[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffOXq3byBBHWv50J0d8KI3t3gQFDm_fMofunf98CNGnA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":35,"analysis":142,"fingerprints":218},"core-vitals-monitor","Core Vitals Monitor","1.0","speedplussecurity","https:\u002F\u002Fprofiles.wordpress.org\u002Fspeedplussecurity\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Speedplussecurity.com Has Integrated Core Vital Monitoring Into Your WordPress Dashboard.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Speedplusecurity.com,  a leading provider of core vital performance monitoring,  introduces a monitoring plugin for wordpress. The basic version of Core Vital Monitoring will allow users to see desktop and mobile pagespeed scores from Google Page Speed Insights with scores updated weekly and alerts to notify users if the score dips below a point set by the user. The notification will popup in the wordpress dashboard with the option for email notification available.\u003C\u002Fli>\n\u003Cli>In addition to page speed monitoring the Core Vitals Monitor plugin also watches out for the security of your site. If the  grade, updated weekly,and obtained from securityheaders.com dips below a point set by the user, a notification is provided.\u003C\u002Fli>\n\u003Cli>The basic free service allows for the monitoring of upto five different url’s. This allows for the monitoring of sites most important pages. If you are interested in daily monitoring with up to 15 pages please consider upgrading to the premium edition. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>What About Security?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>*CVM does not use your site’s databse and has no reference to your site’s database, which makes the plugin not vulnerable to your site.\u003Cbr \u002F>\n  *CVM won’t interact with your site’s visitors. No data is collected.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Go Pro\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>*Ability to test more than five URLs.\u003Cbr \u002F>\n  *Email notifications when there is drop in site’s performance standards.\u003Cbr \u002F>\n  *Premium version allows for daily updates and access to change the update interval.\u003Cbr \u002F>\n  *IP or location restriction to either frontend or backend.\u003Cbr \u002F>\n  *IP-rate limiting feature.\u003Cbr \u002F>\n  *Browser fingerprinting, TLS fingerprinting, and other Anti-bot techniques.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Compatibility\u003C\u002Fstrong>\u003Cbr \u002F>\nCVM is fully compatibe with any PHP supported platform. For non-wordpress usage, please check our \u003Ca href=\"https:\u002F\u002Fspeedplussecurity.com\u002Fcore-vitals-monitor\u002F#download\" rel=\"nofollow ugc\">page\u003C\u002Fa> for more information\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Troubleshooting\u003C\u002Fstrong>\u003Cbr \u002F>\nIf performance scan results shows 0 or ‘-‘, please confirm the URL being tested is a valid link.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contribute\u003C\u002Fstrong>\u003Cbr \u002F>\nPlease email us at idris@bequestmutual.com to get a link to the Github repository or you have suggestions for a new add-on.\u003C\u002Fp>\n","Tests performance metrics (security and performance) on- a periodic schedule",0,1142,100,1,"2023-01-27T19:24:00.000Z","6.1.10","3.0","5.4",[20,21,22,23,24],"php","security","speed","test","wp","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcore-vitals-monitor.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,84,"2026-04-04T19:21:37.221Z",[36,57,78,97,119],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":13,"downloaded":44,"rating":13,"num_ratings":14,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":55,"download_link":56,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29},"free-php-version-info","WPLifeCycle – Free PHP Version Info & Website Manager","4.0","Funlus Oy","https:\u002F\u002Fprofiles.wordpress.org\u002Ffunlus\u002F","\u003Cp>WPLifeCycle gives WordPress admins a single dashboard to see \u003Cstrong>exactly\u003C\u002Fstrong> which PHP version a site is running, how long it will stay in active\u002Fsecurity support, and what to fix before anything breaks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>PHP version badge\u003C\u002Fem> with active- and security-support countdowns  \u003C\u002Fli>\n\u003Cli>\u003Cem>Multi-site monitoring\u003C\u002Fem> — push data to your free WPLifeCycle cloud account  \u003C\u002Fli>\n\u003Cli>\u003Cem>SEO audit\u003C\u002Fem> – on-page checks and scoring (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>OWASP-based security scan\u003C\u002Fem> (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Performance scan\u003C\u002Fem> (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Secure Admin Link\u003C\u002Fem> generator – creates a random, time-boxed \u002Fwp-admin URL (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Hooks scanner & tester\u003C\u002Fem> – lists add_action \u002F add_filter calls, flags conflicts (v 3.1+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Plugins monitor\u003C\u002Fem> – tracks version for every active plugin (v 3.1+)\u003C\u002Fli>\n\u003Cli>\u003Cem>Admin user Log monitor\u003C\u002Fem> – tracks all admin visits (v 3.2+)\u003C\u002Fli>\n\u003Cli>Core, theme, and plugin updater – manage and trigger updates directly via WPLifeCycle (v3.3+)\u003C\u002Fli>\n\u003Cli>Improved API interface – faster and more reliable data sync between your site and WPLifeCycle.com (v3.3+)\u003C\u002Fli>\n\u003Cli>One-Click Auto Updates for WordPress Core, Plugins, and Themes (v 4.0+)\u003C\u002Fli>\n\u003Cli>Dashboard improvements and enhanced access control (v 4.0+)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Built for real-world workflows: minimal setup, async scans that respect server load, and .po\u002F.mo files for quick translation.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Open \u003Cstrong>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> WPLifeCycle\u003C\u002Fstrong> to view PHP version details and run scans.  \u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Generate Secure Admin Link\u003C\u002Fstrong> to create a one-off login URL.  \u003C\u002Fli>\n\u003Cli>Use the \u003Cstrong>Send to API\u003C\u002Fstrong> toggle if you want this site monitored centrally.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuDcyZEi3-Kg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","This plugin shows your current PHP version, its lifecycle security support days, and can send version data to the WPLifeCycle for proactive planning.",2803,"2026-02-23T10:30:00.000Z","6.9.4","5.0","5.5",[50,51,52,53,54],"performance-scanner","php-version","security-scanner","version-management","wplifecycle","http:\u002F\u002Fwww.wplifecycle.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffree-php-version-info.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":47,"requires_php":70,"tags":71,"homepage":76,"download_link":77,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.3","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",10,347,3,"2025-07-01T05:30:00.000Z","6.8.5","7.2",[72,73,21,74,75],"custom-login-url","hide-login","wp-admin","wp-login-php","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.3.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":11,"downloaded":86,"rating":11,"num_ratings":11,"last_updated":25,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":96},"custom-login-url-manager","Custom Login URL Manager – Hide Login Admin URL","1.1.2","WPDesigner","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdesignerpl\u002F","\u003Cp>Custom Login URL Manager allows you to secure your WordPress site by changing the default login URL (wp-login.php) to a custom URL. This helps protect against unauthorized login attempts and automated bots trying to access your admin panel.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Login URL\u003C\u002Fstrong>: Replace the default WordPress login URL with a custom one.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login URL Redirect\u003C\u002Fstrong>: Redirect unauthorized access attempts (e.g., wp-login.php or wp-admin) to a specified URL, such as a custom error page or homepage.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly Interface\u003C\u002Fstrong>: Easily configure your login URL and redirect settings through the WordPress admin panel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Enhancement\u003C\u002Fstrong>: Hides the default login page, adding an extra layer of security to your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong>: .pot file included for easy translation into different languages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Languages\u003C\u002Fstrong>: Available in both English and Polish.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Ch3>Donate Link\u003C\u002Fh3>\n\u003Cp>If you’d like to support the development of this plugin, consider donating at: https:\u002F\u002Fko-fi.com\u002Fwpdesigner\u003C\u002Fp>\n","Change the default WordPress login URL and redirect unauthorized attempts to a specified page for enhanced security.",1093,"6.6.5","6.2","7.2.5",[91,92,93,21,75],"custom-login","login-redirect","login-url","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-login-url-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-login-url-manager.1.1.2.zip","2026-03-15T10:48:56.248Z",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":46,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":25,"download_link":116,"security_score":117,"vuln_count":65,"unpatched_count":11,"last_vuln_date":118,"fetched_at":29},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30498017,96,2101,"2026-01-12T08:47:00.000Z","4.1","7.0",[72,113,114,115,75],"login","rename","wp-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,"2024-06-24 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":46,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":139,"download_link":140,"security_score":107,"vuln_count":67,"unpatched_count":11,"last_vuln_date":141,"fetched_at":29},"admin-menu-editor","Admin Menu Editor","1.15","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>Admin Menu Editor lets you manually edit the Dashboard menu. You can reorder the menus, show\u002Fhide specific items, change permissions, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change menu titles, URLs, icons, CSS classes and so on.\u003C\u002Fli>\n\u003Cli>Organize menu items via drag & drop.\u003C\u002Fli>\n\u003Cli>Change menu permissions by setting the required capability or role.\u003C\u002Fli>\n\u003Cli>Move a menu item to a different submenu. \u003C\u002Fli>\n\u003Cli>Create custom menus that point to any part of the Dashboard or an external URL.\u003C\u002Fli>\n\u003Cli>Hide\u002Fshow any menu or menu item. A hidden menu is invisible to all users, including administrators.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The \u003Ca href=\"http:\u002F\u002Fw-shadow.com\u002FAdminMenuEditor\u002F\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa> lets you set per-role menu permissions, hide a menu from everyone except a specific user, export your admin menu, drag items between menu levels, make menus open in a new window and more. \u003Ca href=\"http:\u002F\u002Famedemo.com\u002Fwpdemo\u002Fdemo.php\" rel=\"nofollow ugc\">Try online demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Despite the name, this plugin is not limited to just editing the admin menu. You can also:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create login redirects and logout redirects.\u003C\u002Fli>\n\u003Cli>Allow\u002Fdeny access to specific posts based on user roles.\u003C\u002Fli>\n\u003Cli>Hide plugins on the \u003Cem>Plugins -> Installed Plugins\u003C\u002Fem> page from other users.\u003C\u002Fli>\n\u003Cli>Edit the display name, description, and other plugin details shown on the \u003Cem>Plugins -> Installed Plugins\u003C\u002Fem> page (e.g. for white-labelling).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Shortcodes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin provides a few utility shortcodes. These are mainly intended to help with creating login\u002Flogout redirects, but you can also use them in posts and pages.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[ame-wp-admin]\u003C\u002Fcode> – URL of the WordPress dashboard (with a trailing slash).\u003C\u002Fli>\n\u003Cli>\u003Ccode>[ame-home-url]\u003C\u002Fcode> – Site URL. Usually, this is the same as the URL in the “Site Address” field in \u003Cem>Settings -> General\u003C\u002Fem>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[ame-user-info field=\"...\"]\u003C\u002Fcode> – Information about the logged-in user. Parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>field\u003C\u002Fcode> – The part of user profile to display. Supported fields include: \u003Ccode>ID\u003C\u002Fcode>, \u003Ccode>user_login\u003C\u002Fcode>, \u003Ccode>display_name\u003C\u002Fcode>, \u003Ccode>locale\u003C\u002Fcode>, \u003Ccode>user_nicename\u003C\u002Fcode>, \u003Ccode>user_url\u003C\u002Fcode>, and so on.\u003C\u002Fli>\n\u003Cli>\u003Ccode>placeholder\u003C\u002Fcode> – Optional. Text that will be shown if the visitor is not logged in.\u003C\u002Fli>\n\u003Cli>\u003Ccode>encoding\u003C\u002Fcode> – Optional. How to encode or escape the output. This is useful if you want to use the shortcode in your own HTML or JS code. Supported values: \u003Ccode>auto\u003C\u002Fcode> (default), \u003Ccode>html\u003C\u002Fcode>, \u003Ccode>attr\u003C\u002Fcode>, \u003Ccode>js\u003C\u002Fcode>, \u003Ccode>none\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you delete any of the default menus they will reappear after saving. This is by design. To get rid of a menu for good, either hide it or change it’s access permissions.\u003C\u002Fli>\n\u003Cli>In the free version, it’s not possible to give a role access to a menu item that it couldn’t see before. You can only restrict menu access further.\u003C\u002Fli>\n\u003Cli>In case of emergency, you can reset the menu configuration back to the default by going to http:\u002F\u002Fexample.com\u002Fwp-admin\u002F?reset_admin_menu=1 (replace example.com with your site URL). You must be logged in as an Administrator to do this.\u003C\u002Fli>\n\u003C\u002Ful>\n","Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.",400000,7768111,92,311,"2026-02-20T11:36:00.000Z","5.9","7.4",[135,136,137,21,138],"admin","dashboard","menu","wpmu","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2008\u002F12\u002F20\u002Fadmin-menu-editor-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-menu-editor.1.15.zip","2026-03-10 00:00:00",{"attackSurface":143,"codeSignals":191,"taintFlows":206,"riskAssessment":207,"analyzedAt":217},{"hooks":144,"ajaxHandlers":173,"restRoutes":183,"shortcodes":184,"cronEvents":185,"entryPointCount":190,"unprotectedCount":190},[145,151,155,159,164,168],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_menu","key_metrics_menu","includes\\class-key-metrics.php",55,{"type":146,"name":152,"callback":153,"file":149,"line":154},"key_metrics_refresh_data","refresh_key_metrics",56,{"type":146,"name":156,"callback":157,"file":149,"line":158},"admin_notices","cvm_key_metrics_notice",58,{"type":160,"name":161,"callback":162,"file":149,"line":163},"filter","plugin_action_links_core-vitals-monitor\u002Fkey-metrics.php","cvm_key_metrics_link_gen",59,{"type":146,"name":165,"callback":166,"file":149,"line":167},"admin_enqueue_scripts","closure",63,{"type":160,"name":169,"callback":170,"file":171,"line":172},"cron_schedules","cvm_key_metrics_d_custom_cron_schedule","key-metrics.php",57,[174,179],{"action":175,"nopriv":176,"callback":177,"hasNonce":176,"hasCapCheck":176,"file":149,"line":178},"km_dba86c5b66802692309f2059adc4",false,"key_metrics_ajax_handler_rkm",75,{"action":180,"nopriv":176,"callback":181,"hasNonce":176,"hasCapCheck":176,"file":149,"line":182},"km_92309f2059adc4dba86c5b668026","key_metrics_ajax_handler_skm",76,[],[],[186,189],{"hook":152,"callback":152,"file":187,"line":188},"includes\\refresh-metrics.php",51,{"hook":152,"callback":152,"file":171,"line":158},2,{"dangerousFunctions":192,"sqlUsage":193,"outputEscaping":195,"fileOperations":204,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":205},[],{"prepared":11,"raw":11,"locations":194},[],{"escaped":196,"rawEcho":190,"locations":197},68,[198,202],{"file":199,"line":200,"context":201},"includes\\config.php",37,"raw output",{"file":203,"line":154,"context":201},"includes\\display.php",12,[],[],{"summary":208,"deductions":209},"The core-vitals-monitor plugin version 1.0 exhibits a mixed security posture. While it demonstrates strong practices in SQL query handling and output escaping, a significant concern arises from its unprotected entry points. The plugin exposes two AJAX handlers without any authentication or capability checks, creating a direct attack vector for unauthorized actions. The absence of taint analysis data for this version is notable, meaning potential vulnerabilities within data processing flows have not been assessed.  Furthermore, the complete lack of nonce checks on its AJAX endpoints amplifies the risk associated with these unprotected handlers.  The plugin's vulnerability history is clean, with zero recorded CVEs, which is a positive indicator of past security diligence. However, this lack of history, combined with the identified security flaws, suggests that while it may not have been historically exploited, the current implementation has exploitable weaknesses that could be leveraged by attackers.",[210,212,214],{"reason":211,"points":65},"Unprotected AJAX handlers",{"reason":213,"points":65},"Missing nonce checks on AJAX",{"reason":215,"points":216},"Missing capability checks on AJAX",5,"2026-03-17T07:20:11.126Z",{"wat":219,"direct":228},{"assetPaths":220,"generatorPatterns":223,"scriptPaths":224,"versionParams":225},[221,222],"\u002Fwp-content\u002Fplugins\u002Fcore-vitals-monitor\u002Fres\u002Fcvm_actions.js","\u002Fwp-content\u002Fplugins\u002Fcore-vitals-monitor\u002Fres\u002Fcvm_styles.css",[],[221],[226,227],"core-vitals-monitor\u002Fkey-metrics.php?ver=","CORE_VITALS_MONITOR_VERSION",{"cssClasses":229,"htmlComments":230,"htmlAttributes":231,"restEndpoints":232,"jsGlobals":235,"shortcodeOutput":237},[],[],[],[233,234],"\u002Fwp-json\u002Fkey_metrics\u002Fv1\u002Frefresh","\u002Fwp-json\u002Fkey_metrics\u002Fv1\u002Fsave",[236],"window.core_vitals_monitor_ajax_object",[]]