[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJsvs_VBMPUUaj4k2IXdyAQXjLMTYLjE47ALXolr-QY8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":123,"fingerprints":157},"disable-password-reset","Disable Password Reset","1.0","Dugonja","https:\u002F\u002Fprofiles.wordpress.org\u002Fh3llas\u002F","\u003Cp>This plugin will enhance security of your WordPress site by disabling password reset function over email of WordPress.\u003Cbr \u002F>\nUse with caution since otherwise if you forgot your user password you will need to reset the password directly in the database with phpmyadmin or similar tool.\u003Cbr \u002F>\nAdittionally this plugin will hide notice which say what is wrong “password” or “username” on WordPress login page.\u003C\u002Fp>\n","Enhance security of your blogs by preventing password reset over email function.",1000,10582,80,4,"2016-11-10T18:05:00.000Z","4.6.30","3.1","",[20,21,22],"disable","password","reset","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-password-reset.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":24,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"h3llas",2,1100,2351,69,"2026-04-04T15:14:17.420Z",[37,55,71,90,103],{"slug":38,"name":39,"version":6,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":25,"num_ratings":25,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":18,"download_link":53,"security_score":54,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"simply-disable-password-reset","Simply Disable Password Reset","Boopathi Rajan","https:\u002F\u002Fprofiles.wordpress.org\u002Fboopathi0001\u002F","\u003Cp>Its a very simple plugin to disable the password reset in the wordpress.\u003C\u002Fp>\n\u003Cp>If a user attempts to reset their password they will receive the error message\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Password reset is not allowed for this user\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Kindly let us know your feedback or comments to add more features in this plugin.\u003C\u002Fp>\n","Its a very simple plugin to disable the password reset in the wordpress.",700,3255,"2024-07-31T07:16:00.000Z","6.6.5","4.3","5.2.4",[4,51,52],"disable-rest","wordpress-password-reset","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimply-disable-password-reset.1.0.zip",92,{"slug":56,"name":57,"version":6,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":18,"download_link":70,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"disable-password-reset-extended","Disable Password Reset Extended","Pascal Meunier","https:\u002F\u002Fprofiles.wordpress.org\u002Fmilhouse1337\u002F","\u003Cp>This plugin is meant to be an update on the available “Disable Password Reset” plugin available \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdisable-password-reset\u002F\" rel=\"ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This version can remove more deeply the password reset mechanism. Used for high-security purposes ONLY. The password can only be changed in the database directly if activated.\u003C\u002Fp>\n\u003Cp>Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Input Field in Admin Area\u003C\u002Fli>\n\u003Cli>Remove Reset Link in Login Dialog\u003C\u002Fli>\n\u003Cli>Remove Reset Link in Login Error (notice)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There is no option for this plugin right now but I’m planning to add some in the future. Also, no multilingual support for now, but planned.\u003C\u002Fp>\n\u003Cp>All comments are welcome.\u003C\u002Fp>\n","This plugin is used to completely disable the built-in password reset feature in WordPress. Used for high-security purpose ONLY.",20,6254,100,1,"2011-08-29T03:29:00.000Z","3.2.1","2.7",[20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-password-reset-extended.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":62,"downloaded":79,"rating":64,"num_ratings":65,"last_updated":80,"tested_up_to":47,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":88,"download_link":89,"security_score":54,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"reset-password-removed","Reset Password Removed","1.2","Md Taufiqur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmartshovon\u002F","\u003Cp>Easily enhance the security of your WordPress site by removing the ability for non-admin users to change or reset their passwords. The “Reset Password Removed” plugin ensures that only administrators have the power to modify password settings, reducing the risk of unauthorized access.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Restrict Password Resets:\u003C\u002Fstrong> Prevents non-admin users from resetting their passwords, adding an extra layer of security to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Control:\u003C\u002Fstrong> Keeps password management accessible only to site administrators, ensuring critical access remains in trusted hands.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience:\u003C\u002Fstrong> Automatically removes the “Lost your password?” link from the login page for non-admin users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Efficient:\u003C\u002Fstrong> The plugin is built to be lightweight, ensuring it doesn’t slow down your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Reset Password Removed?\u003C\u002Fh3>\n\u003Cp>If you’re looking to enhance your WordPress security without complicating user management, this plugin is the perfect solution. Ideal for websites where password security is paramount, it simplifies control and prevents potential vulnerabilities from password resets.\u003C\u002Fp>\n\u003Cp>Compatible with: WordPress 6.x and PHP 7.4+\u003C\u002Fp>\n","Enhance the security of your blogs by preventing password reset over email function.",2924,"2024-11-03T13:58:00.000Z","5.0","7.4",[84,4,85,86,87],"admin-only-password-control","secure-login-management","wordpress-password-security","wordpress-user-security-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freset-password-removed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-password-removed.1.2.zip",{"slug":91,"name":92,"version":6,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":62,"num_ratings":65,"last_updated":18,"tested_up_to":99,"requires_at_least":17,"requires_php":18,"tags":100,"homepage":18,"download_link":101,"security_score":64,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":102},"disable-reset-password","Disable Reset Password","Renoug Joni","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonirenoug\u002F","\u003Cp>Disabling reset password  function over email of WordPress and Fix bug Unauthorized Reset Password (0day).\u003Cbr \u002F>\nUse caution and if necessary, after the core fix bug fixes you should delete it.\u003C\u002Fp>\n\u003Ch4>Build Status\u003C\u002Fh4>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Ch4>Donations\u003C\u002Fh4>\n","Disabling reset password function over email of Wordpress and Fix bug Unauthorized Reset Password (0day).",10,1191,"4.7.32",[20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-reset-password.zip","2026-03-15T10:48:56.248Z",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":18,"download_link":122,"security_score":64,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"frontend-reset-password","Frontend Reset Password","1.3.3","Wp Enhanced","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpenhanced\u002F","\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> lets your site users reset their lost or forgotten passwords in the frontend of your site. No more default WordPress reset form! Users fill in their username or email address and a reset password link is emailed to them. When they click this link they’ll be redirected to your site and asked for a new password. Everything is handled using default WordPress methods including security, so you don’t have to worry.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> is perfect for sites that have disabled access to the WordPress dashboard, or if you want to include a lost\u002Freset password form on one of your custom site pages. It also works great with \u003Cstrong>Easy Digital Downloads\u003C\u002Fstrong>!\u003C\u002Fp>\n\u003Cp>Any error messages display right on the form, including whether the username or email address is invalid.\u003C\u002Fp>\n\u003Cp>The plugin works by hooking into the \u003Ccode>lostpassword_url\u003C\u002Fcode> WordPress filter, meaning compatibility with other plugins can be better maintained.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> is also translation ready.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Modern settings framework for easy configuration & searching our documentation\u003Cbr \u002F>\n– Password requirements and eye icon toggle\u003Cbr \u002F>\n– Customizable reset link text and email templates\u003Cbr \u002F>\n– Full documentation at https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation and setup guide:\u003Cbr \u002F>\nhttps:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\u003C\u002Fp>\n\u003Cp>Find answers, usage examples, and troubleshooting tips on our official documentation site.\u003C\u002Fp>\n\u003Ch3>Setup Guide\u003C\u002Fh3>\n\u003Cp>Quick Start:\u003Cbr \u002F>\n1. Add the shortcode \u003Ccode>[reset_password]\u003C\u002Fcode> to any page.\u003Cbr \u002F>\n2. Visit \u003Cstrong>Settings > Frontend Reset Password\u003C\u002Fstrong> in your WordPress admin to select your reset page and configure options.\u003Cbr \u002F>\n3. (Optional) Customize form text, password requirements, and email templates.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\" rel=\"nofollow ugc\">online documentation\u003C\u002Fa> for screenshots and advanced usage.\u003C\u002Fp>\n\u003Ch3>Customisation\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Customisation Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Change all form text and labels\u003Cbr \u002F>\n– Set password requirements (length, character types)\u003Cbr \u002F>\n– Show\u002Fhide eye icon for password fields\u003Cbr \u002F>\n– Customize email subject, sender, and template\u003Cbr \u002F>\n– Display login link after password reset\u003C\u002Fp>\n\u003Cp>Very little CSS styling is used, so the forms should style with your website theme beautifully.\u003C\u002Fp>\n\u003Cp>If you use a frontend login page you can set that in the plugin also. Users are told they can login and are shown the url when they successfully change their password.\u003C\u002Fp>\n\u003Cp>You can also set the minimum number of characters required for a password. Default is 0.\u003C\u002Fp>\n\u003Ch3>Support & Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\" rel=\"nofollow ugc\">Full Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Quick start guide in plugin settings\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffrontend-reset-password\u002F\" rel=\"ugc\">WordPress.org Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Let your users reset their forgotten passwords from the frontend of your website.",10000,167187,88,38,"2026-01-30T10:23:00.000Z","6.9.4","4.4",[119,120,21,121],"login","lost-password","reset-password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffrontend-reset-password.zip",{"attackSurface":124,"codeSignals":140,"taintFlows":150,"riskAssessment":151,"analyzedAt":156},{"hooks":125,"ajaxHandlers":136,"restRoutes":137,"shortcodes":138,"cronEvents":139,"entryPointCount":25,"unprotectedCount":25},[126,132],{"type":127,"name":128,"callback":129,"file":130,"line":131},"filter","allow_password_reset","disable_password_reset","disablepassword.php",14,{"type":127,"name":133,"callback":134,"file":130,"line":135},"login_errors","anonymous",15,[],[],[],[],{"dangerousFunctions":141,"sqlUsage":145,"outputEscaping":147,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":149},[142],{"fn":143,"file":130,"line":135,"context":144},"create_function","add_filter('login_errors',create_function('$a', \"return 'Operation failed!';\"));",{"prepared":25,"raw":25,"locations":146},[],{"escaped":25,"rawEcho":25,"locations":148},[],[],[],{"summary":152,"deductions":153},"The \"disable-password-reset\" v1.0 plugin exhibits a very limited attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events. This significantly reduces the potential for external exploitation through common WordPress entry points. The plugin also demonstrates good practices in its handling of SQL queries, with all queries utilizing prepared statements, and its output escaping, with all outputs being properly escaped. Furthermore, the absence of file operations and external HTTP requests further enhances its security profile. The vulnerability history shows no recorded CVEs, indicating a clean track record.\n\nHowever, the static analysis did identify one significant concern: the use of the `create_function` construct. This is a deprecated and potentially insecure function in PHP, and its presence, even if seemingly isolated in this context, raises a flag. While taint analysis and the overall vulnerability history are clean, this specific code signal points to a potential, albeit not immediately exploitable, weakness that could be a vector for future issues or be misused in conjunction with other vulnerabilities. The lack of nonce and capability checks on any potential entry points (though there are none identified) is a common WordPress security recommendation, and its absence here is noted, though less critical given the minimal attack surface.\n\nIn conclusion, the plugin is in a generally good security posture due to its minimal attack surface and adherence to secure coding practices for SQL and output handling. The lack of historical vulnerabilities is a strong positive. The primary weakness lies in the use of `create_function`, which represents a minor but notable risk that could be addressed. The absence of formal checks on entry points is less of a concern in this specific case due to the plugin's design.",[154],{"reason":155,"points":97},"Use of deprecated\u002Finsecure create_function","2026-03-16T18:52:44.109Z",{"wat":158,"direct":163},{"assetPaths":159,"generatorPatterns":160,"scriptPaths":161,"versionParams":162},[],[],[],[],{"cssClasses":164,"htmlComments":165,"htmlAttributes":166,"restEndpoints":167,"jsGlobals":168,"shortcodeOutput":169},[],[],[],[],[],[]]