control over access to media on your WordPress site. You decide who gets to edit and view files in your Media Library. For example, you can set up WordPress so that users only have access to files that they uploaded. Or you can add an exception so users can edit other people’s media files if they are attached to a post they can edit.\u003C\u002Fp>\n\u003Cp>The Pro version of Permissions allows you to deny any public access to files on your site. Nobody will be able to see your Media Library files unless they have access to a post that includes that file.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fpermissions-media-files\u002F\" rel=\"nofollow ugc\">Click here to see how to manage access to your media files\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 4. Hide Other Users’ Posts in the WordPress Admin\u003C\u002Fh3>\n\u003Cp>By default, WordPress users in the admin area can see all the Posts on the site, regardless of whether they are the author. This is not a problem for many sites. After all, most posts on most sites are publicly available – there’s no need to hide them. However, in some situations, site owners don’t want authors to see the posts that other users are working on. PublishPress Permissions can hide posts in the WordPress admin area, unless you have access to edit that post.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fblog\u002Fhide-peoples-posts-wordpress-admin\u002F\" rel=\"nofollow ugc\">Click here to see how to hide other users’ posts\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 5. Create Your Own User Groups\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions allows you to create your own user groups. Imagine you want to give some users access to a single Post. Instead of creating a new user role and applying all the permissions, you can easily add those users to a group. This is a simple and more flexible alternative to user roles. You can also prevent users from reading or editing content if they are not in a specific group. By default, this plugin gives you sample groups that include all Logged in and Logged out users so you can easily set public and private content.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fgroups\u002F\" rel=\"nofollow ugc\">Click here to see how to use custom user groups\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 6. Show Teasers for Restricted Content (Pro Version)\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions Pro allows you to display a teaser for unreadable content. This is perfect for making small snippets of your content available to the public. You can have teaser text that is publicly available, followed by private content that is only visible for your site’s users. If you choose to display a login form, the redirect will go to the originally requested content.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fhow-to-create-a-teaser-for-private-content-in-wordpress\u002F\" rel=\"nofollow ugc\">Click here to see how to display content teasers\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 7. Automatically Create Posts for Users (Pro Version)\u003C\u002Fh3>\n\u003Cp>This Pro feature allows you to automatically create content for your users. For example, you can sync your staff members to Pages. This would allow your staff to each have their own page to edit and update. You can use this feature to automatically create posts, WooCommerce products, or any other post type that is defined on your site.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fhow-to-create-a-personal-page-for-each-wordpress-user\u002F\" rel=\"nofollow ugc\">Click here to see how to automatically create posts for users\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 8. Create Your Own Publishing Statuses (Pro Version)\u003C\u002Fh3>\n\u003Cp>WordPress provides some status options including “Draft”, “Pending Review” and “Published”. Permissions Pro enables you to design a far more advanced workflow. Each status you create can have its own unique capability requirements.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fmulti-step-moderation\u002F\" rel=\"nofollow ugc\">Click here to see how to build your own workflow statuses\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 9. Create Your Own Visibility Statuses (Pro Version)\u003C\u002Fh3>\n\u003Cp>With PublishPress Permissions Pro, you can create visibility options for your content. One example is a “Premium” status that makes content visible only for paying members. Another example is a “Staff” status, for the people who run your site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcustom-post-visibility\u002F\" rel=\"nofollow ugc\">Click here to see how to build your own visibility statuses\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 10. Editorial Circles and Visibility Circles (Pro Version)\u003C\u002Fh3>\n\u003Cp>Visibility Circles are a feature in PublishPress Permissions Pro that restrict users to viewing posts that were authored by other users in the same group. PublishPress Permissions also has Editorial Circles. If you are in an Editorial Circle for Pages, you will only be able to edit pages authored by other circle members.\u003C\u002Fp>\n\u003Cp>The most common way to use this feature is to restrict users in the Editor role so that they can only edit posts written by other Editors. This is because Editors are the only default WordPress role that can edit content (except for Administrators).\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcircles\u002F\" rel=\"nofollow ugc\">Click here to see how to build your own Editorial Circles\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fvisibility-circles\u002F\" rel=\"nofollow ugc\">click here to see how to build your own Visibility Circles\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 11. Support for Other Plugins\u003C\u002Fh3>\n\u003Cp>The Permissions plugin integrates with other popular plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fbuddypress-content-permissions\u002F\" rel=\"nofollow ugc\">BuddyPress content permissions\u003C\u002Fa>: With the PublishPress Permissions Pro plugin, you can give users access to create WordPress content, based on their BuddyPress group membership.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Frelevanssi-and-presspermit-pro\u002F\" rel=\"nofollow ugc\">Relevanssi search permissions\u003C\u002Fa>: Relevanssi is an excellent plugin that replaces the standard WordPress search with a better search engine. PublishPress Permissions Pro has integration with Relevanssi. If you use PublishPress Permissions Pro, your Relevanssi search results will have the correct visibility. \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fwpml-and-presspermit-pro\u002F\" rel=\"nofollow ugc\">WPML language permissions\u003C\u002Fa>: PublishPress Permissions Pro does have support for the WPML plugin. By default, PublishPress Permissions Pro will automatically mirror your post \u002F category permissions to the translated content.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fbbpress-permissions\u002F\" rel=\"nofollow ugc\">bbPress language permissions\u003C\u002Fa>: bbPress is the most popular forum software for WordPress. With PublishPress Permissions Pro, you can manage access and to important bbPress features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Join PublishPress and get the Pro plugins\u003C\u002Fh3>\n\u003Cp>The Pro versions of the PublishPress plugins are well worth your investment. The Pro versions have extra features and faster support. \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Click here to join PublishPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Join PublishPress and you’ll get access to these nine Pro plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fauthors\" rel=\"nofollow ugc\">PublishPress Authors Pro\u003C\u002Fa> allows you to add multiple authors and guest authors to WordPress posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fblocks\" rel=\"nofollow ugc\">PublishPress Blocks Pro\u003C\u002Fa> has everything you need to build professional websites with the WordPress block editor.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fcapabilities\" rel=\"nofollow ugc\">PublishPress Capabilities Pro\u003C\u002Fa> is the plugin to manage your WordPress user roles, permissions, and capabilities.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fchecklists\" rel=\"nofollow ugc\">PublishPress Checklists Pro\u003C\u002Fa> enables you to define tasks that must be completed before content is published.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Ffuture\" rel=\"nofollow ugc\">PublishPress Future Pro\u003C\u002Fa>  is the plugin for scheduling changes to your posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermissions\" rel=\"nofollow ugc\">PublishPress Permissions Pro\u003C\u002Fa> is the plugin for advanced WordPress permissions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpublishpress\" rel=\"nofollow ugc\">PublishPress Planner Pro\u003C\u002Fa> is the plugin for managing and scheduling WordPress content.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Frevisions\" rel=\"nofollow ugc\">PublishPress Revisions Pro\u003C\u002Fa> allows you to update your published pages with teamwork and precision.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fseries\" rel=\"nofollow ugc\">PublishPress Series Pro\u003C\u002Fa> enables you to group content together into a series \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Together, these plugins are a suite of powerful publishing tools for WordPress. If you need to create a professional workflow in WordPress, with moderation, revisions, permissions and more, then you should try PublishPress.\u003C\u002Fp>\n\u003Ch3>Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports for PublishPress Permissions are welcomed in our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpublishpress\u002Fpublishpress-permissions\" rel=\"nofollow ugc\">repository on GitHub\u003C\u002Fa>. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed.\u003C\u002Fp>\n\u003Ch3>Follow the PublishPress team\u003C\u002Fh3>\n\u003Cp>Follow PublishPress on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpublishpress\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.twitter.com\u002Fpublishpresscom\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fpublishpress\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa>\u003C\u002Fp>\n","The permissions plugin for posts, pages, categories, tags and more. You can control permissions for roles, individual users, and even custom groups.",10000,812530,86,64,"2026-01-27T17:46:00.000Z",[138,21,22,158,159],"privacy","restrict","https:\u002F\u002Fpublishpress.com\u002Fpresspermit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpress-permit-core.4.6.4.zip",100,{"slug":164,"name":165,"version":166,"author":167,"author_profile":168,"description":169,"short_description":170,"active_installs":171,"downloaded":172,"rating":27,"num_ratings":173,"last_updated":174,"tested_up_to":175,"requires_at_least":176,"requires_php":114,"tags":177,"homepage":181,"download_link":182,"security_score":183,"vuln_count":144,"unpatched_count":144,"last_vuln_date":184,"fetched_at":31},"user-roles-and-capabilities","User Roles and Capabilities","1.2.6","mahabub81","https:\u002F\u002Fprofiles.wordpress.org\u002Fmahabub81\u002F","\u003Cp>manage user roles and capabilities. Create new roles and delete existing roles. Using this plugin you will not be able to modify any capabilities for administrator user role.\u003Cbr \u002F>\nWordPress built in roles cant be deleted.\u003Cbr \u002F>\nIf you find any issue just let us know we will get back to you with the fix in 24 hours.\u003C\u002Fp>\n\u003Ch3>Features of Roles and Capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fully tested by QA team.\u003C\u002Fli>\n\u003Cli>Create new roles.\u003C\u002Fli>\n\u003Cli>Delete existing roles.\u003C\u002Fli>\n\u003Cli>Clone existing roles.\u003C\u002Fli>\n\u003Cli>Rename Role\u003C\u002Fli>\n\u003Cli>Import \u002F Export Roles and Capabilities\u003C\u002Fli>\n\u003Cli>Manage user Capabilities.\u003C\u002Fli>\n\u003Cli>set permission.\u003C\u002Fli>\n\u003Cli>Change default user role.\u003C\u002Fli>\n\u003Cli>Assign multiple roles to users.\u003C\u002Fli>\n\u003Cli>set permissions \u002F capabilities to users.\u003C\u002Fli>\n\u003Cli>single screen to manage capability for all roles.\u003C\u002Fli>\n\u003Cli>easy to use.\u003C\u002Fli>\n\u003C\u002Ful>\n","Manage user roles and Capabilities, create new roles and change default role.",8000,125081,21,"2021-05-09T07:04:00.000Z","5.7.15","3.5",[178,118,24,179,180],"roles-and-capabilities","wordpress-capabilities","wordpress-user-roles","http:\u002F\u002Fsolvease.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-roles-and-capabilities.1.2.6.zip",63,"2025-06-19 00:00:00",{"slug":186,"name":187,"version":188,"author":189,"author_profile":190,"description":191,"short_description":192,"active_installs":193,"downloaded":194,"rating":162,"num_ratings":195,"last_updated":196,"tested_up_to":16,"requires_at_least":197,"requires_php":136,"tags":198,"homepage":202,"download_link":203,"security_score":143,"vuln_count":144,"unpatched_count":29,"last_vuln_date":204,"fetched_at":31},"leira-roles","Roles & Capabilities","1.1.14","Ariel","https:\u002F\u002Fprofiles.wordpress.org\u002Farielhr1987\u002F","\u003Cp>\u003Cstrong>Roles & Capabilities\u003C\u002Fstrong> empowers administrators with a complete toolset for managing user roles and capabilities directly from the WordPress admin — no code required.\u003C\u002Fp>\n\u003Cp>Designed for simplicity and control, this plugin allows you to customize user permissions to fit any use case. Access is strictly limited to site administrators for maximum security; no additional capabilities can grant access to its features.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create and manage custom roles.\u003C\u002Fli>\n\u003Cli>Edit role names and assign or remove capabilities.\u003C\u002Fli>\n\u003Cli>Clone existing roles for faster setup.\u003C\u002Fli>\n\u003Cli>Grant or revoke capabilities for individual users.\u003C\u002Fli>\n\u003Cli>Create and assign new custom capabilities.\u003C\u002Fli>\n\u003Cli>Remove user-defined capabilities when no longer needed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you’re building a membership site, managing editorial permissions, or fine-tuning access, this plugin gives you the precision and flexibility you need.\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin is open-source and actively maintained.\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farielhr1987\u002Fleira-roles\" rel=\"nofollow ugc\">View or contribute to the source code on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Take full control of user roles and capabilities in WordPress with an intuitive, powerful interface.",1000,30030,6,"2025-12-19T00:22:00.000Z","4.1",[199,21,200,22,201],"admin","edit","role","https:\u002F\u002Fgithub.com\u002Farielhr1987\u002Fleira-roles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fleira-roles.1.1.14.zip","2024-09-12 21:14:43",{"attackSurface":206,"codeSignals":813,"taintFlows":1118,"riskAssessment":1645,"analyzedAt":1654},{"hooks":207,"ajaxHandlers":769,"restRoutes":810,"shortcodes":811,"cronEvents":812,"entryPointCount":461,"unprotectedCount":28},[208,214,217,222,226,229,233,237,242,245,249,253,256,261,264,268,272,276,280,282,285,290,291,295,300,305,309,313,317,321,324,328,331,335,340,344,347,350,353,356,359,361,364,367,371,374,378,381,383,385,389,392,395,398,401,406,411,414,418,422,425,427,430,433,436,440,443,446,451,453,457,462,466,469,472,475,477,480,485,488,492,497,499,504,508,511,513,516,519,522,525,527,531,535,539,543,547,551,554,558,562,564,568,572,576,578,581,584,586,589,592,595,598,601,604,607,610,614,617,619,621,623,625,627,629,631,633,635,637,639,641,643,645,647,649,651,653,655,657,660,662,664,666,668,670,672,674,676,678,680,682,684,686,688,690,692,694,697,700,703,705,707,711,714,717,719,722,723,726,730,732,736,740,743,746,749,752,755,757,761,765],{"type":209,"name":210,"callback":211,"file":212,"line":213},"action","plugins_loaded","closure","capsman-enhanced.php",69,{"type":209,"name":215,"callback":211,"file":212,"line":216},"admin_notices",79,{"type":218,"name":219,"callback":211,"priority":220,"file":212,"line":221},"filter","plugin_row_meta",10,105,{"type":209,"name":223,"callback":224,"file":212,"line":225},"init","_cme_init",158,{"type":209,"name":210,"callback":227,"priority":144,"file":212,"line":228},"_cme_act_pp_active",159,{"type":209,"name":223,"callback":230,"priority":231,"file":212,"line":232},"_cme_cap_helper",49,161,{"type":209,"name":223,"callback":234,"file":235,"line":236},"featureRestrictionsGutenberg","includes\\admin-load.php",26,{"type":209,"name":238,"callback":239,"priority":240,"file":235,"line":241},"admin_init","redirect_on_activate",2000,30,{"type":209,"name":238,"callback":243,"file":235,"line":244},"featureRestrictionsClassic",32,{"type":209,"name":246,"callback":247,"file":235,"line":248},"pp_capabilities_install","runInstallTasks",39,{"type":209,"name":250,"callback":251,"file":235,"line":252},"pp_capabilities_upgrade","runUpgradeTasks",43,{"type":209,"name":238,"callback":254,"priority":240,"file":235,"line":255},"manage_installation",47,{"type":209,"name":257,"callback":258,"priority":259,"file":235,"line":260},"wp_nav_menu_item_custom_fields","add_nav_menu_indicator",20,50,{"type":218,"name":262,"callback":262,"file":235,"line":263},"cme_publishpress_capabilities_capabilities",53,{"type":209,"name":265,"callback":266,"priority":162,"file":235,"line":267},"admin_enqueue_scripts","adminScripts",55,{"type":209,"name":269,"callback":270,"file":235,"line":271},"admin_print_scripts","adminPrintScripts",56,{"type":209,"name":273,"callback":274,"priority":220,"file":235,"line":275},"profile_update","action_profile_update",58,{"type":209,"name":277,"callback":274,"priority":278,"file":235,"line":279},"add_user_to_blog",9,61,{"type":209,"name":281,"callback":274,"priority":278,"file":235,"line":183},"user_register",{"type":209,"name":223,"callback":283,"file":235,"line":284},"register_textdomain",65,{"type":209,"name":286,"callback":287,"priority":288,"file":235,"line":289},"admin_menu","cmeSubmenus",18,83,{"type":209,"name":223,"callback":211,"file":235,"line":154},{"type":218,"name":292,"callback":293,"file":235,"line":294},"publishpress_wp_reviews_display_banner_capability-manager-enhanced","shouldDisplayBanner",103,{"type":218,"name":296,"callback":297,"priority":298,"file":235,"line":299},"pp_capabilities_feature_post_types","fltEditorFeaturesPostTypes",5,111,{"type":218,"name":301,"callback":302,"priority":303,"file":235,"line":304},"block_editor_settings_all","filterCodeEditingStatus",999,112,{"type":218,"name":306,"callback":307,"priority":220,"file":235,"line":308},"classic_editor_enabled_editors_for_post_type","filterRolePostTypeEditor",113,{"type":218,"name":310,"callback":311,"file":235,"line":312},"classic_editor_plugin_settings","filterRoleEditorSettings",114,{"type":209,"name":314,"callback":315,"file":235,"line":316},"pp-capabilities-settings-ui","settingsUI",125,{"type":209,"name":318,"callback":319,"priority":220,"file":235,"line":320},"activated_plugin","clearProfileFeaturesDoneFlag",128,{"type":209,"name":238,"callback":322,"file":235,"line":323},"blockDashboardAccess",130,{"type":218,"name":325,"callback":326,"priority":220,"file":235,"line":327},"plugin_action_links","addPluginActionLinks",132,{"type":218,"name":219,"callback":329,"priority":220,"file":235,"line":330},"addPluginRowMetaLinks",133,{"type":209,"name":265,"callback":332,"file":333,"line":334},"admin_scripts","includes\\admin-notices\\admin-notices.php",15,{"type":209,"name":336,"callback":337,"priority":338,"file":333,"line":339},"admin_bar_menu","add_toolbar_item",998,23,{"type":209,"name":341,"callback":342,"file":333,"line":343},"admin_footer","render_panel",25,{"type":209,"name":223,"callback":223,"file":345,"line":346},"includes\\features\\admin-styles\\admin-styles.php",28,{"type":209,"name":238,"callback":348,"priority":144,"file":345,"line":349},"register_all_custom_schemes",138,{"type":209,"name":238,"callback":351,"file":345,"line":352},"handle_form_submission",141,{"type":209,"name":265,"callback":354,"file":345,"line":355},"enqueue_admin_scripts",147,{"type":218,"name":357,"callback":211,"priority":303,"file":345,"line":358},"get_user_option_admin_color",274,{"type":218,"name":357,"callback":211,"priority":303,"file":345,"line":360},282,{"type":209,"name":362,"callback":211,"priority":144,"file":345,"line":363},"admin_head",376,{"type":209,"name":365,"callback":211,"file":345,"line":366},"login_head",380,{"type":209,"name":368,"callback":369,"file":345,"line":370},"admin_head-profile.php","hide_color_scheme_ui",386,{"type":209,"name":372,"callback":369,"file":345,"line":373},"admin_head-user-edit.php",387,{"type":218,"name":375,"callback":211,"priority":376,"file":345,"line":377},"admin_footer_text",9999,394,{"type":218,"name":379,"callback":211,"priority":220,"file":345,"line":380},"gettext",400,{"type":209,"name":362,"callback":211,"file":345,"line":382},407,{"type":209,"name":365,"callback":211,"file":345,"line":384},410,{"type":209,"name":386,"callback":387,"file":388,"line":236},"add_meta_boxes","addFrontendFeaturesMetabox","includes\\features\\frontend-features\\frontend-features-metaboxes.php",{"type":209,"name":390,"callback":391,"file":388,"line":346},"save_post","saveFrontendFeaturesData",{"type":209,"name":223,"callback":393,"file":394,"line":236},"setFrontendFeaturesRestrictionGlobal","includes\\features\\frontend-features\\frontend-features-restrict.php",{"type":218,"name":396,"callback":397,"file":394,"line":346},"body_class","setFrontendBodyClass",{"type":209,"name":399,"callback":400,"file":394,"line":241},"wp_head","setFrontendStyles",{"type":209,"name":402,"callback":403,"file":404,"line":405},"pp_capabilities_frontend_features_frontendelements_before_subsection_tr","fontendElementsForm","includes\\features\\frontend-features\\frontend-features-ui.php",24,{"type":218,"name":407,"callback":408,"file":409,"line":410},"show_admin_bar","__return_false","includes\\features\\restrict-admin-features.php",356,{"type":209,"name":362,"callback":412,"file":409,"line":413},"disableDashboardBarBackend",358,{"type":209,"name":415,"callback":416,"priority":376,"file":409,"line":417},"wp_before_admin_bar_render","disableDashboardBar",360,{"type":209,"name":419,"callback":420,"priority":143,"file":409,"line":421},"wp_dashboard_setup","disableDashboardWidgets",370,{"type":209,"name":423,"callback":420,"priority":143,"file":409,"line":424},"wp_network_dashboard_setup",371,{"type":218,"name":426,"callback":408,"priority":303,"file":409,"line":373},"screen_options_show_screen",{"type":209,"name":362,"callback":428,"priority":303,"file":409,"line":429},"contextual_help_list_remove",390,{"type":218,"name":375,"callback":431,"priority":303,"file":409,"line":432},"__return_empty_string",393,{"type":218,"name":434,"callback":408,"priority":303,"file":409,"line":435},"update_footer",396,{"type":218,"name":437,"callback":211,"file":438,"line":439},"wp_default_editor","includes\\features\\restrict-editor-features.php",286,{"type":209,"name":362,"callback":441,"priority":144,"file":438,"line":442},"applyRestrictionsClassic",298,{"type":209,"name":362,"callback":444,"priority":144,"file":445,"line":288},"applyProfileRestriction","includes\\features\\restrict-profile-features.php",{"type":209,"name":447,"callback":448,"file":449,"line":450},"_admin_menu","menu_nopriv_workaround_enable","includes\\filters-admin.php",17,{"type":209,"name":286,"callback":452,"file":449,"line":288},"menu_nopriv_workaround_disable",{"type":218,"name":454,"callback":455,"file":449,"line":456},"user_has_cap","admin_menu_caps",27,{"type":218,"name":458,"callback":459,"file":460,"line":461},"woocommerce_duplicate_product_capability","implement_duplicate_product_cap","includes\\filters-woocommerce.php",12,{"type":218,"name":463,"callback":464,"priority":220,"file":465,"line":173},"rest_pre_dispatch","fltRestPreDispatch","includes\\filters-wp_rest_workarounds.php",{"type":218,"name":454,"callback":467,"priority":298,"file":465,"line":468},"fltPublishCapReplacement",22,{"type":218,"name":470,"callback":471,"priority":220,"file":465,"line":405},"wp_insert_post_data","fltInsertPostData",{"type":218,"name":473,"callback":474,"priority":220,"file":465,"line":343},"edit_post_status","fltPostStatus",{"type":218,"name":454,"callback":476,"priority":298,"file":465,"line":236},"fltRegulateUnpublish",{"type":209,"name":478,"callback":479,"file":465,"line":346},"admin_print_styles-post.php","actAdminPrintScripts",{"type":218,"name":481,"callback":482,"priority":298,"file":483,"line":484},"map_meta_cap","_cme_remap_term_meta_cap","includes\\filters.php",29,{"type":209,"name":362,"callback":486,"file":483,"line":487},"_cme_publishpress_roles_js",31,{"type":209,"name":489,"callback":490,"file":483,"line":491},"publishpress_capabilities_loaded","_cme_migrate_pp_options",54,{"type":218,"name":493,"callback":494,"priority":220,"file":495,"line":496},"use_block_editor_for_post_type","_disable_block_editor_for_navigation_post_type","includes\\functions-admin.php",110,{"type":218,"name":493,"callback":494,"priority":220,"file":495,"line":498},160,{"type":209,"name":500,"callback":501,"priority":298,"file":502,"line":503},"registered_post_type","_cme_post_type_late_reg","includes\\functions.php",66,{"type":209,"name":505,"callback":506,"priority":298,"file":502,"line":507},"registered_taxonomy","_cme_taxonomy_late_reg",67,{"type":209,"name":336,"callback":509,"priority":376,"file":502,"line":510},"ppc_features_get_admin_bar_nodes",264,{"type":209,"name":415,"callback":509,"priority":376,"file":502,"line":512},265,{"type":209,"name":223,"callback":514,"priority":303,"file":502,"line":515},"ppc_admin_feature_restrictions",278,{"type":209,"name":223,"callback":517,"file":502,"line":518},"ppc_test_user_init",291,{"type":209,"name":223,"callback":520,"file":502,"line":521},"ppc_admin_notices_init",304,{"type":209,"name":281,"callback":523,"file":502,"line":524},"ppc_role_redirect_after_registration",344,{"type":218,"name":526,"callback":526,"priority":93,"file":502,"line":424},"woocommerce_registration_redirect",{"type":218,"name":528,"callback":529,"priority":220,"file":502,"line":530},"login_redirect","ppc_roles_login_redirect",425,{"type":218,"name":532,"callback":533,"priority":220,"file":502,"line":534},"woocommerce_login_redirect","ppc_roles_woocommerce_login_redirect",478,{"type":209,"name":536,"callback":537,"file":502,"line":538},"wp_footer","ppc_roles_last_visited_page_cookie",511,{"type":218,"name":540,"callback":541,"priority":220,"file":502,"line":542},"logout_redirect","ppc_roles_logout_redirect",542,{"type":218,"name":544,"callback":545,"priority":144,"file":502,"line":546},"wp_authenticate_user","ppc_roles_wp_authenticate_user",572,{"type":218,"name":548,"callback":549,"priority":259,"file":502,"line":550},"woocommerce_prevent_admin_access","ppc_roles_disable_woocommerce_admin_restrictions",595,{"type":218,"name":552,"callback":549,"priority":259,"file":502,"line":553},"woocommerce_disable_admin_bar",596,{"type":218,"name":555,"callback":556,"priority":143,"file":502,"line":557},"wp_get_nav_menu_items","pp_capabilities_nav_menu_permission",1069,{"type":218,"name":559,"callback":560,"priority":303,"file":502,"line":561},"block_core_navigation_render_inner_blocks","pp_capabilities_fse_nav_menu_permission",1253,{"type":209,"name":399,"callback":211,"file":502,"line":563},1385,{"type":209,"name":565,"callback":566,"file":502,"line":567},"parse_query","pp_capabilities_nav_menu_access",1409,{"type":209,"name":569,"callback":211,"file":570,"line":571},"all_admin_notices","includes\\handler.php",118,{"type":209,"name":223,"callback":573,"file":574,"line":575},"cme_update_pp_usage","includes\\manager.php",36,{"type":209,"name":223,"callback":211,"priority":144,"file":574,"line":577},146,{"type":209,"name":286,"callback":579,"priority":298,"file":574,"line":580},"adminMenus",155,{"type":209,"name":582,"callback":583,"file":574,"line":225},"admin_print_styles","adminStyles",{"type":209,"name":265,"callback":585,"file":574,"line":232},"adminScriptsPP",{"type":209,"name":223,"callback":587,"file":574,"line":588},"initRolesAdmin",164,{"type":209,"name":238,"callback":590,"file":574,"line":591},"processExport",175,{"type":209,"name":238,"callback":593,"file":574,"line":594},"profileFeaturesCaptureRedirect",178,{"type":209,"name":238,"callback":596,"file":574,"line":597},"initPluginCapabilities",181,{"type":218,"name":599,"callback":600,"file":574,"line":515},"editable_roles","filterEditRoles",{"type":218,"name":481,"callback":602,"priority":220,"file":574,"line":603},"filterUserEdit",281,{"type":209,"name":286,"callback":605,"priority":288,"file":574,"line":606},"cme_menu",373,{"type":218,"name":608,"callback":211,"file":574,"line":609},"manage_capabilities_page_pp-capabilities-roles_columns",507,{"type":209,"name":611,"callback":612,"file":613,"line":278},"wpmu_new_blog","_cme_new_blog","includes\\network.php",{"type":218,"name":615,"callback":211,"file":616,"line":334},"cme_plugin_capabilities","includes\\plugin-capabilities\\all-in-one-seo-pack.php",{"type":218,"name":615,"callback":211,"file":618,"line":334},"includes\\plugin-capabilities\\amp.php",{"type":218,"name":615,"callback":211,"file":620,"line":334},"includes\\plugin-capabilities\\backwpup.php",{"type":218,"name":615,"callback":211,"file":622,"line":334},"includes\\plugin-capabilities\\bbpress.php",{"type":218,"name":615,"callback":211,"file":624,"line":334},"includes\\plugin-capabilities\\betterdocs.php",{"type":218,"name":615,"callback":211,"file":626,"line":334},"includes\\plugin-capabilities\\buddypress.php",{"type":218,"name":615,"callback":211,"file":628,"line":334},"includes\\plugin-capabilities\\download-monitor.php",{"type":218,"name":615,"callback":211,"file":630,"line":334},"includes\\plugin-capabilities\\duplicate-post.php",{"type":218,"name":615,"callback":211,"file":632,"line":334},"includes\\plugin-capabilities\\fluent-forms.php",{"type":218,"name":615,"callback":211,"file":634,"line":334},"includes\\plugin-capabilities\\fluentform.php",{"type":218,"name":615,"callback":211,"file":636,"line":334},"includes\\plugin-capabilities\\formidable.php",{"type":218,"name":615,"callback":211,"file":638,"line":334},"includes\\plugin-capabilities\\forminator.php",{"type":218,"name":615,"callback":211,"file":640,"line":334},"includes\\plugin-capabilities\\give.php",{"type":218,"name":615,"callback":211,"file":642,"line":334},"includes\\plugin-capabilities\\google-site-kit.php",{"type":218,"name":615,"callback":211,"file":644,"line":334},"includes\\plugin-capabilities\\gravityforms.php",{"type":218,"name":615,"callback":211,"file":646,"line":334},"includes\\plugin-capabilities\\gravityview.php",{"type":218,"name":615,"callback":211,"file":648,"line":334},"includes\\plugin-capabilities\\instagram-feed.php",{"type":218,"name":615,"callback":211,"file":650,"line":334},"includes\\plugin-capabilities\\loco-translate.php",{"type":218,"name":615,"callback":211,"file":652,"line":334},"includes\\plugin-capabilities\\mailoptin.php",{"type":218,"name":615,"callback":211,"file":654,"line":334},"includes\\plugin-capabilities\\mailpoet.php",{"type":218,"name":615,"callback":211,"file":656,"line":334},"includes\\plugin-capabilities\\nextgen-gallery.php",{"type":218,"name":615,"callback":211,"file":658,"line":659},"includes\\plugin-capabilities\\publishpress.php",13,{"type":218,"name":615,"callback":211,"file":661,"line":334},"includes\\plugin-capabilities\\query-monitor.php",{"type":218,"name":615,"callback":211,"file":663,"line":334},"includes\\plugin-capabilities\\seo-by-rank-math.php",{"type":218,"name":615,"callback":211,"file":665,"line":334},"includes\\plugin-capabilities\\sfwd-lms.php",{"type":218,"name":615,"callback":211,"file":667,"line":334},"includes\\plugin-capabilities\\smart-slider-3.php",{"type":218,"name":615,"callback":211,"file":669,"line":334},"includes\\plugin-capabilities\\squirrly-seo.php",{"type":218,"name":615,"callback":211,"file":671,"line":334},"includes\\plugin-capabilities\\strong-testimonials.php",{"type":218,"name":615,"callback":211,"file":673,"line":334},"includes\\plugin-capabilities\\sunshine-photo-cart.php",{"type":218,"name":615,"callback":211,"file":675,"line":334},"includes\\plugin-capabilities\\wordfence-login-security.php",{"type":218,"name":615,"callback":211,"file":677,"line":334},"includes\\plugin-capabilities\\wordfence.php",{"type":218,"name":615,"callback":211,"file":679,"line":334},"includes\\plugin-capabilities\\wordpress-seo.php",{"type":218,"name":615,"callback":211,"file":681,"line":334},"includes\\plugin-capabilities\\wp-seopress.php",{"type":218,"name":615,"callback":262,"file":683,"line":173},"includes\\plugin-capabilities.php",{"type":218,"name":615,"callback":685,"file":683,"line":339},"cme_multiple_authors_capabilities",{"type":218,"name":615,"callback":687,"file":683,"line":343},"cme_presspermit_capabilities",{"type":218,"name":615,"callback":689,"file":683,"line":456},"cme_gravityforms_capabilities",{"type":218,"name":615,"callback":691,"file":683,"line":484},"cme_wpml_capabilities",{"type":218,"name":615,"callback":693,"file":683,"line":487},"cme_wsform_capabilities",{"type":218,"name":615,"callback":695,"file":683,"line":696},"cme_taxopress_capabilities",33,{"type":218,"name":615,"callback":698,"file":683,"line":699},"cme_woocommerce_capabilities",35,{"type":218,"name":615,"callback":701,"file":683,"line":702},"cme_echo_knowledge_base_capabilities",37,{"type":218,"name":615,"callback":704,"file":683,"line":248},"cme_yoast_seo_capabilities",{"type":209,"name":223,"callback":211,"file":706,"line":278},"includes\\settings-handler.php",{"type":218,"name":708,"callback":709,"priority":220,"file":710,"line":110},"user_row_actions","adminUsersRowActions","includes\\test-user-ui.php",{"type":209,"name":712,"callback":713,"file":710,"line":220},"personal_options","adminUserEditAction",{"type":209,"name":715,"callback":716,"priority":278,"file":710,"line":659},"wp_enqueue_scripts","adminBarScripts",{"type":209,"name":265,"callback":716,"priority":278,"file":710,"line":718},14,{"type":209,"name":536,"callback":720,"file":710,"line":721},"switchBackNotice",16,{"type":209,"name":569,"callback":720,"file":710,"line":450},{"type":209,"name":415,"callback":724,"priority":144,"file":710,"line":725},"adminBarSearch",19,{"type":209,"name":727,"callback":728,"file":729,"line":173},"wp_logout","clearTestUserCookie","includes\\test-user.php",{"type":209,"name":731,"callback":728,"file":729,"line":468},"wp_login",{"type":218,"name":733,"callback":734,"priority":220,"file":735,"line":271},"pp_capabilities_sub_menu_lists","actCapabilitiesSubmenus","includes-core\\CoreAdmin.php",{"type":209,"name":737,"callback":738,"file":735,"line":739},"pp_capabilities_features_gutenberg_after_table_tr","metaboxesPromo",59,{"type":209,"name":741,"callback":738,"file":735,"line":742},"pp_capabilities_features_classic_after_table_tr",60,{"type":218,"name":744,"callback":745,"priority":260,"file":735,"line":183},"pp_capabilities_admin_features_elements","adminFeaturesElements",{"type":218,"name":747,"callback":748,"file":735,"line":155},"pp_capabilities_admin_features_icons","adminFeatureIcons",{"type":218,"name":750,"callback":751,"file":735,"line":284},"pp_capabilities_admin_features_titles","adminFeatureTitles",{"type":209,"name":753,"callback":754,"file":735,"line":503},"pp_capabilities_admin_features_blockedbyurl_before_subsection_tr","adminFeaturePromo",{"type":209,"name":756,"callback":754,"file":735,"line":507},"pp_capabilities_admin_features_hidecsselement_before_subsection_tr",{"type":209,"name":758,"callback":759,"file":735,"line":760},"pp_capabilities_frontend_features_pages","frontendFeaturesPagesPromo",70,{"type":209,"name":762,"callback":763,"file":735,"line":764},"pp_capabilities_frontend_features_metabox_post_types","frontendFeaturesPromo",73,{"type":218,"name":766,"callback":767,"file":735,"line":768},"pp_capabilities_dashboard_features","addFeaturesPromotoDashboard",75,[770,775,778,781,785,788,791,794,798,801,804,807],{"action":771,"nopriv":772,"callback":773,"hasNonce":774,"hasCapCheck":774,"file":235,"line":696},"save_dashboard_feature_by_ajax",false,"saveDashboardFeature",true,{"action":776,"nopriv":772,"callback":777,"hasNonce":774,"hasCapCheck":774,"file":235,"line":575},"ppc_update_admin_feature_settings","ajaxUpdateAdminFeatureSettings",{"action":779,"nopriv":772,"callback":780,"hasNonce":774,"hasCapCheck":772,"file":333,"line":456},"ppc_admin_notice_action","adminNoticeAjaxHandler",{"action":782,"nopriv":772,"callback":783,"hasNonce":774,"hasCapCheck":774,"file":784,"line":346},"ppc_submit_frontend_element_by_ajax","frontendElementNewEntryAjaxHandler","includes\\features\\frontend-features\\frontend-features-action.php",{"action":786,"nopriv":772,"callback":787,"hasNonce":774,"hasCapCheck":774,"file":784,"line":241},"ppc_delete_frontend_feature_item_by_ajax","frontendFeaturesDeleteItemAjaxHandler",{"action":789,"nopriv":772,"callback":790,"hasNonce":774,"hasCapCheck":772,"file":445,"line":718},"ppc_update_profile_features_element_by_ajax","profileElementUpdateAjaxHandler",{"action":792,"nopriv":772,"callback":793,"hasNonce":774,"hasCapCheck":774,"file":445,"line":721},"ppc_set_profile_features_role","setProfileFeaturesRoleAccess",{"action":795,"nopriv":772,"callback":796,"hasNonce":772,"hasCapCheck":772,"file":574,"line":797},"pp-roles-add-role","handleRolesAjax",166,{"action":799,"nopriv":772,"callback":796,"hasNonce":772,"hasCapCheck":772,"file":574,"line":800},"pp-roles-delete-role",167,{"action":802,"nopriv":772,"callback":796,"hasNonce":772,"hasCapCheck":772,"file":574,"line":803},"pp-roles-hide-role",170,{"action":805,"nopriv":772,"callback":796,"hasNonce":772,"hasCapCheck":772,"file":574,"line":806},"pp-roles-unhide-role",171,{"action":808,"nopriv":772,"callback":809,"hasNonce":774,"hasCapCheck":774,"file":710,"line":173},"ppc_search_test_user_by_ajax","searchTestUsers",[],[],[],{"dangerousFunctions":814,"sqlUsage":815,"outputEscaping":834,"fileOperations":144,"externalRequests":29,"nonceChecks":1112,"capabilityChecks":1113,"bundledLibraries":1114},[],{"prepared":110,"raw":816,"locations":817},7,[818,822,825,827,828,830,833],{"file":819,"line":820,"context":821},"includes\\backup.php",34,"$wpdb->get_results() with variable interpolation",{"file":502,"line":823,"context":824},135,"$wpdb->get_col() with variable interpolation",{"file":570,"line":108,"context":826},"$wpdb->query() with variable interpolation",{"file":570,"line":496,"context":826},{"file":570,"line":829,"context":824},295,{"file":574,"line":831,"context":832},319,"$wpdb->get_var() with variable interpolation",{"file":574,"line":413,"context":832},{"escaped":835,"rawEcho":836,"locations":837},1112,144,[838,840,843,845,847,849,851,853,855,857,859,861,863,865,866,868,870,871,873,875,877,879,881,882,884,885,887,889,891,893,895,896,898,900,902,904,905,907,909,911,913,915,917,919,920,922,924,926,927,929,931,933,935,937,939,941,943,945,947,949,951,953,954,956,958,960,962,964,966,969,971,972,973,975,976,978,980,982,985,987,989,991,992,994,996,998,1001,1003,1005,1008,1010,1012,1014,1016,1018,1020,1022,1024,1026,1028,1030,1032,1034,1036,1038,1039,1041,1043,1044,1046,1047,1049,1051,1053,1056,1058,1060,1062,1064,1067,1069,1071,1073,1075,1077,1080,1082,1083,1085,1086,1087,1089,1091,1093,1095,1097,1099,1101,1103,1104,1106,1107,1108,1110],{"file":212,"line":108,"context":839},"raw output",{"file":841,"line":842,"context":839},"includes\\admin.php",107,{"file":841,"line":844,"context":839},631,{"file":841,"line":846,"context":839},686,{"file":841,"line":848,"context":839},693,{"file":841,"line":850,"context":839},724,{"file":841,"line":852,"context":839},727,{"file":841,"line":854,"context":839},1005,{"file":841,"line":856,"context":839},1012,{"file":841,"line":858,"context":839},1089,{"file":841,"line":860,"context":839},1090,{"file":841,"line":862,"context":839},1092,{"file":841,"line":864,"context":839},1105,{"file":841,"line":864,"context":839},{"file":841,"line":867,"context":839},1160,{"file":841,"line":869,"context":839},1187,{"file":841,"line":869,"context":839},{"file":841,"line":872,"context":839},1205,{"file":841,"line":874,"context":839},1208,{"file":841,"line":876,"context":839},1209,{"file":841,"line":878,"context":839},1211,{"file":841,"line":880,"context":839},1224,{"file":841,"line":880,"context":839},{"file":841,"line":883,"context":839},1233,{"file":841,"line":883,"context":839},{"file":841,"line":886,"context":839},1264,{"file":841,"line":888,"context":839},1267,{"file":841,"line":890,"context":839},1268,{"file":841,"line":892,"context":839},1270,{"file":841,"line":894,"context":839},1283,{"file":841,"line":894,"context":839},{"file":841,"line":897,"context":839},1345,{"file":841,"line":899,"context":839},1346,{"file":841,"line":901,"context":839},1354,{"file":841,"line":903,"context":839},1379,{"file":841,"line":903,"context":839},{"file":841,"line":906,"context":839},1395,{"file":841,"line":908,"context":839},1457,{"file":841,"line":910,"context":839},1508,{"file":841,"line":912,"context":839},1511,{"file":841,"line":914,"context":839},1512,{"file":841,"line":916,"context":839},1514,{"file":841,"line":918,"context":839},1522,{"file":841,"line":918,"context":839},{"file":841,"line":921,"context":839},1617,{"file":841,"line":923,"context":839},1619,{"file":841,"line":925,"context":839},1660,{"file":841,"line":925,"context":839},{"file":841,"line":928,"context":839},1849,{"file":841,"line":930,"context":839},1852,{"file":841,"line":932,"context":839},1856,{"file":841,"line":934,"context":839},1864,{"file":841,"line":936,"context":839},1868,{"file":841,"line":938,"context":839},1872,{"file":841,"line":940,"context":839},1876,{"file":841,"line":942,"context":839},1880,{"file":841,"line":944,"context":839},1884,{"file":841,"line":946,"context":839},1892,{"file":841,"line":948,"context":839},1985,{"file":841,"line":950,"context":839},1988,{"file":841,"line":952,"context":839},1991,{"file":819,"line":518,"context":839},{"file":819,"line":955,"context":839},292,{"file":957,"line":108,"context":839},"includes\\features\\admin-features.php",{"file":957,"line":959,"context":839},127,{"file":957,"line":961,"context":839},429,{"file":957,"line":963,"context":839},435,{"file":957,"line":965,"context":839},488,{"file":967,"line":968,"context":839},"includes\\features\\admin-styles\\admin-styles-css.php",1190,{"file":970,"line":742,"context":839},"includes\\features\\admin-styles\\admin-styles-ui.php",{"file":970,"line":213,"context":839},{"file":970,"line":97,"context":839},{"file":970,"line":974,"context":839},87,{"file":970,"line":320,"context":839},{"file":345,"line":977,"context":839},263,{"file":979,"line":144,"context":839},"includes\\features\\editor-features-classic.php",{"file":981,"line":144,"context":839},"includes\\features\\editor-features-gutenberg.php",{"file":983,"line":984,"context":839},"includes\\features\\editor-features.php",93,{"file":983,"line":986,"context":839},336,{"file":983,"line":988,"context":839},398,{"file":394,"line":990,"context":839},195,{"file":404,"line":154,"context":839},{"file":404,"line":993,"context":839},88,{"file":404,"line":995,"context":839},117,{"file":404,"line":997,"context":839},285,{"file":999,"line":1000,"context":839},"includes\\features\\frontend-features\\frontend-features.php",124,{"file":999,"line":1002,"context":839},305,{"file":999,"line":1004,"context":839},364,{"file":1006,"line":1007,"context":839},"includes\\features\\nav-menus.php",251,{"file":1006,"line":1009,"context":839},254,{"file":1006,"line":1011,"context":839},323,{"file":1006,"line":1013,"context":839},384,{"file":1015,"line":216,"context":839},"includes\\features\\profile-features.php",{"file":1015,"line":1017,"context":839},271,{"file":1015,"line":1019,"context":839},324,{"file":502,"line":1021,"context":839},669,{"file":502,"line":1023,"context":839},676,{"file":502,"line":1025,"context":839},707,{"file":502,"line":1027,"context":839},712,{"file":502,"line":1029,"context":839},714,{"file":502,"line":1031,"context":839},723,{"file":502,"line":1033,"context":839},725,{"file":502,"line":1035,"context":839},1389,{"file":502,"line":1037,"context":839},1397,{"file":574,"line":903,"context":839},{"file":574,"line":1040,"context":839},1528,{"file":1042,"line":571,"context":839},"includes\\pp-ui.php",{"file":1042,"line":806,"context":839},{"file":1042,"line":1045,"context":839},230,{"file":1042,"line":1017,"context":839},{"file":1042,"line":1048,"context":839},311,{"file":1042,"line":1050,"context":839},350,{"file":1052,"line":725,"context":839},"includes\\publishpress-roles.php",{"file":1054,"line":1055,"context":839},"includes\\redirects\\redirects.php",134,{"file":1054,"line":1057,"context":839},214,{"file":1054,"line":1059,"context":839},226,{"file":1054,"line":1061,"context":839},361,{"file":1054,"line":1063,"context":839},379,{"file":1065,"line":1066,"context":839},"includes\\roles\\class\\class-pp-roles-admin.php",443,{"file":1065,"line":1068,"context":839},627,{"file":1065,"line":1070,"context":839},628,{"file":1065,"line":1072,"context":839},638,{"file":1065,"line":1074,"context":839},680,{"file":1065,"line":1076,"context":839},683,{"file":1078,"line":1079,"context":839},"includes\\roles\\class\\class-pp-roles-list-table.php",151,{"file":1081,"line":739,"context":839},"includes\\settings-ui.php",{"file":1081,"line":768,"context":839},{"file":1081,"line":1084,"context":839},91,{"file":1081,"line":304,"context":839},{"file":1081,"line":320,"context":839},{"file":1081,"line":1088,"context":839},152,{"file":1081,"line":1090,"context":839},168,{"file":1081,"line":1092,"context":839},189,{"file":1081,"line":1094,"context":839},205,{"file":1081,"line":1096,"context":839},221,{"file":1081,"line":1098,"context":839},275,{"file":1081,"line":1100,"context":839},329,{"file":1081,"line":1102,"context":839},444,{"file":710,"line":1098,"context":839},{"file":1105,"line":491,"context":839},"includes-core\\admin-menus-promo.php",{"file":1105,"line":267,"context":839},{"file":1105,"line":122,"context":839},{"file":1105,"line":1109,"context":839},136,{"file":1105,"line":1111,"context":839},139,42,84,[1115],{"name":1116,"version":38,"knownCves":1117},"jQuery",[],[1119,1156,1167,1177,1197,1208,1220,1234,1244,1253,1262,1270,1287,1300,1320,1337,1354,1365,1382,1399,1416,1426,1445,1461,1514,1522,1533,1543,1551,1568,1576,1585,1593,1613,1624],{"entryPoint":1120,"graph":1121,"unsanitizedCount":28,"severity":56},"search_box (includes\\roles\\class\\class-pp-roles-list-table.php:568)",{"nodes":1122,"edges":1151},[1123,1128,1133,1137,1139,1143,1145,1149],{"id":1124,"type":1125,"label":1126,"file":1078,"line":1127},"n0","source","$_REQUEST['orderby']",577,{"id":1129,"type":1130,"label":1131,"file":1078,"line":1127,"wp_function":1132},"n1","sink","echo() [XSS]","echo",{"id":1134,"type":1125,"label":1135,"file":1078,"line":1136},"n2","$_REQUEST['order']",580,{"id":1138,"type":1130,"label":1131,"file":1078,"line":1136,"wp_function":1132},"n3",{"id":1140,"type":1125,"label":1141,"file":1078,"line":1142},"n4","$_REQUEST['page']",583,{"id":1144,"type":1130,"label":1131,"file":1078,"line":1142,"wp_function":1132},"n5",{"id":1146,"type":1125,"label":1147,"file":1078,"line":1148},"n6","$_REQUEST['view']",586,{"id":1150,"type":1130,"label":1131,"file":1078,"line":1148,"wp_function":1132},"n7",[1152,1153,1154,1155],{"from":1124,"to":1129,"sanitized":772},{"from":1134,"to":1138,"sanitized":772},{"from":1140,"to":1144,"sanitized":772},{"from":1146,"to":1150,"sanitized":772},{"entryPoint":1157,"graph":1158,"unsanitizedCount":29,"severity":1166},"\u003Cadmin-load> (includes\\admin-load.php:0)",{"nodes":1159,"edges":1164},[1160,1162],{"id":1124,"type":1125,"label":1161,"file":235,"line":417},"$_GET",{"id":1129,"type":1130,"label":1131,"file":235,"line":1163,"wp_function":1132},784,[1165],{"from":1124,"to":1129,"sanitized":774},"low",{"entryPoint":1168,"graph":1169,"unsanitizedCount":29,"severity":1166},"\u003Cadmin> (includes\\admin.php:0)",{"nodes":1170,"edges":1175},[1171,1174],{"id":1124,"type":1125,"label":1172,"file":841,"line":1173},"$_REQUEST",120,{"id":1129,"type":1130,"label":1131,"file":841,"line":1000,"wp_function":1132},[1176],{"from":1124,"to":1129,"sanitized":774},{"entryPoint":1178,"graph":1179,"unsanitizedCount":29,"severity":1166},"processBackupTool (includes\\backup-handler.php:25)",{"nodes":1180,"edges":1194},[1181,1185,1188,1191],{"id":1124,"type":1125,"label":1182,"file":1183,"line":1184},"$_POST","includes\\backup-handler.php",126,{"id":1129,"type":1130,"label":1186,"file":1183,"line":959,"wp_function":1187},"update_option() [Settings Manipulation]","update_option",{"id":1134,"type":1125,"label":1189,"file":1183,"line":1190},"$_FILES",156,{"id":1138,"type":1130,"label":1192,"file":1183,"line":803,"wp_function":1193},"file_get_contents() [SSRF\u002FLFI]","file_get_contents",[1195,1196],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":774},{"entryPoint":1198,"graph":1199,"unsanitizedCount":29,"severity":1166},"\u003Cbackup-handler> (includes\\backup-handler.php:0)",{"nodes":1200,"edges":1205},[1201,1202,1203,1204],{"id":1124,"type":1125,"label":1182,"file":1183,"line":1184},{"id":1129,"type":1130,"label":1186,"file":1183,"line":959,"wp_function":1187},{"id":1134,"type":1125,"label":1189,"file":1183,"line":1190},{"id":1138,"type":1130,"label":1192,"file":1183,"line":803,"wp_function":1193},[1206,1207],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":774},{"entryPoint":1209,"graph":1210,"unsanitizedCount":144,"severity":1166},"\u003Cadmin-features> (includes\\features\\admin-features.php:0)",{"nodes":1211,"edges":1217},[1212,1214,1215,1216],{"id":1124,"type":1125,"label":1172,"file":957,"line":1213},38,{"id":1129,"type":1130,"label":1131,"file":957,"line":260,"wp_function":1132},{"id":1134,"type":1125,"label":1172,"file":957,"line":1213},{"id":1138,"type":1130,"label":1131,"file":957,"line":961,"wp_function":1132},[1218,1219],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":772},{"entryPoint":1221,"graph":1222,"unsanitizedCount":144,"severity":1166},"handle_form_submission (includes\\features\\admin-styles\\admin-styles.php:436)",{"nodes":1223,"edges":1231},[1224,1226,1229],{"id":1124,"type":1125,"label":1182,"file":345,"line":1225},510,{"id":1129,"type":1227,"label":1228,"file":345,"line":1225},"transform","→ set_current_role()",{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},299,[1232,1233],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"entryPoint":1235,"graph":1236,"unsanitizedCount":144,"severity":1166},"\u003Cadmin-styles> (includes\\features\\admin-styles\\admin-styles.php:0)",{"nodes":1237,"edges":1241},[1238,1239,1240],{"id":1124,"type":1125,"label":1182,"file":345,"line":1225},{"id":1129,"type":1227,"label":1228,"file":345,"line":1225},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1242,1243],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"entryPoint":1245,"graph":1246,"unsanitizedCount":29,"severity":1166},"\u003Ceditor-features> (includes\\features\\editor-features.php:0)",{"nodes":1247,"edges":1251},[1248,1249],{"id":1124,"type":1125,"label":1172,"file":983,"line":271},{"id":1129,"type":1130,"label":1131,"file":983,"line":1250,"wp_function":1132},74,[1252],{"from":1124,"to":1129,"sanitized":774},{"entryPoint":1254,"graph":1255,"unsanitizedCount":144,"severity":1166},"\u003Cfrontend-features> (includes\\features\\frontend-features\\frontend-features.php:0)",{"nodes":1256,"edges":1260},[1257,1259],{"id":1124,"type":1125,"label":1172,"file":999,"line":1258},48,{"id":1129,"type":1130,"label":1131,"file":999,"line":1002,"wp_function":1132},[1261],{"from":1124,"to":1129,"sanitized":772},{"entryPoint":1263,"graph":1264,"unsanitizedCount":144,"severity":1166},"\u003Cnav-menus> (includes\\features\\nav-menus.php:0)",{"nodes":1265,"edges":1268},[1266,1267],{"id":1124,"type":1125,"label":1172,"file":1006,"line":487},{"id":1129,"type":1130,"label":1131,"file":1006,"line":1011,"wp_function":1132},[1269],{"from":1124,"to":1129,"sanitized":772},{"entryPoint":1271,"graph":1272,"unsanitizedCount":144,"severity":1166},"processAdminGeneral (includes\\handler.php:24)",{"nodes":1273,"edges":1283},[1274,1275,1279,1281,1282],{"id":1124,"type":1125,"label":1182,"file":570,"line":304},{"id":1129,"type":1130,"label":1276,"file":570,"line":1277,"wp_function":1278},"wp_redirect() [Open Redirect]",115,"wp_redirect",{"id":1134,"type":1125,"label":1182,"file":570,"line":1280},46,{"id":1138,"type":1227,"label":1228,"file":570,"line":1280},{"id":1140,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1284,1285,1286],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"entryPoint":1288,"graph":1289,"unsanitizedCount":144,"severity":1166},"\u003Chandler> (includes\\handler.php:0)",{"nodes":1290,"edges":1296},[1291,1292,1293,1294,1295],{"id":1124,"type":1125,"label":1182,"file":570,"line":304},{"id":1129,"type":1130,"label":1276,"file":570,"line":1277,"wp_function":1278},{"id":1134,"type":1125,"label":1182,"file":570,"line":1280},{"id":1138,"type":1227,"label":1228,"file":570,"line":1280},{"id":1140,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1297,1298,1299],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"entryPoint":1301,"graph":1302,"unsanitizedCount":1319,"severity":1166},"ManageEditorFeatures (includes\\manager.php:564)",{"nodes":1303,"edges":1314},[1304,1307,1308,1309,1312,1313],{"id":1124,"type":1125,"label":1305,"file":574,"line":1306},"$_REQUEST['role']",575,{"id":1129,"type":1227,"label":1228,"file":574,"line":1306},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},{"id":1138,"type":1125,"label":1310,"file":574,"line":1311},"$_POST['ppc-editor-features-role']",591,{"id":1140,"type":1227,"label":1228,"file":574,"line":1311},{"id":1144,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1315,1316,1317,1318],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"from":1140,"to":1144,"sanitized":772},2,{"entryPoint":1321,"graph":1322,"unsanitizedCount":1319,"severity":1166},"ManageAdminFeatures (includes\\manager.php:637)",{"nodes":1323,"edges":1332},[1324,1326,1327,1328,1330,1331],{"id":1124,"type":1125,"label":1305,"file":574,"line":1325},648,{"id":1129,"type":1227,"label":1228,"file":574,"line":1325},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},{"id":1138,"type":1125,"label":1182,"file":574,"line":1329},666,{"id":1140,"type":1227,"label":1228,"file":574,"line":1329},{"id":1144,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1333,1334,1335,1336],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"from":1140,"to":1144,"sanitized":772},{"entryPoint":1338,"graph":1339,"unsanitizedCount":1319,"severity":1166},"ManageFrontendFeatures (includes\\manager.php:690)",{"nodes":1340,"edges":1349},[1341,1343,1344,1345,1347,1348],{"id":1124,"type":1125,"label":1305,"file":574,"line":1342},701,{"id":1129,"type":1227,"label":1228,"file":574,"line":1342},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},{"id":1138,"type":1125,"label":1182,"file":574,"line":1346},719,{"id":1140,"type":1227,"label":1228,"file":574,"line":1346},{"id":1144,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1350,1351,1352,1353],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"from":1140,"to":1144,"sanitized":772},{"entryPoint":1355,"graph":1356,"unsanitizedCount":144,"severity":1166},"ManageAdminStyles (includes\\manager.php:738)",{"nodes":1357,"edges":1362},[1358,1360,1361],{"id":1124,"type":1125,"label":1305,"file":574,"line":1359},749,{"id":1129,"type":1227,"label":1228,"file":574,"line":1359},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1363,1364],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"entryPoint":1366,"graph":1367,"unsanitizedCount":1319,"severity":1166},"ManageNavMenus (includes\\manager.php:769)",{"nodes":1368,"edges":1377},[1369,1371,1372,1373,1375,1376],{"id":1124,"type":1125,"label":1305,"file":574,"line":1370},780,{"id":1129,"type":1227,"label":1228,"file":574,"line":1370},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},{"id":1138,"type":1125,"label":1182,"file":574,"line":1374},798,{"id":1140,"type":1227,"label":1228,"file":574,"line":1374},{"id":1144,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1378,1379,1380,1381],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"from":1140,"to":1144,"sanitized":772},{"entryPoint":1383,"graph":1384,"unsanitizedCount":1319,"severity":1166},"ManageProfileFeatures (includes\\manager.php:820)",{"nodes":1385,"edges":1394},[1386,1388,1389,1390,1392,1393],{"id":1124,"type":1125,"label":1305,"file":574,"line":1387},831,{"id":1129,"type":1227,"label":1228,"file":574,"line":1387},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},{"id":1138,"type":1125,"label":1182,"file":574,"line":1391},849,{"id":1140,"type":1227,"label":1228,"file":574,"line":1391},{"id":1144,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1395,1396,1397,1398],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"from":1140,"to":1144,"sanitized":772},{"entryPoint":1400,"graph":1401,"unsanitizedCount":1319,"severity":1166},"ManageRedirects (includes\\manager.php:902)",{"nodes":1402,"edges":1411},[1403,1405,1406,1407,1409,1410],{"id":1124,"type":1125,"label":1305,"file":574,"line":1404},913,{"id":1129,"type":1227,"label":1228,"file":574,"line":1404},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},{"id":1138,"type":1125,"label":1182,"file":574,"line":1408},931,{"id":1140,"type":1227,"label":1228,"file":574,"line":1408},{"id":1144,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1412,1413,1414,1415],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"from":1140,"to":1144,"sanitized":772},{"entryPoint":1417,"graph":1418,"unsanitizedCount":144,"severity":1166},"generalManager (includes\\manager.php:1128)",{"nodes":1419,"edges":1423},[1420,1421,1422],{"id":1124,"type":1125,"label":1172,"file":574,"line":867},{"id":1129,"type":1227,"label":1228,"file":574,"line":867},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1424,1425],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"entryPoint":1427,"graph":1428,"unsanitizedCount":1319,"severity":1166},"processAdminGeneral (includes\\manager.php:1180)",{"nodes":1429,"edges":1440},[1430,1433,1434,1435,1438,1439],{"id":1124,"type":1125,"label":1431,"file":574,"line":1432},"$_POST['role']",1192,{"id":1129,"type":1227,"label":1228,"file":574,"line":1432},{"id":1134,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},{"id":1138,"type":1125,"label":1436,"file":574,"line":1437},"$_POST['current']",1194,{"id":1140,"type":1227,"label":1228,"file":574,"line":1437},{"id":1144,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1441,1442,1443,1444],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"from":1140,"to":1144,"sanitized":772},{"entryPoint":1446,"graph":1447,"unsanitizedCount":144,"severity":1166},"profileFeaturesCaptureRedirect (includes\\manager.php:1406)",{"nodes":1448,"edges":1457},[1449,1451,1453,1455,1456],{"id":1124,"type":1125,"label":1172,"file":574,"line":1450},1417,{"id":1129,"type":1130,"label":1186,"file":574,"line":1452,"wp_function":1187},1490,{"id":1134,"type":1125,"label":1172,"file":574,"line":1454},1418,{"id":1138,"type":1227,"label":1228,"file":574,"line":1454},{"id":1140,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},[1458,1459,1460],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"entryPoint":1462,"graph":1463,"unsanitizedCount":450,"severity":1166},"\u003Cmanager> (includes\\manager.php:0)",{"nodes":1464,"edges":1500},[1465,1466,1467,1469,1470,1471,1472,1473,1474,1477,1479,1481,1484,1486,1488,1490,1492,1494,1496,1498],{"id":1124,"type":1125,"label":1172,"file":574,"line":1450},{"id":1129,"type":1130,"label":1186,"file":574,"line":1452,"wp_function":1187},{"id":1134,"type":1125,"label":1468,"file":574,"line":1306},"$_REQUEST['role'] (x7)",{"id":1138,"type":1227,"label":1228,"file":574,"line":1306},{"id":1140,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},{"id":1144,"type":1125,"label":1310,"file":574,"line":1311},{"id":1146,"type":1227,"label":1228,"file":574,"line":1311},{"id":1150,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},{"id":1475,"type":1125,"label":1476,"file":574,"line":1329},"n8","$_POST (x5)",{"id":1478,"type":1227,"label":1228,"file":574,"line":1329},"n9",{"id":1480,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},"n10",{"id":1482,"type":1125,"label":1483,"file":574,"line":867},"n11","$_REQUEST (x2)",{"id":1485,"type":1227,"label":1228,"file":574,"line":867},"n12",{"id":1487,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},"n13",{"id":1489,"type":1125,"label":1431,"file":574,"line":1432},"n14",{"id":1491,"type":1227,"label":1228,"file":574,"line":1432},"n15",{"id":1493,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},"n16",{"id":1495,"type":1125,"label":1436,"file":574,"line":1437},"n17",{"id":1497,"type":1227,"label":1228,"file":574,"line":1437},"n18",{"id":1499,"type":1130,"label":1186,"file":574,"line":1230,"wp_function":1187},"n19",[1501,1502,1503,1504,1505,1506,1507,1508,1509,1510,1511,1512,1513],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"from":1144,"to":1146,"sanitized":772},{"from":1146,"to":1150,"sanitized":772},{"from":1475,"to":1478,"sanitized":772},{"from":1478,"to":1480,"sanitized":772},{"from":1482,"to":1485,"sanitized":772},{"from":1485,"to":1487,"sanitized":772},{"from":1489,"to":1491,"sanitized":772},{"from":1491,"to":1493,"sanitized":772},{"from":1495,"to":1497,"sanitized":772},{"from":1497,"to":1499,"sanitized":772},{"entryPoint":1515,"graph":1516,"unsanitizedCount":29,"severity":1166},"\u003Credirects> (includes\\redirects\\redirects.php:0)",{"nodes":1517,"edges":1520},[1518,1519],{"id":1124,"type":1125,"label":1172,"file":1054,"line":487},{"id":1129,"type":1130,"label":1131,"file":1054,"line":95,"wp_function":1132},[1521],{"from":1124,"to":1129,"sanitized":774},{"entryPoint":1523,"graph":1524,"unsanitizedCount":29,"severity":1166},"add_role (includes\\roles\\class\\class-pp-roles-actions.php:169)",{"nodes":1525,"edges":1531},[1526,1529],{"id":1124,"type":1125,"label":1172,"file":1527,"line":1528},"includes\\roles\\class\\class-pp-roles-actions.php",196,{"id":1129,"type":1130,"label":1186,"file":1527,"line":1530,"wp_function":1187},272,[1532],{"from":1124,"to":1129,"sanitized":774},{"entryPoint":1534,"graph":1535,"unsanitizedCount":29,"severity":1166},"get_roles_edit_ui (includes\\roles\\class\\class-pp-roles-admin.php:465)",{"nodes":1536,"edges":1541},[1537,1539],{"id":1124,"type":1125,"label":1538,"file":1065,"line":48},"$_GET (x4)",{"id":1129,"type":1130,"label":1131,"file":1065,"line":1540,"wp_function":1132},535,[1542],{"from":1124,"to":1129,"sanitized":774},{"entryPoint":1544,"graph":1545,"unsanitizedCount":29,"severity":1166},"\u003Cclass-pp-roles-admin> (includes\\roles\\class\\class-pp-roles-admin.php:0)",{"nodes":1546,"edges":1549},[1547,1548],{"id":1124,"type":1125,"label":1538,"file":1065,"line":48},{"id":1129,"type":1130,"label":1131,"file":1065,"line":1540,"wp_function":1132},[1550],{"from":1124,"to":1129,"sanitized":774},{"entryPoint":1552,"graph":1553,"unsanitizedCount":29,"severity":1166},"\u003Cclass-pp-roles-list-table> (includes\\roles\\class\\class-pp-roles-list-table.php:0)",{"nodes":1554,"edges":1563},[1555,1556,1557,1558,1559,1560,1561,1562],{"id":1124,"type":1125,"label":1126,"file":1078,"line":1127},{"id":1129,"type":1130,"label":1131,"file":1078,"line":1127,"wp_function":1132},{"id":1134,"type":1125,"label":1135,"file":1078,"line":1136},{"id":1138,"type":1130,"label":1131,"file":1078,"line":1136,"wp_function":1132},{"id":1140,"type":1125,"label":1141,"file":1078,"line":1142},{"id":1144,"type":1130,"label":1131,"file":1078,"line":1142,"wp_function":1132},{"id":1146,"type":1125,"label":1147,"file":1078,"line":1148},{"id":1150,"type":1130,"label":1131,"file":1078,"line":1148,"wp_function":1132},[1564,1565,1566,1567],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":774},{"from":1140,"to":1144,"sanitized":774},{"from":1146,"to":1150,"sanitized":774},{"entryPoint":1569,"graph":1570,"unsanitizedCount":29,"severity":1166},"\u003Csettings-handler> (includes\\settings-handler.php:0)",{"nodes":1571,"edges":1574},[1572,1573],{"id":1124,"type":1125,"label":1182,"file":706,"line":334},{"id":1129,"type":1130,"label":1186,"file":706,"line":468,"wp_function":1187},[1575],{"from":1124,"to":1129,"sanitized":774},{"entryPoint":1577,"graph":1578,"unsanitizedCount":29,"severity":1166},"settingsUI (includes\\settings-ui.php:14)",{"nodes":1579,"edges":1583},[1580,1581],{"id":1124,"type":1125,"label":1172,"file":1081,"line":259},{"id":1129,"type":1130,"label":1131,"file":1081,"line":1582,"wp_function":1132},412,[1584],{"from":1124,"to":1129,"sanitized":774},{"entryPoint":1586,"graph":1587,"unsanitizedCount":29,"severity":1166},"\u003Csettings-ui> (includes\\settings-ui.php:0)",{"nodes":1588,"edges":1591},[1589,1590],{"id":1124,"type":1125,"label":1172,"file":1081,"line":259},{"id":1129,"type":1130,"label":1131,"file":1081,"line":1582,"wp_function":1132},[1592],{"from":1124,"to":1129,"sanitized":774},{"entryPoint":1594,"graph":1595,"unsanitizedCount":144,"severity":41},"edit_role (includes\\roles\\class\\class-pp-roles-actions.php:361)",{"nodes":1596,"edges":1609},[1597,1599,1600,1602,1604],{"id":1124,"type":1125,"label":1598,"file":1527,"line":1066},"$_REQUEST['current_role']",{"id":1129,"type":1130,"label":1186,"file":1527,"line":1066,"wp_function":1187},{"id":1134,"type":1125,"label":1598,"file":1527,"line":1601},385,{"id":1138,"type":1227,"label":1603,"file":1527,"line":1601},"→ delete_role()",{"id":1140,"type":1130,"label":1605,"file":1606,"line":1607,"wp_function":1608},"get_results() [SQLi]","includes\\roles\\class\\class-pp-roles-manager.php",237,"get_results",[1610,1611,1612],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":772},{"from":1138,"to":1140,"sanitized":772},{"entryPoint":1614,"graph":1615,"unsanitizedCount":144,"severity":41},"delete_role (includes\\roles\\class\\class-pp-roles-actions.php:469)",{"nodes":1616,"edges":1621},[1617,1619,1620],{"id":1124,"type":1125,"label":1172,"file":1527,"line":1618},553,{"id":1129,"type":1227,"label":1603,"file":1527,"line":1618},{"id":1134,"type":1130,"label":1605,"file":1606,"line":1607,"wp_function":1608},[1622,1623],{"from":1124,"to":1129,"sanitized":772},{"from":1129,"to":1134,"sanitized":772},{"entryPoint":1625,"graph":1626,"unsanitizedCount":1319,"severity":41},"\u003Cclass-pp-roles-actions> (includes\\roles\\class\\class-pp-roles-actions.php:0)",{"nodes":1627,"edges":1638},[1628,1629,1630,1631,1632,1633,1634,1635,1636,1637],{"id":1124,"type":1125,"label":1172,"file":1527,"line":1528},{"id":1129,"type":1130,"label":1186,"file":1527,"line":1530,"wp_function":1187},{"id":1134,"type":1125,"label":1598,"file":1527,"line":1066},{"id":1138,"type":1130,"label":1186,"file":1527,"line":1066,"wp_function":1187},{"id":1140,"type":1125,"label":1598,"file":1527,"line":1601},{"id":1144,"type":1227,"label":1603,"file":1527,"line":1601},{"id":1146,"type":1130,"label":1605,"file":1606,"line":1607,"wp_function":1608},{"id":1150,"type":1125,"label":1172,"file":1527,"line":1618},{"id":1475,"type":1227,"label":1603,"file":1527,"line":1618},{"id":1478,"type":1130,"label":1605,"file":1606,"line":1607,"wp_function":1608},[1639,1640,1641,1642,1643,1644],{"from":1124,"to":1129,"sanitized":774},{"from":1134,"to":1138,"sanitized":774},{"from":1140,"to":1144,"sanitized":772},{"from":1144,"to":1146,"sanitized":772},{"from":1150,"to":1475,"sanitized":772},{"from":1475,"to":1478,"sanitized":772},{"summary":1646,"deductions":1647},"The capability-manager-enhanced plugin v2.40.0 exhibits a mixed security posture, with several positive indicators but also notable areas of concern. The plugin demonstrates a good understanding of secure coding practices with a high percentage of SQL queries using prepared statements and a strong adherence to output escaping. The significant number of nonce and capability checks (42 and 84 respectively) also suggests an effort to protect against common WordPress attacks.  However, the presence of 4 AJAX handlers without authentication checks is a significant vulnerability that could allow unauthorized users to perform actions. Furthermore, the taint analysis reveals 3 high-severity flows with unsanitized paths, indicating potential for logic flaws or injection vulnerabilities if not carefully handled. The plugin's vulnerability history is a major red flag. With 4 previously disclosed CVEs, including one critical and two high-severity, the plugin has a track record of security issues. The common vulnerability types also point to recurring problems like deserialization, XSS, authorization bypass, and SQL injection. While there are currently no unpatched vulnerabilities, the past indicates a persistent need for vigilance and thorough auditing.  Overall, while the plugin has implemented some good security practices, the identified unprotected AJAX endpoints, critical taint flows, and historical vulnerability patterns necessitate a cautious approach and prompt updates.",[1648,1650,1652],{"reason":1649,"points":110},"Unprotected AJAX handlers",{"reason":1651,"points":461},"High severity unsanitized paths (taint analysis)",{"reason":1653,"points":259},"History of 4 CVEs (1 critical, 2 high)","2026-03-16T17:09:17.024Z",{"wat":1656,"direct":1669},{"assetPaths":1657,"generatorPatterns":1662,"scriptPaths":1663,"versionParams":1664},[1658,1659,1660,1661],"\u002Fwp-content\u002Fplugins\u002Fcapability-manager-enhanced\u002Fassets\u002Fcss\u002Fcapability-manager-enhanced.css","\u002Fwp-content\u002Fplugins\u002Fcapability-manager-enhanced\u002Fassets\u002Fjs\u002Fcapability-manager-enhanced.js","\u002Fwp-content\u002Fplugins\u002Fcapability-manager-enhanced\u002Fassets\u002Fjs\u002Feditor-helpers.js","\u002Fwp-content\u002Fplugins\u002Fcapability-manager-enhanced\u002Fassets\u002Fjs\u002Fpost-editor-helpers.js",[],[1659,1660,1661],[1665,1666,1667,1668],"capability-manager-enhanced\u002Fassets\u002Fcss\u002Fcapability-manager-enhanced.css?ver=","capability-manager-enhanced\u002Fassets\u002Fjs\u002Fcapability-manager-enhanced.js?ver=","capability-manager-enhanced\u002Fassets\u002Fjs\u002Feditor-helpers.js?ver=","capability-manager-enhanced\u002Fassets\u002Fjs\u002Fpost-editor-helpers.js?ver=",{"cssClasses":1670,"htmlComments":1672,"htmlAttributes":1677,"restEndpoints":1679,"jsGlobals":1680,"shortcodeOutput":1682},[1671],"pp-capabilities-admin-ui",[1673,1674,1675,1676],"PublishPress Capabilities [Free]","Admin execution controller: menu registration and other filters and actions that need to be loaded for every wp-admin URL","This module should not include full functions related to our own plugin screens.","Instead, use these filter and action handlers to load other classes when needed.",[1678],"data-capability-manager-enhanced",[],[1681,262],"PP_Capabilities_Admin_UI",[]]