[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRj4c9rwH6cemI72DTzbiBmdXOmeV0ceyjdRVYfulz2c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":134,"fingerprints":336},"fake-user-detector","Fake User Detector","1.0.3","PluginRx","https:\u002F\u002Fprofiles.wordpress.org\u002Fapos37\u002F","\u003Cp>Fake User Detector helps WordPress site owners identify and flag suspicious user accounts after they have already registered.\u003C\u002Fp>\n\u003Cp>This plugin does not prevent or block registrations. Instead, it analyzes user data post-registration to highlight accounts that appear automated, fake, or low-quality, making it easier to review and remove them manually.\u003C\u002Fp>\n\u003Cp>Fake User Detector is designed as a cleanup and review tool, not a registration firewall. It works well alongside other plugins that handle CAPTCHA, email verification, honeypots, or other signup prevention techniques.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Post-Registration Analysis:\u003C\u002Fstrong> Evaluates user accounts after creation to identify suspicious patterns.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gibberish Detection:\u003C\u002Fstrong> Flags accounts with non-human patterns like too many uppercase letters, no vowels, or clusters of consonants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Symbol and Number Filters:\u003C\u002Fstrong> Detects unnatural use of digits or special characters in names.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Detection Rules:\u003C\u002Fstrong> Enable or disable individual checks to suit your site’s user base.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flag for Review:\u003C\u002Fstrong> Suspicious accounts are flagged and marked for potential deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Notice:\u003C\u002Fstrong> Quickly see how many flagged users exist from your admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scan Existing Users:\u003C\u002Fstrong> Scan the users admin list table for suspicious accounts so you can easily delete them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms Integration:\u003C\u002Fstrong> If using Gravity Forms User Registration, the plugin optionally runs validation checks on registrations submitted via forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Add or customize detection logic with your own functions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Detection Checks Include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manually flagged by admin\u003C\u002Fli>\n\u003Cli>Excessive uppercase letters (more than 5 in a name unless all caps)\u003C\u002Fli>\n\u003Cli>No vowels in names longer than 5 characters\u003C\u002Fli>\n\u003Cli>Six or more consecutive consonants in a name\u003C\u002Fli>\n\u003Cli>Presence of numbers in names\u003C\u002Fli>\n\u003Cli>Presence of special characters other than letters, numbers, and dashes\u003C\u002Fli>\n\u003Cli>Similarity between first and last name (exact match or one includes the other)\u003C\u002Fli>\n\u003Cli>Very short names (2 characters)\u003C\u002Fli>\n\u003Cli>Invalid or disposable email domains\u003C\u002Fli>\n\u003Cli>Excessive periods in email address (more than 3)\u003C\u002Fli>\n\u003Cli>Username containing URL patterns (\u003Ccode>http\u003C\u002Fcode>, \u003Ccode>https\u003C\u002Fcode>, or \u003Ccode>www\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Known spam words in user bio or name\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Fake User Detector is ideal for membership sites, communities, forums, or any WordPress site that allows user registration and needs a practical way to review and clean up suspicious accounts that already exist.\u003C\u002Fp>\n","Detect and flag suspicious existing user accounts using simple checks to help clean up fake or low-quality registrations.",30,214,0,"2025-12-24T20:28:00.000Z","6.9.4","5.9","8.0",[19,20,21,22,23],"account-flagging","bot-detection","fake-users","spam","user-registration","https:\u002F\u002Fpluginrx.com\u002Fplugin\u002Ffake-user-detector\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffake-user-detector.1.0.3.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"apos37",12,2090,10,94,"2026-04-04T01:21:32.836Z",[38,61,79,97,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":26,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"validator-pizza","MailCheck.ai","1.3.0","tompec","https:\u002F\u002Fprofiles.wordpress.org\u002Ftompec\u002F","\u003Cp>\u003Cstrong>MailCheck.ai is now UserCheck.com\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fusercheck\u002F\" rel=\"ugc\">new version\u003C\u002Fa> of this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>MailCheck.ai is a powerful WordPress plugin that prevents disposable or throwaway email addresses from registering or commenting on your site. This helps to protect your site from spam and maintain the quality of your user base.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically checks email addresses against a constantly updated database of disposable email domains\u003C\u002Fli>\n\u003Cli>Works out of the box with no configuration required\u003C\u002Fli>\n\u003Cli>No API key needed\u003C\u002Fli>\n\u003Cli>Caches results for improved performance\u003C\u002Fli>\n\u003Cli>Seamlessly integrates with WordPress registration and comment forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin uses the API provided by \u003Ca href=\"https:\u002F\u002Fwww.mailcheck.ai\" rel=\"nofollow ugc\">MailCheck.ai\u003C\u002Fa>, which is constantly updated to include the latest disposable email domains. This ensures your site stays protected against new disposable email providers.\u003C\u002Fp>\n\u003Cp>MailCheck.ai is free to use and starts working immediately after installation. No registration or configuration is required.\u003C\u002Fp>\n","Prevent disposable email addresses from registering or commenting on your site with MailCheck.ai.",60,4935,4,"2024-08-27T03:13:00.000Z","6.6.5","5.2","7.2",[54,55,56,57,23],"disposable-email","email-validation","security","spam-prevention","https:\u002F\u002Fwww.mailcheck.ai","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvalidator-pizza.1.3.0.zip",92,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":13,"num_ratings":13,"last_updated":71,"tested_up_to":72,"requires_at_least":51,"requires_php":52,"tags":73,"homepage":77,"download_link":78,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"botfaqtor-code","Botfaqtor Code","1.0.1","botfaqtor","https:\u002F\u002Fprofiles.wordpress.org\u002Fbotfaqtor\u002F","\u003Cp>Плагин позволяет легко интегрировать защиту от ботов на ваш WordPress сайт. Всё, что вам нужно сделать – это зарегистрироваться на сайте \u003Ca href=\"https:\u002F\u002Fbotfaqtor.ru\" rel=\"nofollow ugc\">botfaqtor.ru\u003C\u002Fa>, получить ваш уникальный идентификатор и ввести его в настройках плагина.\u003C\u002Fp>\n\u003Ch3>Преимущества использования Botfaqtor:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Защита от спам-ботов и вредоносных ботов\u003C\u002Fli>\n\u003Cli>Простая установка и настройка\u003C\u002Fli>\n\u003Cli>Минимальное влияние на производительность сайта\u003C\u002Fli>\n\u003Cli>Отсутствие необходимости в дополнительных настройках\u003C\u002Fli>\n\u003Cli>Эффективное определение и блокировка автоматизированного трафика\u003C\u002Fli>\n\u003Cli>Защита от скликивания рекламы и накрутки показателей\u003C\u002Fli>\n\u003Cli>Снижение нагрузки на сервер от ботов\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Плагин добавляет специальный скрипт в head-секцию вашего сайта, который отслеживает и анализирует поведение посетителей, идентифицируя ботов и защищая ваш сайт от них.\u003C\u002Fp>\n\u003Ch3>Внешние запросы\u003C\u002Fh3>\n\u003Cp>Плагин отправляет данные о посетителях сайта в сервис Botfaqtor для анализа и выявления ботов. Это происходит только после активации плагина и ввода действительного идентификатора Botfaqtor.\u003C\u002Fp>\n\u003Cp>Сервис предоставляется компанией Botfaqtor:\u003Cbr \u002F>\n* Условия использования: \u003Ca href=\"https:\u002F\u002Fbotfaqtor.ru\u002Fterms-of-service\" rel=\"nofollow ugc\">https:\u002F\u002Fbotfaqtor.ru\u002Fterms-of-service\u003C\u002Fa>\u003Cbr \u002F>\n* Политика конфиденциальности: \u003Ca href=\"https:\u002F\u002Fbotfaqtor.ru\u002Fprivacy-policy\" rel=\"nofollow ugc\">https:\u002F\u002Fbotfaqtor.ru\u002Fprivacy-policy\u003C\u002Fa>\u003C\u002Fp>\n","Интеграция сервиса Botfaqtor для защиты сайта от ботов.",20,496,"2025-04-23T10:59:00.000Z","6.7.5",[74,20,75,76,56],"anti-spam","bot-protection","protection","https:\u002F\u002Fbotfaqtor.ru\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotfaqtor-code.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":34,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":15,"requires_at_least":51,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":96},"email-blocklist","Email Blocklist","1.2.7","Michał Kowalik","https:\u002F\u002Fprofiles.wordpress.org\u002Fklapaucius4\u002F","\u003Cp>Email Blocklist helps you keep your WordPress site safe and clean by preventing registrations and comments from users with disposable, temporary, or otherwise unwanted email domains.\u003C\u002Fp>\n\u003Cp>Spam registrations and fake accounts often rely on throwaway email addresses. With Email Blocklist, you can easily stop them at the source. The plugin lets you build and manage your own custom blocklist of domains to prevent low-quality signups, spam comments, and fake interactions.\u003C\u002Fp>\n\u003Cp>Unlike many similar plugins, Email Blocklist is completely free and does not rely on any paid APIs or third-party services. Everything runs directly on your WordPress installation. No hidden costs, no subscriptions – just a lightweight solution that does one job and does it well.\u003C\u002Fp>\n\u003Cp>This plugin also lets you scan existing users and flag accounts using suspicious or blocked email domains as potential spam, highlighting them in the user list so you can easily filter or remove them if needed.\u003C\u002Fp>\n\u003Ch3>External Service Usage\u003C\u002Fh3>\n\u003Cp>This plugin uses a public GitHub repository to fetch a global blocklist.\u003Cbr \u002F>\nOne JSON file contains the list of blocked domains (https:\u002F\u002Fraw.githubusercontent.com\u002Fklapaucius4\u002Femail-blocklist\u002Frefs\u002Fheads\u002Fmaster\u002Fblocklist.json),\u003Cbr \u002F>\nand another holds basic metadata (https:\u002F\u002Fraw.githubusercontent.com\u002Fklapaucius4\u002Femail-blocklist\u002Frefs\u002Fheads\u002Fmaster\u002Fblocklist-meta.json).\u003C\u002Fp>\n\u003Cp>The blocklist is downloaded during plugin activation. A daily WP-Cron task checks for updates,\u003Cbr \u002F>\nand the list is refreshed automatically if a newer version is available.\u003Cbr \u002F>\nYou can also trigger a manual update from the plugin settings page.\u003C\u002Fp>\n\u003Cp>Note: This plugin sends requests to GitHub to fetch the blocklist files.\u003Cbr \u002F>\nBy using this plugin, data is transmitted to GitHub under GitHub’s Terms of Service (https:\u002F\u002Fdocs.github.com\u002Fen\u002Fsite-policy\u002Fgithub-terms\u002Fgithub-terms-of-service)\u003Cbr \u002F>\nand GitHub Privacy Statement (https:\u002F\u002Fdocs.github.com\u002Fen\u002Fsite-policy\u002Fprivacy-policies\u002Fgithub-privacy-statement).\u003C\u002Fp>\n","Keep your WordPress site clean by blocking signups and comments from temporary or disposable email domains. 100% free, no paid APIs.",458,"2026-03-02T21:36:00.000Z","7.4",[91,57,92,23,93],"disposable-emails","temporary-emails","validate-email","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-blocklist\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-blocklist.1.2.7.zip","2026-03-15T14:54:45.397Z",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":34,"downloaded":105,"rating":13,"num_ratings":13,"last_updated":106,"tested_up_to":15,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":114,"download_link":115,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"tornevall-networks-dnsbl-implementation","Tornevall Networks DNSBL Implementation","3.0.3","tornevall","https:\u002F\u002Fprofiles.wordpress.org\u002Ftornevall\u002F","\u003Cp>Tornevall Networks DNSBL and FraudBL protection for WordPress. The plugin helps block comment activity, account registrations and other unwanted submissions from addresses flagged by Tornevall Networks DNSBL and FraudBL.\u003C\u002Fp>\n\u003Cp>FraudBL is part of the protection layer used by the plugin and is available at \u003Ca href=\"https:\u002F\u002Fwww.fraudbl.org\u002F\" rel=\"nofollow ugc\">fraudbl.org\u003C\u002Fa>. For general discovery, broader search terms like fraud, blacklist, comment spam and user registration are usually easier to find than niche technical acronyms alone.\u003C\u002Fp>\n\u003Cp>The plugin is intended to provide a lightweight anti-spam and anti-abuse layer for WordPress, with support for local caching to reduce repeated lookups and unnecessary load against blacklist services.\u003C\u002Fp>\n\u003Cp>Current admin features include manual DNS lookup tools, self-check tools, visitor statistics, safe IP whitelisting, frontend dry-run support for administrators, Cloudflare Turnstile for comments, and DNSBL plus Turnstile protection for new WordPress account registrations. WooCommerce-oriented protection is a planned next step rather than part of the current release.\u003C\u002Fp>\n\u003Cp>Report issues and feedback: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTornevall\u002Ftornevall-wp-dnsbl\u002Fissues\" rel=\"nofollow ugc\">GitHub issues\u003C\u002Fa>\u003Cbr \u002F>\nPlugin URL: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftornevall-networks-dnsbl-implementation\u002F\" rel=\"ugc\">WordPress.org plugin page\u003C\u002Fa>\u003Cbr \u002F>\nDocumentation: \u003Ca href=\"https:\u002F\u002Ftools.tornevall.net\u002Fdocs\u002Fdnsbl-api\" rel=\"nofollow ugc\">DNSBL API documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Support and feedback\u003C\u002Fh4>\n\u003Cp>Bug reports and feedback can currently be submitted via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTornevall\u002Ftornevall-wp-dnsbl\u002Fissues\" rel=\"nofollow ugc\">GitHub issues\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Full Documentation: \u003Ca href=\"https:\u002F\u002Ftools.tornevall.net\u002Fdocs\u002Fdnsbl-api\" rel=\"nofollow ugc\">DNSBL API documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Translations can be contributed via \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Ftornevall-networks-dnsbl-implementation\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n","Tornevall Networks DNSBL implementation with FraudBL support for WordPress",1798,"2026-03-15T10:06:00.000Z","5.8","8.1",[110,111,112,113,23],"antispam","blacklist","comment-spam","fraud","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftornevall-networks-dnsbl-implementation\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftornevall-networks-dnsbl-implementation.3.0.3.zip",{"slug":117,"name":118,"version":6,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":13,"downloaded":123,"rating":26,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":132,"download_link":133,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"secure-signups","Secure Signups","daffodilweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaffodilweb\u002F","\u003Cp>\u003Cstrong>Secure Signups: Strengthen Your WordPress User Registration with Domain Whitelisting\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Secure Signups is a powerful WordPress plugin designed to enhance your site’s security by restricting user registrations to approved domain emails. Perfect for preventing spam, this plugin allows administrators to easily manage a whitelist of domains directly from the admin panel. Effortlessly add, update, and toggle domain statuses to control who can sign up.\u003C\u002Fp>\n\u003Cp>With Secure Signups, you can customize messages displayed during registration, ensuring clear communication with prospective users. The plugin also offers straightforward activation and deactivation, giving you seamless control over its functionality at any time.\u003C\u002Fp>\n\u003Cp>Protect your WordPress site from unwanted registrations by whitelisting trusted domains with Secure Signups. Say goodbye to spam and enjoy a more secure user registration process.\u003C\u002Fp>\n\u003Ch3>Secure Signups\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Domain-Based Registration: Enable registration solely for email addresses associated with specified domains.\u003C\u002Fli>\n\u003Cli>Admin Panel Management: Easily add, update, and toggle the status (active\u002Finactive) of approved domain lists.\u003C\u002Fli>\n\u003Cli>Customizable Messages: Configure personalized messages to be displayed during the registration process.\u003C\u002Fli>\n\u003Cli>Plugin Control: Manage plugin functionality directly from the Plugins settings.\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable Option: Control the operational status of the plugin with a simple toggle while installed on your WordPress site.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure Signups helps to filter user registrations based on email domain, enabling a secure and controlled signup process.",1536,2,"2024-06-20T05:16:00.000Z","6.5.8","5.0","7.3",[74,130,117,23,131],"domain-whitelisting","wordpress-security","https:\u002F\u002Fdaffodilweb.com\u002Fsecure-signups.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-signups.1.0.3.zip",{"attackSurface":135,"codeSignals":294,"taintFlows":302,"riskAssessment":329,"analyzedAt":335},{"hooks":136,"ajaxHandlers":276,"restRoutes":288,"shortcodes":289,"cronEvents":290,"entryPointCount":292,"unprotectedCount":293},[137,142,147,150,154,158,161,164,168,171,176,179,183,188,192,195,198,199,204,208,210,213,217,220,222,225,228,232,235,238,242,245,249,253,256,260,262,265,268,271,273],{"type":138,"name":139,"callback":139,"priority":34,"file":140,"line":141},"filter","plugin_row_meta","inc\\common.php",39,{"type":143,"name":144,"callback":145,"file":140,"line":146},"action","admin_init","closure",51,{"type":143,"name":148,"callback":145,"file":140,"line":149},"admin_notices",54,{"type":143,"name":151,"callback":145,"file":152,"line":153},"init","inc\\indicator.php",23,{"type":143,"name":155,"callback":156,"priority":34,"file":152,"line":157},"update_user_meta","maybe_invalidate_cache",63,{"type":143,"name":159,"callback":156,"priority":34,"file":152,"line":160},"added_user_meta",64,{"type":143,"name":162,"callback":156,"priority":34,"file":152,"line":163},"deleted_user_meta",65,{"type":143,"name":165,"callback":166,"file":152,"line":167},"delete_user","invalidate_cache",66,{"type":143,"name":169,"callback":166,"file":152,"line":170},"remove_user_from_blog",67,{"type":143,"name":172,"callback":173,"priority":174,"file":152,"line":175},"admin_menu","add_suspicious_count_to_users_menu",999,70,{"type":143,"name":148,"callback":177,"file":152,"line":178},"show_flagged_user_count_notice",73,{"type":143,"name":180,"callback":181,"file":152,"line":182},"admin_enqueue_scripts","enqueue_scripts",76,{"type":138,"name":184,"callback":185,"file":186,"line":187},"fudetector_integrations_fields","setting_field","inc\\integrations\\gravity-forms.php",77,{"type":138,"name":189,"callback":190,"priority":34,"file":186,"line":191},"gform_entries_field_value","populate_user_exists_column",87,{"type":143,"name":180,"callback":193,"file":186,"line":194},"enqueue_assets",88,{"type":143,"name":172,"callback":196,"file":197,"line":149},"page","inc\\quick-scan.php",{"type":143,"name":180,"callback":181,"file":197,"line":46},{"type":143,"name":200,"callback":201,"priority":34,"file":202,"line":203},"user_register","schedule_new_user_check","inc\\registration.php",42,{"type":143,"name":205,"callback":206,"priority":34,"file":202,"line":207},"fudetector_check_new_user_cron","check_new_user_cron",45,{"type":143,"name":151,"callback":145,"file":209,"line":153},"inc\\settings.php",{"type":143,"name":172,"callback":211,"file":209,"line":212},"submenu",97,{"type":143,"name":214,"callback":215,"file":209,"line":216},"network_admin_menu","submenu_network",99,{"type":143,"name":144,"callback":218,"file":209,"line":219},"settings_fields",103,{"type":143,"name":151,"callback":145,"file":221,"line":153},"inc\\user.php",{"type":143,"name":223,"callback":224,"file":221,"line":194},"show_user_profile","add_user_profile_fields",{"type":143,"name":226,"callback":224,"file":221,"line":227},"edit_user_profile",89,{"type":143,"name":229,"callback":230,"file":221,"line":231},"personal_options_update","save_user_profile_fields",90,{"type":143,"name":233,"callback":230,"file":221,"line":234},"edit_user_profile_update",91,{"type":143,"name":151,"callback":145,"file":236,"line":237},"inc\\users.php",24,{"type":143,"name":239,"callback":240,"priority":241,"file":236,"line":187},"manage_users_extra_tablenav","add_user_filter_dropdown",9999999,{"type":143,"name":243,"callback":240,"priority":241,"file":236,"line":244},"manage_users_network_extra_tablenav",78,{"type":143,"name":246,"callback":247,"file":236,"line":248},"pre_get_users","filter_users_list_query",79,{"type":138,"name":250,"callback":251,"priority":34,"file":236,"line":252},"user_row_actions","add_clear_action_link",82,{"type":138,"name":254,"callback":251,"priority":34,"file":236,"line":255},"ms_user_row_actions",83,{"type":138,"name":257,"callback":258,"file":236,"line":259},"manage_users_columns","user_column",86,{"type":138,"name":261,"callback":258,"file":236,"line":191},"manage_users-network_columns",{"type":143,"name":263,"callback":264,"priority":34,"file":236,"line":194},"manage_users_custom_column","user_column_content",{"type":138,"name":266,"callback":267,"file":236,"line":234},"bulk_actions-users","register_bulk_actions",{"type":138,"name":269,"callback":270,"priority":34,"file":236,"line":60},"handle_bulk_actions-users","process_bulk_actions",{"type":143,"name":180,"callback":181,"file":236,"line":272},95,{"type":138,"name":274,"callback":145,"file":236,"line":275},"pre_user_query",222,[277,282,284],{"action":278,"nopriv":279,"callback":280,"hasNonce":281,"hasCapCheck":281,"file":186,"line":227},"fudetector_retry_user_registration",false,"ajax_retry_user_registration",true,{"action":278,"nopriv":281,"callback":283,"hasNonce":279,"hasCapCheck":279,"file":186,"line":231},"__return_false",{"action":285,"nopriv":279,"callback":286,"hasNonce":281,"hasCapCheck":281,"file":197,"line":287},"fudetector_full_scan","ajax_full_scan",57,[],[],[291],{"hook":205,"callback":205,"file":202,"line":287},3,1,{"dangerousFunctions":295,"sqlUsage":296,"outputEscaping":299,"fileOperations":13,"externalRequests":13,"nonceChecks":297,"capabilityChecks":48,"bundledLibraries":301},[],{"prepared":297,"raw":13,"locations":298},8,[],{"escaped":259,"rawEcho":13,"locations":300},[],[],[303,321],{"entryPoint":304,"graph":305,"unsanitizedCount":13,"severity":320},"ajax_full_scan (inc\\quick-scan.php:120)",{"nodes":306,"edges":318},[307,312],{"id":308,"type":309,"label":310,"file":197,"line":311},"n0","source","$_POST",127,{"id":313,"type":314,"label":315,"file":197,"line":316,"wp_function":317},"n1","sink","get_results() [SQLi]",131,"get_results",[319],{"from":308,"to":313,"sanitized":281},"low",{"entryPoint":322,"graph":323,"unsanitizedCount":13,"severity":320},"\u003Cquick-scan> (inc\\quick-scan.php:0)",{"nodes":324,"edges":327},[325,326],{"id":308,"type":309,"label":310,"file":197,"line":311},{"id":313,"type":314,"label":315,"file":197,"line":316,"wp_function":317},[328],{"from":308,"to":313,"sanitized":281},{"summary":330,"deductions":331},"The 'fake-user-detector' plugin v1.0.3 exhibits a generally strong security posture with several good practices in place. The complete absence of dangerous functions, secure handling of all SQL queries via prepared statements, and 100% proper output escaping are significant strengths. Furthermore, the plugin has no recorded vulnerability history, indicating a lack of past security incidents and potentially a well-maintained codebase. The presence of nonce and capability checks on a good portion of its entry points also contributes positively to its security. \n\nHowever, a notable concern arises from the static analysis: one of the three identified AJAX handlers lacks proper authentication checks. This creates an unprotected entry point into the plugin's functionality, which could be exploited by unauthenticated users. While taint analysis found no unsanitized flows, the presence of an unprotected AJAX handler represents a direct risk that needs to be addressed. \n\nIn conclusion, while the plugin demonstrates a commitment to secure coding practices in many areas and has a clean vulnerability history, the unprotected AJAX handler is a critical weakness that lowers its overall security rating. Addressing this single vulnerability would significantly improve its security posture. The plugin is otherwise well-developed from a security perspective.",[332],{"reason":333,"points":334},"AJAX handler without auth checks",7,"2026-03-16T22:26:54.178Z",{"wat":337,"direct":346},{"assetPaths":338,"generatorPatterns":341,"scriptPaths":342,"versionParams":343},[339,340],"\u002Fwp-content\u002Fplugins\u002Ffake-user-detector\u002Finc\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Ffake-user-detector\u002Finc\u002Fjs\u002Fadmin.js",[],[340],[344,345],"fake-user-detector\u002Finc\u002Fcss\u002Fadmin.css?ver=","fake-user-detector\u002Finc\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":347,"htmlComments":349,"htmlAttributes":350,"restEndpoints":351,"jsGlobals":352,"shortcodeOutput":353},[348],"fudetector-flagged-count",[],[],[],[],[]]