[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxwB1HKc51QIkfvTznURXFQiixT3HxnmXemN_OhdxLGU":3,"$fjX19nijuRHcQS1GRN7g88lYLBbCfcQm0hydQttgEOfE":179,"$fAzwLJzyqF11xVseD-wZiGMuO4xxyUecxHdiHqcV_294":184},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":21,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":33,"analysis":131,"fingerprints":166},"disable-lost-your-password","Disable Lost Your Password","1.0.0","Great Guide Info","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreatguideinfo\u002F","\u003Cp>If you are worried about the security of the wordpress website, then Disable Lost Your Password Plugin can help you with it a little bit.\u003Cbr \u002F>\nWith this plugin you can disable the lost your password option that appears on the WordPress login screen, so that no one can recover the password from the login screen.\u003Cbr \u002F>\nIf you forget your password then you have nothing to worry about. You can change wordpress password from phpMyAdmin, here it has been given full information. [change password Using phpMyAdmin] (https:\u002F\u002Fgoo.gl\u002FFGwvcQ “change password Using phpMyAdmin”).\u003Cbr \u002F>\nAll you have to do is install it on your dashboard and activate it.\u003C\u002Fp>\n\u003Ch3>Help\u003C\u002Fh3>\n\u003Cp>Do you need any help or you are having trouble using the Disable Lost Your Password plugin, or you want to ask something about it, you can contact us by visiting our website. Use this link for this. [Contact developer] (https:\u002F\u002Fgoo.gl\u002F7qa7JH “Contact developer”) or you can send us a mail at admin@greatguideinfo.com.\u003Cbr \u002F>\nWe will complete the answers to your questions.\u003C\u002Fp>\n","License URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html Disable Wordpress Login Screen \"Lost Yoyr Password?\" Option Usign Disable Lost Your P &hellip;",0,1312,"2018-11-25T10:46:00.000Z","4.9.29","4.4","",[18,4,19,20],"disable","password-reset","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-lost-your-password.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"greatguideinfo",1,30,84,"2026-05-20T08:05:41.927Z",[34,57,77,96,116],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":55,"download_link":56,"security_score":44,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"simple-disable-xml-rpc","Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks","1.4.0","Delower Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F","\u003Cp>\u003Cstrong>Simple Disable XML-RPC\u003C\u002Fstrong> is a lightweight, powerful WordPress plugin that gives you complete control over your site’s XML-RPC functionality. Protect your WordPress site from brute force attacks, DDoS attempts, and other XML-RPC security vulnerabilities with just one click.\u003C\u002Fp>\n\u003Ch3>🔒 Why Disable XML-RPC?\u003C\u002Fh3>\n\u003Cp>XML-RPC is a remote communication protocol that allows external applications to interact with your WordPress site. While useful for some services, it’s frequently exploited by attackers for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Brute Force Attacks\u003C\u002Fstrong> – Automated password guessing attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Attacks\u003C\u002Fstrong> – Overwhelming your server with requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Resource Exhaustion\u003C\u002Fstrong> – Slowing down your website\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pingback Vulnerabilities\u003C\u002Fstrong> – Exploiting pingback features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🎯 One-Click Control\u003C\u002Fstrong> – Modern toggle switch interface (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Enhanced Security\u003C\u002Fstrong> – Block XML-RPC attacks instantly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚡ Improved Performance\u003C\u002Fstrong> – Reduce server load and resource usage\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Beautiful Admin Interface\u003C\u002Fstrong> – Clean, modern card-based design (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🌐 Translation Ready\u003C\u002Fstrong> – Fully internationalized and translation-ready\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📱 Mobile Responsive\u003C\u002Fstrong> – Settings page works perfectly on all devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🧹 Clean Uninstall\u003C\u002Fstrong> – Removes all data when uninstalled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚙️ Developer Friendly\u003C\u002Fstrong> – Well-coded, follows WordPress standards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Regular Updates\u003C\u002Fstrong> – Actively maintained and tested with latest WordPress versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>💯 Lightweight\u003C\u002Fstrong> – No bloat, minimal impact on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🆕 What’s New in Version 1.4.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ Modern toggle switch replaces old checkbox\u003C\u002Fli>\n\u003Cli>✅ Beautiful card-based admin interface\u003C\u002Fli>\n\u003Cli>✅ Enhanced security with proper sanitization\u003C\u002Fli>\n\u003Cli>✅ Better code organization (OOP approach)\u003C\u002Fli>\n\u003Cli>✅ Improved accessibility and UX\u003C\u002Fli>\n\u003Cli>✅ Removes X-Pingback header when disabled\u003C\u002Fli>\n\u003Cli>✅ Fixed activation redirect for bulk installations\u003C\u002Fli>\n\u003Cli>✅ Better mobile responsive design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Security-focused website owners\u003C\u002Fli>\n\u003Cli>Sites that don’t use mobile apps or remote publishing\u003C\u002Fli>\n\u003Cli>Sites experiencing XML-RPC attacks\u003C\u002Fli>\n\u003Cli>Performance-conscious administrators\u003C\u002Fli>\n\u003Cli>Anyone wanting better control over WordPress features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔧 How It Works\u003C\u002Fh3>\n\u003Cp>This plugin uses the native WordPress \u003Ccode>xmlrpc_enabled\u003C\u002Fcode> filter to safely disable XML-RPC without modifying core files. Simply activate the plugin, toggle the switch on the settings page, and you’re protected!\u003C\u002Fp>\n\u003Ch3>⚠️ Important Note\u003C\u002Fh3>\n\u003Cp>Disabling XML-RPC may affect:\u003Cbr \u002F>\n* WordPress mobile apps\u003Cbr \u002F>\n* Jetpack (some features)\u003Cbr \u002F>\n* Remote publishing tools\u003Cbr \u002F>\n* Pingbacks and trackbacks\u003Cbr \u002F>\n* Third-party services that rely on XML-RPC\u003C\u002Fp>\n\u003Cp>Only disable XML-RPC if you don’t use these features.\u003C\u002Fp>\n\u003Ch3>🤝 Contributing & Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports and pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Help us make this plugin better!\u003C\u002Fp>\n\u003Ch3>💝 Support the Development\u003C\u002Fh3>\n\u003Cp>If you find this plugin helpful, please consider:\u003Cbr \u002F>\n* ⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rating it 5 stars\u003C\u002Fa>\u003Cbr \u002F>\n* 🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Reporting bugs\u003C\u002Fa>\u003Cbr \u002F>\n* 💬 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Suggesting features\u003C\u002Fa>\u003Cbr \u002F>\n* ☕ \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\u002Fdonate\" rel=\"nofollow ugc\">Buying us a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Simple Disable XML-RPC does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Collect any user data\u003C\u002Fli>\n\u003Cli>Store any personal information\u003C\u002Fli>\n\u003Cli>Make external API calls\u003C\u002Fli>\n\u003Cli>Use cookies or tracking\u003C\u002Fli>\n\u003Cli>Send data to third parties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin only stores one setting in your WordPress database: whether XML-RPC is enabled or disabled.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? We’re here for you!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📖 \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Report Bugs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rate Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed with ❤️ by \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">WordPress Satkhira Community\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contributors:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F\" rel=\"nofollow ugc\">wpdelower\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmonarchwp23\u002F\" rel=\"nofollow ugc\">monarchwp23\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Special thanks to all our users and contributors who help make this plugin better!\u003C\u002Fp>\n","Simply disable XML-RPC on your WordPress site with a simple toggle switch. Protect your site from XML-RPC attacks and improve security.",1000,8887,100,5,"2025-11-09T02:27:00.000Z","6.8.5","6.1","7.4",[51,52,20,53,54],"disable-xml","disable-xml-rpc","xml","xmlrpc","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-disable-xml-rpc\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-disable-xml-rpc.1.4.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":11,"num_ratings":11,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":16,"download_link":75,"security_score":76,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"simply-disable-password-reset","Simply Disable Password Reset","1.0","Boopathi Rajan","https:\u002F\u002Fprofiles.wordpress.org\u002Fboopathi0001\u002F","\u003Cp>Its a very simple plugin to disable the password reset in the wordpress.\u003C\u002Fp>\n\u003Cp>If a user attempts to reset their password they will receive the error message\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Password reset is not allowed for this user\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Kindly let us know your feedback or comments to add more features in this plugin.\u003C\u002Fp>\n","Its a very simple plugin to disable the password reset in the wordpress.",700,3332,"2024-07-31T07:16:00.000Z","6.6.5","4.3","5.2.4",[72,73,74],"disable-password-reset","disable-rest","wordpress-password-reset","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimply-disable-password-reset.1.0.zip",92,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":44,"num_ratings":29,"last_updated":87,"tested_up_to":68,"requires_at_least":88,"requires_php":49,"tags":89,"homepage":94,"download_link":95,"security_score":76,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"reset-password-removed","Reset Password Removed","1.2","Md Taufiqur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmartshovon\u002F","\u003Cp>Easily enhance the security of your WordPress site by removing the ability for non-admin users to change or reset their passwords. The “Reset Password Removed” plugin ensures that only administrators have the power to modify password settings, reducing the risk of unauthorized access.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Restrict Password Resets:\u003C\u002Fstrong> Prevents non-admin users from resetting their passwords, adding an extra layer of security to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Control:\u003C\u002Fstrong> Keeps password management accessible only to site administrators, ensuring critical access remains in trusted hands.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience:\u003C\u002Fstrong> Automatically removes the “Lost your password?” link from the login page for non-admin users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Efficient:\u003C\u002Fstrong> The plugin is built to be lightweight, ensuring it doesn’t slow down your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Reset Password Removed?\u003C\u002Fh3>\n\u003Cp>If you’re looking to enhance your WordPress security without complicating user management, this plugin is the perfect solution. Ideal for websites where password security is paramount, it simplifies control and prevents potential vulnerabilities from password resets.\u003C\u002Fp>\n\u003Cp>Compatible with: WordPress 6.x and PHP 7.4+\u003C\u002Fp>\n","Enhance the security of your blogs by preventing password reset over email function.",20,2968,"2024-11-03T13:58:00.000Z","5.0",[90,72,91,92,93],"admin-only-password-control","secure-login-management","wordpress-password-security","wordpress-user-security-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freset-password-removed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-password-removed.1.2.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":11,"num_ratings":11,"last_updated":106,"tested_up_to":107,"requires_at_least":88,"requires_php":108,"tags":109,"homepage":114,"download_link":115,"security_score":76,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"zacsecurity","ZacSecurity","1.1","Saurabh Gusain","https:\u002F\u002Fprofiles.wordpress.org\u002Fzaclabs\u002F","\u003Cp>zacsecurity enhances your website’s content protection by making it more difficult for users to copy text or access context menus.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Disable right-click functionality on your website.\u003Cbr \u002F>\n– Block “Ctrl+C” to prevent content copying.\u003Cbr \u002F>\n– Simple settings page for enabling or disabling the protection.\u003Cbr \u002F>\n– Lightweight and easy to use, with no impact on site performance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Use zacsecurity?\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you are a content creator, blogger, or website owner concerned about unauthorized content copying, zacsecurity provides an easy-to-implement solution to add a layer of protection.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports, please visit \u003Ca href=\"https:\u002F\u002Fzaclab.com\u002Fcontact\" rel=\"nofollow ugc\">ZacLab Support\u003C\u002Fa>.\u003C\u002Fp>\n","zacsecurity is a lightweight plugin designed to help protect your WordPress website's content by disabling right-click functionality and blocking &hellip;",10,488,"2024-12-19T09:46:00.000Z","6.7.5","7.0",[110,111,112,113,20],"content-protection","disable-right-click","prevent-copy","website-security","https:\u002F\u002Fzaclab.com\u002Fzacsecurity-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzacsecurity.zip",{"slug":117,"name":118,"version":60,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":11,"downloaded":123,"rating":11,"num_ratings":11,"last_updated":124,"tested_up_to":107,"requires_at_least":88,"requires_php":125,"tags":126,"homepage":16,"download_link":130,"security_score":76,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"security-shield-by-xd","Security Shield by XD","Muhammad Ali Khizar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmuhammadalikhizar\u002F","\u003Cp>Security Shield by XD is a security plugin that prevents unauthorized users from installing add-ons, injecting scripts, and modifying core files.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🔒 \u003Cstrong>Disable Add-on Installation & Editing\u003C\u002Fstrong> (Prevents adding new add-ons)  \u003C\u002Fli>\n\u003Cli>🚫 \u003Cstrong>Block Script Injection\u003C\u002Fstrong> (Prevents \u003Ccode>\u003Cscript>\u003C\u002Fcode> tags in posts, comments, and widgets)  \u003C\u002Fli>\n\u003Cli>🛑 \u003Cstrong>Hide Add-on Menu\u003C\u002Fstrong> (Restricts access to add-on management)  \u003C\u002Fli>\n\u003Cli>⚡ \u003Cstrong>Prevent Direct Add-on Uploads\u003C\u002Fstrong> (Blocks add-on ZIP file uploads)  \u003C\u002Fli>\n\u003Cli>🔐 \u003Cstrong>Disable Script Execution in Uploads Folder\u003C\u002Fstrong> (Protects against malware scripts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support & Contact\u003C\u002Fh3>\n\u003Cp>For support, visit \u003Ca href=\"https:\u002F\u002Fxpertdezineit.blogspot.com\" rel=\"nofollow ugc\">https:\u002F\u002Fxpertdezineit.blogspot.com\u003C\u002Fa> or email \u003Cstrong>xpertdezineit@gmail.com\u003C\u002Fstrong>.\u003C\u002Fp>\n","Security Shield by XD is a security plugin that prevents unauthorized users from installing add-ons, injecting scripts, and modifying core files.",511,"2025-03-04T16:26:00.000Z","7.2",[127,128,129,20],"disable-add-ons","script-blocker","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-shield-by-xd.1.0.zip",{"attackSurface":132,"codeSignals":150,"taintFlows":157,"riskAssessment":158,"analyzedAt":165},{"hooks":133,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":11,"unprotectedCount":11},[134,139,142],{"type":135,"name":136,"callback":18,"file":137,"line":138},"filter","show_password_fields","disable-lost-your-password.php",16,{"type":135,"name":140,"callback":18,"file":137,"line":141},"allow_password_reset",17,{"type":135,"name":143,"callback":144,"file":137,"line":145},"gettext","remove",18,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":156},[],{"prepared":11,"raw":11,"locations":153},[],{"escaped":11,"rawEcho":11,"locations":155},[],[],[],{"summary":159,"deductions":160},"The \"disable-lost-your-password\" plugin v1.0.0 exhibits a strong security posture based on the provided static analysis.  The absence of any identified dangerous functions, SQL queries without prepared statements, unescaped output, file operations, external HTTP requests, or raw taint flows is commendable.  Furthermore, the plugin's attack surface is completely protected, with no AJAX handlers, REST API routes, shortcodes, or cron events that are not subject to authentication checks.  This indicates a deliberate effort to adhere to secure coding practices.\n\nThe plugin's vulnerability history is also clean, with no known CVEs recorded. This, combined with the clean static analysis, suggests a low risk of immediate exploitation.  However, the complete lack of nonce and capability checks, while not directly flagged as a vulnerability in this analysis (due to the protected attack surface), represents a potential gap in defense-in-depth.  While the current attack surface is secure, any future expansion or modification could introduce risks if these checks are not considered.\n\nIn conclusion, the plugin currently appears to be very secure. The developers have demonstrated good practice in avoiding common vulnerabilities. The only minor area for potential improvement lies in incorporating nonce and capability checks as a standard security measure, even for protected entry points, to further harden the plugin against unforeseen future threats or misconfigurations. The current risk is assessed as very low.",[161,163],{"reason":162,"points":45},"No nonce checks found",{"reason":164,"points":45},"No capability checks found","2026-04-16T14:21:29.840Z",{"wat":167,"direct":172},{"assetPaths":168,"generatorPatterns":169,"scriptPaths":170,"versionParams":171},[],[],[],[],{"cssClasses":173,"htmlComments":174,"htmlAttributes":175,"restEndpoints":176,"jsGlobals":177,"shortcodeOutput":178},[],[],[],[],[],[],{"error":180,"url":181,"statusCode":182,"statusMessage":183,"message":183},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdisable-lost-your-password\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":11,"versions":185},[]]