[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4DL8KrFb0XF-TumjKju3tDc3nTH5qEwk2q-_4y9oSIc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":146,"fingerprints":308},"idle-user-logout","Idle User Logout","3.1","Abiral Neupane","https:\u002F\u002Fprofiles.wordpress.org\u002Fabiralneupane\u002F","\u003Cp>This plugin detects idle user and execute the action that is being specified in Admin End.\u003C\u002Fp>\n\u003Cp>The plugin is very minimalistic. Nothing fancy. So, if you are looking for a plugin that adds up security without having to add additional load in your website, you can try this plugin.\u003C\u002Fp>\n\u003Cp>From version 2.0, you can now specify the action and time for each user role.\u003C\u002Fp>\n\u003Cp>It tracks the users activity in both the front end and admin end.\u003C\u002Fp>\n\u003Cp>You can setup Idle Time from WP Admin > Settings > Idle User Logout\u003C\u002Fp>\n\u003Cp>Once you reach Idle User Logout Page, you can setup behavior of the plugin for each user\\’s role.\u003C\u002Fp>\n\u003Cp>If there is any problem, or need any help, we can give you a helping hand.\u003C\u002Fp>\n","This plugin automatically logs out the user after a period of idle time. The time period can be configured from admin end.",1000,29063,82,18,"2024-03-22T13:27:00.000Z","6.5.8","3.0","",[20,21,22,23,24],"auto","duration","interval","logout","signout","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fidle-user-logout\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fidle-user-logout.3.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"abiralneupane",5,1040,88,30,86,"2026-04-04T22:23:20.808Z",[41,64,84,103,120],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":18,"tags":56,"homepage":61,"download_link":62,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"only-one-device-login-limit","Only one device login limit","1.2.5","AddonsPress","https:\u002F\u002Fprofiles.wordpress.org\u002Faddonspress\u002F","\u003Cp>This plugin limits login to one device at a time for a user.\u003Cbr \u002F>\nIf the same user login from another device, that user won’t be allowed to log in.\u003Cbr \u002F>\nAdmin can set up an ‘Already login message’ for that user.\u003C\u002Fp>\n\u003Cp>If the user has been inactive for too long, then the user is automatically logged out and that user allows to log in again either from the same device or another device.\u003Cbr \u002F>\nAdmin can set up ‘Auto Logout Duration’ for users.\u003C\u002Fp>\n\u003Cp>It tracks the user’s activity like user status ( Active\u002FInactive ) and Last active time.\u003Cbr \u002F>\nAdmin can view user status from  WP Admin > Users > All users.  From the “User Status” column, the user current status can be viewed.\u003C\u002Fp>\n\u003Cp>Admin can set up only one device login limit plugin from WP Admin > Settings > Limit login\u003C\u002Fp>\n\u003Cp>Note: This plugin is compatible with most of the membership plugins.\u003Cbr \u002F>\nIf you find any issues, please use \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fonly-one-device-login-limit\" rel=\"ugc\">support forum\u003C\u002Fa> to report.\u003C\u002Fp>\n","Limit login to one device at a time for a user. Configured options from the admin",300,13494,100,13,"2024-11-12T14:22:00.000Z","6.7.5","5.0",[57,58,59,60],"auto-logout","idle-time","limit-login","one-device","https:\u002F\u002Fwww.addonspress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonly-one-device-login-limit.1.2.5.zip",92,{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":49,"downloaded":72,"rating":36,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":18,"tags":77,"homepage":82,"download_link":83,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"post-rotation","Post Rotation","1.9","digitalemphasis","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitalemphasis\u002F","\u003Cp>The main goal of this plugin is to avoid too much time without recent posts.\u003Cbr \u002F>\n‘Post Rotation’ takes the oldest post that matches with your criteria and automatically converts it in the most recent one, as just published.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy configuration.\u003C\u002Fli>\n\u003Cli>You can specify the rotation interval or the allowed time without new posts.\u003C\u002Fli>\n\u003Cli>Enforce punctuality only if you want it.\u003C\u002Fli>\n\u003Cli>You can also choose if you want to alter the ‘last_modified’ value.\u003C\u002Fli>\n\u003Cli>You can exclude from rotation posts without featured image.\u003C\u002Fli>\n\u003Cli>You can activate a filter and select which categories will be affected and which ones will be ignored by the plugin.\u003C\u002Fli>\n\u003Cli>By default, the plugin works with the conventional ‘post’ type… but you can even rotate custom post types.\u003C\u002Fli>\n\u003Cli>Clean uninstall option: If this option is enabled, the plugin will leave absolutely no traces when uninstalling.\u003C\u002Fli>\n\u003Cli>Visit \u003Ca href=\"https:\u002F\u002Fdigitalemphasis.com\" rel=\"nofollow ugc\">digitalemphasis.com\u003C\u002Fa> for more info.\u003C\u002Fli>\n\u003C\u002Ful>\n","Set the rotation interval or the allowed time without new posts... and automatically an older post becomes the latest one!",8182,9,"2021-04-15T15:21:00.000Z","5.7.15","4.0",[78,22,79,80,81],"automatic","post-rotator","rotation","rotator","https:\u002F\u002Fdigitalemphasis.com\u002Fwordpress-plugins\u002Fpost-rotation\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-rotation.1.9.zip",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":28,"num_ratings":28,"last_updated":94,"tested_up_to":95,"requires_at_least":18,"requires_php":18,"tags":96,"homepage":100,"download_link":101,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":102},"inactivity-auto-sign-out-plugin","Inactivity Auto Sign Out Plugin","0.2","NipponMonkey","https:\u002F\u002Fprofiles.wordpress.org\u002Fnipponmonkey\u002F","\u003Cp>This plugin automatically logs a user out after a certain period of time of inactivity.\u003Cbr \u002F>\nIt creates new meta data for each WP user and checks that the user hasn’t been inactive for too long.\u003Cbr \u002F>\nIf the user has been inactive for too long, then the user is automatically logged out and redirected to a URL of your choice.\u003Cbr \u002F>\nIt tracks the users activity in both the main site and admin area.\u003C\u002Fp>\n\u003Cp>You can set the maximum inactivity time and redirect URL by changing the defined constants in the plugin’s PHP page – no admin menus are available yet see FAQs.\u003C\u002Fp>\n\u003Cp>It’s only a single PHP page, so it’s easy to alter to work however you’d like it to work.\u003C\u002Fp>\n\u003Cp>It works with BuddyPress too.\u003C\u002Fp>\n\u003Cp>Let me know if you find a better way of doing this, and I’ll update the plugin.\u003C\u002Fp>\n\u003Ch3>Installation Bug\u003C\u002Fh3>\n\u003Cp>[FIXED!] Currently, when you activate the plugin, you are automatically logged out!\u003C\u002Fp>\n","This plugin automatically logs out the user after a period of inactivity. The time period can be configured and it works with BuddyPress.",10,5258,"2010-09-01T18:23:00.000Z","3.0.5",[20,97,98,99,24],"inactivity","out","sign","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Finactivity-auto-sign-out-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finactivity-auto-sign-out-plugin.0.2.zip","2026-03-15T14:54:45.397Z",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":92,"downloaded":111,"rating":28,"num_ratings":28,"last_updated":112,"tested_up_to":54,"requires_at_least":76,"requires_php":18,"tags":113,"homepage":118,"download_link":119,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-loginout","WP LogInOut","0.1.7","nabtron","https:\u002F\u002Fprofiles.wordpress.org\u002Fnabtron\u002F","\u003Cp>The plugin uses the \u003Ccode>wp_loginout\u003C\u002Fcode> functionality and extends it to automatically show login or logout button on your selected menu.\u003C\u002Fp>\n\u003Cp>The status of login or logout changes depending upon the users login status.\u003C\u002Fp>\n\u003Cp>The admin panel provides options to:\u003C\u002Fp>\n\u003Col>\n\u003Cli>select theme location for menu you want to extend\u003C\u002Fli>\n\u003Cli>code before and after the button link (\u003Cli> and \u003C\u002Fli> usually)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Please let us know if you encounter any bug or want features added to this plugin here on forums or at : \u003Ca href=\"https:\u002F\u002Fnabtron.com\u002Fwp-loginout\u002F\" rel=\"nofollow ugc\">Nabtron\u003C\u002Fa>\u003C\u002Fp>\n","Show login or logout button on any menu based on user login or logout status dynamically.",4049,"2024-11-26T17:30:00.000Z",[114,115,116,23,117],"automatically","button","login","menu","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-loginout\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-loginout.0.1.7.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":36,"num_ratings":130,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":141,"download_link":142,"security_score":143,"vuln_count":144,"unpatched_count":28,"last_vuln_date":145,"fetched_at":30},"mailpoet","MailPoet – Newsletters, Email Marketing, and Automation","5.22.1","MailPoet","https:\u002F\u002Fprofiles.wordpress.org\u002Fmailpoet\u002F","\u003Cp>Use MailPoet to create, send, manage, and grow your email marketing campaigns – all without leaving your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>Our newsletter builder integrates perfectly with WordPress so any website owner can create beautiful emails from scratch, or by using our responsive templates that display flawlessly across all devices.\u003C\u002Fp>\n\u003Cp>Schedule your newsletters, send them right away, or set up new blog post notifications to send automatically, in just a few clicks.\u003C\u002Fp>\n\u003Cp>Trusted by 500,000 WordPress websites since 2011.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With a free plan to get started, and scaling paid plans with enhanced functionality available, MailPoet is an email marketing solution suitable for both beginners and proficient email marketers.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mailpoet.com\u002F\" rel=\"nofollow ugc\">Visit our website for more information on plans and pricing\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>All features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create and add a newsletter subscription form to your website\u003C\u002Fli>\n\u003Cli>Manage your subscribers and subscriber lists in WordPress\u003C\u002Fli>\n\u003Cli>Build and send newsletters with WordPress\u003C\u002Fli>\n\u003Cli>Create automatic emails to send new post notifications\u003C\u002Fli>\n\u003Cli>Send automated welcome emails\u003C\u002Fli>\n\u003Cli>Behavior and interest-based subscriber segmentation options\u003C\u002Fli>\n\u003Cli>Pre-built and customizable email and subscription form templates\u003C\u002Fli>\n\u003Cli>Multiple subscription form placements: below pages, fixed bar, popup, slide-in, shortcode, on exit intent\u003C\u002Fli>\n\u003Cli>WooCommerce emails: abandoned cart, first purchase, specific product, product category, order status change, review added\u003C\u002Fli>\n\u003Cli>Customize WooCommerce transactional emails\u003C\u002Fli>\n\u003Cli>Automate subscriber management (add\u002Fremove from list, add\u002Fremove tags, update subscriber data) (paid plan required)\u003C\u002Fli>\n\u003Cli>Create custom automation triggers and actions (paid plan required)\u003C\u002Fli>\n\u003Cli>Branch your automations with if\u002Felse conditions to improve engagement (paid plan required)\u003C\u002Fli>\n\u003Cli>Reliable email delivery with MailPoet Sending Service (available for free – plan required)\u003C\u002Fli>\n\u003Cli>Basic engagement statistics (available for free) and detailed engagement statistics (paid plan required)\u003C\u002Fli>\n\u003Cli>Multi-condition segmentation (paid plan required)\u003C\u002Fli>\n\u003Cli>Google Analytics integration (paid plan required)\u003C\u002Fli>\n\u003Cli>Support via our Knowledge Base and Community Forums (available for free), and Priority Customer Support (paid plan required).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why choose MailPoet\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to use WordPress newsletter builder\u003C\u002Fli>\n\u003Cli>Beautiful templates that work perfectly across all devices\u003C\u002Fli>\n\u003Cli>No configuration needed: works out of the box\u003C\u002Fli>\n\u003Cli>Manage everything within your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Higher delivery rates with the MailPoet Sending Service\u003C\u002Fli>\n\u003Cli>GDPR compliant\u003C\u002Fli>\n\u003Cli>Free plan for small senders or those just starting out\u003C\u002Fli>\n\u003Cli>Advanced functionality available to help achieve growth.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce emails\u003C\u002Fh4>\n\u003Cp>Promote your business, sell more products, and enhance your customer service with MailPoet’s WooCommerce features.\u003C\u002Fp>\n\u003Cp>Use the automated email options to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Welcome your new customers when they make their first purchase\u003C\u002Fli>\n\u003Cli>Upsell by sending emails to customers who purchased a specific product or from a specific product category\u003C\u002Fli>\n\u003Cli>Convert more customers by sending a series of abandoned cart emails\u003C\u002Fli>\n\u003Cli>Re-engage customers who haven’t made a purchase in a while with personalized offers (paid plan required)\u003C\u002Fli>\n\u003Cli>Follow up with customers who left a review to encourage more engagement (paid plan required).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And with WooCommerce-specific segmentation options, you’ll be able to send targeted emails to your customers based on criteria such as their country, the number of orders they’ve placed, how much they’ve spent, and if they have an active product subscription (powered by \u003Cstrong>WooCommerce Subscriptions\u003C\u002Fstrong>) or membership (powered by \u003Cstrong>WooCommerce Memberships\u003C\u002Fstrong>).\u003C\u002Fp>\n\u003Cp>In addition, you’ll also be able to increase brand recognition by customizing your WooCommerce transactional emails. Create a unified brand experience by changing the layout, colors, and fonts used in your emails, as well as adding any images or additional information to them.\u003C\u002Fp>\n\u003Ch4>MailPoet Sending Service\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>The MailPoet Sending Service is free if you only have a few subscribers, with scaling plans available thereafter. \u003Ca href=\"https:\u002F\u002Fwww.mailpoet.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Read more.\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Sending emails and newsletters with your host is not a good idea. You might face sending speed limitations and see your emails ending up in the spam box.\u003C\u002Fp>\n\u003Cp>To help your sending go without a hitch, we’ve created an advanced email delivery infrastructure built for WordPress. Our technology allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reach inboxes, not spam boxes\u003C\u002Fli>\n\u003Cli>Send your emails super fast (up to 50,000 emails per hour)\u003C\u002Fli>\n\u003Cli>Maintain your sender reputation and improve engagement levels with automated bounce and complaint handling. Stop sending to non-deliverable and complaining addresses, automatically\u003C\u002Fli>\n\u003Cli>Authenticate your emails (with SPF and DKIM) to improve deliverability and avoid spam boxes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The MailPoet Sending Service is very easy to set up, you just have to enter a key in your WordPress dashboard and you’re all set!\u003C\u002Fp>\n\u003Ch4>MailPoet plans and pricing\u003C\u002Fh4>\n\u003Cp>MailPoet is available to download for free. Our free download includes all of the features listed above (with the exception of those indicating a plan requirement) under the following criteria:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Up to 1,000 subscribers\u003C\u002Fli>\n\u003Cli>MailPoet branding in emails\u003C\u002Fli>\n\u003Cli>Send emails with your own sending method (host, SendGrid, Amazon SES, etc).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Or if you opt for a MailPoet plan, you’ll get access to the MailPoet Sending Service.\u003C\u002Fp>\n\u003Cp>A free plan is available for those who want to get started with a few subscribers and would like to use the MailPoet Sending Service. And our paid plans offer features and functionality for those with larger lists who are looking to grow their business using email marketing.\u003C\u002Fp>\n\u003Cp>Take a look at \u003Ca href=\"https:\u002F\u002Fwww.mailpoet.com\u002Fpricing\" rel=\"nofollow ugc\">our pricing page\u003C\u002Fa> for full details on what’s included in each plan.\u003C\u002Fp>\n\u003Ch4>Before you install\u003C\u002Fh4>\n\u003Cp>Please note:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Multisite support is limited\u003C\u002Fli>\n\u003Cli>Review \u003Ca href=\"https:\u002F\u002Fkb.mailpoet.com\u002Farticle\u002F152-minimum-requirements-for-mailpoet-3\" rel=\"nofollow ugc\">our minimum requirements\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Albanian\u003C\u002Fli>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003Cli>Catalan\u003C\u002Fli>\n\u003Cli>Czech\u003C\u002Fli>\n\u003Cli>Danish\u003C\u002Fli>\n\u003Cli>Dutch\u003C\u002Fli>\n\u003Cli>Dutch (Formal)\u003C\u002Fli>\n\u003Cli>French (Canada)\u003C\u002Fli>\n\u003Cli>French (France)\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>German (Switzerland)\u003C\u002Fli>\n\u003Cli>German (Formal)\u003C\u002Fli>\n\u003Cli>Greek\u003C\u002Fli>\n\u003Cli>Hindi\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Japanese\u003C\u002Fli>\n\u003Cli>Polish\u003C\u002Fli>\n\u003Cli>Portuguese (Brazil)\u003C\u002Fli>\n\u003Cli>Portuguese (Portugal)\u003C\u002Fli>\n\u003Cli>Romanian\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Serbian\u003C\u002Fli>\n\u003Cli>Slovak\u003C\u002Fli>\n\u003Cli>Spanish (Mexico)\u003C\u002Fli>\n\u003Cli>Spanish (Spain)\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Turkish\u003C\u002Fli>\n\u003Cli>Ukrainian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We welcome experienced translators to translate directly on \u003Ca href=\"https:\u002F\u002Fwww.transifex.com\u002Fwysija\u002Fmp3\u002F\" rel=\"nofollow ugc\">our Transifex project\u003C\u002Fa>. Please note that any translations submitted via the “Translating WordPress” website will not work.\u003C\u002Fp>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmailpoet\u002Fmailpoet\u002F\" rel=\"nofollow ugc\">Our repository\u003C\u002Fa> is public on GitHub.\u003C\u002Fp>\n\u003Cp>Have a question for us? Reach us at security@ our domain, or report security issues to our \u003Ca href=\"https:\u002F\u002Fhackerone.com\u002Fautomattic\" rel=\"nofollow ugc\">Bug Bounty program\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Use of 3rd Party Services\u003C\u002Fh4>\n\u003Cp>MailPoet uses the following services that are necessary for its full functionality:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.com\u002F\" rel=\"nofollow ugc\">Translate WordPress.com\u003C\u002Fa> – used to download translations for the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To improve user experience, MailPoet may use the following 3rd party libraries if the \u003Cem>Load 3rd-party libraries\u003C\u002Fem> setting is enabled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffonts.google.com\u002F\" rel=\"nofollow ugc\">Google Fonts\u003C\u002Fa> – used in Form Editor which you can use to customize your forms, and in the Email Editor to style emails. This can be individually \u003Ca href=\"https:\u002F\u002Fkb.mailpoet.com\u002Farticle\u002F332-how-to-disable-google-fonts\" rel=\"nofollow ugc\">disabled by a filter\u003C\u002Fa>. \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms?hl=en\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy?hl=en\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublic-api.wordpress.com\u002F\" rel=\"nofollow ugc\">WordPress.com\u003C\u002Fa> – used for searching in Knowledge Base with the help of AI.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmixpanel.com\u002F\" rel=\"nofollow ugc\">Mixpanel\u003C\u002Fa> – used to send data about the usage of the MailPoet plugin when you \u003Ca href=\"https:\u002F\u002Fkb.mailpoet.com\u002Farticle\u002F130-sharing-your-data-with-us\" rel=\"nofollow ugc\">agree with sharing usage data with us\u003C\u002Fa>. \u003Ca href=\"https:\u002F\u002Fmixpanel.com\u002Flegal\u002Fterms-of-use\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmixpanel.com\u002Flegal\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.satismeter.com\u002F\" rel=\"nofollow ugc\">Satismeter\u003C\u002Fa> – used to ask for feedback. \u003Ca href=\"https:\u002F\u002Fwww.satismeter.com\u002Fterms\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.satismeter.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcrowdsignal.com\u002F\" rel=\"nofollow ugc\">Crowdsignal\u003C\u002Fa> – used to load our deactivation poll to improve our plugin. \u003Ca href=\"https:\u002F\u002Fcrowdsignal.com\u002Fterms\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fautomattic.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Loading all these libraries is disabled by default. The option can be enabled in the \u003Cem>MailPoet’s Settings > Advanced > Load 3rd-party libraries\u003C\u002Fem>.\u003C\u002Fp>\n","Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more",500000,63908206,1411,"2026-03-10T13:02:00.000Z","6.9.4","6.8","7.4",[136,137,138,139,140],"email-automation","email-marketing","newsletter","post-notification","woocommerce-emails","https:\u002F\u002Fwww.mailpoet.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailpoet.5.22.1.zip",98,3,"2025-03-06 00:00:00",{"attackSurface":147,"codeSignals":199,"taintFlows":297,"riskAssessment":298,"analyzedAt":307},{"hooks":148,"ajaxHandlers":187,"restRoutes":195,"shortcodes":196,"cronEvents":197,"entryPointCount":198,"unprotectedCount":198},[149,155,158,162,164,168,170,175,180,185],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","wp_enqueue_scripts","add_iul_scripts","idle-user-logout.php",27,{"type":150,"name":156,"callback":152,"file":153,"line":157},"admin_enqueue_scripts",28,{"type":150,"name":159,"callback":160,"file":153,"line":161},"init","iul_check_last_session",29,{"type":150,"name":163,"callback":160,"file":153,"line":37},"admin_init",{"type":150,"name":165,"callback":166,"file":167,"line":73},"admin_menu","iul_plugin_menu","inc\\admin\\admin_menu.php",{"type":150,"name":163,"callback":169,"file":167,"line":92},"iul_page_init",{"type":150,"name":171,"callback":172,"file":173,"line":174},"wp_dashboard_setup","initialize_iul_dashboard","inc\\admin\\dashboard.php",4,{"type":150,"name":176,"callback":177,"file":178,"line":179},"wp_footer","closure","inc\\iul-functions.php",39,{"type":150,"name":181,"callback":182,"file":183,"line":184},"admin_head","start_iul_action","inc\\iul_actions.php",8,{"type":150,"name":186,"callback":182,"file":183,"line":73},"wp_head",[188,192],{"action":189,"nopriv":190,"callback":189,"hasNonce":190,"hasCapCheck":190,"file":183,"line":191},"logout_idle_user",false,6,{"action":193,"nopriv":190,"callback":193,"hasNonce":190,"hasCapCheck":190,"file":183,"line":194},"update_user_time",7,[],[],[],2,{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":203,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":296},[],{"prepared":28,"raw":28,"locations":202},[],{"escaped":144,"rawEcho":204,"locations":205},51,[206,209,211,213,215,217,219,221,223,224,226,228,230,232,234,236,238,240,242,244,245,247,248,249,250,252,253,255,257,259,260,262,263,265,267,269,271,273,275,277,279,281,283,284,286,287,288,290,291,292,294],{"file":167,"line":207,"context":208},150,"raw output",{"file":167,"line":210,"context":208},196,{"file":167,"line":212,"context":208},197,{"file":167,"line":214,"context":208},198,{"file":167,"line":216,"context":208},199,{"file":167,"line":218,"context":208},200,{"file":167,"line":220,"context":208},218,{"file":167,"line":222,"context":208},220,{"file":167,"line":222,"context":208},{"file":167,"line":225,"context":208},226,{"file":167,"line":227,"context":208},227,{"file":167,"line":229,"context":208},228,{"file":167,"line":231,"context":208},229,{"file":167,"line":233,"context":208},230,{"file":167,"line":235,"context":208},231,{"file":167,"line":237,"context":208},232,{"file":167,"line":239,"context":208},236,{"file":167,"line":241,"context":208},237,{"file":167,"line":243,"context":208},239,{"file":167,"line":243,"context":208},{"file":167,"line":246,"context":208},244,{"file":167,"line":246,"context":208},{"file":167,"line":246,"context":208},{"file":167,"line":246,"context":208},{"file":167,"line":251,"context":208},247,{"file":167,"line":251,"context":208},{"file":167,"line":254,"context":208},259,{"file":167,"line":256,"context":208},260,{"file":167,"line":258,"context":208},265,{"file":167,"line":258,"context":208},{"file":167,"line":261,"context":208},269,{"file":167,"line":261,"context":208},{"file":167,"line":264,"context":208},275,{"file":167,"line":266,"context":208},276,{"file":167,"line":268,"context":208},277,{"file":167,"line":270,"context":208},278,{"file":167,"line":272,"context":208},279,{"file":167,"line":274,"context":208},280,{"file":167,"line":276,"context":208},281,{"file":167,"line":278,"context":208},285,{"file":167,"line":280,"context":208},286,{"file":167,"line":282,"context":208},288,{"file":167,"line":282,"context":208},{"file":167,"line":285,"context":208},293,{"file":167,"line":285,"context":208},{"file":167,"line":285,"context":208},{"file":173,"line":289,"context":208},21,{"file":173,"line":157,"context":208},{"file":173,"line":37,"context":208},{"file":173,"line":293,"context":208},35,{"file":178,"line":295,"context":208},76,[],[],{"summary":299,"deductions":300},"The \"idle-user-logout\" plugin v3.1 presents a concerning security posture primarily due to its unprotected AJAX handlers. While the plugin shows positive signs like the absence of dangerous functions and the exclusive use of prepared statements for SQL queries, these strengths are overshadowed by the critical weakness of two AJAX entry points lacking any authentication or capability checks. This directly exposes the plugin to potential unauthorized actions by any user, regardless of their role or permissions.\n\nThe static analysis reveals a significant attack surface with two unprotected entry points. Although no specific vulnerabilities or CVEs are recorded in its history, this lack of historical issues does not negate the current risks. The absence of any recorded vulnerability history might suggest a lack of rigorous auditing or simply a fortunate absence of discovered flaws. However, the current code structure, with unauthenticated AJAX handlers, creates a clear pathway for attackers to potentially trigger unintended actions within the WordPress environment.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL queries and dangerous functions, its failure to implement proper security checks on its AJAX handlers is a severe oversight. This leaves it vulnerable to potential exploitation. Users should be cautious, and developers should prioritize implementing nonce and capability checks on these entry points to mitigate the identified risks. The plugin's current state indicates a high level of potential risk due to these unauthenticated endpoints.",[301,303,305],{"reason":302,"points":92},"AJAX handlers without authentication",{"reason":304,"points":34},"Low output escaping percentage",{"reason":306,"points":92},"AJAX handlers without capability checks","2026-03-16T18:59:30.432Z",{"wat":309,"direct":325},{"assetPaths":310,"generatorPatterns":315,"scriptPaths":316,"versionParams":320},[311,312,313,314],"\u002Fwp-content\u002Fplugins\u002Fidle-user-logout\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fidle-user-logout\u002Fjs\u002Fidle-timer.min.js","\u002Fwp-content\u002Fplugins\u002Fidle-user-logout\u002Fjs\u002Fuikit.min.js","\u002Fwp-content\u002Fplugins\u002Fidle-user-logout\u002Fjs\u002Fscript.js",[],[317,318,319],"js\u002Fidle-timer.min.js","js\u002Fuikit.min.js","js\u002Fscript.js",[321,322,323,324],"idle-user-logout\u002Fstyle.css?ver=","idle-user-logout\u002Fjs\u002Fidle-timer.min.js?ver=","idle-user-logout\u002Fjs\u002Fuikit.min.js?ver=","idle-user-logout\u002Fjs\u002Fscript.js?ver=",{"cssClasses":326,"htmlComments":328,"htmlAttributes":329,"restEndpoints":331,"jsGlobals":332,"shortcodeOutput":334},[327],"dashicons-no",[],[330],"id=\"close_modal\"",[],[333],"UIkit",[]]