[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fn2JFKrWOIF8SID5TbbBuPpme1g7azV1udrxBajER8pA":3,"$fI-2tTA4hs8DDHSTMfJkyp4hFBOG9Cs3xv31PY9akUXk":247,"$fzt4CVve0hN6RyuhOgASc2BS5WT0ueX67sk4TxjocqHQ":252},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":51,"crawl_stats":38,"alternatives":59,"analysis":169,"fingerprints":232},"force-first-last","Force First and Last Name as Display Name","1.2.2","Andrew Lima","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrewza\u002F","\u003Cp>This plugin hides the “Display Name” field on the Edit Profile screen for all users. Instead of allowing users to set this field, the plugin will always set the User field display_name to their first and last name. If these field are empty, display_name will be set to their username.\u003C\u002Fp>\n\u003Cp>Display names are set when the user registers as well as when a user’s profile is updated via the WordPress admin.\u003C\u002Fp>\n\u003Cp>The plugin includes a batch process to update the display name for existing users. Navigate to Settings > Force First Last in the WordPress admin to run the update.\u003C\u002Fp>\n","Force the user field \"display_name\" to be set as the user's first and last name.",2000,32543,86,18,"2024-11-18T14:43:00.000Z","6.7.5","5.2","",[20,21,22,23,24],"display-name","first-name","force","last-name","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-first-last.1.2.2.zip",92,1,0,"2023-03-16 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":29,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":38,"research_status":38,"research_verified":50,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":50,"poc_model_used":38,"poc_verification_depth":38},"CVE-2023-28419","force-first-and-last-name-as-display-name-cross-site-request-forgery","Force First and Last Name as Display Name \u003C= 1.2 - Cross-Site Request Forgery","The Force First and Last Name as Display Name plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bulk “Update Existing Users” functionality. This makes it possible for unauthenticated attackers to modify user information, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2","1.2.1","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F27d579d5-a4d2-45f7-a7bb-8f384d851d7a?source=api-prod",313,[],false,{"slug":52,"display_name":7,"profile_url":8,"plugin_count":53,"total_installs":54,"avg_security_score":55,"avg_patch_time_days":56,"trust_score":57,"computed_at":58},"andrewza",7,66020,96,388,76,"2026-05-20T03:12:26.826Z",[60,84,104,124,148],{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":81,"download_link":82,"security_score":83,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"extended-user-search-in-wp-admin","Extended User Search In WP-Admin","3","amit5204","https:\u002F\u002Fprofiles.wordpress.org\u002Famit5204\u002F","\u003Cp>By default WordPress in WP-admin allows users to search only by username or email id.\u003C\u002Fp>\n\u003Cp>But what if you want to search user by first name or last name or both. What if you want to search by entering only partial email address\u002Fid or username or by bio, you cannot do it as by default. WordPress do not come with this feature.\u003Cbr \u002F>\nThis plugin eliminate above limitation. Which could perform search based on full-name, first-name, last-name, email, username and bio.\u003Cbr \u002F>\n“Extended User Search In WP-admin” Plugin that allows admin to search user much more deeply and overcomes the limit possessed by WordPress.\u003C\u002Fp>\n\u003Cp>Note :- This plugin is inspired from “Improved user search in backend” and “User First Name \u002F Full Name Search In WP-admin” plugins.\u003C\u002Fp>\n","By default WordPress in WP-admin allows users to search only by username or email id.",1000,9101,94,13,"2022-12-13T16:06:00.000Z","6.1.10","4.9.6",[76,77,78,79,80],"empower-user-search-in-wpadmin","extend-user-search-in-wpadmin","search-by-first-name-in-wpadmin","search-by-full-name-in-wpadmin","search-by-last-name-in-wpadmin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fextended-user-search-in-wp-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextended-user-search-in-wp-admin.zip",85,{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":18,"tags":99,"homepage":102,"download_link":103,"security_score":83,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"enhanced-user-search","Enhanced User Search","1.0.0","khan.shabnam","https:\u002F\u002Fprofiles.wordpress.org\u002Fkhanshabnam\u002F","\u003Cp>Enhanced User Search: Effortlessly Find Your Users\u003Cbr \u002F>\nStruggling to locate specific users in your WordPress admin panel? The default search only allows filtering by username and email, making it cumbersome to find users with common names or if you don’t recall their exact login credentials.\u003C\u002Fp>\n\u003Cp>Enhanced User Search simplifies user management by expanding the search capabilities. This plugin allows you to search for users by their first name, last name, username, or email address.\u003C\u002Fp>\n\u003Cp>Here’s how Enhanced User Search streamlines your workflow:\u003C\u002Fp>\n\u003Cp>Effortless User Identification: Quickly locate users with common names or those whose credentials you might not readily remember.\u003Cbr \u002F>\nImproved Efficiency: Save time and frustration by searching based on any combination of user information.\u003Cbr \u002F>\nEnhanced User Management: Gain greater control over your user base with a more comprehensive search functionality.\u003C\u002Fp>\n\u003Cp>Key Features:\u003C\u002Fp>\n\u003Cp>Search users by first name, last name, username, and email address.\u003Cbr \u002F>\nIntegrates seamlessly with the existing WordPress user search interface.\u003Cbr \u002F>\nLightweight and efficient, ensuring smooth performance on your website.\u003Cbr \u002F>\nEasy to use – no configuration required, activates upon installation.\u003C\u002Fp>\n\u003Cp>Benefits:\u003C\u002Fp>\n\u003Cp>Save Time: Find the users you need faster with a more comprehensive search.\u003Cbr \u002F>\nImproved Accuracy: Locate specific users with ease, reducing the risk of identifying the wrong person.\u003Cbr \u002F>\nEnhanced User Management: Gain greater control over your user base.\u003Cbr \u002F>\nWho should use Enhanced User Search?\u003C\u002Fp>\n\u003Cp>This plugin is ideal for anyone who manages users in WordPress, especially those with:\u003C\u002Fp>\n\u003Cp>Large User Bases: Easily find specific users even amidst a vast number of accounts.\u003Cbr \u002F>\nMembership Sites: Efficiently manage user accounts for membership websites.\u003Cbr \u002F>\nMultisite Networks: Effortlessly locate users across multiple sites in your network.\u003Cbr \u002F>\nEnhanced User Search empowers you to manage your WordPress users with greater efficiency and ease. Download the plugin today and experience the difference!\u003C\u002Fp>\n","Effortlessly find users in WordPress! Search by first & last name, username, or email.",90,1349,80,4,"2024-04-29T16:50:00.000Z","6.5.8","6.4.3",[85,78,80,100,101],"user-search","username-search-in-admin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenhanced-user-search","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenhanced-user-search.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":92,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":121,"download_link":122,"security_score":123,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"username-changer","Username Changer","3.2.8","DigitalME","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitalmeactivecampaign\u002F","\u003Ch3>Finally Change WordPress Usernames — Safely and Instantly\u003C\u002Fh3>\n\u003Cp>WordPress permanently locks usernames after registration. Username Changer breaks through this limitation, giving you full control over user identities without losing any data.\u003C\u002Fp>\n\u003Cp>By \u003Ca href=\"https:\u002F\u002Fwpusernamechange.com\u002F\" rel=\"nofollow ugc\">TRS Plugins\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpusernamechange.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Pro ⭐\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdemo.wpusernamechange.com\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ftrsplugins.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FaUZ4Wtrh2Gs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Why You Need This Plugin\u003C\u002Fh3>\n\u003Cp>WordPress locks usernames by default — but mistakes happen, conventions change, and security sometimes requires a reset. Username Changer lets you update any username instantly, directly from the user profile page, with zero data loss.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fix registration typos in seconds\u003C\u002Fli>\n\u003Cli>Standardize usernames across your organization\u003C\u002Fli>\n\u003Cli>Update compromised or generic usernames like “admin”\u003C\u002Fli>\n\u003Cli>Resolve username conflicts when merging or migrating sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Trusted solution since 2011 with continuous updates and improvements.\u003C\u002Fp>\n\u003Ch3>Who Is It For?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>WordPress Agencies\u003C\u002Fstrong>\u003Cbr \u002F>\nStandardize client usernames across multiple sites, fix migration errors, and maintain professional naming conventions at scale.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security-Conscious Site Owners\u003C\u002Fstrong>\u003Cbr \u002F>\nQuickly update usernames if security concerns arise. Rotating away from “admin” is one of the easiest hardening steps you can take.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Community & Membership Sites\u003C\u002Fstrong>\u003Cbr \u002F>\nAllow members to update their own usernames, resolve disputes, and keep directories clean and consistent.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Content Sites with Multiple Authors\u003C\u002Fstrong>\u003Cbr \u002F>\nWorks seamlessly with Co-Authors Plus and other author plugins. Update usernames without breaking content associations.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>✓ One-click username updates directly from user profiles\u003Cbr \u002F>\n✓ Zero data loss — all posts, metadata, and associations stay intact\u003Cbr \u002F>\n✓ Email notifications when usernames are changed\u003Cbr \u002F>\n✓ Nickname support for additional flexibility\u003Cbr \u002F>\n✓ Proper username sanitization to prevent security issues\u003Cbr \u002F>\n✓ SQL-optimized for performance\u003Cbr \u002F>\n✓ Multisite compatible\u003Cbr \u002F>\n✓ Works with any WordPress theme\u003C\u002Fp>\n\u003Ch3>Admin Settings Page\u003C\u002Fh3>\n\u003Cp>The plugin adds a settings page under \u003Cstrong>Users \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Username Changer\u003C\u002Fstrong> with the following tabs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Settings\u003C\u002Fstrong> — Configure username rules, email notifications, and message strings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Help\u003C\u002Fstrong> — Access the live demo and product walkthrough\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⭐ Go Pro\u003C\u002Fstrong> — Unlock bulk username management and audit tools\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support\u003C\u002Fstrong> — Links to documentation and support resources\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>Upgrade to \u003Ca href=\"https:\u002F\u002Fwpusernamechange.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Username Changer Pro ⭐\u003C\u002Fa> to unlock:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bulk Username Updater\u003C\u002Fstrong> — Update hundreds of usernames at once via inline editing or CSV import\u002Fexport\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Log\u003C\u002Fstrong> — Full history of every username change with timestamps and IP addresses, exportable as CSV\u003C\u002Fli>\n\u003Cli>\u003Cstrong>License Management\u003C\u002Fstrong> — Per-site license activation with automatic background verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Simple Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the plugin (30 seconds)\u003C\u002Fli>\n\u003Cli>Navigate to any user’s profile page\u003C\u002Fli>\n\u003Cli>Change the username instantly\u003C\u002Fli>\n\u003Cli>The change applies across your entire site\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No complicated settings, no technical headaches.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin optionally sends usage data to TRS Plugins\u003Cbr \u002F>\nwhen the site admin explicitly opts in. No data is collected without consent.\u003Cbr \u002F>\nData sent may include: admin name, email, site URL, WP\u002FPHP version, and\u003Cbr \u002F>\nplugin\u002Ftheme list depending on the options selected.\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Ftrsplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Unlock the power to change WordPress usernames with complete security and data integrity.",40000,496727,70,"2026-04-14T21:07:00.000Z","6.9.4","3.0",[20,119,24,120],"login","username","https:\u002F\u002Fwpusernamechange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusername-changer.3.2.8.zip",100,{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":92,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":18,"tags":138,"homepage":144,"download_link":145,"security_score":146,"vuln_count":27,"unpatched_count":28,"last_vuln_date":147,"fetched_at":30},"ws-force-login-page","WS Force Login Page","3.0.4","Silver Muru","https:\u002F\u002Fprofiles.wordpress.org\u002Fsilvermuru\u002F","\u003Cp>WS Force Login Page force users who are not logged in by redirect into login page, this way it is good tool for developers to install sites which are in development process by restrict access to site and its content. Or when you want to put all site articles under password this plugin will do this! Working also with domains what includes umlaut letters like ö, ä, õ, ü\u003C\u002Fp>\n\u003Cp>Suitable also for putting site to maintenance mode and show custom message in login view.\u003C\u002Fp>\n","Redirecting user to login page if not logged in, working also with domains what includes umlaut letters like ö, ä, õ, ü",400,15499,2,"2025-05-19T15:02:00.000Z","6.8.5","5.0",[139,140,141,142,143],"administration","force-user-login","hidden","maintenance-mode","under-construction","https:\u002F\u002Fwww.silvermuru.ee\u002Fen\u002Fwordpress\u002Fplugins\u002Fws-force-login-page\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fws-force-login-page.3.0.4.zip",99,"2025-04-24 00:00:00",{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":123,"downloaded":156,"rating":157,"num_ratings":71,"last_updated":158,"tested_up_to":116,"requires_at_least":159,"requires_php":160,"tags":161,"homepage":18,"download_link":166,"security_score":114,"vuln_count":167,"unpatched_count":27,"last_vuln_date":168,"fetched_at":30},"login-as-customer-or-user","Login as User or Customer","3.9.1","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>This plugin allows you to quickly swap between user accounts in WordPress (in one click). This is very helpful for admins or customer support users to access any user account in one click. You can quickly switch between user accounts and act as the customer in your store.\u003C\u002Fp>\n\u003Cp>With this tool, you can add a product to the cart and create an order for your customer. This can be very useful if you are placing orders over the phone and providing technical support and assistance to your customer accounts.\u003C\u002Fp>\n\u003Ch3>Video Description\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F584505898\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The ability to access any user account without having the user password (Just click the button Login as in the user’s list)\u003C\u002Fli>\n\u003Cli>The ability to access any user account from the user’s profile also\u003C\u002Fli>\n\u003Cli>Two-factor authentication (2FA) support\u003C\u002Fli>\n\u003Cli>Manage user cart (WooCommerce Customers)\u003C\u002Fli>\n\u003Cli>Instantly switch back to your originating account\u003C\u002Fli>\n\u003Cli>The Login as user button appears beside each customer to help you provide better support (In the WooCommerce orders page for the last 10 orders)\u003C\u002Fli>\n\u003Cli>Switching between users is secure\u003C\u002Fli>\n\u003Cli>Only users with the ability to edit other users can switch between accounts.\u003C\u002Fli>\n\u003Cli>Uses the WordPress nonce security system which means that only users that intends to switch user accounts can execute the user switching functions in the plugin.\u003C\u002Fli>\n\u003Cli>When you have switched to another user, a descriptive text will remind you that you are logged in as another user.\u003C\u002Fli>\n\u003Cli>Click on the Log out link to switch back to the account you where originally logged in as.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress, WordPress Multisite, WooCommerce\u003C\u002Fli>\n\u003Cli>Simple options page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin does not send data to any third party, nor does it include any third party resources, nor will it ever do so.\u003C\u002Fp>\n\u003Ch3>Languages\u003C\u002Fh3>\n\u003Col>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Spanish (Argentina)\u003C\u002Fli>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin allows you to quickly swap between user accounts in WordPress (in one click). This is very helpful for admins or customer support users to …",13269,60,"2026-03-19T13:03:00.000Z","4.6","5.4",[162,119,163,164,165],"force-login","message-cart","user-switching","view-as-user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-as-customer-or-user.3.9.1.zip",5,"2024-02-27 00:00:00",{"attackSurface":170,"codeSignals":211,"taintFlows":222,"riskAssessment":223,"analyzedAt":231},{"hooks":171,"ajaxHandlers":207,"restRoutes":208,"shortcodes":209,"cronEvents":210,"entryPointCount":28,"unprotectedCount":28},[172,178,182,184,188,190,193,198,203],{"type":173,"name":174,"callback":175,"file":176,"line":177},"action","plugins_loaded","ffl_load_plugin_text_domain","force-first-last.php",19,{"type":173,"name":179,"callback":180,"file":176,"line":181},"show_user_profile","ffl_show_user_profile",59,{"type":173,"name":183,"callback":180,"file":176,"line":157},"edit_user_profile",{"type":173,"name":185,"callback":186,"file":176,"line":187},"personal_options_update","ffl_save_extra_profile_fields",91,{"type":173,"name":189,"callback":186,"file":176,"line":26},"edit_user_profile_update",{"type":173,"name":191,"callback":186,"file":176,"line":192},"pmpro_personal_options_update",93,{"type":194,"name":195,"callback":196,"file":176,"line":197},"filter","pmpro_member_profile_edit_user_object_fields","ffl_pmpro_member_profile_edit_user_object_fields",103,{"type":173,"name":199,"callback":200,"priority":201,"file":176,"line":202},"user_register","ffl_fix_user_display_name",20,123,{"type":173,"name":204,"callback":205,"priority":201,"file":176,"line":206},"admin_menu","ffl_settings_menu_item",132,[],[],[],[],{"dangerousFunctions":212,"sqlUsage":213,"outputEscaping":218,"fileOperations":28,"externalRequests":28,"nonceChecks":27,"capabilityChecks":134,"bundledLibraries":221},[],{"prepared":28,"raw":27,"locations":214},[215],{"file":176,"line":216,"context":217},153,"$wpdb->get_col() with variable interpolation",{"escaped":219,"rawEcho":28,"locations":220},6,[],[],[],{"summary":224,"deductions":225},"The 'force-first-last' plugin v1.2.2 exhibits a generally good security posture based on the static analysis. There are no identified dangerous functions, file operations, or external HTTP requests. All identified output is properly escaped, and nonce and capability checks are present, indicating an effort to secure entry points. The absence of any critical or high severity taint flows is also a positive sign.  However, a significant concern arises from the plugin's vulnerability history. It has a known medium severity CVE, and the fact that it was last patched in March 2023, with no indication of it being currently unpatched, suggests a potential for past vulnerabilities. The historical pattern of Cross-Site Request Forgery (CSRF) vulnerabilities, even if resolved, warrants vigilance as it indicates areas where improper input validation or insufficient authorization checks might have been previously exploited.\n\nWhile the current static analysis shows a clean bill of health for the analyzed code signals and taint flows, the presence of a past CVE, specifically a medium severity one related to CSRF, should not be overlooked. This historical context suggests a weakness in how certain user actions or inputs were handled in previous versions, which could be a recurring theme if not addressed robustly. The plugin benefits from good output escaping and the presence of authorization checks. The main weakness lies in its past vulnerability history, hinting at potential areas of concern that, while seemingly resolved in this version, demand a degree of caution and ongoing monitoring.",[226,229],{"reason":227,"points":228},"Past medium severity CVE exists",10,{"reason":230,"points":167},"Raw SQL query without prepared statement","2026-03-16T18:33:33.929Z",{"wat":233,"direct":238},{"assetPaths":234,"generatorPatterns":235,"scriptPaths":236,"versionParams":237},[],[],[],[],{"cssClasses":239,"htmlComments":241,"htmlAttributes":242,"restEndpoints":243,"jsGlobals":244,"shortcodeOutput":246},[240],"ffl_admin",[],[],[],[245],"jQuery",[],{"error":248,"url":249,"statusCode":250,"statusMessage":251,"message":251},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fforce-first-last\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":219,"versions":253},[254,259,265,273,281,289],{"version":6,"download_url":25,"svn_tag_url":255,"released_at":38,"has_diff":50,"diff_files_changed":256,"diff_lines":38,"trac_diff_url":257,"vulnerabilities":258,"is_current":248},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fforce-first-last\u002Ftags\u002F1.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fforce-first-last%2Ftags%2F1.2.1&new_path=%2Fforce-first-last%2Ftags%2F1.2.2",[],{"version":40,"download_url":260,"svn_tag_url":261,"released_at":38,"has_diff":50,"diff_files_changed":262,"diff_lines":38,"trac_diff_url":263,"vulnerabilities":264,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-first-last.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fforce-first-last\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fforce-first-last%2Ftags%2F1.2&new_path=%2Fforce-first-last%2Ftags%2F1.2.1",[],{"version":266,"download_url":267,"svn_tag_url":268,"released_at":38,"has_diff":50,"diff_files_changed":269,"diff_lines":38,"trac_diff_url":270,"vulnerabilities":271,"is_current":50},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-first-last.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fforce-first-last\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fforce-first-last%2Ftags%2F1.1&new_path=%2Fforce-first-last%2Ftags%2F1.2",[272],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":274,"download_url":275,"svn_tag_url":276,"released_at":38,"has_diff":50,"diff_files_changed":277,"diff_lines":38,"trac_diff_url":278,"vulnerabilities":279,"is_current":50},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-first-last.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fforce-first-last\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fforce-first-last%2Ftags%2F1.0&new_path=%2Fforce-first-last%2Ftags%2F1.1",[280],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":282,"download_url":283,"svn_tag_url":284,"released_at":38,"has_diff":50,"diff_files_changed":285,"diff_lines":38,"trac_diff_url":286,"vulnerabilities":287,"is_current":50},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-first-last.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fforce-first-last\u002Ftags\u002F1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fforce-first-last%2Ftags%2F0.2&new_path=%2Fforce-first-last%2Ftags%2F1.0",[288],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":290,"download_url":291,"svn_tag_url":292,"released_at":38,"has_diff":50,"diff_files_changed":293,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":294,"is_current":50},"0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-first-last.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fforce-first-last\u002Ftags\u002F0.2\u002F",[],[295],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40}]