[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fS7tO0ifliMjuXvYTN0qVmqMwNEtxXiw7bN0N9BXp1pw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":151,"fingerprints":349},"expire-users","Expire Users","1.2.2","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cblockquote>\n\u003Cp>Important security update – if you are using version 0.2 or earlier please upgrade\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin allows you to set expiry dates for user logins. You can set a user to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never expire (default)\u003C\u002Fli>\n\u003Cli>Expire in X days, weeks, moths or years\u003C\u002Fli>\n\u003Cli>Expire on a specific date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a user expires you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the role of that user\u003C\u002Fli>\n\u003Cli>Replace the user’s password with a randomly generated one\u003C\u002Fli>\n\u003Cli>Send an email notification to the user\u003C\u002Fli>\n\u003Cli>Send an email notification to the site administrator\u003C\u002Fli>\n\u003Cli>Remove expiry details and allow user to continue to login\u003C\u002Fli>\n\u003Cli>Perform you own actions using an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\u002Fexpire_users_expired\" rel=\"nofollow ugc\">\u003Ccode>expire_users_expired\u003C\u002Fcode>\u003C\u002Fa> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can automatically assign expiry details to users who sign up via the register form.\u003C\u002Fp>\n\u003Cp>The email notification messages can be configured in the admin settings.\u003C\u002Fp>\n\u003Cp>Please post in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpire-users\" rel=\"ugc\">support forum\u003C\u002Fa> if you have any questions, or refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">report bugs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">submit translations\u003C\u002Fa> at the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002F\" rel=\"nofollow ugc\">GitHub page\u003C\u002Fa>.\u003C\u002Fp>\n","Set expiry dates for user logins.",4000,53229,96,25,"2025-09-19T16:05:00.000Z","6.8.5","5.4","7.4",[20,21,22,23,24],"expire","login","password","roles","users","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexpire-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-users.1.2.2.zip",75,1,"2026-03-20 14:37:35","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2026-4261","expire-users-authenticated-subscriber-privilege-escalation-to-administrator-via-saveextrauserprofilefields","Expire Users \u003C= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields","The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_role' meta through the 'save_extra_user_profile_fields' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.",null,"\u003C=1.2.2","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Missing Authorization","2026-03-21 03:27:07",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd676700b-8c53-4e09-a654-767810b5a775?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"husobj",16,20750,85,2,90,"2026-04-04T09:24:55.044Z",[55,79,99,116,133],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":75,"download_link":76,"security_score":77,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,84,5,"2026-02-17T09:27:00.000Z","6.9.4","4.0","8.1",[21,72,73,74,24],"membership","passwords","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",100,0,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":77,"downloaded":87,"rating":77,"num_ratings":88,"last_updated":89,"tested_up_to":68,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":95,"download_link":96,"security_score":97,"vuln_count":28,"unpatched_count":78,"last_vuln_date":98,"fetched_at":30},"magic-login-mail","Magic Login Mail or QR Code","2.06","Katsushi Kawamori","https:\u002F\u002Fprofiles.wordpress.org\u002Fkatsushi-kawamori\u002F","\u003Cp>Enter your email address, and send you an email with a magic link or QR Code to login without a password.\u003C\u002Fp>\n\u003Ch4>Login\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Login with email address only.\u003C\u002Fli>\n\u003Cli>Only registered users can login.\u003C\u002Fli>\n\u003Cli>Password-less login from the magic link or QR code notified in the email.\u003C\u002Fli>\n\u003Cli>shortcode : \u003Ccode>[magic_login]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>action hook : \u003Ccode>do_action( 'magic_email_send', $emails | array, true | bool )\u003C\u002Fcode> : To send the magic link simultaneously from the management account.\u003C\u002Fli>\n\u003Cli>QR code login on the user’s administration screen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Thanks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin is a modified version of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpasswordless-login\u002F\" rel=\"ugc\">Passwordless Login\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>The main changes are the addition of various filter hooks and the addition of the following action hooks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Action hook\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This is for sending bulk e-mails with a magic link for login to multiple accounts from the management screen.\u003C\u002Fli>\n\u003Cli>When using this action hook, the URL of the page where the shortcode [magic_login] is placed should be specified in the filter hook ‘magic_login_mail_url’.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * To send the magic link simultaneously from the management account.\n *\n * @param array  $emails  Multiple email addresses.\n * @param bool   true  Output notifications to the management screen immediately after sending.\n *\u002F\ndo_action( 'magic_email_send', $emails, true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filter hooks\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for magic link url with mail.\n *\n *\u002F\nadd_filter( 'magic_login_mail_url', function(){ return 'url'; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Currently logged in user link for Magic Login Mail\n *\n * @param string $url  URL.\n * @param int    $user_id  User ID.\n * @return $url\n *\u002F\nadd_filter( 'magic_login_mail_user_redirect', 'redirect_url_login_users', 10, 2 );\n\n\u002F** ==================================================\n * Login user after redirect for Magic Login Mail\n *\n * @param string $url  URL.\n * @param int    $user_id  User ID.\n * @return $url\n *\u002F\nadd_filter( 'magic_login_mail_after_login_redirect', 'redirect_url_login_users', 10, 2 );\n\nfunction redirect_url_login_users( $url, $user_id ){\n    \u002F* your code *\u002F\n    return $url;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for message with shortcode form.\n *\n *\u002F\nadd_filter( 'magic_login_mail_success_link_msg', function(){ return 'Message for success.'; }, 10, 1 );\nadd_filter( 'magic_login_mail_success_login_msg', function(){ return 'Message for success with login.'; }, 10, 1 );\nadd_filter( 'magic_login_mail_valid_errors', function(){ return 'Message for mail validation error.'; }, 10, 1 );\nadd_filter( 'magic_login_mail_email_errors', function(){ return 'Message for sent mail error.'; }, 10, 1 );\nadd_filter( 'magic_login_mail_invalid_token_error', function(){ return 'Message for token error.'; }, 10, 1 );\nadd_filter( 'magic_login_mail_form_label', function(){ return 'Message for form label.'; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for color with shortcode form.\n *\n *\u002F\nadd_filter( 'magic_login_mail_success_link_msg_back_color', function(){ return '#e7f7d3'; }, 10, 1 );\nadd_filter( 'magic_login_mail_success_login_msg_back_color', function(){ return '#e7f7d3'; }, 10, 1 );\nadd_filter( 'magic_login_mail_valid_errors_back_color', function(){ return '#ffebe8'; }, 10, 1 );\nadd_filter( 'magic_login_mail_email_errors_back_color', function(){ return '#ffebe8'; }, 10, 1 );\nadd_filter( 'magic_login_mail_invalid_token_error_back_color', function(){ return '#ffebe8'; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for input text size.\n *\n *\u002F\nadd_filter( 'magic_login_mail_input_size', function(){ return 17; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for class name.\n *\n *\u002F\nadd_filter( 'magic_login_mail_notice_class_name', function(){ return 'mynotice'; }, 10, 1 );\nadd_filter( 'magic_login_mail_form_class_name', function(){ return 'myform'; }, 10, 1 );\nadd_filter( 'magic_login_mail_label_class_name', function(){ return 'mylabel'; }, 10, 1 );\nadd_filter( 'magic_login_mail_input_class_name', function(){ return 'myinput'; }, 10, 1 );\nadd_filter( 'magic_login_mail_submit_class_name', function(){ return 'mysubmit'; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for message with mail subject.\n *\n *\u002F\nadd_filter( 'magic_login_mail_subject', function(){ return 'subject'; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for message with mail.\n *\n * @param string $message  message.\n * @param string $url  url.\n * @param string $exp_date_time  expiration date and time.\n *\u002F\nadd_filter(\n    'magic_login_mail_message',\n    function( $message, $url, $exp_date_time ) {\n\n        $message .= '\u003Cbr>\u003Cbr>' . 'You may only log in once using the link above.';\n\n        return $message;\n    },\n    10,\n    3\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cpre>\u003Ccode>\u002F** ==================================================\n * Filter for login expiration.\n *\n *\u002F\nadd_filter( 'magic_login_mail_expiration', function(){ return 10; }, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Enter your email address, and send you an email with a magic link or QR Code to login without a password.",6216,3,"2026-02-13T00:04:00.000Z","4.7","8.0",[93,21,94,24],"email","passwordless","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmagic-login-mail\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagic-login-mail.2.06.zip",97,"2026-02-13 16:21:07",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":77,"downloaded":107,"rating":77,"num_ratings":28,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":75,"tags":111,"homepage":114,"download_link":115,"security_score":50,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"simple-require-login","Simple Require Login","0.2","timmcdaniels","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimmcdaniels\u002F","\u003Cp>WordPress plugin that adds a metabox to posts, pages, and custom post types where you can select if the content requires a login and what role is allowed to view the content. The native auth_redirect function is used to redirect users to the login page.\u003C\u002Fp>\n","Require login for content on a per page\u002Fpost\u002Fcustom post type basis. You can also select a specific role required to view the content.",3709,"2016-07-06T18:28:00.000Z","4.3.34","3.5",[112,113,21,22,23],"admin","authentication","http:\u002F\u002Fwww.weareconvoy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-require-login.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":78,"num_ratings":78,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":75,"tags":129,"homepage":131,"download_link":132,"security_score":50,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"skeleton-key","Skeleton Key","1.1.1","sant0sk1","https:\u002F\u002Fprofiles.wordpress.org\u002Fsant0sk1\u002F","\u003Cp>As an administrator of a WordPress site with many users, it is often useful to login to a user’s account to troubleshoot something. Asking for their password is tacky and having to reset it is amateurish. Thankfully, you don’t have to do either when you’re armed with this plugin. You can login to the site with any user’s account by providing admin username followed by a “+” followed by their username and your administrative password. All other user authentication is passed on to WordPress core. Handy, huh?\u003C\u002Fp>\n\u003Cp>To login as user joeblow you’d provide:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Username = admin+joeblow\nPassword = [the admin's password]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>New In This Version\u003C\u002Fh4>\n\u003Col>\n\u003Cli>WordPress 2.9 compatibility\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Contributors\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fpixelgraphics.us\u002F\" rel=\"nofollow ugc\">Doug Neiner\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Gives administrators a skeleton key (their own password) to login as any user they'd like.",40,3786,"2009-12-20T15:11:00.000Z","2.9.2","2.8",[112,21,22,130,24],"skeleton","http:\u002F\u002Fgithub.com\u002Fsant0sk1\u002Fwp-skeleton-key","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fskeleton-key.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":78,"downloaded":141,"rating":78,"num_ratings":78,"last_updated":75,"tested_up_to":68,"requires_at_least":142,"requires_php":18,"tags":143,"homepage":148,"download_link":149,"security_score":77,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":150},"safetemplogin-tawa","SafeTemp Login – Temporary Access with Approval","1.0.1","Fernando Filho","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyferweb\u002F","\u003Cp>SafeTemp Login allows you to create temporary users with any role. Perfect for contractors, auditors, or anyone who needs limited-time access to your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create temporary users with any role (subscriber, editor, administrator, etc.)\u003C\u002Fli>\n\u003Cli>Automatic expiration with configurable behavior (block login or delete user)\u003C\u002Fli>\n\u003Cli>Intercept sensitive actions when temporary administrator tries to perform them\u003C\u002Fli>\n\u003Cli>Approval system via admin dashboard or secure email links\u003C\u002Fli>\n\u003Cli>Email notifications to administrators\u003C\u002Fli>\n\u003Cli>Configurable restricted actions list\u003C\u002Fli>\n\u003Cli>Log only mode for testing\u003C\u002Fli>\n\u003Cli>Secure token-based approval system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When a temporary user with administrator role tries to perform a restricted action (like deleting a post, switching themes, installing plugins, etc.), the action is blocked and a request is created. Real administrators receive an email with secure one-time links to approve or deny the action.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Nonce verification on all actions\u003C\u002Fli>\n\u003Cli>Secure token-based approval links (expire in 30 minutes)\u003C\u002Fli>\n\u003Cli>User capability checking\u003C\u002Fli>\n\u003Cli>Automatic logout on expiration\u003C\u002Fli>\n\u003Cli>One-time use tokens\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported Actions for Approval (Configurable):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Delete Posts\u003C\u002Fli>\n\u003Cli>Edit\u002FPublish Posts\u003C\u002Fli>\n\u003Cli>Switch Themes\u003C\u002Fli>\n\u003Cli>Install Plugins\u003C\u002Fli>\n\u003Cli>Activate Plugins\u003C\u002Fli>\n\u003Cli>Deactivate Plugins\u003C\u002Fli>\n\u003Cli>Delete Users\u003C\u002Fli>\n\u003Cli>Update Core Settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Open-source, donation-supported. Developed by \u003Ca href=\"https:\u002F\u002Fcyfer.com.br\" rel=\"nofollow ugc\">Cyfer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support & Donations\u003C\u002Fh3>\n\u003Cp>This plugin is free and open-source, developed by Cyfer.\u003C\u002Fp>\n\u003Cp>For support, visit \u003Ca href=\"https:\u002F\u002Fbuymeacoffee.com\u002Fcyfer\" rel=\"nofollow ugc\">Buy Me a Coffee:\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you find this plugin useful, please consider making a donation to help support continued development.\u003C\u002Fp>\n\u003Cp>Open-source, donation-supported. Developed by \u003Ca href=\"https:\u002F\u002Fcyfer.com.br\" rel=\"nofollow ugc\">Cyfer\u003C\u002Fa>.\u003C\u002Fp>\n","Create temporary users with any role. When a temporary user is an administrator, sensitive actions require approval from a real administrator.",148,"6.0",[144,145,146,147,24],"passwordless-login","secure-login","temporary-access","user-temporary","https:\u002F\u002Fgithub.com\u002Ffernandocyfer\u002Fsafetemp-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafetemplogin-tawa.1.0.1.zip","2026-03-15T10:48:56.248Z",{"attackSurface":152,"codeSignals":301,"taintFlows":342,"riskAssessment":343,"analyzedAt":348},{"hooks":153,"ajaxHandlers":289,"restRoutes":290,"shortcodes":291,"cronEvents":299,"entryPointCount":51,"unprotectedCount":78},[154,160,164,167,170,173,176,179,182,185,189,193,197,201,204,207,211,215,218,221,224,228,231,235,239,242,245,248,251,254,256,258,262,264,266,268,271,275,277,279,281,285],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","admin_init","expire_user_now","admin\\expire-user.php",17,{"type":155,"name":161,"callback":162,"file":158,"line":163},"show_user_profile","extra_user_profile_fields",20,{"type":155,"name":165,"callback":162,"file":158,"line":166},"edit_user_profile",21,{"type":155,"name":168,"callback":168,"file":158,"line":169},"user_new_form",22,{"type":155,"name":171,"callback":172,"file":158,"line":14},"personal_options_update","save_extra_user_profile_fields",{"type":155,"name":174,"callback":172,"file":158,"line":175},"edit_user_profile_update",26,{"type":155,"name":177,"callback":172,"file":158,"line":178},"user_register",27,{"type":155,"name":180,"callback":180,"file":158,"line":181},"admin_print_styles",30,{"type":155,"name":183,"callback":183,"file":158,"line":184},"admin_enqueue_scripts",31,{"type":186,"name":187,"callback":187,"file":158,"line":188},"filter","manage_users_columns",34,{"type":155,"name":190,"callback":190,"priority":191,"file":158,"line":192},"manage_users_custom_column",10,35,{"type":186,"name":194,"callback":195,"file":158,"line":196},"manage_users_sortable_columns","manage_users_columns_sortable",38,{"type":155,"name":198,"callback":199,"file":158,"line":200},"pre_get_users","manage_users_custom_column_sort",39,{"type":186,"name":202,"callback":202,"priority":191,"file":158,"line":203},"user_row_actions",41,{"type":155,"name":205,"callback":205,"file":206,"line":88},"admin_menu","admin\\help.php",{"type":155,"name":208,"callback":209,"priority":66,"file":206,"line":210},"expire_users_help_tabs","help_tabs",4,{"type":155,"name":212,"callback":213,"priority":163,"file":206,"line":214},"load-users_page_expire_users","add_help_tabs",12,{"type":155,"name":216,"callback":213,"priority":163,"file":206,"line":217},"load-user-edit.php",13,{"type":186,"name":219,"callback":219,"priority":191,"file":220,"line":88},"plugin_row_meta","admin\\plugin.php",{"type":186,"name":222,"callback":223,"file":220,"line":210},"plugin_action_links_expire-users\u002Fexpire-users.php","plugin_action_links",{"type":155,"name":156,"callback":225,"file":226,"line":227},"register_settings","admin\\settings.php",6,{"type":155,"name":205,"callback":229,"file":226,"line":230},"options_page_item",7,{"type":155,"name":232,"callback":233,"file":234,"line":124},"plugins_loaded","expire_users_load_plugin_textdomain","expire-users.php",{"type":155,"name":236,"callback":237,"file":238,"line":227},"expire_user_cron","do_cron","includes\\cron.php",{"type":155,"name":240,"callback":241,"file":238,"line":230},"wp","schedule_cron",{"type":186,"name":243,"callback":243,"priority":77,"file":244,"line":217},"authenticate","includes\\expire-users.php",{"type":186,"name":246,"callback":246,"priority":191,"file":244,"line":247},"allow_password_reset",14,{"type":186,"name":249,"callback":249,"file":244,"line":250},"shake_error_codes",15,{"type":155,"name":252,"callback":253,"file":244,"line":48},"init","logout_expired_logged_in_user",{"type":155,"name":255,"callback":255,"file":244,"line":159},"register_form",{"type":155,"name":177,"callback":177,"file":244,"line":257},18,{"type":155,"name":259,"callback":260,"file":244,"line":261},"expire_users_expired","handle_on_expire_default_to_role",19,{"type":155,"name":259,"callback":263,"file":244,"line":163},"handle_on_expire_user_reset_password",{"type":155,"name":259,"callback":265,"file":244,"line":166},"handle_on_expire_user_email",{"type":155,"name":259,"callback":267,"file":244,"line":169},"handle_on_expire_user_email_admin",{"type":155,"name":259,"callback":269,"file":244,"line":270},"handle_on_expire_user_remove_expiry",23,{"type":186,"name":272,"callback":273,"priority":163,"file":244,"line":274},"expire_users_email_notification_message","email_notification_filter",24,{"type":186,"name":276,"callback":273,"priority":163,"file":244,"line":14},"expire_users_email_admin_notification_message",{"type":186,"name":278,"callback":273,"priority":163,"file":244,"line":175},"expire_users_email_notification_subject",{"type":186,"name":280,"callback":273,"priority":163,"file":244,"line":178},"expire_users_email_admin_notification_subject",{"type":186,"name":282,"callback":283,"file":244,"line":284},"option_expire_users_notification_message","default_expire_users_notification_message",28,{"type":186,"name":286,"callback":287,"file":244,"line":288},"option_expire_users_notification_admin_message","default_expire_users_notification_admin_message",29,[],[],[292,296],{"tag":293,"callback":294,"file":295,"line":88},"expire_users_current_user_expire_date","current_user_expire_date","includes\\shortcodes.php",{"tag":297,"callback":298,"file":295,"line":210},"expire_users_current_user_expire_countdown","current_user_expire_countdown",[300],{"hook":236,"callback":236,"file":238,"line":257},{"dangerousFunctions":302,"sqlUsage":303,"outputEscaping":305,"fileOperations":78,"externalRequests":78,"nonceChecks":28,"capabilityChecks":66,"bundledLibraries":341},[],{"prepared":78,"raw":78,"locations":304},[],{"escaped":306,"rawEcho":48,"locations":307},59,[308,311,313,315,317,319,321,323,325,327,329,331,333,335,337,339],{"file":158,"line":309,"context":310},225,"raw output",{"file":158,"line":312,"context":310},236,{"file":158,"line":314,"context":310},241,{"file":158,"line":316,"context":310},243,{"file":158,"line":318,"context":310},247,{"file":158,"line":320,"context":310},249,{"file":158,"line":322,"context":310},267,{"file":158,"line":324,"context":310},308,{"file":158,"line":326,"context":310},314,{"file":226,"line":328,"context":310},82,{"file":226,"line":330,"context":310},117,{"file":226,"line":332,"context":310},121,{"file":226,"line":334,"context":310},123,{"file":226,"line":336,"context":310},128,{"file":226,"line":338,"context":310},129,{"file":226,"line":340,"context":310},183,[],[],{"summary":344,"deductions":345},"The \"expire-users\" plugin v1.2.2 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, file operations, and external HTTP requests, coupled with a commendable 100% of SQL queries using prepared statements, indicates good development practices regarding core security vulnerabilities.  Furthermore, the presence of nonce checks and capability checks on entry points, alongside a lack of critical or high-severity taint analysis findings, suggests a well-sanitized codebase. The plugin's vulnerability history is also clear, with no known CVEs, which is a positive indicator of its stability and security over time.\n\nHowever, the analysis does highlight a minor area for improvement: output escaping. With 79% of outputs properly escaped, there's a small percentage (21%) that remains unescaped. While not a critical flaw, this could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is handled improperly in those specific instances.  The attack surface, while small and reported as entirely protected, consists of two shortcodes, which are often areas where improper input handling can occur. Despite this minor concern, the plugin's overall security is robust, with a strong emphasis on preventing common and severe attack vectors.",[346],{"reason":347,"points":88},"Outputs not properly escaped","2026-03-16T18:11:35.890Z",{"wat":350,"direct":359},{"assetPaths":351,"generatorPatterns":354,"scriptPaths":355,"versionParams":356},[352,353],"\u002Fwp-content\u002Fplugins\u002Fexpire-users\u002Fadmin\u002Fcss\u002Fexpire-user.css","\u002Fwp-content\u002Fplugins\u002Fexpire-users\u002Fadmin\u002Fjs\u002Fexpire-user.js",[],[],[357,358],"expire-users\u002Fadmin\u002Fcss\u002Fexpire-user.css?ver=","expire-users\u002Fadmin\u002Fjs\u002Fexpire-user.js?ver=",{"cssClasses":360,"htmlComments":363,"htmlAttributes":369,"restEndpoints":371,"jsGlobals":372,"shortcodeOutput":374},[361,362],"expire-user-expired","submitexpire",[364,365,366,367,368],"\u003C!-- @todo Options Page -->","\u003C!-- @todo Cron job -->","\u003C!-- @todo Add expired users view -->","\u003C!-- @todo Add expiring soon view -->","\u003C!-- @todo Add expired role -->",[370],"data-expire-user-id",[],[373],"expire_users",[]]