[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fy8SLQooEa3-oYF64xe6yQhXEcmznSBD8DBb_WmBK7X0":3,"$fFRYwW-D65NyrTNDH315wf9IKei_jGK6ww31roHka1rk":240,"$fuQm6EW0mTG_MpCgC21P-EcXzzXQyGfxX7ULjLT7pumE":244},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":39,"analysis":145,"fingerprints":225},"change-username","Change Username","1.0.2","Danny van Kooten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvankooten\u002F","\u003Cp>Change usernames of your WordPress users effectively.\u003C\u002Fp>\n\u003Ch3>Change Username\u003C\u002Fh3>\n\u003Cp>This plugin allows you to change usernames of your WordPress users in an effective and safe way.\u003C\u002Fp>\n\u003Cp>By default, WordPress itself does not allow usernames to be changed. The other plugins for changing usernames do not scale all that well for sites with a large number of users.\u003C\u002Fp>\n\u003Cp>This plugin takes a different approach by simply enhancing the default “edit user” page and then processing the username change over AJAX, resulting in a much faster and user-friendly experience.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PHP version 7.2 or higher\u003C\u002Fli>\n\u003Cli>WordPress version 4.1 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About the author\u003C\u002Fh3>\n\u003Cp>Danny van Kooten has been developing plugins for WordPress since version 3.0, all the way back in 2010. Read more about him on \u003Ca href=\"https:\u002F\u002Fwww.dannyvankooten.com\u002F\" rel=\"nofollow ugc\">his personal website\u003C\u002Fa> or have a look at his various other \u003Ca href=\"https:\u002F\u002Fdannyvankooten.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","Change usernames of your WordPress users effectively.",4000,27332,88,5,"2024-10-04T11:54:00.000Z","6.6.5","4.1","7.2",[20,4,21,22],"change-login","login","username","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-username.1.0.2.zip",92,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"dvankooten",9,1105100,97,708,77,"2026-05-19T21:17:44.437Z",[40,61,83,104,124],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":23,"tags":55,"homepage":58,"download_link":59,"security_score":60,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"username-changer","Username Changer","3.2.8","DigitalME","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitalmeactivecampaign\u002F","\u003Ch3>Finally Change WordPress Usernames — Safely and Instantly\u003C\u002Fh3>\n\u003Cp>WordPress permanently locks usernames after registration. Username Changer breaks through this limitation, giving you full control over user identities without losing any data.\u003C\u002Fp>\n\u003Cp>By \u003Ca href=\"https:\u002F\u002Fwpusernamechange.com\u002F\" rel=\"nofollow ugc\">TRS Plugins\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpusernamechange.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Pro ⭐\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdemo.wpusernamechange.com\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ftrsplugins.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FaUZ4Wtrh2Gs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Why You Need This Plugin\u003C\u002Fh3>\n\u003Cp>WordPress locks usernames by default — but mistakes happen, conventions change, and security sometimes requires a reset. Username Changer lets you update any username instantly, directly from the user profile page, with zero data loss.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fix registration typos in seconds\u003C\u002Fli>\n\u003Cli>Standardize usernames across your organization\u003C\u002Fli>\n\u003Cli>Update compromised or generic usernames like “admin”\u003C\u002Fli>\n\u003Cli>Resolve username conflicts when merging or migrating sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Trusted solution since 2011 with continuous updates and improvements.\u003C\u002Fp>\n\u003Ch3>Who Is It For?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>WordPress Agencies\u003C\u002Fstrong>\u003Cbr \u002F>\nStandardize client usernames across multiple sites, fix migration errors, and maintain professional naming conventions at scale.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security-Conscious Site Owners\u003C\u002Fstrong>\u003Cbr \u002F>\nQuickly update usernames if security concerns arise. Rotating away from “admin” is one of the easiest hardening steps you can take.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Community & Membership Sites\u003C\u002Fstrong>\u003Cbr \u002F>\nAllow members to update their own usernames, resolve disputes, and keep directories clean and consistent.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Content Sites with Multiple Authors\u003C\u002Fstrong>\u003Cbr \u002F>\nWorks seamlessly with Co-Authors Plus and other author plugins. Update usernames without breaking content associations.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>✓ One-click username updates directly from user profiles\u003Cbr \u002F>\n✓ Zero data loss — all posts, metadata, and associations stay intact\u003Cbr \u002F>\n✓ Email notifications when usernames are changed\u003Cbr \u002F>\n✓ Nickname support for additional flexibility\u003Cbr \u002F>\n✓ Proper username sanitization to prevent security issues\u003Cbr \u002F>\n✓ SQL-optimized for performance\u003Cbr \u002F>\n✓ Multisite compatible\u003Cbr \u002F>\n✓ Works with any WordPress theme\u003C\u002Fp>\n\u003Ch3>Admin Settings Page\u003C\u002Fh3>\n\u003Cp>The plugin adds a settings page under \u003Cstrong>Users \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Username Changer\u003C\u002Fstrong> with the following tabs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Settings\u003C\u002Fstrong> — Configure username rules, email notifications, and message strings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Help\u003C\u002Fstrong> — Access the live demo and product walkthrough\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⭐ Go Pro\u003C\u002Fstrong> — Unlock bulk username management and audit tools\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support\u003C\u002Fstrong> — Links to documentation and support resources\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>Upgrade to \u003Ca href=\"https:\u002F\u002Fwpusernamechange.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Username Changer Pro ⭐\u003C\u002Fa> to unlock:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bulk Username Updater\u003C\u002Fstrong> — Update hundreds of usernames at once via inline editing or CSV import\u002Fexport\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Log\u003C\u002Fstrong> — Full history of every username change with timestamps and IP addresses, exportable as CSV\u003C\u002Fli>\n\u003Cli>\u003Cstrong>License Management\u003C\u002Fstrong> — Per-site license activation with automatic background verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Simple Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the plugin (30 seconds)\u003C\u002Fli>\n\u003Cli>Navigate to any user’s profile page\u003C\u002Fli>\n\u003Cli>Change the username instantly\u003C\u002Fli>\n\u003Cli>The change applies across your entire site\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No complicated settings, no technical headaches.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin optionally sends usage data to TRS Plugins\u003Cbr \u002F>\nwhen the site admin explicitly opts in. No data is collected without consent.\u003Cbr \u002F>\nData sent may include: admin name, email, site URL, WP\u002FPHP version, and\u003Cbr \u002F>\nplugin\u002Ftheme list depending on the options selected.\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Ftrsplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Unlock the power to change WordPress usernames with complete security and data integrity.",40000,496727,90,70,"2026-04-14T21:07:00.000Z","6.9.4","3.0",[56,21,57,22],"display-name","user","https:\u002F\u002Fwpusernamechange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusername-changer.3.2.8.zip",100,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":53,"requires_at_least":74,"requires_php":23,"tags":75,"homepage":81,"download_link":82,"security_score":60,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"my-wp-login-logo","My WordPress Login Logo","2.5.2","afsalrahim","https:\u002F\u002Fprofiles.wordpress.org\u002Fafsalrahim\u002F","\u003Cp>\u003Cstrong>My WordPress Login Logo\u003C\u002Fstrong> lets you to add a custom logo in your wordpress login page instead of the usual wordpress logo and customize your login page.\u003C\u002Fp>\n\u003Cp>It also allows you to specify the height and width of the logo. Apart from that you can also customize the login form by adding a custom message below login form and also provide some cool fade in effects for the login form. By adding your custom logo in your login page, you can make your website more professional and also impress the guest bloggers and other users who view these pages.\u003C\u002Fp>\n","My WordPress Login Logo lets you to add a custom logo in your wordpress login page instead of the usual wordpress logo and customize your login page.",10000,184924,98,12,"2026-02-17T12:28:00.000Z","3.0.1",[76,77,78,79,80],"change-login-page-logo","custom-logo","login-page-logo","logo-changer","wordpress-login-logo","https:\u002F\u002Fafsal.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-wp-login-logo.2.5.2.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":69,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":53,"requires_at_least":95,"requires_php":23,"tags":96,"homepage":23,"download_link":100,"security_score":101,"vuln_count":102,"unpatched_count":26,"last_vuln_date":103,"fetched_at":28},"username-updater","Easy Username Updater","1.0.6","Yogesh Pant","https:\u002F\u002Fprofiles.wordpress.org\u002Fyogeshpant\u002F","\u003Cp>Easy Username updater is a plugin which allows administrators to change usernames on their site. It provide list of users with their email address,username and role. It changes display name as well.\u003C\u002Fp>\n\u003Cp>This plugin also do following:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Search the user by username, email address, or role.\u003C\u002Fli>\n\u003Cli>Send the updated username to user by email.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>How to install?\u003C\u002Fp>\n\u003Col>\n\u003Cli>Unzip the downloaded ‘username-updater.zip’ file\u003C\u002Fli>\n\u003Cli>Upload the ‘username-updater’ folder to ‘\u002Fwp-content\u002Fplugins’ directory of your WordPress installation\u003C\u002Fli>\n\u003Cli>Activate the plugin via the WordPress Plugins page\u003C\u002Fli>\n\u003Cli>A new submenu will automatically create on users menu\u003C\u002Fli>\n\u003C\u002Fol>\n","A plugin to change registered username and display name.",127771,84,38,"2026-04-03T05:45:00.000Z","4.0",[4,97,84,98,99],"easy-username-updater","wordpress-username-changer","wordpress-username-updater","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusername-updater.zip",99,1,"2022-07-12 00:00:00",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":17,"requires_php":23,"tags":118,"homepage":122,"download_link":123,"security_score":60,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"duo-wordpress","Duo Two-Factor Authentication","2.5.7","Duo Security","https:\u002F\u002Fprofiles.wordpress.org\u002Fduosecurity\u002F","\u003Cp>Duo Security provides two-factor authentication as a service to protect against account takeover and data theft. Using the Duo plugin you can easily add Duo two-factor authentication to your WordPress website in just a few minutes!\u003C\u002Fp>\n\u003Cp>Rather than relying on a password alone, which can be phished or guessed, Duo’s authentication service adds a second layer of security to your WordPress accounts. Duo enables your admins or users to verify their identities using something they have—like their mobile phone or a hardware token—which provides strong authentication and dramatically enhances account security.\u003C\u002Fp>\n\u003Cp>Duo is easy to setup and use. With Duo there’s no extra hardware or complicated software to install, just sign up for Duo’s service and install the plugin. Then you can set which user roles you want to enable two-factor authentication for—admins, editors, authors, contributors, and\u002For subscribers—without setting up user accounts, directory synchronization, servers, or hardware.\u003C\u002Fp>\n\u003Cp>When they log in, your users have multiple ways they can authenticate, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>One-tap authentication using Duo’s mobile app (our fastest, easiest way to authenticate)\u003C\u002Fli>\n\u003Cli>One-time passcodes generated by Duo’s mobile app (works even with no cell coverage)\u003C\u002Fli>\n\u003Cli>One-time passcodes delivered to any SMS-enabled phone (works even with no cell coverage)\u003C\u002Fli>\n\u003Cli>Phone callback to any phone (mobile or landline!)\u003C\u002Fli>\n\u003Cli>One-time passcodes generated by an OATH-compliant hardware token (if you’re feeling all old school)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Protect your WordPress website in minutes with Duo.\u003C\u002Fp>\n\u003Ch3>End of Support Notice\u003C\u002Fh3>\n\u003Cp>Support for the traditional Duo Prompt experience using the Duo WordPress plugin ended on September 30, 2024. Please use the new \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fduo-universal\u002F\" rel=\"ugc\">Duo Universal plugin for WordPress\u003C\u002Fa>. Read more about the End of Suppport and migration to the new plugin on our \u003Ca href=\"https:\u002F\u002Fduo.com\u002Fdocs\u002Fwordpress\" rel=\"nofollow ugc\">Duo for WordPress – Duo Universal Prompt\u003C\u002Fa> documentation page\u003C\u002Fp>\n","Easily add Duo Security two-factor authentication to your WordPress website. Enable two-factor authentication for your admins and\u002For users.",3000,186631,74,39,"2025-06-06T15:47:00.000Z","6.0.11",[119,120,21,121,22],"authentication","authenticator","two-factor","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fduo-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduo-wordpress.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":60,"num_ratings":14,"last_updated":134,"tested_up_to":53,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":141,"download_link":142,"security_score":101,"vuln_count":143,"unpatched_count":26,"last_vuln_date":144,"fetched_at":28},"wp-edit-username","WP Edit Username","2.0.5","Sajjad Hossain Sagor","https:\u002F\u002Fprofiles.wordpress.org\u002Fsajjad67\u002F","\u003Cp>This plugin adds feature to edit\u002Fchange user username.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Edit Username: Allows editing of usernames.\u003C\u002Fli>\n\u003Cli>Only users with the \u003Ccode>edit_other_users()\u003C\u002Fcode> capability can change usernames.\u003C\u002Fli>\n\u003Cli>If the “Send Email” option is enabled, the user will receive a notification email when their username is changed.\u003C\u002Fli>\n\u003Cli>You can customize the email subject and body text in the admin dashboard or via filter hooks.\u003C\u002Fli>\n\u003Cli>Modify the email subject using the filter: \u003Ccode>wpeu_email_subject\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Modify the email headers using the filter: \u003Ccode>wpeu_email_headers\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Adjust the email body content using the filter \u003Ccode>wpeu_email_body\u003C\u002Fcode>. (Note: \u003Ccode>$new_username\u003C\u002Fcode> and \u003Ccode>$old_username\u003C\u002Fcode> are automatically prepended to the email content).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Hooks Usage:\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php\n\nadd_filter( 'wp_username_changed_email_subject', 'change_email_subject' );\n\nfunction change_email_subject( $subject )\n{\n    $subject = 'Your customized subject';\n\n    return $subject;\n}\n\nadd_filter( 'wp_username_changed_email_body', 'change_email_body' );\n\nfunction change_email_body( $old_username, $new_username )\n{\n    $email_body = \"Your custom email text body.\";\n\n    return $email_body;\n}\n\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Easily Edit User Profile Username clicking a button.",2000,25305,"2025-12-08T15:37:00.000Z","5.6","8.0",[138,4,139,140,22],"ajax","profile-edit","user-profile","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-edit-username\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-edit-username.2.0.5.zip",2,"2023-12-19 00:00:00",{"attackSurface":146,"codeSignals":166,"taintFlows":174,"riskAssessment":218,"analyzedAt":224},{"hooks":147,"ajaxHandlers":157,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":102,"unprotectedCount":102},[148,153],{"type":149,"name":150,"callback":151,"file":152,"line":115},"action","admin_enqueue_scripts","change_username\\enqueue_assets","change-username.php",{"type":149,"name":154,"callback":155,"file":152,"line":156},"plugins_loaded","_dvk_change_username_bootstrap",43,[158],{"action":159,"nopriv":160,"callback":161,"hasNonce":160,"hasCapCheck":160,"file":152,"line":162},"change_username",false,"change_username\\ajax_handler",40,[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":171,"fileOperations":26,"externalRequests":26,"nonceChecks":102,"capabilityChecks":143,"bundledLibraries":173},[],{"prepared":169,"raw":26,"locations":170},6,[],{"escaped":26,"rawEcho":26,"locations":172},[],[],[175,200],{"entryPoint":176,"graph":177,"unsanitizedCount":26,"severity":199},"ajax_handler (src\\functions.php:29)",{"nodes":178,"edges":195},[179,185,189],{"id":180,"type":181,"label":182,"file":183,"line":184},"n0","source","$_POST","src\\functions.php",93,{"id":186,"type":187,"label":188,"file":183,"line":184},"n1","transform","→ change_username()",{"id":190,"type":191,"label":192,"file":183,"line":193,"wp_function":194},"n2","sink","query() [SQLi]",128,"query",[196,197],{"from":180,"to":186,"sanitized":160},{"from":186,"to":190,"sanitized":198},true,"low",{"entryPoint":201,"graph":202,"unsanitizedCount":26,"severity":199},"\u003Cfunctions> (src\\functions.php:0)",{"nodes":203,"edges":214},[204,207,209,210,212],{"id":180,"type":181,"label":205,"file":183,"line":206},"$_POST (x3)",52,{"id":186,"type":191,"label":192,"file":183,"line":208,"wp_function":194},120,{"id":190,"type":181,"label":182,"file":183,"line":184},{"id":211,"type":187,"label":188,"file":183,"line":184},"n3",{"id":213,"type":191,"label":192,"file":183,"line":193,"wp_function":194},"n4",[215,216,217],{"from":180,"to":186,"sanitized":198},{"from":190,"to":211,"sanitized":160},{"from":211,"to":213,"sanitized":198},{"summary":219,"deductions":220},"The 'change-username' plugin v1.0.2 exhibits a generally good security posture in several key areas. The absence of dangerous functions, the exclusive use of prepared statements for all SQL queries, and the fact that all output is properly escaped are strong indicators of secure coding practices. Furthermore, the plugin demonstrates the use of nonces and capability checks, which are essential for WordPress security. The vulnerability history being completely clear also suggests a well-maintained and previously secure codebase.\n\nHowever, a significant concern arises from the static analysis revealing one unprotected AJAX handler. With a total of one entry point and one unprotected entry point, this constitutes 100% of the attack surface being exposed without proper authentication or authorization checks. While taint analysis did not reveal any issues with unsanitized paths, the presence of an unprotected AJAX endpoint is a direct gateway for potential abuse if the functionality it exposes can be manipulated by an unauthenticated user.\n\nIn conclusion, while the plugin has commendable strengths in its data handling and output sanitization, the single unprotected AJAX handler presents a clear and direct security risk. Addressing this vulnerability should be the highest priority to improve the plugin's overall security.",[221],{"reason":222,"points":223},"Unprotected AJAX handler",10,"2026-03-16T18:11:40.765Z",{"wat":226,"direct":233},{"assetPaths":227,"generatorPatterns":229,"scriptPaths":230,"versionParams":231},[228],"\u002Fwp-content\u002Fplugins\u002Fchange-username\u002Fassets\u002Fjs\u002Fscript.min.js",[],[228],[232],"change-username\u002Fassets\u002Fjs\u002Fscript.min.js?ver=",{"cssClasses":234,"htmlComments":235,"htmlAttributes":236,"restEndpoints":237,"jsGlobals":238,"shortcodeOutput":239},[],[],[],[],[159],[],{"error":198,"url":241,"statusCode":242,"statusMessage":243,"message":243},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fchange-username\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":245,"versions":246},3,[247,252,259],{"version":6,"download_url":24,"svn_tag_url":248,"released_at":27,"has_diff":160,"diff_files_changed":249,"diff_lines":27,"trac_diff_url":250,"vulnerabilities":251,"is_current":198},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fchange-username\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fchange-username%2Ftags%2F1.0.1&new_path=%2Fchange-username%2Ftags%2F1.0.2",[],{"version":253,"download_url":254,"svn_tag_url":255,"released_at":27,"has_diff":160,"diff_files_changed":256,"diff_lines":27,"trac_diff_url":257,"vulnerabilities":258,"is_current":160},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-username.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fchange-username\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fchange-username%2Ftags%2F1.0&new_path=%2Fchange-username%2Ftags%2F1.0.1",[],{"version":260,"download_url":261,"svn_tag_url":262,"released_at":27,"has_diff":160,"diff_files_changed":263,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":264,"is_current":160},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-username.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fchange-username\u002Ftags\u002F1.0\u002F",[],[]]