[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSXqBhMNq1XPYbTrMS0SDCdyKednk3iznN95Mgi4hSms":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":15,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":13,"unpatched_count":13,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":131},"custom-user-registration-lite","Custom User Registration Lite","1.0.2","stesvis","https:\u002F\u002Fprofiles.wordpress.org\u002Fstesvis\u002F","\u003Cp>Allows your visitors to register from a page of your website without being redirected to the admin page. Provides a login widget to place on your sidebar and allow to edit profile information. Upgrade to \u003Ca href=\"http:\u002F\u002Fwordpress.phpanswer.com\u002Fcustom-user-registration\u002F\" rel=\"nofollow ugc\">Custom User Registration FULL\u003C\u002Fa> to enable complete user info details and change password (the lite version allows you to reset the password to a random string but not to change it).\u003C\u002Fp>\n","Provides login widget to allow users to register and login, all without leaving your website!",10,11093,0,"2011-11-01T03:27:00.000Z","","3.1",[],"http:\u002F\u002Fwordpress.phpanswer.com\u002Fwpplugins\u002Fcustom-user-registration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-user-registration-lite.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":26,"avg_security_score":27,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},4,40,89,30,86,"2026-04-05T12:10:02.859Z",[],{"attackSurface":33,"codeSignals":55,"taintFlows":84,"riskAssessment":121,"analyzedAt":130},{"hooks":34,"ajaxHandlers":51,"restRoutes":52,"shortcodes":53,"cronEvents":54,"entryPointCount":13,"unprotectedCount":13},[35,41,45,48],{"type":36,"name":37,"callback":38,"file":39,"line":40},"filter","show_admin_bar","__return_false","custom-user-registration.php",28,{"type":42,"name":43,"callback":43,"file":39,"line":44},"action","init",29,{"type":42,"name":46,"callback":47,"file":39,"line":28},"widgets_init","register_widget",{"type":36,"name":49,"callback":49,"file":39,"line":50},"the_content",31,[],[],[],[],{"dangerousFunctions":56,"sqlUsage":57,"outputEscaping":60,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":83},[],{"prepared":58,"raw":13,"locations":59},2,[],{"escaped":13,"rawEcho":61,"locations":62},9,[63,67,69,71,73,75,77,79,81],{"file":64,"line":65,"context":66},"userreg.class.php",253,"raw output",{"file":64,"line":68,"context":66},263,{"file":64,"line":70,"context":66},264,{"file":64,"line":72,"context":66},265,{"file":64,"line":74,"context":66},266,{"file":64,"line":76,"context":66},267,{"file":64,"line":78,"context":66},268,{"file":64,"line":80,"context":66},387,{"file":64,"line":82,"context":66},452,[],[85,110],{"entryPoint":86,"graph":87,"unsanitizedCount":58,"severity":109},"widget_title (userreg.class.php:247)",{"nodes":88,"edges":105},[89,94,99,103],{"id":90,"type":91,"label":92,"file":64,"line":93},"n0","source","$_POST['merlic_userreg_widget_title']",249,{"id":95,"type":96,"label":97,"file":64,"line":93,"wp_function":98},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":100,"type":91,"label":101,"file":64,"line":102},"n2","$_POST['merlic_userreg_widget_field']",250,{"id":104,"type":96,"label":97,"file":64,"line":102,"wp_function":98},"n3",[106,108],{"from":90,"to":95,"sanitized":107},false,{"from":100,"to":104,"sanitized":107},"low",{"entryPoint":111,"graph":112,"unsanitizedCount":58,"severity":109},"\u003Cuserreg.class> (userreg.class.php:0)",{"nodes":113,"edges":118},[114,115,116,117],{"id":90,"type":91,"label":92,"file":64,"line":93},{"id":95,"type":96,"label":97,"file":64,"line":93,"wp_function":98},{"id":100,"type":91,"label":101,"file":64,"line":102},{"id":104,"type":96,"label":97,"file":64,"line":102,"wp_function":98},[119,120],{"from":90,"to":95,"sanitized":107},{"from":100,"to":104,"sanitized":107},{"summary":122,"deductions":123},"The security posture of \"custom-user-registration-lite\" v1.0.2 appears to have some strengths in terms of attack surface and SQL query handling. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential entry points for malicious actors. Furthermore, the plugin exclusively uses prepared statements for its SQL queries, which is a strong practice against SQL injection vulnerabilities. However, a major concern arises from the static analysis indicating that 100% of output is not properly escaped. This presents a significant risk for cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website through the plugin's output.\n\nThe taint analysis revealed two flows with unsanitized paths, which, although not classified as critical or high severity in this report, warrant attention. Unsanitized paths can be precursors to more severe vulnerabilities if not handled correctly. The plugin's vulnerability history is clean, with no known CVEs, which is positive. This suggests that, thus far, the plugin has not been identified as having major security flaws that have been publicly disclosed. Despite the clean history and limited attack surface, the pervasive lack of output escaping is a critical weakness that needs immediate addressing. The plugin's strengths in limiting entry points and secure SQL practices are overshadowed by the high risk of XSS due to unescaped output.",[124,127],{"reason":125,"points":126},"100% of output not properly escaped",15,{"reason":128,"points":129},"Flows with unsanitized paths detected",7,"2026-03-17T01:19:50.326Z",{"wat":132,"direct":143},{"assetPaths":133,"generatorPatterns":140,"scriptPaths":141,"versionParams":142},[134,135,136,137,138,139],"\u002Fwp-content\u002Fplugins\u002Fcustom-user-registration-lite\u002Fstyle\u002Feasy.css","\u002Fwp-content\u002Fplugins\u002Fcustom-user-registration-lite\u002Fstyle\u002Fjquery-ui.css","\u002Fwp-content\u002Fplugins\u002Fcustom-user-registration-lite\u002Fstyle\u002Fdefault.css","\u002Fwp-content\u002Fplugins\u002Fcustom-user-registration-lite\u002Fjs\u002Feasy.js","\u002Fwp-content\u002Fplugins\u002Fcustom-user-registration-lite\u002Fjs\u002Fjquery-ui.js","\u002Fwp-content\u002Fplugins\u002Fcustom-user-registration-lite\u002Fjs\u002Fdefault.js",[],[137,138,139],[],{"cssClasses":144,"htmlComments":151,"htmlAttributes":154,"restEndpoints":155,"jsGlobals":156,"shortcodeOutput":157},[145,146,147,148,149,150],"merlic_userreg_css_easy","merlic_userreg_css_jquery-ui","merlic_userreg_css_default","merlic_userreg_js_easy","merlic_userreg_js_ui","merlic_userreg_js_default",[152,153],"If i don't use this hack i get the following type of error(s)","Warning: Cannot modify header information - headers already sent by (output started at \u002Fhome\u002Fcristian\u002Fpublic_html\u002F_wordpress\u002Fwp-content\u002Fthemes\u002Fidream\u002Fheader.php:7) in \u002Fhome\u002Fcristian\u002Fpublic_html\u002F_wordpress\u002Fwp-includes\u002Fpluggable.php on line 717",[],[],[],[158,159],"\u003Ch2>User Registration\u003C\u002Fh2>","\u003Ch2>My Profile\u003C\u002Fh2>"]