[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8CbNB6Stdx9UXTeKLvN1QdpxUr_O3mWMgwCWmDwGSY4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":54,"analysis":156,"fingerprints":283},"disable-user-login","Disable User Login","1.3.12","Saint Systems","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaintsystems\u002F","\u003Cp>This plugin gives you the ability to disable specific user accounts via a profile setting.\u003C\u002Fp>\n\u003Cp>Once installed and activated, a checkbox appears on the user profile settings (only for admins). When checked, the user’s account will be disabled and they will be unable to login with the account. If they try to login, they are instantly logged out and redirected to the login page with a message that notifies them their account is disabled.\u003C\u002Fp>\n\u003Cp>This can be useful in a few situations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You want freelance writers to still show up in the authors box, but you don’t want them to be able to login.\u003C\u002Fli>\n\u003Cli>You have former employees who have authored posts and you don’t want to delete them or reassign their posts to other users, but still need them to show up in the “Authors box.”\u003C\u002Fli>\n\u003Cli>You are working on a site for a client who has an account, but do not want him to login and\u002For make changes during development.\u003C\u002Fli>\n\u003Cli>You have a client who has an unpaid invoice.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsaintsystems\u002Fdisable-user-login\u002F\" rel=\"nofollow ugc\">This plugin is on GitHub!\u003C\u002Fa>\u003C\u002Fstrong> Pull requests are welcome. If possible please report issues through Github.\u003C\u002Fp>\n","Provides the ability to disable user accounts and prevent them from logging in.",5000,60770,100,4,"2025-09-08T14:13:00.000Z","6.8.5","4.7.0","5.6",[20,21,22,23,24],"account","disable","login","user","users","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-user-login.1.3.12.zip",1,0,"2023-11-15 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-47806","disable-user-login-cross-site-request-forgery","Disable User Login \u003C= 1.3.8 - Cross-Site Request Forgery","The Disable User Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.3.8","1.3.9","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F056819fb-7087-4794-9936-312ab54c96cd?source=api-prod",69,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":13,"avg_patch_time_days":47,"trust_score":52,"computed_at":53},"saintsystems",2,11000,88,"2026-04-04T05:28:31.753Z",[55,75,93,114,135],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":72,"download_link":73,"security_score":74,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"disable-users","Disable Users","1.0.5","Jared Atchison","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaredatch\u002F","\u003Cp>This plugin gives you the ability to disable specific user accounts via a profile setting.\u003C\u002Fp>\n\u003Cp>Once installed and activated, a checkbox appears on the user profile settings (only for admins). When checked, the users account will be disabled and they will be unable to login with the account. If they try to login, they are instantly logged out and redirected to the login page with a message that notifies them their account is disabled.\u003C\u002Fp>\n\u003Cp>This can be useful in a few situations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You are working on a site for a client who has an account, but do not want him to login and\u002For make changes during development.\u003C\u002Fli>\n\u003Cli>You have a client who has an unpaid invoice.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjaredatch\u002FDisable-Users\u002F\" rel=\"nofollow ugc\">This plugin is on GitHub!\u003C\u002Fa>\u003C\u002Fstrong> Pull requests are welcome. If possible please report issues through Github.\u003C\u002Fp>\n","This plugin gives you the ability to disable specific user accounts via a profile setting.",2000,40108,94,18,"2017-11-28T19:50:00.000Z","4.3.34","4.0.0","",[21,22,24],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fdisable-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-users.zip",85,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":28,"num_ratings":28,"last_updated":70,"tested_up_to":85,"requires_at_least":86,"requires_php":70,"tags":87,"homepage":90,"download_link":91,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":92},"simple-account-system","Simple Account System","1.0.3","UlisesFreitas","https:\u002F\u002Fprofiles.wordpress.org\u002Fulisesfreitas\u002F","\u003Cp>A plugin to replace the default user flow, for login, logout, account(profile), with extra contact info fields, phone, address, country, city, zip code.\u003Cbr \u002F>\nThis is a replacement for bring users a better experience on their accounts settings.\u003Cbr \u002F>\nWhat the plugin do:\u003Cbr \u002F>\nIt will create various pages for you to adminize the user flow\u003Cbr \u002F>\n – Forgot Your Password?\u003Cbr \u002F>\n – Pick a New Password\u003Cbr \u002F>\n – Sign In\u003Cbr \u002F>\n – Sign Up\u003Cbr \u002F>\n – Your Account\u003Cbr \u002F>\nPlus it will create menu items, then you can configure at your site as you want placing them into a \\”Sign Up\u002FSign In\u002FSign Out\\” Menu.\u003Cbr \u002F>\n– Automatic replacement to Login\u002FLogout links on Menu when the user is logged in.\u003C\u002Fp>\n","A plugin to replace the default user flow, for login, logout, account(profile)",10,2514,"5.3.21","4.4",[88,89,22,24],"accounts","custom-account-page","https:\u002F\u002Fgithub.com\u002FUlisesFreitas\u002Fsimple-account-system","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-account-system.1.0.3.zip","2026-03-15T10:48:56.248Z",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":70,"tags":108,"homepage":112,"download_link":113,"security_score":74,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wc-password-strength-settings","Password Strength Settings for WooCommerce","3.0.1","Danny Santoro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielsantoro\u002F","\u003Cp>Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.\u003C\u002Fp>\n\u003Ch3>What does this plugin do?\u003C\u002Fh3>\n\u003Cp>WooCommerce has an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between five password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielSantoro\u002Fwc-password-strength-settings\u002Fwiki\u002FHow-Password-Strength-is-Determined\" rel=\"nofollow ugc\">please read the documentation here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s New?\u003C\u002Fh4>\n\u003Cp>Version 3.0.0 is a bit of a rewrite to bring the plugin up to modern coding standards. Functionality should not be impacted, but if it is, please reach out on the support forums.\u003C\u002Fp>\n\u003Cp>Version 3.0.1 is simply a hotfix declaring compatibility with WooCommerce HPOS. Since this plugin doesn’t touch anything with the orders or order metadata, it shouldn’t be impacted at all. \u003Cem>However\u003C\u002Fem>, if you notice any issues then please reach out via the contact form on my website.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – \u003Cem>especially\u003C\u002Fem> for administrators!\u003C\u002Fp>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to remove “- Please enter a stronger password.” that is added by WordPress.\u003C\u002Fli>\n\u003Cli>Nothing else at the moment, but let me know if you have any ideas.\u003C\u002Fli>\n\u003C\u002Ful>\n","Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.",10000,176985,90,24,"2023-10-11T20:51:00.000Z","6.3.8","5.8",[88,109,110,24,111],"passwords","security","woocommerce","https:\u002F\u002Fdanielsantoro.com\u002Fproject\u002Fwoocommerce-password-strength-settings-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-password-strength-settings.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":11,"downloaded":122,"rating":103,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":130,"download_link":131,"security_score":132,"vuln_count":133,"unpatched_count":28,"last_vuln_date":134,"fetched_at":30},"simple-login-log","Simple Login Log","2.0.0","Joris Le Blansch","https:\u002F\u002Fprofiles.wordpress.org\u002Fapiosys\u002F","\u003Cp>Simple log of user logins. Tracks user name, time of login, IP address and browser user agent.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>ability to filter by user name, successful\u002Ffailed logins, month and year;\u003C\u002Fli>\n\u003Cli>export into CSV file;\u003C\u002Fli>\n\u003Cli>log auto-truncation;\u003C\u002Fli>\n\u003Cli>option to record failed login attempts.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Translations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Persian [fa_IR] by \u003Ca href=\"http:\u002F\u002Ftaktaweb.ir\u002F\" rel=\"nofollow ugc\">MohammadHadi Nasiri\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German [de_DE] by Philipp Moore\u003C\u002Fli>\n\u003Cli>Russian [ru_RU]\u003C\u002Fli>\n\u003Cli>Ukrainian [ua_UA]\u003C\u002Fli>\n\u003Cli>Chinese [zh_CN] by \u003Ca href=\"http:\u002F\u002Fwww.mihuwa.com\u002F\" rel=\"nofollow ugc\">Mihuwa\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>French [fr_FR] by Mehdi Hamida\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Author: Max Chirkov\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Author: Joris Le Blansch\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>If you would like to contribute, the POT file is available in the \u003Cem>languages\u003C\u002Fem> folder. Translation file name convention is \u003Cem>sll-{locale}.mo\u003C\u002Fem>, where {locale} is the locale of your language. Fore example, Russian file name would be \u003Cem>sll-ru_RU.po\u003C\u002Fem>.\u003C\u002Fp>\n","This plugin keeps a log of WordPress user logins. Offers user and date filtering, and export features.",137544,27,"2025-12-31T17:24:00.000Z","6.9.4","6.5","8.2",[129,22,24],"log","https:\u002F\u002Fapio.systems","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-log.2.0.0.zip",89,3,"2025-08-17 00:00:00",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":145,"num_ratings":146,"last_updated":147,"tested_up_to":16,"requires_at_least":148,"requires_php":149,"tags":150,"homepage":154,"download_link":155,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"expire-users","Expire Users","1.2.2","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cblockquote>\n\u003Cp>Important security update – if you are using version 0.2 or earlier please upgrade\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin allows you to set expiry dates for user logins. You can set a user to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never expire (default)\u003C\u002Fli>\n\u003Cli>Expire in X days, weeks, moths or years\u003C\u002Fli>\n\u003Cli>Expire on a specific date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a user expires you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the role of that user\u003C\u002Fli>\n\u003Cli>Replace the user’s password with a randomly generated one\u003C\u002Fli>\n\u003Cli>Send an email notification to the user\u003C\u002Fli>\n\u003Cli>Send an email notification to the site administrator\u003C\u002Fli>\n\u003Cli>Remove expiry details and allow user to continue to login\u003C\u002Fli>\n\u003Cli>Perform you own actions using an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\u002Fexpire_users_expired\" rel=\"nofollow ugc\">\u003Ccode>expire_users_expired\u003C\u002Fcode>\u003C\u002Fa> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can automatically assign expiry details to users who sign up via the register form.\u003C\u002Fp>\n\u003Cp>The email notification messages can be configured in the admin settings.\u003C\u002Fp>\n\u003Cp>Please post in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpire-users\" rel=\"ugc\">support forum\u003C\u002Fa> if you have any questions, or refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">report bugs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">submit translations\u003C\u002Fa> at the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002F\" rel=\"nofollow ugc\">GitHub page\u003C\u002Fa>.\u003C\u002Fp>\n","Set expiry dates for user logins.",4000,53229,96,25,"2025-09-19T16:05:00.000Z","5.4","7.4",[151,22,152,153,24],"expire","password","roles","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexpire-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-users.1.2.2.zip",{"attackSurface":157,"codeSignals":256,"taintFlows":273,"riskAssessment":274,"analyzedAt":282},{"hooks":158,"ajaxHandlers":246,"restRoutes":253,"shortcodes":254,"cronEvents":255,"entryPointCount":27,"unprotectedCount":28},[159,166,171,175,178,183,187,191,195,199,203,206,210,215,218,221,225,229,233,237,240,243],{"type":160,"name":161,"callback":162,"priority":163,"file":164,"line":165},"action","plugins_loaded","SSDUL",11,"disable-user-login.php",39,{"type":160,"name":167,"callback":168,"file":169,"line":170},"edit_user_profile","add_disabled_field","includes\\class-ss-disable-user-login-plugin.php",118,{"type":160,"name":172,"callback":173,"file":169,"line":174},"personal_options_update","save_disabled_field",119,{"type":160,"name":176,"callback":173,"file":169,"line":177},"edit_user_profile_update",120,{"type":179,"name":180,"callback":181,"priority":83,"file":169,"line":182},"filter","manage_users_custom_column","manage_users_column_content",121,{"type":160,"name":184,"callback":185,"file":169,"line":186},"admin_footer-users.php","manage_users_css",122,{"type":160,"name":188,"callback":189,"file":169,"line":190},"admin_notices","bulk_disable_user_notices",123,{"type":160,"name":192,"callback":193,"file":169,"line":194},"admin_enqueue_scripts","enqueue_scripts",124,{"type":160,"name":196,"callback":197,"file":169,"line":198},"admin_menu","add_admin_menu",128,{"type":160,"name":200,"callback":201,"file":169,"line":202},"admin_init","settings_init",129,{"type":160,"name":204,"callback":189,"file":169,"line":205},"network_admin_notices",133,{"type":160,"name":207,"callback":208,"priority":83,"file":169,"line":209},"disable_user_login.user_disabled","force_logout",137,{"type":179,"name":211,"callback":212,"priority":213,"file":169,"line":214},"authenticate","user_login",1000,140,{"type":179,"name":216,"callback":216,"file":169,"line":217},"manage_users_columns",141,{"type":179,"name":219,"callback":216,"file":169,"line":220},"wpmu_users_columns",142,{"type":179,"name":222,"callback":223,"file":169,"line":224},"bulk_actions-users","bulk_action_disable_users",143,{"type":179,"name":226,"callback":227,"priority":83,"file":169,"line":228},"handle_bulk_actions-users","handle_bulk_disable_users",144,{"type":179,"name":230,"callback":231,"priority":83,"file":169,"line":232},"user_row_actions","add_quick_links",145,{"type":179,"name":234,"callback":235,"priority":83,"file":169,"line":236},"wp_is_application_passwords_available_for_user","maybe_disable_application_passwords_for_user",146,{"type":179,"name":238,"callback":231,"priority":83,"file":169,"line":239},"ms_user_row_actions",149,{"type":179,"name":241,"callback":223,"file":169,"line":242},"bulk_actions-users-network",150,{"type":179,"name":244,"callback":227,"priority":83,"file":169,"line":245},"handle_network_bulk_actions-users-network",151,[247],{"action":248,"nopriv":249,"callback":250,"hasNonce":251,"hasCapCheck":249,"file":169,"line":252},"ssdul_enable_disable_user",false,"enable_disable_user",true,125,[],[],[],{"dangerousFunctions":257,"sqlUsage":258,"outputEscaping":260,"fileOperations":28,"externalRequests":28,"nonceChecks":50,"capabilityChecks":133,"bundledLibraries":272},[],{"prepared":28,"raw":28,"locations":259},[],{"escaped":261,"rawEcho":14,"locations":262},8,[263,266,268,270],{"file":169,"line":264,"context":265},664,"raw output",{"file":169,"line":267,"context":265},695,{"file":169,"line":269,"context":265},717,{"file":169,"line":271,"context":265},725,[],[],{"summary":275,"deductions":276},"The 'disable-user-login' plugin v1.3.12 demonstrates some positive security practices, including the use of prepared statements for all SQL queries and the presence of nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities. The limited attack surface, with only one AJAX handler and no REST API routes, shortcodes, or cron events, further contributes to a generally secure posture. Taint analysis revealing no critical or high-severity unsanitized flows is also a positive indicator.\n\nHowever, a notable concern is the presence of past vulnerabilities, particularly a medium-severity Cross-Site Request Forgery (CSRF) identified in late 2023. While currently unpatched vulnerabilities are none, this history suggests that the plugin has had exploitable flaws in the past, and further diligent code review and testing are warranted. The output escaping, with 33% of outputs not properly escaped, presents a potential risk for Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is involved in these unescaped outputs. Although the static analysis did not explicitly flag unsanitized inputs leading to output issues, the lack of comprehensive output escaping is a weakness that could be exploited.\n\nIn conclusion, while the plugin has made strides in security by adopting prepared statements and basic security checks, the historical vulnerability and the incomplete output escaping are areas that require attention. A user relying on this plugin should be aware of its past issues and ensure that any sensitive data handled by the plugin is rigorously validated and escaped.",[277,279],{"reason":278,"points":83},"Past medium severity vulnerability",{"reason":280,"points":281},"Significant portion of outputs unescaped",5,"2026-03-16T18:09:16.270Z",{"wat":284,"direct":293},{"assetPaths":285,"generatorPatterns":288,"scriptPaths":289,"versionParams":290},[286,287],"\u002Fwp-content\u002Fplugins\u002Fdisable-user-login\u002Fcss\u002Fdul-admin.css","\u002Fwp-content\u002Fplugins\u002Fdisable-user-login\u002Fjs\u002Fdul-admin.js",[],[287],[291,292],"disable-user-login\u002Fcss\u002Fdul-admin.css?ver=","disable-user-login\u002Fjs\u002Fdul-admin.js?ver=",{"cssClasses":294,"htmlComments":296,"htmlAttributes":297,"restEndpoints":301,"jsGlobals":302,"shortcodeOutput":304},[295],"dul-quick-links",[],[298,299,300],"data-dul-action","data-dul-nonce","data-dul-user-id",[],[303],"window.ssdul_ajax_object",[]]