[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcpZjJDnmYDDyvd8twkk6ockq24zd93jPcqFNdqQxAnY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":121,"fingerprints":167},"disable-password-reset-extended","Disable Password Reset Extended","1.0","Pascal Meunier","https:\u002F\u002Fprofiles.wordpress.org\u002Fmilhouse1337\u002F","\u003Cp>This plugin is meant to be an update on the available “Disable Password Reset” plugin available \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdisable-password-reset\u002F\" rel=\"ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This version can remove more deeply the password reset mechanism. Used for high-security purposes ONLY. The password can only be changed in the database directly if activated.\u003C\u002Fp>\n\u003Cp>Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Input Field in Admin Area\u003C\u002Fli>\n\u003Cli>Remove Reset Link in Login Dialog\u003C\u002Fli>\n\u003Cli>Remove Reset Link in Login Error (notice)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There is no option for this plugin right now but I’m planning to add some in the future. Also, no multilingual support for now, but planned.\u003C\u002Fp>\n\u003Cp>All comments are welcome.\u003C\u002Fp>\n","This plugin is used to completely disable the built-in password reset feature in WordPress. Used for high-security purpose ONLY.",20,6254,100,1,"2011-08-29T03:29:00.000Z","3.2.1","2.7","",[20,21,22],"disable","password","reset","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-password-reset-extended.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"milhouse1337",30,84,"2026-04-04T15:38:44.693Z",[35,51,69,88,101],{"slug":36,"name":37,"version":6,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":18,"tags":49,"homepage":18,"download_link":50,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"disable-password-reset","Disable Password Reset","Dugonja","https:\u002F\u002Fprofiles.wordpress.org\u002Fh3llas\u002F","\u003Cp>This plugin will enhance security of your WordPress site by disabling password reset function over email of WordPress.\u003Cbr \u002F>\nUse with caution since otherwise if you forgot your user password you will need to reset the password directly in the database with phpmyadmin or similar tool.\u003Cbr \u002F>\nAdittionally this plugin will hide notice which say what is wrong “password” or “username” on WordPress login page.\u003C\u002Fp>\n","Enhance security of your blogs by preventing password reset over email function.",1000,10582,80,4,"2016-11-10T18:05:00.000Z","4.6.30","3.1",[20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-password-reset.zip",{"slug":52,"name":53,"version":6,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":25,"num_ratings":25,"last_updated":60,"tested_up_to":61,"requires_at_least":62,"requires_php":63,"tags":64,"homepage":18,"download_link":67,"security_score":68,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"simply-disable-password-reset","Simply Disable Password Reset","Boopathi Rajan","https:\u002F\u002Fprofiles.wordpress.org\u002Fboopathi0001\u002F","\u003Cp>Its a very simple plugin to disable the password reset in the wordpress.\u003C\u002Fp>\n\u003Cp>If a user attempts to reset their password they will receive the error message\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Password reset is not allowed for this user\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Kindly let us know your feedback or comments to add more features in this plugin.\u003C\u002Fp>\n","Its a very simple plugin to disable the password reset in the wordpress.",700,3255,"2024-07-31T07:16:00.000Z","6.6.5","4.3","5.2.4",[36,65,66],"disable-rest","wordpress-password-reset","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimply-disable-password-reset.1.0.zip",92,{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":11,"downloaded":77,"rating":13,"num_ratings":14,"last_updated":78,"tested_up_to":61,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":86,"download_link":87,"security_score":68,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"reset-password-removed","Reset Password Removed","1.2","Md Taufiqur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmartshovon\u002F","\u003Cp>Easily enhance the security of your WordPress site by removing the ability for non-admin users to change or reset their passwords. The “Reset Password Removed” plugin ensures that only administrators have the power to modify password settings, reducing the risk of unauthorized access.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Restrict Password Resets:\u003C\u002Fstrong> Prevents non-admin users from resetting their passwords, adding an extra layer of security to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Control:\u003C\u002Fstrong> Keeps password management accessible only to site administrators, ensuring critical access remains in trusted hands.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience:\u003C\u002Fstrong> Automatically removes the “Lost your password?” link from the login page for non-admin users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Efficient:\u003C\u002Fstrong> The plugin is built to be lightweight, ensuring it doesn’t slow down your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Reset Password Removed?\u003C\u002Fh3>\n\u003Cp>If you’re looking to enhance your WordPress security without complicating user management, this plugin is the perfect solution. Ideal for websites where password security is paramount, it simplifies control and prevents potential vulnerabilities from password resets.\u003C\u002Fp>\n\u003Cp>Compatible with: WordPress 6.x and PHP 7.4+\u003C\u002Fp>\n","Enhance the security of your blogs by preventing password reset over email function.",2924,"2024-11-03T13:58:00.000Z","5.0","7.4",[82,36,83,84,85],"admin-only-password-control","secure-login-management","wordpress-password-security","wordpress-user-security-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freset-password-removed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-password-removed.1.2.zip",{"slug":89,"name":90,"version":6,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":11,"num_ratings":14,"last_updated":18,"tested_up_to":97,"requires_at_least":48,"requires_php":18,"tags":98,"homepage":18,"download_link":99,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":100},"disable-reset-password","Disable Reset Password","Renoug Joni","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonirenoug\u002F","\u003Cp>Disabling reset password  function over email of WordPress and Fix bug Unauthorized Reset Password (0day).\u003Cbr \u002F>\nUse caution and if necessary, after the core fix bug fixes you should delete it.\u003C\u002Fp>\n\u003Ch4>Build Status\u003C\u002Fh4>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Ch4>Donations\u003C\u002Fh4>\n","Disabling reset password function over email of Wordpress and Fix bug Unauthorized Reset Password (0day).",10,1191,"4.7.32",[20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-reset-password.zip","2026-03-15T10:48:56.248Z",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":18,"download_link":120,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"frontend-reset-password","Frontend Reset Password","1.3.3","Wp Enhanced","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpenhanced\u002F","\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> lets your site users reset their lost or forgotten passwords in the frontend of your site. No more default WordPress reset form! Users fill in their username or email address and a reset password link is emailed to them. When they click this link they’ll be redirected to your site and asked for a new password. Everything is handled using default WordPress methods including security, so you don’t have to worry.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> is perfect for sites that have disabled access to the WordPress dashboard, or if you want to include a lost\u002Freset password form on one of your custom site pages. It also works great with \u003Cstrong>Easy Digital Downloads\u003C\u002Fstrong>!\u003C\u002Fp>\n\u003Cp>Any error messages display right on the form, including whether the username or email address is invalid.\u003C\u002Fp>\n\u003Cp>The plugin works by hooking into the \u003Ccode>lostpassword_url\u003C\u002Fcode> WordPress filter, meaning compatibility with other plugins can be better maintained.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> is also translation ready.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Modern settings framework for easy configuration & searching our documentation\u003Cbr \u002F>\n– Password requirements and eye icon toggle\u003Cbr \u002F>\n– Customizable reset link text and email templates\u003Cbr \u002F>\n– Full documentation at https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation and setup guide:\u003Cbr \u002F>\nhttps:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\u003C\u002Fp>\n\u003Cp>Find answers, usage examples, and troubleshooting tips on our official documentation site.\u003C\u002Fp>\n\u003Ch3>Setup Guide\u003C\u002Fh3>\n\u003Cp>Quick Start:\u003Cbr \u002F>\n1. Add the shortcode \u003Ccode>[reset_password]\u003C\u002Fcode> to any page.\u003Cbr \u002F>\n2. Visit \u003Cstrong>Settings > Frontend Reset Password\u003C\u002Fstrong> in your WordPress admin to select your reset page and configure options.\u003Cbr \u002F>\n3. (Optional) Customize form text, password requirements, and email templates.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\" rel=\"nofollow ugc\">online documentation\u003C\u002Fa> for screenshots and advanced usage.\u003C\u002Fp>\n\u003Ch3>Customisation\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Customisation Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Change all form text and labels\u003Cbr \u002F>\n– Set password requirements (length, character types)\u003Cbr \u002F>\n– Show\u002Fhide eye icon for password fields\u003Cbr \u002F>\n– Customize email subject, sender, and template\u003Cbr \u002F>\n– Display login link after password reset\u003C\u002Fp>\n\u003Cp>Very little CSS styling is used, so the forms should style with your website theme beautifully.\u003C\u002Fp>\n\u003Cp>If you use a frontend login page you can set that in the plugin also. Users are told they can login and are shown the url when they successfully change their password.\u003C\u002Fp>\n\u003Cp>You can also set the minimum number of characters required for a password. Default is 0.\u003C\u002Fp>\n\u003Ch3>Support & Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\" rel=\"nofollow ugc\">Full Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Quick start guide in plugin settings\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffrontend-reset-password\u002F\" rel=\"ugc\">WordPress.org Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Let your users reset their forgotten passwords from the frontend of your website.",10000,167187,88,38,"2026-01-30T10:23:00.000Z","6.9.4","4.4",[117,118,21,119],"login","lost-password","reset-password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffrontend-reset-password.zip",{"attackSurface":122,"codeSignals":150,"taintFlows":157,"riskAssessment":158,"analyzedAt":166},{"hooks":123,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":25,"unprotectedCount":25},[124,130,133,137,142],{"type":125,"name":126,"callback":127,"file":128,"line":129},"filter","allow_password_reset","dprx_disable_password_reset","disable-password-reset-extended.php",13,{"type":125,"name":131,"callback":127,"file":128,"line":132},"show_password_fields",14,{"type":125,"name":134,"callback":135,"file":128,"line":136},"gettext","dprx_remove_password_reset_text",23,{"type":138,"name":139,"callback":140,"file":128,"line":141},"action","login_head","dprx_remove_password_reset",25,{"type":125,"name":143,"callback":144,"file":128,"line":145},"login_errors","dprx_remove_password_reset_text_in",32,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":156},[],{"prepared":25,"raw":25,"locations":153},[],{"escaped":25,"rawEcho":25,"locations":155},[],[],[],{"summary":159,"deductions":160},"The \"disable-password-reset-extended\" v1.0 plugin exhibits a seemingly strong security posture based on the provided static analysis.  The absence of any identified dangerous functions, SQL queries not using prepared statements, file operations, external HTTP requests, or outputting unescaped data are all positive indicators.  The plugin also correctly avoids critical issues such as unsanitized taint flows and has no known vulnerabilities in its history.  The limited attack surface is also a good sign, with no AJAX handlers, REST API routes, or shortcodes exposed without authentication checks.  \n\nHowever, the complete lack of any logged security-relevant events (AJAX, REST API, shortcodes, cron, nonces, capability checks) raises a significant concern. While it suggests the plugin might be very narrowly focused or operate entirely passively, it also means that critical security checks like nonce and capability checks are entirely absent from its design. This could indicate a superficial implementation where these vital security layers were simply not deemed necessary, or worse, were omitted due to oversight.  This absence of standard security mechanisms, even with a zero attack surface, introduces an unknown risk if the plugin's functionality were to ever expand or interact with user input in a more complex manner in future versions.\n\nIn conclusion, the plugin is currently secure due to its limited functionality and the absence of known vulnerabilities and obvious code flaws. However, the complete lack of standard security implementations like nonce and capability checks is a significant weakness that could become a problem if the plugin's scope changes.  The plugin is best described as passively secure, rather than actively robust.",[161,164],{"reason":162,"points":163},"Missing nonce checks",5,{"reason":165,"points":163},"Missing capability checks","2026-03-16T22:44:37.598Z",{"wat":168,"direct":173},{"assetPaths":169,"generatorPatterns":170,"scriptPaths":171,"versionParams":172},[],[],[],[],{"cssClasses":174,"htmlComments":175,"htmlAttributes":176,"restEndpoints":177,"jsGlobals":178,"shortcodeOutput":179},[],[],[],[],[],[]]