[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxMTt0biv9qVm6-CMtThMMeGk_xn5iBndiO37fJ1Ci4Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":126},"cellarweb-user-profile-access-control","CellarWeb User Profile Access Control","1.01","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>This plugin allows you to block specific users from accessing or changing their user profile.\u003C\u002Fp>\n\u003Cp>A field is added to the user profile page to enable banning that user from editing\u002Fchanging their user profile. User profile edit\u002Fchange is allowed for roles that have \\’edit-user\\’ (administrator, etc); those users will not have the ‘blocking’ option on their user profile page.\u003C\u002Fp>\n\u003Cp>With that field added to the user profile screen, an administrator can set any user to not be able to access their profile settings. Users will see a message that they are unable to edit their profiled.  Administrator-level users will not see that extra field.\u003C\u002Fp>\n\u003Cp>Another option will send an email to the admin whenever a profile is changed. This email will include all fields from the form, including any new password, so your administrator should be careful with that information when received. This is useful for sites that have a ‘generic’ user account that is used by many. You don’t want someone to change that password.\u003C\u002Fp>\n","Allows you to prevent individual users from editing\u002Fchanging their user profile. User profile edit\u002Fchange is allowed (and can't be blocked) for r …",0,1344,"","6.5.8","4.9","7.2",[18],"user-profile-access-control","http:\u002F\u002Fcellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcellarweb-user-profile-access-control.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"rhellewellgmailcom",16,1040,91,30,88,"2026-04-05T02:07:27.994Z",[],{"attackSurface":35,"codeSignals":93,"taintFlows":118,"riskAssessment":119,"analyzedAt":125},{"hooks":36,"ajaxHandlers":89,"restRoutes":90,"shortcodes":91,"cronEvents":92,"entryPointCount":11,"unprotectedCount":11},[37,43,47,50,53,57,59,63,67,71,74,78,82,84],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","admin_init","CWUPAC_disable_plugin","cellarweb-user-profile-access-control.php",48,{"type":38,"name":44,"callback":45,"file":41,"line":46},"admin_notices","CWUPAC_show_notice_disabled_plugin",49,{"type":38,"name":48,"callback":40,"file":41,"line":49},"network_admin_init",50,{"type":38,"name":51,"callback":45,"file":41,"line":52},"network_admin_notices",51,{"type":38,"name":54,"callback":55,"file":41,"line":56},"admin_menu","cellarweb_upac_add_plugin_page",99,{"type":38,"name":39,"callback":58,"file":41,"line":21},"cellarweb_upac_page_init",{"type":38,"name":60,"callback":61,"file":41,"line":62},"personal_options","CWUPAC_profile_ban_field",231,{"type":38,"name":64,"callback":65,"file":41,"line":66},"edit_user_profile_update","CWUPAC_profile_ban_field_save",232,{"type":38,"name":68,"callback":69,"file":41,"line":70},"wp_before_admin_bar_render","CWUPAC_profile_adminbar_remove",234,{"type":38,"name":54,"callback":72,"file":41,"line":73},"CWUPAC_profile_menu_remove",235,{"type":38,"name":75,"callback":76,"file":41,"line":77},"load-profile.php","CWUPAC_profile_banned_check",319,{"type":38,"name":79,"callback":80,"file":41,"line":81},"all_admin_notices","CWUPAC_profile_banned_msg",329,{"type":38,"name":75,"callback":76,"file":41,"line":83},333,{"type":38,"name":85,"callback":86,"priority":87,"file":41,"line":88},"profile_update","CWUPAC_user_profile_update",10,368,[],[],[],[],{"dangerousFunctions":94,"sqlUsage":95,"outputEscaping":97,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":116,"bundledLibraries":117},[],{"prepared":11,"raw":11,"locations":96},[],{"escaped":98,"rawEcho":99,"locations":100},2,7,[101,104,106,108,110,112,114],{"file":41,"line":102,"context":103},70,"raw output",{"file":41,"line":105,"context":103},385,{"file":41,"line":107,"context":103},387,{"file":41,"line":109,"context":103},444,{"file":41,"line":111,"context":103},460,{"file":41,"line":113,"context":103},462,{"file":41,"line":115,"context":103},469,4,[],[],{"summary":120,"deductions":121},"The static analysis of 'cellarweb-user-profile-access-control' v1.01 reveals a plugin with a minimal attack surface and good internal security practices.  The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits potential entry points for attackers. Furthermore, all SQL queries utilize prepared statements, mitigating SQL injection risks. The plugin also demonstrates some level of capability checks within its code. However, a significant concern arises from the low percentage of properly escaped output. With only 22% of identified outputs being properly escaped, there is a substantial risk of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the user interface.\n\nThe vulnerability history for this plugin is currently clean, with no recorded CVEs. This absence of past vulnerabilities, combined with the good internal practices observed in the code, suggests a generally well-maintained plugin. However, the low output escaping rate remains a critical weakness that could lead to vulnerabilities despite the lack of historical issues. The plugin's strengths lie in its limited attack surface and secure database interaction, while its primary weakness is the insufficient sanitization of output, posing a direct risk of XSS.",[122],{"reason":123,"points":124},"Low percentage of properly escaped output",8,"2026-03-17T05:45:53.725Z",{"wat":127,"direct":134},{"assetPaths":128,"generatorPatterns":130,"scriptPaths":131,"versionParams":132},[129],"\u002Fwp-content\u002Fplugins\u002Fcellarweb-user-profile-access-control\u002Fcss\u002Fsettings.css",[],[],[133],"cellarweb-user-profile-access-control\u002Fcss\u002Fsettings.css?ver=",{"cssClasses":135,"htmlComments":138,"htmlAttributes":139,"restEndpoints":144,"jsGlobals":145,"shortcodeOutput":146},[136,137],"CWUPAC_options","CWUPAC_sidebar",[],[140,141,142,143],"name=\"cellarweb_upac_option_name[cwupac_profile_block]\"","id=\"cwupac_profile_block\"","name=\"cellarweb_upac_option_name[cwupac_send_notice]\"","id=\"cwupac_send_notice\"",[],[],[]]