[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcbeyACGSQ8GcT6QD_HExF5d_zgpgh2867xzHtZMMKf0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":50,"analysis":151,"fingerprints":244},"echbay-admin-security","EchBay Admin Security","1.3.1","Dao Quoc Dai","https:\u002F\u002Fprofiles.wordpress.org\u002Fitvn9online\u002F","\u003Cp>If you run a WordPress website, you should absolutely use echbay-admin-security to secure it against hackers.\u003C\u002Fp>\n\u003Cp>Protect WP-Admin fixes a glaring security hole in the WordPress community: the well-known problem of the admin panel URL.\u003Cbr \u002F>\nEveryone knows where the admin panel, and this includes hackers as well.\u003C\u002Fp>\n\u003Cp>Protect WP-Admin helps solve this problem by allowing webmasters to setup PIN number or password for login page.\u003C\u002Fp>\n\u003Cp>The plugin also comes with some access filters, allowing webmasters to restrict guest and registered users access to wp-admin, just in case you want some of your editors to log in the classic way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fitvn9online\u002F5\" rel=\"nofollow ugc\"> Thanks for donate \u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect Your Website Admin Against Hackers & Modify Login Page Design ( Nhiệm vụ: chặn mọi truy cập trực tiếp vào trang quản trị wordpress dưới dạ …",100,11190,0,"2025-11-28T02:58:00.000Z","6.9.4","4.8","",[19,20,21,22,23],"change-admin-url","change-wp-admin-url","protect-wordpress-admin","rename-admin-url","secure-admin","https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwordpresseb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechbay-admin-security.zip",99,1,"2025-11-20 19:30:13","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":27},"CVE-2025-11885","echbay-admin-security-reflected-cross-site-scripting","EchBay Admin Security \u003C= 1.3.0 - Reflected Cross-Site Scripting","The EchBay Admin Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_ebnonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.3.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-11-21 07:31:51",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6e7bd966-9a98-4192-83d9-e1682ec00a02?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":11,"avg_patch_time_days":27,"trust_score":11,"computed_at":49},"itvn9online",8,1560,"2026-04-04T05:03:08.200Z",[51,75,93,112,131],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":15,"requires_at_least":64,"requires_php":17,"tags":65,"homepage":70,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":13,"last_vuln_date":74,"fetched_at":29},"protect-wp-admin","Protect WP Admin","4.2","WP-EXPERTS.IN","https:\u002F\u002Fprofiles.wordpress.org\u002Findia-web-developer\u002F","\u003Cp>Protect WP Admin adds an extra security layer to your WP site by allowing you to rename and secure the wp-admin and wp-login.php URLs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change default admin URL (e.g., \u002Fwp-admin to \u002Fmyadmin)\u003C\u002Fli>\n\u003Cli>Restrict access to dashboard by roles or specific user IDs\u003C\u002Fli>\n\u003Cli>Customize login page colors and logo\u003C\u002Fli>\n\u003Cli>Block access to default login URLs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Stop bots and hackers from brute-forcing your login page. This plugin is ideal for any site looking to increase login security without modifying core files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Video Demo:\u003C\u002Fstrong>\u003Cbr \u002F>\nhttps:\u002F\u002Fyoutu.be\u002FMxr2MLDNACE\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro Add-on Available:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.wp-experts.in\u002Fproducts\u002Fprotect-wp-admin-pro\" rel=\"nofollow ugc\">Click here to download add-on\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Define Custom WP Admin Login URL (e.g., http:\u002F\u002Fyourdomain.com\u002Fmyadmin)\u003C\u002Fli>\n\u003Cli>Add custom logo and styling to login page\u003C\u002Fli>\n\u003Cli>Restrict wp-admin access to only admin or defined user IDs\u003C\u002Fli>\n\u003Cli>Redirect all unauthorized users and bots\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Rename wp-admin completely\u003C\u002Fli>\n\u003Cli>Set login attempt limits\u003C\u002Fli>\n\u003Cli>Track login history\u003C\u002Fli>\n\u003Cli>Change usernames\u003C\u002Fli>\n\u003Cli>More style controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get the Pro Version:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.wp-experts.in\u002Fproducts\u002Fprotect-wp-admin-pro\u002F?utm_source=wordpress.org&utm_medium=free-plugin&utm_campaign=15off\" rel=\"nofollow ugc\">Protect WP Admin Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n","Protect your WP site by changing the default wp-admin URL and customizing the login page for enhanced security.",10000,533784,72,50,"2026-02-05T17:04:00.000Z","6.0",[66,67,68,23,69],"admin-url","hack-prevention","protect-admin","secure-login","https:\u002F\u002Fwww.wp-experts.in\u002Fproducts\u002Fprotect-wp-admin-pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-wp-admin.4.2.zip",93,4,"2025-12-15 00:00:00",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":13,"num_ratings":13,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":90,"download_link":91,"security_score":92,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"secure-wp-admin","Secure WP Admin","1.4.2","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>Want to lock your WP-admin login screen with some PIN to make it more secure? Then this is the right plugin. Using Secure WP Admin you can lock your wp-admin login form with a seceret PIN just to make it little more secure.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set password to protect your wp-admin login screen.\u003C\u002Fli>\n\u003Cli>Set your own logo or use default logo.\u003C\u002Fli>\n\u003Cli>Change placeholder text for Secure WP Admin login form.\u003C\u002Fli>\n\u003Cli>Change Submit button label for Secure WP Admin’s login form.\u003C\u002Fli>\n\u003Cli>Change Error text for Secure WP Admin’s login form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Docs & Support\u003C\u002Fh4>\n\u003Cp>Will be available soon.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you are looking for WordPress Securtiy Maintenace, use our Free WP SECURE MAINTENANCE plugin.\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-secure-maintainance\u002F\" rel=\"ugc\">WP SECURE MAINTENANCE\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Interested in contributing to Secure WP Admin?\u003C\u002Fstrong>\u003Cbr \u002F>\nHead over to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwpexpertsio\u002FSecure-WP-Admin\" rel=\"nofollow ugc\">Secure WP Admin \u003Cstrong>GitHub Repository\u003C\u002Fstrong>\u003C\u002Fa> to find out how you can pitch in 😉\u003C\u002Fp>\n","Want to lock your WP-admin login screen with some PIN to make it more secure? Then this is the right plugin.",80,5238,"2024-11-01T08:16:00.000Z","6.6.5","4.0",[23,76,89],"site-security","https:\u002F\u002Fwpexperts.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-wp-admin.1.4.2.zip",92,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":13,"num_ratings":13,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":17,"tags":106,"homepage":110,"download_link":111,"security_score":92,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"protect-admin-login","Protect Admin Login","3.0.0","ViitorCloud Technologies Pvt Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fviitorcloudvc\u002F","\u003Cp>A simple plugin allows to overwrite wp-admin url to login backend.\u003C\u002Fp>\n\u003Cp>If you run a WordPress website, you must use “Protect Admin Login” to secure it against hackers.\u003C\u002Fp>\n\u003Cp>It blocks default wp-admin login link.\u003C\u002Fp>\n\u003Cp>You can add new url in backend in Settings\u002FPermalinks section.\u003C\u002Fp>\n\u003Ch4>Get Involved\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fviitorcloud.com\u002F\" rel=\"nofollow ugc\">ViitorCloud\u003C\u002Fa> believes in active community support. So, with our plugins, we aim to try to make life easy for developers & customers. Subscribe to our newsletter for more updates.\u003C\u002Fp>\n","A simple plugin allows to overwrite wp-admin url to login backend.",20,1023,"2024-05-24T09:27:00.000Z","6.5.8","3.8",[107,108,94,109,23],"change-wp-admin","custom-admin-url","protect-backend","#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-admin-login.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":122,"requires_at_least":123,"requires_php":17,"tags":124,"homepage":17,"download_link":129,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":130},"secure-admin-access","Secure Admin Access","1.0","maheshkathiriya","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaheshkathiriya\u002F","\u003Cp>If you run a WordPress website, you should absolutely use “Secure-Admin-Access” to secure it against hackers.\u003C\u002Fp>\n\u003Cp>Secure Admin Access fixes a glaring security hole in the WordPress community: the well-known problem of the admin panel URL.\u003Cbr \u002F>\nEveryone knows where the admin panel, and this includes hackers as well.\u003C\u002Fp>\n\u003Cp>Secure Admin Access helps solve this problem by allowing webmasters to customize their admin panel URL and blocking the default links.\u003C\u002Fp>\n\u003Cp>After you setup Secure Admin Access, webmasters will be able to change the “yourwebsitename.com\u002Fwp-admin” link into something like “yourwebsitename.com\u002Fyour-custom-string”.\u003Cbr \u002F>\nAll queries for the classic “\u002Fwp-admin\u002F” and “wp-login.php” files will be redirected to the homepage, while access to the WP backend will be allowed only for the custom URL.\u003C\u002Fp>\n\u003Cp>The plugin also comes with some access filters, allowing webmasters to restrict guest and registered users access to wp-admin, just in case you want some of your editors to log in the classic way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE :Back up your database before beginning the activate plugin.\u003C\u002Fstrong>\u003Cbr \u002F>\nIt is extremely important to back up your database before beginning the activate plugin. If, for some reason, you find it necessary to restore your database from these backups. Plugin will not work for IIS.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Limit Dashboard access to admins only, admins + editors, admins + editors + authors, or limit by specific capability.\u003C\u002Fli>\n\u003Cli>Create your own redirect URL\u003C\u002Fli>\n\u003Cli>Optionally allow user profile access\u003C\u002Fli>\n\u003Cli>Define custom wp-admin url(Like http:\u002F\u002Fyourdomain.com\u002Fmypanel)\u003C\u002Fli>\n\u003Cli>Define custom Logo OR change default logo on login page\u003C\u002Fli>\n\u003Cli>Define body background color on login page \u003C\u002Fli>\n\u003Cli>SEO friendly URL for “Register” page (Like http:\u002F\u002Fyourdomain.com\u002Fmypanel\u002Fregister)\u003C\u002Fli>\n\u003Cli>SEO friendly URL for “Lost Password” page (Like http:\u002F\u002Fyourdomain.com\u002Fmypanel\u002Flostpassword)\u003C\u002Fli>\n\u003Cli>Restrict guest users for access to wp-admin\u003C\u002Fli>\n\u003Cli>Restrict registered non-admin users from wp-admin\u003C\u002Fli>\n\u003Cli>Allow admin access to non-admin users by define comma seprate multiple ids users \u003C\u002Fli>\n\u003Cli>Login Security \u003C\u002Fli>\n\u003Cli>Limit Login Attempts and track user login attempts\u003C\u002Fli>\n\u003Cli>Login attempts and block IP temporarily\u003C\u002Fli>\n\u003Cli>Much more!\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure Your Website Admin And Dashboard Access & Modify Login Page Design & Login Attempts for login protection",10,1188,"4.7.32","3.3",[125,126,127,128,113],"limit-login-attempts","login-attempt","login-attempts","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-admin-access.zip","2026-03-15T10:48:56.248Z",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":13,"downloaded":139,"rating":13,"num_ratings":13,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":143,"tags":144,"homepage":17,"download_link":149,"security_score":150,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"mm-login-customization","MM Login Customization","1.4","samarpitabhattacharya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamarpitabhattacharya\u002F","\u003Cp>✤ Websites get hacked every day. Being secure in the online world becomes more and more important every day and it is vital to protect your website and the data it holds now. This plugin helps web-admins to protect their WordPress website in a specific way.\u003C\u002Fp>\n\u003Cp>✤ Before taking a look at the detailed description of the plugin, let’s check the URL of the demo page. \u003Ca href=\"https:\u002F\u002Fwww.betatesting.net\u002Fprojects\u002Fmm_login_customization\u002F2fal2b6q\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>, let’s see what this plugin can do.\u003C\u002Fp>\n\u003Cp>✤ The default admin login URL of any website developed in WordPress is with ..\u002Fwp-admin or ..\u002Fwp-login.php. The problem is, this type of admin log-in makes the WordPress admin section predictable and hence vulnerable. Using this vulnerability, an unauthenticated person can breach the admin section of the website. These unauthenticated breaches not only damages the reputation of the website but also offers the miscreants a chance to misuse sensitive and important information.\u003C\u002Fp>\n\u003Cp>✤ This plug-in ensures that such breaches never happen to your website. It ensures the security of your website admin login section as well as the website data. Using this plugin, you can generate dynamic admin URLs for login and choose a template for the custom login page as well. This login masks wp-login.php and wp-admin during the login process.\u003C\u002Fp>\n\u003Cp>✤ The admin of the website can change the login URL frequently by deactivating the old URL with subsequent activation of the plugin status. Once that is done, save the newly activated plugin status. This plug-in generates different admin log-in URLs for every website. This feature ensures that the miscreants cannot predict the admin log-in URL of your website.\u003C\u002Fp>\n\u003Cp>✤ Procedure ✤\u003Cbr \u002F>\nActive plugin MM Login Customization -> Go to menu option named MM Login Customization -> Choose settings -> Active option from Status tab -> Save URL -> Copy auto generated admin link for future login\u003Cbr \u002F>\nYou may choose template from Choose Template tab for admin login page look and feel.\u003C\u002Fp>\n\u003Cp>For any query please email us at – \u003Ca href=\"mailto:wordpress@matrixnmedia.com\" rel=\"nofollow ugc\">wordpress@matrixnmedia.com\u003C\u002Fa>\u003C\u002Fp>\n","To hide admin login url by this plugin auto generated URL and make secure your site and it's data. You may frequenty change the URL for your site …",1928,"2020-07-09T13:05:00.000Z","5.4.19","5.0","7.0",[19,145,146,147,148],"hide-admin","hide-wp-admin","hide-wp-login","security-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmm-login-customization.zip",85,{"attackSurface":152,"codeSignals":175,"taintFlows":213,"riskAssessment":232,"analyzedAt":243},{"hooks":153,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":13,"unprotectedCount":13},[154,158,162,166],{"type":155,"name":156,"callback":156,"file":157,"line":62},"action","admin_menu","eas.php",{"type":155,"name":159,"callback":160,"file":157,"line":161},"admin_init","register_my_settings",51,{"type":155,"name":163,"callback":164,"file":157,"line":165},"admin_notices","EAS_admin_notices",166,{"type":167,"name":168,"callback":169,"priority":26,"file":157,"line":170},"filter","pre_comment_approved","eas_block_spam_comment",227,[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":27,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":212},[],{"prepared":13,"raw":13,"locations":178},[],{"escaped":120,"rawEcho":180,"locations":181},17,[182,184,187,189,191,192,194,195,197,198,200,201,202,204,206,208,210],{"file":157,"line":72,"context":183},"raw output",{"file":185,"line":186,"context":183},"includes\\main_page.php",12,{"file":185,"line":188,"context":183},13,{"file":185,"line":190,"context":183},24,{"file":185,"line":190,"context":183},{"file":185,"line":193,"context":183},29,{"file":185,"line":193,"context":183},{"file":185,"line":196,"context":183},30,{"file":185,"line":196,"context":183},{"file":185,"line":199,"context":183},32,{"file":185,"line":199,"context":183},{"file":185,"line":199,"context":183},{"file":185,"line":203,"context":183},36,{"file":185,"line":205,"context":183},46,{"file":185,"line":207,"context":183},61,{"file":185,"line":209,"context":183},65,{"file":185,"line":211,"context":183},67,[],[214],{"entryPoint":215,"graph":216,"unsanitizedCount":27,"severity":38},"\u003Ceas> (eas.php:0)",{"nodes":217,"edges":229},[218,223],{"id":219,"type":220,"label":221,"file":157,"line":222},"n0","source","$_GET",213,{"id":224,"type":225,"label":226,"file":157,"line":227,"wp_function":228},"n1","sink","header() [Header Injection]",217,"header",[230],{"from":219,"to":224,"sanitized":231},false,{"summary":233,"deductions":234},"The \"echbay-admin-security\" plugin v1.3.1 presents a mixed security posture. On the positive side, the plugin exhibits a clean attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication. Furthermore, all observed SQL queries are properly prepared, and there are no external HTTP requests. However, significant concerns arise from the code analysis, particularly the low percentage of properly escaped output (37%) and the presence of a single flow with an unsanitized path.  While the taint analysis did not flag any critical or high severity issues, the unsanitized path is a notable risk for potential injection vulnerabilities.  The vulnerability history shows a single medium severity Cross-Site Scripting (XSS) vulnerability recorded in the past. The fact that this vulnerability is currently patched is positive, but the pattern of XSS suggests a recurring area of weakness that requires ongoing vigilance and robust output sanitization. Overall, while the plugin avoids common pitfalls like direct SQL injection and a large attack surface, the insufficient output escaping and the historical XSS vulnerability indicate that further hardening is needed.",[235,237,240],{"reason":236,"points":47},"Insufficient output escaping",{"reason":238,"points":239},"Flow with unsanitized path",5,{"reason":241,"points":242},"History of medium severity XSS",3,"2026-03-16T20:56:02.568Z",{"wat":245,"direct":251},{"assetPaths":246,"generatorPatterns":248,"scriptPaths":249,"versionParams":250},[247],"\u002Fwp-content\u002Fplugins\u002Fechbay-admin-security\u002F404.html",[],[],[],{"cssClasses":252,"htmlComments":253,"htmlAttributes":254,"restEndpoints":255,"jsGlobals":256,"shortcodeOutput":260},[],[],[],[],[257,258,259],"EAS_SESSION_ID","EAS_HIDDEN_CAPTCHA","EAS_ARIA_REQUIRED",[]]