[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fb4uuZWidqardKJdnxqK3X4a1cZVRmNX6x2SlO2Nxw_c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":61,"crawl_stats":37,"alternatives":69,"analysis":181,"fingerprints":305},"controlled-admin-access","Controlled Admin Access","2.1.2","Waseem Senjer","https:\u002F\u002Fprofiles.wordpress.org\u002Fwaseem_senjer\u002F","\u003Cp>Give a temporary limited admin. access to themes designers, plugins developers and support agents.\u003C\u002Fp>\n\u003Cp>The plugin is simple and clean, it helps the administrator to create a user with a temporary access and choose which pages in your admin area which you don’t want the user to access. send the details to the user and when he finished his task, you can easily deactivate the account and activate it later.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpruby.com\u002Fplugin\u002Fcontrolled-admin-access-pro?utm_source=lite&utm_medium=readme&utm_campaign=freetopro\" title=\"Upgrade to Controlled Admin Access Pro\" rel=\"nofollow ugc\">Upgrade to Pro Now\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpruby.com\u002Fknowledgebase_category\u002Fcontrolled-admin-access-pro\u002F\" title=\"Documentation \" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch3>Menu Filter\u003C\u002Fh3>\n\u003Cp>The plugin will allow you to select admin menu items that you want to restrict for the created admin. Not only the plugin will hide the menu item from the admin but it also will block the page if they access it in some other way.\u003C\u002Fp>\n\u003Ch3>Expiration Time\u003C\u002Fh3>\n\u003Cp>You may don’t want to give access indefinitely, the plugin allows you to set an expiration time for the restricted admin account. After the account expires, the account will no longer be able to login into the admin dashboard. Moreover, you can always extend the expiry time or change it.\u003C\u002Fp>\n\u003Ch3>Hide Admin Bar\u003C\u002Fh3>\n\u003Cp>WordPress offers an admin bar to provide quick access to some pages or to perform some actions. Using the plugin, you can hide the admin bar links at the top of the page will be hidden in both the frontend and admin areas.\u003C\u002Fp>\n\u003Ch3>Disable Access\u003C\u002Fh3>\n\u003Cp>You can always disable the restricted admin account at any time. For example, if you gave a developer access to fix a bug or install a theme, when they finish the task you can disable their account. This will block login in using the account but it will retain the account’s information in case you wanted to give them access in the future.\u003C\u002Fp>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Ch3>Plugins Internal Pages\u003C\u002Fh3>\n\u003Cp>Take more control and restrict access to plugins’ internal pages. For example, you would like to give access to the WooCommerce Settings page, but you do not want the account to see the Payments Gateways tab. Currently, the plugin supports WooCommerce, Easy Digital Downloads and BuddyPress. In the future, we will add support for more plugins.\u003C\u002Fp>\n\u003Ch3>No Password Login\u003C\u002Fh3>\n\u003Cp>Add some convenience when sending access to the user, you can generate a secure login URL for the user, and the user will use the link to login into the dashboard without the need for a password. You can also disable login by a password for restricted admins, this will restrict the admin from login in using a password or sending a reset password email.\u003C\u002Fp>\n\u003Ch3>Activity Log\u003C\u002Fh3>\n\u003Cp>Keep track of what restricted admins have done while logged in, the plugin will log more than 20 actions such as activating\u002Fdeactivating\u002Fdeleting a plugin, switching a theme, deleting a theme, exporting data, publishing\u002Fdeleting a post and uploading a file.\u003C\u002Fp>\n\u003Ch3>Remote Logout\u003C\u002Fh3>\n\u003Cp>At any given time, you can force logging out any restricted admin if you no longer need them logged in the admin dashboard. This action will log them out on all logged-in devices and locations.\u003C\u002Fp>\n","Give a temporarily limited admin access to themes designers, plugins developers and support agents.",10000,218137,96,44,"2025-12-08T13:28:00.000Z","6.9.4","4.0","7.0",[20,21,22,23,24],"access","access-manager","capability","role","user","https:\u002F\u002Fwpruby.com\u002Fproduct\u002Fcontrolled-admin-access","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontrolled-admin-access.2.1.2.zip",2,0,"2021-03-30 00:00:00","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2021-4360","controlled-admin-access-privilege-escalation","Controlled Admin Access \u003C 1.5.6 - Privilege Escalation","The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.",null,"\u003C1.5.6","1.5.6","critical",9.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:H","Improper Access Control","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8c57211a-f59d-4379-b09e-7c6049a6b04d?source=api-prod",1029,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":57,"updated_date":44,"references":58,"days_to_patch":60},"CVE-2021-24215","controlled-admin-access-improper-access-control-privilege-escalation","Controlled Admin Access \u003C= 1.5.1 - Improper Access Control & Privilege Escalation","An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like \u002Fwp-admin\u002Fcustomization.php and \u002Fwp-admin\u002Foptions.php, can lead to a complete compromise of the target resource.","\u003C1.5.2","1.5.2",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","2021-03-23 00:00:00",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F505b1f87-52c6-439c-a108-e2003971dc07?source=api-prod",1036,{"slug":62,"display_name":7,"profile_url":8,"plugin_count":63,"total_installs":64,"avg_security_score":65,"avg_patch_time_days":66,"trust_score":67,"computed_at":68},"waseem_senjer",10,26970,97,784,77,"2026-04-04T15:06:19.775Z",[70,95,115,134,159],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":16,"requires_at_least":83,"requires_php":18,"tags":84,"homepage":90,"download_link":91,"security_score":92,"vuln_count":93,"unpatched_count":28,"last_vuln_date":94,"fetched_at":30},"wpfront-user-role-editor","WPFront User Role Editor","4.2.4","Syam Mohan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsyammohanm\u002F","\u003Cp>WPFront User Role Editor plugin allows you to easily manage WordPress user roles within your site.\u003Cbr \u002F>\nYou can create, edit or delete user roles and manage role capabilities.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create new roles.\u003C\u002Fli>\n\u003Cli>Edit or rename existing roles.\u003C\u002Fli>\n\u003Cli>Clone existing roles.\u003C\u002Fli>\n\u003Cli>Manage capabilities.\u003C\u002Fli>\n\u003Cli>Allows you to add role capabilities.\u003C\u002Fli>\n\u003Cli>Change default user role.\u003C\u002Fli>\n\u003Cli>Add or Remove capabilities.\u003C\u002Fli>\n\u003Cli>Restore role.\u003C\u002Fli>\n\u003Cli>Assign multiple roles.\u003C\u002Fli>\n\u003Cli>Migrate users.\u003C\u002Fli>\n\u003Cli>Navigation menu permissions basic.\u003C\u002Fli>\n\u003Cli>Widget permissions basic.\u003C\u002Fli>\n\u003Cli>Login redirect basic.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmenu-editor\u002F\" rel=\"nofollow ugc\">Admin menu editor.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmedia-attachment-file-permissions\u002F\" rel=\"nofollow ugc\">Media library permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fuser-level-permissions\u002F\" rel=\"nofollow ugc\">User level permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fnavigation-menu-permissions\u002F\" rel=\"nofollow ugc\">Navigation menu permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fwidget-permissions\u002F\" rel=\"nofollow ugc\">Widget permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Flogin-redirect\u002F\" rel=\"nofollow ugc\">Login redirect advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fposts-pages-extended-permissions\u002F\" rel=\"nofollow ugc\">Post\u002FPage extended permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcustom-post-type-permissions\u002F\" rel=\"nofollow ugc\">Custom post type permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcontent-restriction-shortcodes\u002F\" rel=\"nofollow ugc\">Content restriction shortcodes.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fexport-roles\u002F\" rel=\"nofollow ugc\">Import\u002FExport.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmultisite-sync-roles\u002F\" rel=\"nofollow ugc\">Multisite support.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compare \u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fppro\" rel=\"nofollow ugc\">User Role Editor Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Spanish tutorial\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FYRZdWH-uukI?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.",30000,962618,90,65,"2025-12-02T16:53:00.000Z","5.1",[85,86,87,88,89],"capability-manager","role-editor","security","user-access","user-permissions","http:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpfront-user-role-editor.4.2.4.zip",94,5,"2025-09-26 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":80,"num_ratings":105,"last_updated":106,"tested_up_to":16,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":110,"download_link":111,"security_score":112,"vuln_count":113,"unpatched_count":28,"last_vuln_date":114,"fetched_at":30},"wp-access-areas","Access Areas for WordPress","1.5.22","podpirate","https:\u002F\u002Fprofiles.wordpress.org\u002Fpodpirate\u002F","\u003Cp>WP Access Areas lets you fine-tune who may read, edit or comment on your Blog posts.\u003Cbr \u002F>\nYou can either restrict access to logged-in uses only, certain WordPress-Roles or even custom Access Areas.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Define custom Access Areas and assign them to your blog-users\u003C\u002Fli>\n\u003Cli>Restrict reading, editing and commenting permission to logged-in users, certain WordPress-Roles or Access Areas\u003C\u002Fli>\n\u003Cli>define global access areas on a network\u003C\u002Fli>\n\u003Cli>Supports bulk editing\u003C\u002Fli>\n\u003Cli>German, Italian, Polish and Swedish localization (Huge Thankyou @ all translators!)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Known Issues\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress calendar Widget still shows dates where restricted posts have been created.\u003Cbr \u002F>\nWhen clicked on such a date a 404 will occur. There is an open \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F29319\" rel=\"nofollow ugc\">WordPress Core ticket on that issue\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Taxonomy menus (e.g. Tags \u002F Categories) also count restricted posts when the total number of posts in a taxonomy is ascertained.\u003Cbr \u002F>\nSee \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Farchive-recents-posts-last-comments-show-restricted-content?replies=5#post-5929330\" rel=\"ugc\">this post\u003C\u002Fa> for details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>Please head over to the source code \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmcguffin\u002Fwp-access-areas\" rel=\"nofollow ugc\">on Github\u003C\u002Fa>.\u003C\u002Fp>\n","Fine tuning access to your posts.",400,32124,17,"2025-12-05T11:08:00.000Z","4.6","5.6",[20,22,23,87,24],"http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-access-areas\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-access-areas.1.5.22.zip",99,1,"2025-04-01 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":80,"num_ratings":125,"last_updated":126,"tested_up_to":16,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":131,"download_link":132,"security_score":65,"vuln_count":27,"unpatched_count":28,"last_vuln_date":133,"fetched_at":30},"user-role-editor","User Role Editor","4.64.6","Vladimir Garagulya","https:\u002F\u002Fprofiles.wordpress.org\u002Fshinephp\u002F","\u003Cp>User Role Editor WordPress plugin allows you to change user roles and capabilities easy.\u003Cbr \u002F>\nJust turn on check boxes of capabilities you wish to add to the selected role and click “Update” button to save your changes. That’s done.\u003Cbr \u002F>\nAdd new roles and customize its capabilities according to your needs, from scratch of as a copy of other existing role.\u003Cbr \u002F>\nUnnecessary self-made role can be deleted if there are no users whom such role is assigned.\u003Cbr \u002F>\nRole assigned every new created user by default may be changed too.\u003Cbr \u002F>\nCapabilities could be assigned on per user basis. Multiple roles could be assigned to user simultaneously.\u003Cbr \u002F>\nYou can add new capabilities and remove unnecessary capabilities which could be left from uninstalled plugins.\u003Cbr \u002F>\nMulti-site support is provided.\u003C\u002Fp>\n\u003Cp>Try it out on your free TasteWP \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fuser-role-editor\" rel=\"nofollow ugc\">test site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To read more about ‘User Role Editor’ visit \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa> at \u003Ca href=\"http:\u002F\u002Fshinephp.com\" rel=\"nofollow ugc\">shinephp.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you need more functionality with quality support in a real time? Do you wish to remove advertisements from User Role Editor pages?\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.role-editor.com\" rel=\"nofollow ugc\">Buy Pro version\u003C\u002Fa>.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.role-editor.com\" rel=\"nofollow ugc\">User Role Editor Pro\u003C\u002Fa> includes extra modules:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block selected admin menu items for role.\u003C\u002Fli>\n\u003Cli>Hide selected front-end menu items for no logged-in visitors, logged-in users, roles.\u003C\u002Fli>\n\u003Cli>Block selected widgets under “Appearance” menu for role.\u003C\u002Fli>\n\u003Cli>Show widgets at front-end for selected roles.\u003C\u002Fli>\n\u003Cli>Block selected meta boxes (dashboard, posts, pages, custom post types) for role.\u003C\u002Fli>\n\u003Cli>“Export\u002FImport” module. You can export user role to the local file and import it to any WordPress site or other sites of the multi-site WordPress network.\u003C\u002Fli>\n\u003Cli>Roles and Users permissions management via Network Admin  for multisite configuration. One click Synchronization to the whole network.\u003C\u002Fli>\n\u003Cli>“Other roles access” module allows to define which other roles user with current role may see at WordPress: dropdown menus, e.g assign role to user editing user profile, etc.\u003C\u002Fli>\n\u003Cli>Manage user access to editing posts\u002Fpages\u002Fcustom post type using posts\u002Fpages, authors, taxonomies ID list.\u003C\u002Fli>\n\u003Cli>Per plugin users access management for plugins activate\u002Fdeactivate operations.\u003C\u002Fli>\n\u003Cli>Per form users access management for Gravity Forms plugin.\u003C\u002Fli>\n\u003Cli>Shortcode to show enclosed content to the users with selected roles only.\u003C\u002Fli>\n\u003Cli>Posts and pages view restrictions for selected roles.\u003C\u002Fli>\n\u003Cli>Admin back-end pages permissions viewer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pro version is advertisement free. Premium support is included.\u003C\u002Fp>\n\u003Ch3>Additional Documentation\u003C\u002Fh3>\n\u003Cp>You can find more information about “User Role Editor” plugin at \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>I am ready to answer on your questions about plugin usage. Use \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">plugin page comments\u003C\u002Fa> for that.\u003C\u002Fp>\n","User Role Editor WordPress plugin makes user roles and capabilities changing easy. Edit\u002Fadd\u002Fdelete WordPress user roles and capabilities.",700000,21349734,287,"2025-12-02T03:45:00.000Z","4.4","7.3",[20,130,23,87,24],"editor","https:\u002F\u002Fwww.role-editor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-role-editor.4.64.6.zip","2024-12-16 19:51:53",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":144,"num_ratings":145,"last_updated":146,"tested_up_to":16,"requires_at_least":147,"requires_php":148,"tags":149,"homepage":154,"download_link":155,"security_score":156,"vuln_count":157,"unpatched_count":28,"last_vuln_date":158,"fetched_at":30},"advanced-access-manager","Advanced Access Manager – Access Governance for WordPress","7.1.0","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>\u003Cstrong>Advanced Access Manager (AAM)\u003C\u002Fstrong> introduces \u003Cstrong>Access Governance for WordPress\u003C\u002Fstrong> – a systematic approach to securing your site by controlling who can access what, when, and why.\u003C\u002Fp>\n\u003Cp>Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the \u003Cstrong>root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Instead of reacting to attacks, AAM helps you \u003Cstrong>design security into your WordPress site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>What Access Governance means in practice\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mitigate Broken Access Controls\u003C\u002Fstrong>. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate Excessive Privileges\u003C\u002Fstrong>. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Content by Design\u003C\u002Fstrong>. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govern Access with Policy\u003C\u002Fstrong>. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Custom Security Logic\u003C\u002Fstrong>. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong>. Detect risky role assignments, misconfigurations, and compromised accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Access Control\u003C\u002Fstrong>. Manage permissions for any user, role, or visitor with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role & Capability Management\u003C\u002Fstrong>. Customize WordPress roles and capabilities beyond defaults.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin & Menu Control\u003C\u002Fstrong>. Restrict dashboard areas and tailor the admin experience per user or role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API & Endpoint Protection\u003C\u002Fstrong>. Secure REST and XML-RPC access with fine-grained controls.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication Options\u003C\u002Fstrong>. Support passwordless and secure login flows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Ready Framework\u003C\u002Fstrong>. Extend WordPress security using AAM’s powerful SDK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad-Free & Transparent\u003C\u002Fstrong>. – No ads, no tracking, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Security-Conscious WordPress Users\u003C\u002Fh4>\n\u003Cp>AAM is trusted by \u003Cstrong>150,000+ websites\u003C\u002Fstrong> to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you \u003Cstrong>full control over WordPress access — by design\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Most core features are free. Advanced capabilities are available via premium add-ons.\u003C\u002Fp>\n\u003Cp>No hidden tracking. No data collection. No unwanted changes.\u003Cbr \u002F>\nJust \u003Cstrong>security you can reason about, audit, and trust\u003C\u002Fstrong>.\u003C\u002Fp>\n","Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.",100000,7384389,84,420,"2026-03-08T15:53:00.000Z","5.8.0","5.6.0",[150,151,152,87,153],"access-governance","api-security","restricted-content","user-roles","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-access-manager.7.1.0.zip",95,11,"2024-03-20 00:00:00",{"slug":160,"name":161,"version":162,"author":163,"author_profile":164,"description":165,"short_description":166,"active_installs":11,"downloaded":167,"rating":168,"num_ratings":169,"last_updated":170,"tested_up_to":16,"requires_at_least":171,"requires_php":172,"tags":173,"homepage":176,"download_link":177,"security_score":178,"vuln_count":179,"unpatched_count":28,"last_vuln_date":180,"fetched_at":30},"user-access-manager","User Access Manager","2.3.11","gm_alex","https:\u002F\u002Fprofiles.wordpress.org\u002Fgm_alex\u002F","\u003Cp>The “User Access Manager”-plugin for WordPress allows you to manage the access of your content. This is useful if you need a member area, a private section at your blog, or you want that other people can write at your blog but not everywhere. Including all post type (post, pages etc.), taxonomies (categories etc.) and files by creating user groups. Just assign the content you want to restrict und and your registered users which should have access to a group. From now on the content is only accessible and writable for the specified group.\u003C\u002Fp>\n\u003Cp>\u003Cem>Try it out\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>You can try it out at TasteWP.com before install: \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fuser-access-manager?a=jlQ7F1va\" rel=\"nofollow ugc\">Try user access manager\u003C\u002Fa> (affiliate link)\u003C\u002Fp>\n\u003Cp>\u003Cem>Feature list\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User groups\u003C\u002Fli>\n\u003Cli>Set separate access for readers and editors\u003C\u002Fli>\n\u003Cli>Set access by user groups\u003C\u002Fli>\n\u003Cli>Set default user groups\u003C\u002Fli>\n\u003Cli>Set time based access\u003C\u002Fli>\n\u003Cli>User-defined post type (posts, pages etc.) title (if no access)\u003C\u002Fli>\n\u003Cli>User-defined post type (posts, pages etc.) text (if no access)\u003C\u002Fli>\n\u003Cli>Optional login form (if no access)\u003C\u002Fli>\n\u003Cli>User-defined comment text (if no access)\u003C\u002Fli>\n\u003Cli>Hide complete post types (posts, pages etc.)\u003C\u002Fli>\n\u003Cli>Hide elements in the navigation\u003C\u002Fli>\n\u003Cli>Redirecting users to other pages (if no access)\u003C\u002Fli>\n\u003Cli>Recursive locking of content\u003C\u002Fli>\n\u003Cli>Limited access to uploaded files\u003C\u002Fli>\n\u003Cli>Full integrated at the admin panel\u003C\u002Fli>\n\u003Cli>Multilingual support\u003C\u002Fli>\n\u003Cli>Also protect your rss feeds\u003C\u002Fli>\n\u003Cli>Give access by IP-address\u003C\u002Fli>\n\u003Cli>Plugin-Api to use the User Access Manager in your on plugins or extend other plugins\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-access-manager-private-public-extension\u002F\" rel=\"ugc\">UAMPPE\u003C\u002Fa> like behaviour is now build in (Expect negation like !groupName and showprivate and shownotauthorized parameter)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Included languages\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fuser-access-manager\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fuser-access-manager\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The documentation can be found here: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u002Fwiki\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u002Fwiki\u003C\u002Fa>\u003Cbr \u002F>\nPlease report bugs and feature requests here: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u002Fissues\u003C\u002Fa>\u003Cbr \u002F>\nIf you are a developer and want to contribute please visit \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FGM-Alex\u002Fuser-access-manager\u003C\u002Fa>\u003Cbr \u002F>\nFor general questions, like how to set up, best practice and so on please use the support thread here (don’t post issues here): \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fuser-access-manager\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fuser-access-manager\u003C\u002Fa>\u003Cbr \u002F>\nTo stay up-to-date follow me on Twitter: \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002FGM_Alex\" rel=\"nofollow ugc\">GMAlex on Twitter\u003C\u002Fa>\u003C\u002Fp>\n","With the \"User Access Manager\"-plugin you can manage the access to your posts, pages and files.",1286950,86,114,"2026-01-26T10:25:00.000Z","4.7","8.0",[20,174,160,175],"member-access","user-management","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-access-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-access-manager.2.3.11.zip",98,4,"2023-08-04 00:00:00",{"attackSurface":182,"codeSignals":258,"taintFlows":294,"riskAssessment":295,"analyzedAt":304},{"hooks":183,"ajaxHandlers":254,"restRoutes":255,"shortcodes":256,"cronEvents":257,"entryPointCount":28,"unprotectedCount":28},[184,189,193,198,201,207,211,215,218,220,225,229,233,236,238,242,244,248,251],{"type":185,"name":186,"callback":186,"file":187,"line":188},"action","admin_menu","core\\app\\frontend\\class-app-page.php",25,{"type":185,"name":190,"callback":191,"file":187,"line":192},"admin_enqueue_scripts","enqueue_admin_scripts",26,{"type":185,"name":194,"callback":195,"file":196,"line":197},"admin_init","process_migrations","core\\class-core.php",40,{"type":185,"name":194,"callback":199,"file":196,"line":200},"store_admin_menu",41,{"type":185,"name":202,"callback":203,"priority":204,"file":205,"line":206},"wp_login","check_expired_user_on_login",20,"core\\features\\class-login-controller.php",22,{"type":185,"name":202,"callback":208,"priority":209,"file":205,"line":210},"user_last_login",30,23,{"type":185,"name":212,"callback":213,"priority":63,"file":205,"line":214},"login_message","user_login_message",24,{"type":185,"name":216,"callback":217,"file":205,"line":188},"clear_auth_cookie","set_user_is_logged_in",{"type":185,"name":194,"callback":219,"file":205,"line":192},"log_user_is_logged_in",{"type":221,"name":222,"callback":223,"priority":63,"file":205,"line":224},"filter","login_redirect","redirect_to_first_accessible_page",27,{"type":185,"name":226,"callback":227,"file":228,"line":210},"current_screen","block","core\\features\\class-menu-blocker.php",{"type":221,"name":230,"callback":231,"priority":112,"file":232,"line":206},"parent_file","filter_the_menu","core\\features\\class-menu-filter.php",{"type":221,"name":234,"callback":235,"priority":63,"file":232,"line":210},"admin_head","hide_admin_bar_in_admin_area",{"type":221,"name":237,"callback":235,"priority":63,"file":232,"line":214},"wp_head",{"type":221,"name":239,"callback":240,"priority":112,"file":241,"line":214},"user_row_actions","filter_main_admin_actions","core\\features\\class-utilities-filter.php",{"type":185,"name":194,"callback":243,"priority":112,"file":241,"line":192},"filter_actions_on_main_admin",{"type":185,"name":245,"callback":246,"file":241,"line":247},"users_list_table_query_args","remove_main_admin_from_users_table",28,{"type":221,"name":249,"callback":250,"file":241,"line":209},"all_plugins","filter_plugins_list",{"type":185,"name":194,"callback":252,"priority":112,"file":241,"line":253},"block_access_to_the_plugin_code_editor",32,[],[],[],[],{"dangerousFunctions":259,"sqlUsage":260,"outputEscaping":262,"fileOperations":113,"externalRequests":28,"nonceChecks":113,"capabilityChecks":28,"bundledLibraries":293},[],{"prepared":28,"raw":28,"locations":261},[],{"escaped":253,"rawEcho":263,"locations":264},15,[265,268,270,272,275,276,278,280,282,284,285,287,289,290,291],{"file":266,"line":206,"context":267},"core\\app\\backend\\endpoints\\class-abstract-endpoint.php","raw output",{"file":266,"line":269,"context":267},33,{"file":266,"line":271,"context":267},42,{"file":273,"line":274,"context":267},"core\\app\\backend\\endpoints\\views\\view-email-login-link.php",118,{"file":273,"line":274,"context":267},{"file":273,"line":277,"context":267},126,{"file":273,"line":279,"context":267},134,{"file":273,"line":281,"context":267},136,{"file":273,"line":283,"context":267},152,{"file":273,"line":283,"context":267},{"file":286,"line":27,"context":267},"core\\app\\frontend\\views\\app.php",{"file":286,"line":288,"context":267},3,{"file":286,"line":179,"context":267},{"file":286,"line":93,"context":267},{"file":286,"line":292,"context":267},6,[],[],{"summary":296,"deductions":297},"The \"controlled-admin-access\" plugin version 2.1.2 exhibits a mixed security posture.  On the positive side, the static analysis reveals no immediate exploitable attack surface (AJAX, REST API, shortcodes, cron), no dangerous functions are used, all SQL queries are prepared, and there's a single file operation with a nonce check present. This suggests a good understanding of fundamental WordPress security practices in these areas. However, a significant concern arises from the plugin's vulnerability history. It has a history of two critical vulnerabilities, both related to improper access control, with the last one reported in March 2021 and currently patched. This pattern of critical vulnerabilities, even if patched, indicates potential underlying architectural weaknesses that could be re-exploited or manifest in future versions if not thoroughly addressed.\n\nWhile the current static analysis shows no unsanitized paths in taint flows and a reasonable rate of output escaping, the historical critical vulnerabilities, particularly in access control, cannot be ignored. The absence of critical findings in the current static analysis might be due to the specific version tested or that the previous vulnerabilities were indeed fixed. However, the previous critical issues and the fact that a significant portion of outputs are not properly escaped (68% proper escaping means 32% potentially unescaped) present a tangible risk.  The presence of file operations without clear context on their sanitization also warrants caution. Therefore, while the immediate code analysis shows some strengths, the historical critical vulnerabilities and the unescaped output present a notable risk that requires careful consideration and further investigation.",[298,300,302],{"reason":299,"points":204},"Previous critical vulnerabilities, even if patched",{"reason":301,"points":63},"Significant portion of outputs not properly escaped",{"reason":303,"points":93},"File operations present, context of sanitization unclear","2026-03-16T17:41:28.888Z",{"wat":306,"direct":316},{"assetPaths":307,"generatorPatterns":310,"scriptPaths":311,"versionParams":313},[308,309],"\u002Fwp-content\u002Fplugins\u002Fcontrolled-admin-access\u002Fcore\u002Fapp\u002Ffrontend\u002Fapp\u002Fdist\u002Fapp.js","\u002Fwp-content\u002Fplugins\u002Fcontrolled-admin-access\u002Fcore\u002Fapp\u002Ffrontend\u002Fapp\u002Fdist\u002Fcss\u002Fapp.css",[],[312],"core\u002Fapp\u002Ffrontend\u002Fapp\u002Fdist\u002Fapp.js",[314,315],"core\u002Fapp\u002Ffrontend\u002Fapp\u002Fdist\u002Fapp.js?ver=","core\u002Fapp\u002Ffrontend\u002Fapp\u002Fdist\u002Fcss\u002Fapp.css?ver=",{"cssClasses":317,"htmlComments":319,"htmlAttributes":320,"restEndpoints":321,"jsGlobals":322,"shortcodeOutput":323},[318],"wpruby-caa-app",[],[],[],[],[]]