[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWb0nrsJHxUCCE7wQhKOVSESALXSYOtfa1QJNHk_LCGA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":131,"fingerprints":460},"init-user-engine","Init User Engine – Gamified, Fast, Frontend-First","1.4.6","Init HTML","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrokensmile2103-1\u002F","\u003Cp>\u003Cstrong>Init User Engine\u003C\u002Fstrong> is a lightweight, no-bloat user system for modern WordPress sites. It’s designed for maximum frontend flexibility and gamified user engagement. All dynamic interfaces are rendered via JavaScript with real-time REST API interaction.\u003C\u002Fp>\n\u003Cp>No jQuery. Minimal settings. Smart by default.\u003C\u002Fp>\n\u003Cp>What you get:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display user avatar and dashboard via shortcode\u003C\u002Fli>\n\u003Cli>Show level, EXP, Coin\u002FCash, and full user wallet\u003C\u002Fli>\n\u003Cli>Let users check-in daily and receive timed rewards\u003C\u002Fli>\n\u003Cli>Auto-track referral registrations with reward system\u003C\u002Fli>\n\u003Cli>Allow users to buy VIP status using in-site currency\u003C\u002Fli>\n\u003Cli>Built-in inbox for notifications (uses custom DB table)\u003C\u002Fli>\n\u003Cli>Custom avatar support with upload & preview modal\u003C\u002Fli>\n\u003Cli>Send custom notifications to selected users or all members from wp-admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is the core user system behind the \u003Ca href=\"https:\u002F\u002Fen.inithtml.com\u002Finit-plugin-suite-minimalist-powerful-and-free-wordpress-plugins\u002F\" rel=\"nofollow ugc\">Init Plugin Suite\u003C\u002Fa> – optimized for frontend-first interaction, extensibility, and real-time gamification.\u003C\u002Fp>\n\u003Cp>GitHub repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbrokensmile2103\u002Finit-user-engine\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbrokensmile2103\u002Finit-user-engine\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Avatar shortcode \u003Ccode>[init_user_engine]\u003C\u002Fcode> + modal dashboard  \u003C\u002Fli>\n\u003Cli>Avatar system with upload, preview, and revert support  \u003C\u002Fli>\n\u003Cli>EXP & Level system with hookable progression logic  \u003C\u002Fli>\n\u003Cli>Coin & Cash wallet system with transaction logs  \u003C\u002Fli>\n\u003Cli>Daily check-in with streak milestones & online bonus timer  \u003C\u002Fli>\n\u003Cli>Inbox system with pagination, read\u002Fclaim\u002Fdelete  \u003C\u002Fli>\n\u003Cli>VIP membership system with Coin-based purchase & expiry  \u003C\u002Fli>\n\u003Cli>Referral module with cookie-based signup tracking  \u003C\u002Fli>\n\u003Cli>Redeem Code \u002F Gift Code module – code in, rewards out\u003C\u002Fli>\n\u003Cli>REST API for all features (read\u002Fwrite\u002Fmodify)  \u003C\u002Fli>\n\u003Cli>Action\u002Ffilter hooks for full customization  \u003C\u002Fli>\n\u003Cli>Pure Vanilla JS frontend – no jQuery, no server bloat  \u003C\u002Fli>\n\u003Cli>Admin notification panel to send messages to selected users or all members\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Developer Hooks\u003C\u002Fh3>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_online_minutes\u003C\u002Fcode> – Modify required online minutes after check-in  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_vip_prices\u003C\u002Fcode> – Modify VIP package prices  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_referral_rewards\u003C\u002Fcode> – Modify referral rewards  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_localized_data\u003C\u002Fcode> – Modify frontend JS data  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_calculated_coin_amount\u003C\u002Fcode> – Modify Coin reward before apply  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_calculated_exp_amount\u003C\u002Fcode> – Modify EXP reward before apply  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_exp_required\u003C\u002Fcode> – Modify EXP required per level  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_checkin_milestones\u003C\u002Fcode> – Set milestone streak days  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_format_inbox\u003C\u002Fcode> – Modify formatted inbox data  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_render_level_badge\u003C\u002Fcode> – Customize level badge HTML  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_inbox_insert_data\u003C\u002Fcode> – Modify inbox data before inserting into database  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_validate_register_fields\u003C\u002Fcode> – Validate or modify registration fields before account creation  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_after_register\u003C\u002Fcode> – Hook after successful user registration (pass user ID and submitted data)  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_daily_tasks\u003C\u002Fcode> – Add or modify daily task list and logic  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_captcha_bank\u003C\u002Fcode> – Extend or modify the internal captcha question bank used for fallback validation  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_format_log_message\u003C\u002Fcode> – Customize transaction log message display with access to entry data, source, type, and amount  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_should_keep_original\u003C\u002Fcode> – Override decision to keep original uploaded avatar (GIF or other formats)  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_vip_expire_soon_threshold\u003C\u002Fcode> – Modify the threshold (in seconds) used to determine when VIP is considered close to expiration  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_body_vip_classes\u003C\u002Fcode> – Add, remove, or modify VIP-related CSS classes applied to the \u003Ccode>\u003Cbody>\u003C\u002Fcode> element\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Actions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_level_up\u003C\u002Fcode> – When user levels up  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_exp_added\u003C\u002Fcode> – After EXP is added  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_transaction_logged\u003C\u002Fcode> – After Coin\u002FCash is logged  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_exp_logged\u003C\u002Fcode> – After EXP log is recorded  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_inbox_inserted\u003C\u002Fcode> – After new inbox message  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_referral_completed\u003C\u002Fcode> – When referral is completed  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_after_checkin\u003C\u002Fcode> – After user check-in  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_after_claim_reward\u003C\u002Fcode> – After user claims reward  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_vip_purchased\u003C\u002Fcode> – After VIP is purchased  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_add_exp\u003C\u002Fcode> – Triggered when adding EXP via hook  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_add_coin\u003C\u002Fcode> – Triggered when adding Coin via hook  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_coin_changed\u003C\u002Fcode> – After user’s Coin balance is updated  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_cash_changed\u003C\u002Fcode> – After user’s Cash balance is updated  \u003C\u002Fli>\n\u003Cli>\u003Ccode>init_plugin_suite_user_engine_admin_send_notice\u003C\u002Fcode> – When admin sends notification via wp-admin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>REST API Endpoints\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Base:\u003C\u002Fstrong> \u003Ccode>\u002Fwp-json\u002Finituser\u002Fv1\u002F\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>POST \u002Fregister\u003C\u002Fcode> – Create a new user account  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fcheckin\u003C\u002Fcode> – Daily check-in  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fclaim-reward\u003C\u002Fcode> – Claim reward after online duration  \u003C\u002Fli>\n\u003Cli>\u003Ccode>GET  \u002Ftransactions\u003C\u002Fcode> – Get Coin\u002FCash transaction log  \u003C\u002Fli>\n\u003Cli>\u003Ccode>GET  \u002Fexp-log\u003C\u002Fcode> – Get EXP log  \u003C\u002Fli>\n\u003Cli>\u003Ccode>GET  \u002Finbox\u003C\u002Fcode> – Get inbox messages  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Finbox\u002Fmark-read\u003C\u002Fcode> – Mark a message as read  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Finbox\u002Fmark-all-read\u003C\u002Fcode> – Mark all as read  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Finbox\u002Fdelete\u003C\u002Fcode> – Delete a single message  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Finbox\u002Fdelete-all\u003C\u002Fcode> – Delete all messages  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fvip\u002Fpurchase\u003C\u002Fcode> – Purchase VIP package  \u003C\u002Fli>\n\u003Cli>\u003Ccode>GET  \u002Freferral-log\u003C\u002Fcode> – Get referral history  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Favatar\u003C\u002Fcode> – Upload new avatar  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Favatar\u002Fremove\u003C\u002Fcode> – Remove custom avatar and revert to default  \u003C\u002Fli>\n\u003Cli>\u003Ccode>GET  \u002Fprofile\u002Fme\u003C\u002Fcode> – Get current user profile  \u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fprofile\u002Fupdate\u003C\u002Fcode> – Update profile information\u003C\u002Fli>\n\u003Cli>\u003Ccode>GET  \u002Fdaily-tasks\u003C\u002Fcode> – Get list of completed daily tasks and rewards\u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fexchange\u003C\u002Fcode> – Convert Cash \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Coin based on exchange rate\u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fredeem-code\u003C\u002Fcode> – Redeem gift code (returns Coin\u002FCash rewards)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nYou are free to use, modify, and distribute it under the same license.\u003C\u002Fp>\n","Gamified user engine with EXP levels, Coin\u002FCash wallet, check-in, VIP, inbox, and referral – powered by REST API and Vanilla JS.",40,2475,0,"2026-02-07T02:15:00.000Z","6.9.4","5.5","7.4",[19,20,21,22,23],"check-in","level","referral","user","vip","https:\u002F\u002Finithtml.com\u002Fplugin\u002Finit-user-engine\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finit-user-engine.1.4.6.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"brokensmile2103-1",12,710,30,94,"2026-04-04T09:59:35.457Z",[38,62,84,101,114],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":26,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":59,"download_link":60,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bp-custom-functionalities","BP Custom Functionalities","1.0.4","Prashant Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fprashantvatsh\u002F","\u003Cp>BP Custom Functionalities provides custom functionalities that regular BuddyPress users requires like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Locking BuddyPress for guest users\u003C\u002Fli>\n\u003Cli>Locking bbPress for guest users\u003C\u002Fli>\n\u003Cli>Restricting BuddyPress Access Based on Paid Membership Pro Membership Levels\u003C\u002Fli>\n\u003Cli>Excluding members based on user roles from members directory\u003C\u002Fli>\n\u003Cli>Private profile – that means one member can not see other members profile\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>I will add more functionalities but will depend on how many requests came for the same functionality.\u003C\u002Fp>\n","BP Custom Functionalities provides custom functionalities that regular BuddyPress users requires.",10,2596,3,"2024-04-07T16:07:00.000Z","6.5.8","4.9.0","",[54,55,56,57,58],"exclude-member-roles","guest-user-restriction","lock-bbpress","pmpro-membership-level-buddypress-restriction","private-profile","https:\u002F\u002Fprashantdev.wordpress.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-custom-functionalities.1.0.4.zip",92,{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":46,"downloaded":70,"rating":26,"num_ratings":71,"last_updated":52,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":81,"download_link":82,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":83},"lootly-for-woocommerce","Lootly Loyalty & Rewards","1.43","ryanlootly","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanlootly\u002F","\u003Cp>Lootly is a Loyalty & Rewards, Referrals and VIP Platform helping eCommerce brands build great relationships with their customers. Lootly makes it easy to launch your own Loyalty program in just a few minutes. At Lootly, we believe that Loyalty programs should be feature-rich, easily accessible, fully customizable and affordable for all business sizes.\u003C\u002Fp>\n\u003Cp>Best of all, customers do not need a separate account for Lootly. Lootly simply checks when a customer is logged in, and then automatically displays their loyalty information within our on-site widget.\u003C\u002Fp>\n\u003Cp>Lootly offers numerous plans that are feature-rich to ensure your loyalty program is a success. Below are some of the awesome features available on our plans:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Points & Rewards\u003C\u002Fli>\n\u003Cli>Referral Program\u003C\u002Fli>\n\u003Cli>VIP Tier Program\u003C\u002Fli>\n\u003Cli>Email Customization\u003C\u002Fli>\n\u003Cli>Earning & Spending Limits\u003C\u002Fli>\n\u003Cli>Product, Category, and Customer Segmentation\u003C\u002Fli>\n\u003Cli>Full Design Customization\u003C\u002Fli>\n\u003Cli>HTML Editors\u003C\u002Fli>\n\u003Cli>Advanced Insights & Reports\u003C\u002Fli>\n\u003Cli>Import & Export Customers\u003C\u002Fli>\n\u003Cli>Integrations \u003C\u002Fli>\n\u003Cli>Custom Sender Domain\u003C\u002Fli>\n\u003Cli>and much more! \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Be sure to visit: https:\u002F\u002Flootly.io\u002Fpricing  to see all available plans & features.\u003C\u002Fp>\n\u003Cp>The Lootly for WooCommerce plugin relies on lootly.io to handle all functionality, which means you must create an account at https:\u002F\u002Flootly.io\u002F to use this plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Link to Terms of Service: https:\u002F\u002Flootly.io\u002Fterms-of-service\u003C\u002Fli>\n\u003Cli>Link to Privacy Policy: https:\u002F\u002Flootly.io\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n","Version 1.43 Lootly helps you build relationships with customers by rewarding them for interacting with your store or for driving referral sales.",5502,1,"6.6.5","3.7.1","5.6",[76,77,78,79,80],"lootly","loyalty","referrals","rewards","vip-program","https:\u002F\u002Flootly.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flootly-for-woocommerce.zip","2026-03-15T10:48:56.248Z",{"slug":85,"name":86,"version":87,"author":52,"author_profile":88,"description":89,"short_description":90,"active_installs":46,"downloaded":91,"rating":13,"num_ratings":13,"last_updated":52,"tested_up_to":92,"requires_at_least":93,"requires_php":52,"tags":94,"homepage":99,"download_link":100,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":83},"show-content-by-user-level","Show Content by User Level","0.1","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicholascaporusso\u002F","\u003Cp>This plug-in hides a specific part of the content of a page (or post) to all users whose user level is below a required user level.\u003C\u002Fp>\n\u003Cp>Therefore, if a content is visible to user level X:\u003Cbr \u002F>\n1. if X > 0 users who are not registered will not be able to access that specific content;\u003Cbr \u002F>\n2. users whose user level is less than X will not be able to access that specific content;\u003Cbr \u002F>\n3. users whose user level is equal or greater than X will be able to access that specific content.\u003C\u002Fp>\n\u003Cp>To hide a specific content, use the following syntax to encapsulate the hidden content:\u003Cbr \u002F>\n[hide {level}] {content} [hide {level}]\u003Cbr \u002F>\nwhere {level} is the NUMBER corresponding to the user level, and {content} is the part of you want to hide.\u003C\u002Fp>\n\u003Cp>Example:\u003Cbr \u002F>\n[hide 0] You will always see this content [hide 0]\u003Cbr \u002F>\n[hide 1] You will not see this if you are not logged as subscriber [hide 1]\u003Cbr \u002F>\n[hide 2] You will not see this if you are not logged as contributor [hide 2]\u003Cbr \u002F>\n[hide 3] You will not see this if you are not logged as author [hide 3]\u003Cbr \u002F>\n[hide 4] You will not see this if you are not logged as editor [hide 4]\u003Cbr \u002F>\n[hide 5] You will not see this if you are not logged as administrator [hide 5]\u003C\u002Fp>\n\u003Cp>Fancy example:\u003C\u002Fp>\n\u003Cp>[hide 1] You will see this if you are logged as subscriber [hide 5], but you will not see this if you are not logged as administrator [hide 5][hide 1]\u003C\u002Fp>\n\u003Cp>For further help, please visit http:\u002F\u002Fwww.nicholascaporusso.com\u002Fshowcontent-by-userlevel\u002F\u003C\u002Fp>\n","This simple plug-in hides content from all users except those that exceed a specific user level.",3404,"2.7.1","2.5",[95,96,97,98],"content","permission","role","user-level","http:\u002F\u002Fwww.nicholascaporusso.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-content-by-user-level.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":90,"active_installs":46,"downloaded":108,"rating":13,"num_ratings":13,"last_updated":109,"tested_up_to":92,"requires_at_least":93,"requires_php":52,"tags":110,"homepage":111,"download_link":112,"security_score":113,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"show-user-level-content","Show User Level Content","0.2","rexreed","https:\u002F\u002Fprofiles.wordpress.org\u002Frexreed\u002F","\u003Cp>This plug-in is quite simple: it hides content from all users except those at a specified user level.\u003C\u002Fp>\n\u003Cp>Alternatively, you can think of it as only showing content to users at a specified user level.\u003C\u002Fp>\n\u003Cp>Utilization is quite simple, with the use of the tag [hide {level}] and the end-tag [\\hide] as the way to encapsulate the hidden content.\u003C\u002Fp>\n\u003Cp>Future revisions will utilize Role Manager options instead of user levels, so stay tuned.\u003C\u002Fp>\n",5451,"2009-03-19T23:13:00.000Z",[95,96,97,98],"http:\u002F\u002Fwww.fourhourworkweekdiary.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-user-level-content.zip",85,{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":46,"downloaded":122,"rating":13,"num_ratings":13,"last_updated":123,"tested_up_to":93,"requires_at_least":93,"requires_php":52,"tags":124,"homepage":129,"download_link":130,"security_score":113,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"user-cats-manager","User-Cats Manager","2.1","dgmike","https:\u002F\u002Fprofiles.wordpress.org\u002Fdgmike\u002F","\u003Cp>Provides to admin users a way to select what categorie determined users can write. (administrators have access to all categories)\u003C\u002Fp>\n","Provides to admin users a way to select what categorie determined users can write. (administrators have access to all categories)",10270,"2008-07-14T04:13:00.000Z",[125,126,20,127,128],"access","categories","preferences","users","http:\u002F\u002Fdgmike.wordpress.com\u002Fuser-cats-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-cats-manager.2.1.zip",{"attackSurface":132,"codeSignals":292,"taintFlows":365,"riskAssessment":454,"analyzedAt":459},{"hooks":133,"ajaxHandlers":274,"restRoutes":280,"shortcodes":281,"cronEvents":286,"entryPointCount":291,"unprotectedCount":71},[134,140,144,149,152,154,157,159,162,165,170,173,176,179,182,187,191,195,200,204,207,210,214,217,219,224,228,231,234,237,240,243,245,249,252,255,257,261,266,270,273],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","init","init_plugin_suite_user_engine_schedule_cleanup_transients","includes\\core.php",38,{"type":135,"name":141,"callback":142,"file":138,"line":143},"init_plugin_suite_user_engine_cleanup_transients","init_plugin_suite_user_engine_do_cleanup",39,{"type":135,"name":145,"callback":146,"priority":46,"file":147,"line":148},"wp_insert_comment","closure","includes\\hooks.php",5,{"type":135,"name":150,"callback":146,"priority":46,"file":147,"line":151},"transition_post_status",61,{"type":135,"name":153,"callback":146,"file":147,"line":113},"user_register",{"type":135,"name":155,"callback":146,"priority":46,"file":147,"line":156},"profile_update",125,{"type":135,"name":136,"callback":146,"file":147,"line":158},151,{"type":135,"name":160,"callback":146,"priority":46,"file":147,"line":161},"woocommerce_order_status_completed",184,{"type":135,"name":145,"callback":146,"priority":163,"file":147,"line":164},20,242,{"type":166,"name":167,"callback":146,"priority":168,"file":147,"line":169},"filter","pre_get_avatar_data",9999,276,{"type":166,"name":171,"callback":146,"priority":168,"file":147,"line":172},"get_avatar_url",338,{"type":166,"name":174,"callback":146,"file":147,"line":175},"show_admin_bar",348,{"type":135,"name":177,"callback":146,"priority":46,"file":147,"line":178},"init_plugin_suite_review_system_after_criteria_review",363,{"type":135,"name":180,"callback":146,"priority":46,"file":147,"line":181},"init_plugin_suite_user_engine_vip_removed",391,{"type":135,"name":183,"callback":184,"file":185,"line":186},"wp","init_plugin_suite_user_engine_schedule_cleanup","includes\\inbox.php",401,{"type":135,"name":188,"callback":189,"file":185,"line":190},"init_plugin_suite_user_engine_cleanup_orphaned_inbox","init_plugin_suite_user_engine_cleanup_orphaned_inbox_handler",404,{"type":135,"name":192,"callback":193,"file":185,"line":194},"admin_post_iue_cleanup_inbox_type","init_plugin_suite_user_engine_handle_cleanup_inbox_type",436,{"type":135,"name":196,"callback":197,"priority":46,"file":198,"line":199},"wpmu_new_blog","init_plugin_suite_user_engine_on_new_blog","includes\\init.php",8,{"type":135,"name":201,"callback":202,"file":198,"line":203},"admin_init","init_plugin_suite_user_engine_check_table",9,{"type":135,"name":201,"callback":146,"file":205,"line":206},"includes\\redeem-codes-handler.php",7,{"type":135,"name":153,"callback":208,"priority":46,"file":209,"line":148},"init_plugin_suite_user_engine_check_referral","includes\\referral.php",{"type":135,"name":211,"callback":212,"file":213,"line":148},"rest_api_init","init_plugin_suite_user_engine_register_rest_routes","includes\\rest-api.php",{"type":135,"name":215,"callback":146,"file":216,"line":148},"admin_menu","includes\\settings-page.php",{"type":135,"name":201,"callback":146,"file":216,"line":218},71,{"type":135,"name":220,"callback":221,"file":222,"line":223},"wp_dashboard_setup","init_plugin_suite_user_engine_add_inbox_dashboard_widget","includes\\tools\\inbox-statistics.php",514,{"type":135,"name":225,"callback":226,"file":227,"line":32},"show_user_profile","init_plugin_suite_user_engine_render_admin_user_metabox","includes\\user-metabox.php",{"type":135,"name":229,"callback":226,"file":227,"line":230},"edit_user_profile",13,{"type":135,"name":232,"callback":146,"file":227,"line":233},"admin_enqueue_scripts",18,{"type":135,"name":235,"callback":146,"file":227,"line":236},"admin_post_iue_remove_vip",533,{"type":135,"name":238,"callback":146,"file":227,"line":239},"admin_post_iue_toggle_avatar_ban",625,{"type":135,"name":241,"callback":146,"file":227,"line":242},"admin_notices",676,{"type":135,"name":241,"callback":146,"file":227,"line":244},713,{"type":135,"name":246,"callback":146,"priority":46,"file":247,"line":248},"init_plugin_suite_user_engine_add_exp","includes\\utils.php",69,{"type":135,"name":250,"callback":146,"priority":46,"file":247,"line":251},"init_plugin_suite_user_engine_add_coin",75,{"type":135,"name":253,"callback":146,"priority":46,"file":247,"line":254},"init_plugin_suite_user_engine_add_cash",81,{"type":135,"name":232,"callback":146,"file":247,"line":256},203,{"type":166,"name":258,"callback":259,"file":260,"line":256},"body_class","init_plugin_suite_user_engine_add_vip_body_class","includes\\vip.php",{"type":135,"name":262,"callback":263,"file":264,"line":265},"wp_enqueue_scripts","init_plugin_suite_user_engine_enqueue_guest_assets","init-user-engine.php",66,{"type":135,"name":267,"callback":268,"file":264,"line":269},"wp_footer","init_plugin_suite_user_engine_render_login_modal",126,{"type":135,"name":262,"callback":271,"file":264,"line":272},"init_plugin_suite_user_engine_enqueue_loggedin_assets",149,{"type":135,"name":232,"callback":146,"file":264,"line":186},[275],{"action":276,"nopriv":277,"callback":146,"hasNonce":277,"hasCapCheck":277,"file":278,"line":279},"iue_user_search",false,"includes\\ajax.php",4,[],[282],{"tag":283,"callback":284,"file":285,"line":279},"init_user_engine","init_plugin_suite_user_engine_render_shortcode","includes\\shortcode.php",[287,289],{"hook":141,"callback":141,"file":138,"line":288},43,{"hook":188,"callback":188,"file":185,"line":290},398,2,{"dangerousFunctions":293,"sqlUsage":294,"outputEscaping":337,"fileOperations":71,"externalRequests":71,"nonceChecks":32,"capabilityChecks":363,"bundledLibraries":364},[],{"prepared":295,"raw":233,"locations":296},68,[297,300,303,306,308,310,312,314,316,318,321,322,324,326,328,330,332,335],{"file":185,"line":298,"context":299},418,"$wpdb->query() with variable interpolation",{"file":185,"line":301,"context":302},428,"$wpdb->get_col() with variable interpolation",{"file":198,"line":304,"context":305},52,"$wpdb->get_var() with variable interpolation",{"file":198,"line":307,"context":305},59,{"file":222,"line":309,"context":305},15,{"file":222,"line":311,"context":305},334,{"file":222,"line":313,"context":305},336,{"file":222,"line":315,"context":305},344,{"file":222,"line":317,"context":305},346,{"file":222,"line":319,"context":320},355,"$wpdb->get_results() with variable interpolation",{"file":222,"line":178,"context":320},{"file":222,"line":323,"context":320},371,{"file":222,"line":325,"context":305},532,{"file":222,"line":327,"context":305},550,{"file":222,"line":329,"context":305},552,{"file":222,"line":331,"context":305},556,{"file":333,"line":334,"context":305},"includes\\tools\\redeem-codes.php",28,{"file":227,"line":336,"context":305},456,{"escaped":338,"rawEcho":339,"locations":340},520,11,[341,343,345,347,349,351,353,355,357,359,361],{"file":222,"line":139,"context":342},"raw output",{"file":222,"line":344,"context":342},47,{"file":222,"line":346,"context":342},290,{"file":222,"line":348,"context":342},534,{"file":222,"line":350,"context":342},535,{"file":333,"line":352,"context":342},312,{"file":333,"line":354,"context":342},353,{"file":333,"line":356,"context":342},365,{"file":333,"line":358,"context":342},406,{"file":227,"line":360,"context":342},237,{"file":362,"line":295,"context":342},"templates\\dashboard.php",16,[],[366,385,393,405,413,440],{"entryPoint":367,"graph":368,"unsanitizedCount":13,"severity":384},"init_plugin_suite_user_engine_handle_cleanup_inbox_type (includes\\inbox.php:437)",{"nodes":369,"edges":381},[370,375],{"id":371,"type":372,"label":373,"file":185,"line":374},"n0","source","$_POST",444,{"id":376,"type":377,"label":378,"file":185,"line":379,"wp_function":380},"n1","sink","query() [SQLi]",464,"query",[382],{"from":371,"to":376,"sanitized":383},true,"low",{"entryPoint":386,"graph":387,"unsanitizedCount":13,"severity":384},"\u003Cinbox> (includes\\inbox.php:0)",{"nodes":388,"edges":391},[389,390],{"id":371,"type":372,"label":373,"file":185,"line":374},{"id":376,"type":377,"label":378,"file":185,"line":379,"wp_function":380},[392],{"from":371,"to":376,"sanitized":383},{"entryPoint":394,"graph":395,"unsanitizedCount":13,"severity":384},"init_plugin_suite_user_engine_render_inbox_stats_page (includes\\tools\\inbox-statistics.php:5)",{"nodes":396,"edges":403},[397,400],{"id":371,"type":372,"label":398,"file":222,"line":399},"$_GET (x2)",33,{"id":376,"type":377,"label":401,"file":222,"line":139,"wp_function":402},"echo() [XSS]","echo",[404],{"from":371,"to":376,"sanitized":383},{"entryPoint":406,"graph":407,"unsanitizedCount":13,"severity":384},"\u003Cinbox-statistics> (includes\\tools\\inbox-statistics.php:0)",{"nodes":408,"edges":411},[409,410],{"id":371,"type":372,"label":398,"file":222,"line":399},{"id":376,"type":377,"label":401,"file":222,"line":139,"wp_function":402},[412],{"from":371,"to":376,"sanitized":383},{"entryPoint":414,"graph":415,"unsanitizedCount":13,"severity":384},"init_plugin_suite_user_engine_render_redeem_codes_page (includes\\tools\\redeem-codes.php:4)",{"nodes":416,"edges":436},[417,419,423,426,431,433],{"id":371,"type":372,"label":398,"file":333,"line":418},17,{"id":376,"type":377,"label":420,"file":333,"line":421,"wp_function":422},"get_results() [SQLi]",34,"get_results",{"id":424,"type":372,"label":425,"file":333,"line":344},"n2","$_GET",{"id":427,"type":377,"label":428,"file":333,"line":429,"wp_function":430},"n3","get_row() [SQLi]",63,"get_row",{"id":432,"type":372,"label":425,"file":333,"line":344},"n4",{"id":434,"type":377,"label":401,"file":333,"line":435,"wp_function":402},"n5",407,[437,438,439],{"from":371,"to":376,"sanitized":383},{"from":424,"to":427,"sanitized":383},{"from":432,"to":434,"sanitized":383},{"entryPoint":441,"graph":442,"unsanitizedCount":13,"severity":384},"\u003Credeem-codes> (includes\\tools\\redeem-codes.php:0)",{"nodes":443,"edges":450},[444,445,446,447,448,449],{"id":371,"type":372,"label":398,"file":333,"line":418},{"id":376,"type":377,"label":420,"file":333,"line":421,"wp_function":422},{"id":424,"type":372,"label":425,"file":333,"line":344},{"id":427,"type":377,"label":428,"file":333,"line":429,"wp_function":430},{"id":432,"type":372,"label":425,"file":333,"line":344},{"id":434,"type":377,"label":401,"file":333,"line":435,"wp_function":402},[451,452,453],{"from":371,"to":376,"sanitized":383},{"from":424,"to":427,"sanitized":383},{"from":432,"to":434,"sanitized":383},{"summary":455,"deductions":456},"The \"init-user-engine\" v1.4.6 plugin demonstrates a generally strong security posture with many good practices in place. The code extensively utilizes prepared statements for SQL queries (79%) and has an excellent rate of output escaping (98%), significantly reducing the risk of common vulnerabilities like SQL injection and cross-site scripting. The plugin also incorporates a healthy number of nonce and capability checks, indicating an effort to secure its functionalities. Furthermore, the absence of any known CVEs and a clean vulnerability history suggests a well-maintained and secure codebase over time. The taint analysis found no critical or high-severity issues, reinforcing the impression of robust security development. \n\nHowever, there is a notable concern regarding the plugin's attack surface. It exposes one AJAX handler without any authentication checks. This unprotected entry point is the most significant security risk identified in the static analysis. While the taint analysis did not find any direct exploitation paths through this specific handler, it represents a potential avenue for unauthorized actions or information disclosure if not properly secured against direct, unauthenticated access. The presence of external HTTP requests, while only one, warrants attention to ensure the target is trustworthy and the request is handled securely. The file operation also requires scrutiny to ensure no sensitive files are accessed or modified without proper validation.\n\nIn conclusion, \"init-user-engine\" v1.4.6 is a relatively secure plugin with strong coding practices in SQL and output handling, and a clean security history. The primary weakness lies in an unprotected AJAX endpoint, which, while not exploited according to the static analysis, is a critical area that requires immediate attention to implement proper authentication and authorization checks to fully secure the plugin.",[457],{"reason":458,"points":199},"AJAX handler without authentication","2026-03-16T22:15:22.957Z",{"wat":461,"direct":474},{"assetPaths":462,"generatorPatterns":467,"scriptPaths":468,"versionParams":469},[463,464,465,466],"\u002Fwp-content\u002Fplugins\u002Finit-user-engine\u002Fassets\u002Fcss\u002Fstyle-guest.css","\u002Fwp-content\u002Fplugins\u002Finit-user-engine\u002Fassets\u002Fjs\u002Fguest.js","\u002Fwp-content\u002Fplugins\u002Finit-user-engine\u002Fassets\u002Fcss\u002Fstyle-user.css","\u002Fwp-content\u002Fplugins\u002Finit-user-engine\u002Fassets\u002Fjs\u002Fmember.js",[],[464,466],[470,471,472,473],"init-user-engine\u002Fassets\u002Fcss\u002Fstyle-guest.css?ver=","init-user-engine\u002Fassets\u002Fjs\u002Fguest.js?ver=","init-user-engine\u002Fassets\u002Fcss\u002Fstyle-user.css?ver=","init-user-engine\u002Fassets\u002Fjs\u002Fmember.js?ver=",{"cssClasses":475,"htmlComments":482,"htmlAttributes":483,"restEndpoints":486,"jsGlobals":488,"shortcodeOutput":490},[476,477,478,479,480,481],"init-user-engine-login-modal","iue-overlay","iue-content","iue-header","iue-close","iue-body",[],[484,485],"id=\"init-user-engine-login-modal\"","id=\"init-user-engine-modal-close\"",[487],"\u002Fwp-json\u002Finituser\u002Fv1",[489],"InitUserEngineData",[]]