[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFNuW-4Ol5BH6hHI2Y_eedU2EiSrVOtC3e_H4yZBwFKk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":83,"crawl_stats":38,"alternatives":89,"analysis":187,"fingerprints":529},"ip-based-login","IP Based Login","2.4.4","brijeshk89","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrijeshk89\u002F","\u003Cp>IP Based Login allows you to directly login from an authorized IP without password. So if you want to allow someone to login but you do not want to share the login details just add their IP \u002F IP Range using IP Based Login and when they access your site they will be logged in without having to enter the login credentials.\u003C\u002Fp>\n\u003Cp>Features in IP Based Login include:\u003C\u002Fp>\n\u003Cp>[PRO Features]\u003Cbr \u002F>\n– IPv6 Support\u003Cbr \u002F>\n– EZProxy Support\u003Cbr \u002F>\n– Analytics – Check sessions usage and find which university\u002Finstitution is actively accessing your content\u003Cbr \u002F>\n– Central Management for IP ranges – Add your IP ranges on our central server and get the IP ranges synced across all your websites automatically.\u003C\u002Fp>\n\u003Cp>[Free Features]\u003Cbr \u002F>\n– Create IP ranges\u003Cbr \u002F>\n– IPv4 Support\u003Cbr \u002F>\n– Cloudflare support\u003Cbr \u002F>\n– Choose the username accessible when accessed by the IP existing in provided range\u003Cbr \u002F>\n– Bulk Export\u002FImport IP ranges\u003Cbr \u002F>\n– Delete IP ranges\u003Cbr \u002F>\n– Enable\u002FDisable IP ranges\u003Cbr \u002F>\n– Terminate Session if IP changed\u003Cbr \u002F>\n– Licensed under GNU GPL version 3\u003Cbr \u002F>\n– Does not affect when accessed from any other IPs not existing in any ranges\u003Cbr \u002F>\n– Safe & Secure\u003Cbr \u002F>\n– No passwords saved\u003C\u002Fp>\n\u003Cp>[For Publishers]\u003Cbr \u002F>\nJust add University IP Address to the plugin and when the students access your website from the University campus or EZ Proxy server they will be automatically authenticated to your WordPress website with the subscriber account you choose while adding the IP address.\u003C\u002Fp>\n\u003Cp>[Developers Section]\u003Cbr \u002F>\n– \u003Cstrong>is_logged_in_using_ipbl()\u003C\u002Fstrong> function to determine if a user is logged in with IP Based login plugin or with username\u002Fpassword\u003Cbr \u002F>\n– Add additional layer of check before the user is auto logged using the \u003Cstrong>ipbl_can_auto_login\u003C\u002Fstrong> hook\u003Cbr \u002F>\n– Execute custom PHP code after the user is auto logged in using the \u003Cstrong>ipbl_auto_logged_in\u003C\u002Fstrong> hook\u003C\u002Fp>\n","IP Based Login allows you to directly login from an authorized IP without password.",400,44022,98,23,"2025-09-11T17:59:00.000Z","6.8.5","3.0","5.6",[20,21,22,23,24],"authentication","auto","based","ip","login","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fip-based-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-based-login.2.4.4.zip",96,4,0,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[33,48,60,72],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-58960","ip-based-login-authenticated-administrator-stored-cross-site-scripting","IP Based Login \u003C= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting","The IP Based Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=2.4.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 19:03:18",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0c30cfa6-dee2-40d2-b5ac-06451e9218fb?source=api-prod",5,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2025-50016","ip-based-login-authenticated-administrator-stored-cross-site-scripting-2","IP Based Login \u003C= 2.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The IP Based Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.","\u003C=2.4.2","2.4.3","2025-06-19 00:00:00","2025-07-21 20:41:07",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdba4317d-8624-495b-9a1f-2d4a72999129?source=api-prod",33,{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":38,"affected_versions":65,"patched_in_version":66,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":67,"updated_date":68,"references":69,"days_to_patch":71},"CVE-2024-12800","ip-based-login-authenticated-admin-stored-cross-site-scripting","IP Based Login \u003C= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting","The IP Based Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=2.4.0","2.4.1","2025-03-06 00:00:00","2025-03-13 14:40:23",[70],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4b334ebe-6988-4caf-aad4-b599dc6be969?source=api-prod",8,{"id":73,"url_slug":74,"title":75,"description":76,"plugin_slug":4,"theme_slug":38,"affected_versions":65,"patched_in_version":66,"severity":40,"cvss_score":77,"cvss_vector":78,"vuln_type":79,"published_date":67,"updated_date":80,"references":81,"days_to_patch":71},"CVE-2024-13118","ip-based-login-cross-site-request-forgery-to-log-deletion","IP Based Login \u003C= 2.4.0 - Cross-Site Request forgery to Log Deletion","The IP Based Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete logs granted they can trick a site administrator into performing an action such as clicking on a link.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-03-13 14:40:16",[82],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff5ba8c79-1093-43aa-8273-2dbbe3172fec?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":84,"avg_security_score":85,"avg_patch_time_days":86,"trust_score":87,"computed_at":88},1500,85,25,84,"2026-04-04T16:58:34.931Z",[90,107,123,147,168],{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":29,"num_ratings":29,"last_updated":100,"tested_up_to":101,"requires_at_least":17,"requires_php":102,"tags":103,"homepage":102,"download_link":105,"security_score":85,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":106},"url-based-login","URL Based Login","1.1","iamudit","https:\u002F\u002Fprofiles.wordpress.org\u002Fiamudit\u002F","\u003Cp>URL Based Login allows you to directly login from an allowed URL. So if you want to allow someone to login but you do not want to share the login details just create a Login URL with URL Based Login and provide them the Login URL.\u003C\u002Fp>\n\u003Cp>Features in URL Based Login 1.3.0  include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create multiple Login URLs\u003C\u002Fli>\n\u003Cli>Choose the username accessible when accessed by the allowed URL\u003C\u002Fli>\n\u003Cli>Delete Login URLs\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003Cli>No passwords saved\u003C\u002Fli>\n\u003Cli>Completely FREE\u003C\u002Fli>\n\u003Cli>Licensed under GNU GPL version 3\u003C\u002Fli>\n\u003C\u002Ful>\n","URL Based Login allows you to directly login from an allowed Login URL.",10,2192,"2015-03-23T22:08:00.000Z","4.1.42","",[20,21,22,24,104],"url","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Furl-based-login.1.1.zip","2026-03-15T14:54:45.397Z",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":29,"downloaded":115,"rating":29,"num_ratings":29,"last_updated":102,"tested_up_to":116,"requires_at_least":17,"requires_php":102,"tags":117,"homepage":102,"download_link":120,"security_score":121,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":122},"login-by-ip-authentication","Login By IP Authentication","0.1","DotsquaresLtd","https:\u002F\u002Fprofiles.wordpress.org\u002Fdswpsupport\u002F","\u003Cp>The plugin will allow users to login with their allowed IPs only. If you want user should be allowed to login with multiple IPs, then admin can associate multiple IPs separated with comma(,) character.\u003C\u002Fp>\n\u003Ch4>General Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP Restricted login.\u003C\u002Fli>\n\u003Cli>You can set multiple IPs for a user to allow login from multiple IPs.\u003C\u002Fli>\n\u003Cli>Lightweight.\u003C\u002Fli>\n\u003C\u002Ful>\n","The plugin will allow users to login with their allowed IPs only. If you want user should be allowed to login with multiple IPs, then admin can associ &hellip;",1031,"4.9.29",[118,4,119],"ip-authentication","login-with-ip-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-by-ip-authentication.zip",100,"2026-03-15T10:48:56.248Z",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":102,"tags":138,"homepage":142,"download_link":143,"security_score":144,"vuln_count":145,"unpatched_count":29,"last_vuln_date":146,"fetched_at":31},"wp-members","WP-Members Membership Plugin","3.5.6","Chad Butler","https:\u002F\u002Fprofiles.wordpress.org\u002Fcbutlerjr\u002F","\u003Cp>The original WordPress membership plugin with content restriction, user login, custom registration fields, user profiles, and more.\u003C\u002Fp>\n\u003Ch3>Membership Sites. Simplified.\u003C\u002Fh3>\n\u003Cp>You need a membership site, but you want to focus on your business, not mastering a plugin. WP-Members is simple to use, easy to set up, yet flexible in every way imaginable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Simple to install and configure – yet customizable and scalable!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Restrict or hide posts, pages, and custom post types\u003C\u002Fli>\n\u003Cli>Limit menu items to logged in users\u003C\u002Fli>\n\u003Cli>User login, registration, and profile integrated into your theme\u003C\u002Fli>\n\u003Cli>Create custom registration and profile fields\u003C\u002Fli>\n\u003Cli>Integrate custom fields into WooCommerce checkout and registration (only supported by shortcode pages, not block editor version)\u003C\u002Fli>\n\u003Cli>Create custom memberships and content restriction\u003C\u002Fli>\n\u003Cli>Notify admin of new user registrations\u003C\u002Fli>\n\u003Cli>Hold new registrations for admin approval\u003C\u002Fli>\n\u003Cli>Create post excerpt teaser content automatically\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members\u002Fdocs\u002Fshortcodes\u002F\" rel=\"nofollow ugc\">Shortcodes for login, registration, content restriction, and more\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create powerful customizations with \u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members\u002Fdocs\u002Ffilter-hooks\u002F\" rel=\"nofollow ugc\">more than 120 action and filter hooks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members\u002Fdocs\u002Fapi-functions\u002F\" rel=\"nofollow ugc\">A library of API functions for extensibility\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WP-Members allows you to restrict content as restricted or hidden, limiting access to registered users.\u003C\u002Fp>\n\u003Cp>A full Users Guide is \u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members\u002Fdocs\u002F\" rel=\"nofollow ugc\">available here\u003C\u002Fa>. The guide outlines the installation process, and also documents how to use all of the settings.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>There is \u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members\u002Fdocs\u002F\" rel=\"nofollow ugc\">freely available documentation on the plugin’s support site\u003C\u002Fa>. Your question may be answered there. If you need assistance configuring the plugin or have questions on how to implement or customize features, \u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fproduct\u002Fwp-members-plugin-support\u002F\" rel=\"nofollow ugc\">premium support is available\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You can get priority support along with all of the plugin’s premium extensions in one \u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fproduct\u002Fwp-members-pro-bundle\u002F\" rel=\"nofollow ugc\">cost saving Pro Bundle!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Premium Support\u003C\u002Fh4>\n\u003Cp>Premium support subscribers have access to priority email support, examples, tutorials, and code snippets that will help you extend and customize the base plugin using the plugin’s framework. \u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members\u002Fsupport-options\u002F\" rel=\"nofollow ugc\">Visit the site for more info\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Free Extensions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fproduct\u002Fstop-spam-registrations\u002F\" rel=\"nofollow ugc\">Stop Spam Registrations\u003C\u002Fa> – Uses stopforumspam.com’s API to block spam registrations.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fproduct\u002Fsend-test-emails\u002F\" rel=\"nofollow ugc\">Send Test Emails\u003C\u002Fa> – A utility to send test versions of the plugin’s emails.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Extensions\u003C\u002Fh4>\n\u003Cp>The plugin has several premium extensions for additional functionality. You can purchase any of them individually, or get them all for a significant discount in the Pro Bundle.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-advanced-options\u002F\" rel=\"nofollow ugc\">Advanced Options\u003C\u002Fa> – adds additional settings to WP-Members for redirecting core WP created URLs, redirecting restricted content, hiding the WP toolbar, and more! Also includes integrations with popular plugins like WooCommerce, BuddyPress, bbPress, ADF, Easy Digital Downloads, and The Events Calendar.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-download-protect\u002F\" rel=\"nofollow ugc\">Download Protect\u003C\u002Fa> – Allows you to restrict access to specific files, requiring the user to be logged in to access.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-invite-codes\u002F\" rel=\"nofollow ugc\">Invite Codes\u003C\u002Fa> – set up invitation codes to restrict registration to only those with a valide invite code.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-mailchimp-integration\u002F\" rel=\"nofollow ugc\">MailChimp Integration\u003C\u002Fa> – add MailChimp list subscription to your registation form.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-memberships-for-woocommerce\u002F\" rel=\"nofollow ugc\">Memberships for WooCommerce\u003C\u002Fa> – Sell memberships through WooCommerce.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-paypal-subscriptions\u002F\" rel=\"nofollow ugc\">PayPal Subscriptions\u003C\u002Fa> – Sell restricted content access through PayPal.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-security\u002F\" rel=\"nofollow ugc\">Security\u003C\u002Fa> – adds a number of security features to the plugin such as preventing concurrent logins, registration form honey pot (spam blocker), require passwords be changed on first use, require passwords to be changed after defined period of time, require strong passwords, block registration by IP and email, restrict specified usernames from being registered.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-text-editor\u002F\" rel=\"nofollow ugc\">Text Editor\u003C\u002Fa> – Adds an editor to the WP-Members admin panel to easily customize all user facing strings in the plugin.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-user-list\u002F\" rel=\"nofollow ugc\">User List\u003C\u002Fa> – Display lists of users on your site. Great for creating user directories with detailed and customizable profiles.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwp-members-user-tracking\u002F\" rel=\"nofollow ugc\">User Tracking\u003C\u002Fa> – Track what pages logged in users are visting and when.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fplugins\u002Fwordpass\u002F\" rel=\"nofollow ugc\">WordPass Pro\u003C\u002Fa> – Change your random password generator from gibberish to word-based passwords (can be used with or without WP-Members).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Get support along with all of the plugin’s premium extensions in one \u003Ca href=\"https:\u002F\u002Frocketgeek.com\u002Fproduct\u002Fwp-members-pro-bundle\u002F\" rel=\"nofollow ugc\">cost saving Pro Bundle!\u003C\u002Fa>\u003C\u002Fp>\n","The original WordPress membership plugin with content restriction, user login, custom registration fields, user profiles, and more.",50000,3986869,92,271,"2026-02-27T14:28:00.000Z","6.9.4","4.0",[20,24,139,140,141],"membership","registration","restriction","https:\u002F\u002Frocketgeek.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-members.3.5.6.zip",88,18,"2026-03-03 18:17:29",{"slug":148,"name":149,"version":150,"author":149,"author_profile":151,"description":152,"short_description":153,"active_installs":154,"downloaded":155,"rating":121,"num_ratings":156,"last_updated":157,"tested_up_to":136,"requires_at_least":158,"requires_php":159,"tags":160,"homepage":166,"download_link":167,"security_score":121,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"clickship","ClickShip","1.0.9","https:\u002F\u002Fprofiles.wordpress.org\u002Fclickshipfc\u002F","\u003Cp>Get top-tier carriers with pre-built discounted shipping rates across North America based on your shipping needs. Purchase shipping labels, schedule pickups and manage all your stores and orders in one consolidated platform.\u003C\u002Fp>\n\u003Cp>Create Shipping Labels and Process Returns\u003Cbr \u002F>\nPrepare and print your labels in bulk as well as create and provide return labels to your customers.\u003C\u002Fp>\n\u003Cp>Ship Orders as a Pallets\u003Cbr \u002F>\nWe offer pallet shipments for orders that are too big to be sent via courier. With our pallet rates, we provide the same trusted carriers for your LTL (less-than-truckload) shipments.\u003C\u002Fp>\n\u003Cp>Schedule Pickups for your orders – for free\u003Cbr \u002F>\nHave carriers pick up your orders, straight from your doorstep. ClickShip provides all pickups for free.\u003C\u002Fp>\n\u003Cp>Advanced Custom Branding\u003Cbr \u002F>\nPut your brand at the forefront to every customer interaction with customized emails and tracking page. Send your customer’s updates on the status of their order with customized styling.\u003C\u002Fp>\n\u003Cp>Advanced Search Functionality for Orders\u003Cbr \u002F>\nCreate pick lists and see what products need to be packed for all your orders and know exactly what needs to be packed and shipped. Filter your orders by store, shipping destination, and even by single or multi-order, and keep your orders on-track easily!\u003C\u002Fp>\n\u003Cp>Even More Features to Help You Click, Ship and Save!\u003Cbr \u002F>\n–   Robust dashboard information to see your order summary for the day\u003Cbr \u002F>\n–   Print shipping labels, packing slips and shipment details in bulk\u003Cbr \u002F>\n–   Schedule pickups for your orders, directly at your doorstep\u003Cbr \u002F>\n–   Ship orders with pallets and provide pallet rates at your store checkout\u003Cbr \u002F>\n–   Smart Packaging solution allows you to utilize product and package dimensions to accurately quote customers at checkout.\u003C\u002Fp>\n\u003Cp>YouTube Video\u003Cbr \u002F>\nWooCommerce Integration & Real-Time Rates Guide for ClickShip\u003C\u002Fp>\n\u003Cp>Support\u003C\u002Fp>\n\u003Cp>Have any questions or issues with the ClickShip? Contact one of our support channels\u003C\u002Fp>\n\u003Col>\n\u003Cli>customersupport@clickship.com\u003C\u002Fli>\n\u003Cli>techsupport@clickship.com\u003C\u002Fli>\n\u003C\u002Fol>\n","ClickShip offers real-time shipping rates at checkout. Sign up, integrate your WooCommerce store, and start shipping effortlessly.",1000,9590,1,"2025-12-12T11:27:00.000Z","5.8","7.2",[161,162,163,164,165],"custom-shipping","shipping","shipping-automation","shipping-methods","weight-based-shipping","https:\u002F\u002Fwww.clickship.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclickship.1.0.9.zip",{"slug":169,"name":170,"version":171,"author":172,"author_profile":173,"description":174,"short_description":175,"active_installs":176,"downloaded":177,"rating":121,"num_ratings":156,"last_updated":178,"tested_up_to":136,"requires_at_least":137,"requires_php":179,"tags":180,"homepage":102,"download_link":186,"security_score":121,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ip-blocker-lite","IP & Country Blocker Lite","3.0.0","Nurul Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Ffaqnurul\u002F","\u003Cp>IP & Country Blocker Lite is a comprehensive WordPress security plugin that provides multiple layers of protection for your website. Block unwanted visitors based on IP addresses or countries, and add an extra layer of security with two-factor authentication (2FA).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>IP Address Blocking\u003C\u002Fstrong>: Block or allow specific IP addresses, IP ranges, or subnets\u003Cbr \u002F>\n* \u003Cstrong>Country-Based Blocking\u003C\u002Fstrong>: Restrict access based on visitors’ countries\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>: Secure admin logins with email-based 2FA or authenticator apps\u003Cbr \u002F>\n* \u003Cstrong>Recovery Codes\u003C\u002Fstrong>: Backup access codes for account recovery\u003Cbr \u002F>\n* \u003Cstrong>Emergency Recovery\u003C\u002Fstrong>: Generate secure recovery URLs to disable the plugin if locked out\u003Cbr \u002F>\n* \u003Cstrong>Advanced Security Dashboard\u003C\u002Fstrong>: Monitor blocked attempts and security events\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Benefits:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Protect against spam, bots, and malicious traffic\u003Cbr \u002F>\n* Prevent brute force attacks on admin login\u003Cbr \u002F>\n* Block entire countries or regions\u003Cbr \u002F>\n* Easy-to-use admin interface with real-time monitoring\u003Cbr \u002F>\n* Lightweight and fast performance\u003Cbr \u002F>\n* No external dependencies for core functionality\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easy Management:\u003C\u002Fstrong>\u003Cbr \u002F>\n* One-click blocking\u002Funblocking\u003Cbr \u002F>\n* Intuitive admin panel with tabbed interface\u003Cbr \u002F>\n* Real-time activity logs\u003Cbr \u002F>\n* Bulk operations support\u003Cbr \u002F>\n* Custom blocked page templates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitoring & Analytics:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked IP attempts\u003Cbr \u002F>\n* View country-wise access statistics\u003Cbr \u002F>\n* Monitor security events\u003Cbr \u002F>\n* Export blocking rules\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy & Compliance:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Uses free IP-API.com service for geolocation\u003Cbr \u002F>\n* No personal data storage\u003Cbr \u002F>\n* GDPR compliant\u003Cbr \u002F>\n* Respects user privacy\u003C\u002Fp>\n\u003Ch3>Data Collection & Privacy\u003C\u002Fh3>\n\u003Cp>For transparency, here’s what data the plugin collects and why:\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Essential Data Collection (Always Required for Functionality):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP Addresses\u003C\u002Fstrong>: Collected for security blocking and geolocation features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable IP\u002Fcountry blocking, security monitoring, and access control\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Temporary (not stored in database, only processed in memory)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Sent to IP-API.com for country lookup (free service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Country Information\u003C\u002Fstrong>: Derived from IP addresses via geolocation\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable country-based blocking and access statistics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Not stored permanently (only used for blocking decisions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Retrieved from IP-API.com (free geolocation service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Optional Data Collection (Only with User Consent):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin Usage Statistics\u003C\u002Fstrong>: Anonymous plugin performance data\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Improve plugin quality and fix bugs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Plugin version, WordPress version, PHP version, activation date\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Completely anonymous, no personal identifiers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Feedback\u003C\u002Fstrong>: Plugin reviews and feedback submissions\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Understand user needs and improve features\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Feedback text, rating, plugin version, PHP version\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Anonymous feedback, no personal data required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fcodecanvasbd\u002Fprivacy-policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Data Collection Controls:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Consent Required\u003C\u002Fstrong>: Optional data collection requires explicit user consent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Opt-out\u003C\u002Fstrong>: Users can decline consent at any time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Automatic Collection\u003C\u002Fstrong>: No data sent without user permission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparent Process\u003C\u002Fstrong>: Clear consent modal explains what data is collected\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Third-Party Services:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP-API.com\u003C\u002Fstrong>: Free geolocation service for country detection\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Visitor IP addresses\u003C\u002Fli>\n\u003Cli>Purpose: Determine visitor country for blocking features\u003C\u002Fli>\n\u003Cli>Privacy: IP-API.com privacy policy applies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remote Analytics Server\u003C\u002Fstrong> (optional, consent required):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Anonymous usage statistics\u003C\u002Fli>\n\u003Cli>Purpose: Plugin improvement and support\u003C\u002Fli>\n\u003Cli>Privacy: No personal data, fully anonymous\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>GDPR Compliance:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ No personal data storage without consent\u003C\u002Fli>\n\u003Cli>✅ Clear consent mechanisms\u003C\u002Fli>\n\u003Cli>✅ Easy opt-out options\u003C\u002Fli>\n\u003Cli>✅ Transparent data practices\u003C\u002Fli>\n\u003Cli>✅ Data minimization principles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Main Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>IP & Country Blocking:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block specific IP addresses or ranges (CIDR notation supported)\u003Cbr \u002F>\n* Block entire countries or allow only specific countries\u003Cbr \u002F>\n* Whitelist important IPs for access\u003Cbr \u002F>\n* Real-time blocking with immediate effect\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong>\u003Cbr \u002F>\n* Email-based 2FA for easy setup\u003Cbr \u002F>\n* Authenticator app support (Google Authenticator, Authy, etc.)\u003Cbr \u002F>\n* Recovery codes for account access\u003Cbr \u002F>\n* Secure code generation and validation\u003Cbr \u002F>\n* Admin email verification\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Emergency Recovery System:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generate secure recovery URLs to disable plugin if locked out\u003Cbr \u002F>\n* Time-limited recovery hashes (24 hours expiration)\u003Cbr \u002F>\n* One-click plugin deactivation via recovery URL\u003Cbr \u002F>\n* Secure hash verification to prevent unauthorized access\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Interface:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Modern, responsive dashboard\u003Cbr \u002F>\n* Tabbed navigation for easy access\u003Cbr \u002F>\n* Real-time statistics and charts\u003Cbr \u002F>\n* Activity logs with filtering\u003Cbr \u002F>\n* Bulk operations for efficiency\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Monitoring:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked access attempts\u003Cbr \u002F>\n* Country-wise visitor statistics\u003Cbr \u002F>\n* Failed login monitoring\u003Cbr \u002F>\n* Security event logging\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Performance Optimized:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Lightweight codebase\u003Cbr \u002F>\n* Minimal database queries\u003Cbr \u002F>\n* Fast IP lookups\u003Cbr \u002F>\n* Caching support\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the IP-API.com service to detect the user’s location based on their IP address.\u003Cbr \u002F>\n– \u003Cstrong>Service\u003C\u002Fstrong>: IP-API.com (http:\u002F\u002Fip-api.com)\u003Cbr \u002F>\n– \u003Cstrong>Purpose\u003C\u002Fstrong>: IP geolocation for country-based blocking\u003Cbr \u002F>\n– \u003Cstrong>Data Sent\u003C\u002Fstrong>: User’s IP address only\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\u003Cbr \u002F>\n– \u003Cstrong>Data Storage\u003C\u002Fstrong>: No personal data is stored by this plugin\u003C\u002Fp>\n\u003Cp>The plugin works without this service but country blocking features will be limited.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, bug reports, or feature requests:\u003Cbr \u002F>\n– \u003Cstrong>WordPress.org Support Forum\u003C\u002Fstrong>: https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fip-blocker-lite\u002F\u003Cbr \u002F>\n– \u003Cstrong>GitHub Issues\u003C\u002Fstrong>: Report bugs and request features\u003Cbr \u002F>\n– \u003Cstrong>Email\u003C\u002Fstrong>: Contact through WordPress.org profile\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Contributions are welcome! Please feel free to submit pull requests or open issues on GitHub.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Developer\u003C\u002Fstrong>: Nurul Islam (faqnurul)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icons\u003C\u002Fstrong>: Dashicons (WordPress)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geolocation\u003C\u002Fstrong>: IP-API.com (free tier)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Charts\u003C\u002Fstrong>: Chart.js library\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nLicense URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cp>Take control of your website’s security and protect it from unwanted visitors with IP & Country Blocker Lite!\u003C\u002Fp>\n","Advanced WordPress security plugin with IP\u002Fcountry blocking and two-factor authentication for comprehensive website protection.",300,1883,"2026-01-05T16:17:00.000Z","7.0",[181,182,183,184,185],"country-blocker","ip-blocker","login-security","two-factor-authentication","website-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-blocker-lite.zip",{"attackSurface":188,"codeSignals":244,"taintFlows":463,"riskAssessment":514,"analyzedAt":528},{"hooks":189,"ajaxHandlers":235,"restRoutes":241,"shortcodes":242,"cronEvents":243,"entryPointCount":156,"unprotectedCount":29},[190,195,200,205,209,212,215,219,223,227,231],{"type":191,"name":192,"callback":193,"file":194,"line":121},"action","plugins_loaded","ip_based_login_update_check","init.php",{"type":196,"name":197,"callback":198,"priority":156,"file":194,"line":199},"filter","wsal_load_on_frontend","ipbl_wsal_load_on_frontend",346,{"type":196,"name":201,"callback":202,"priority":203,"file":194,"line":204},"attach_session_information","ipbl_attach_session_information",10000,396,{"type":191,"name":206,"callback":207,"file":194,"line":208},"wp_before_admin_bar_render","ipbl_admin_bar",447,{"type":196,"name":210,"callback":210,"priority":156,"file":194,"line":211},"ipbl_supported_ip",558,{"type":196,"name":213,"callback":213,"priority":156,"file":194,"line":214},"ipbl_is_supported_ip",559,{"type":191,"name":216,"callback":217,"priority":156,"file":194,"line":218},"init","ipbl_init",560,{"type":191,"name":220,"callback":221,"file":194,"line":222},"admin_init","ipbl_admin_init",561,{"type":191,"name":224,"callback":225,"file":194,"line":226},"admin_menu","ip_based_login_admin_menu",586,{"type":191,"name":228,"callback":229,"file":194,"line":230},"admin_notices","ipbl_admin_notices",1824,{"type":191,"name":192,"callback":232,"file":233,"line":234},"ip_based_login_load_plugin_textdomain","ip-based-login.php",44,[236],{"action":237,"nopriv":238,"callback":237,"hasNonce":239,"hasCapCheck":239,"file":194,"line":240},"ipbl_dismiss_sale_notice",false,true,1826,[],[],[],{"dangerousFunctions":245,"sqlUsage":246,"outputEscaping":266,"fileOperations":47,"externalRequests":156,"nonceChecks":461,"capabilityChecks":71,"bundledLibraries":462},[],{"prepared":28,"raw":71,"locations":247},[248,251,253,255,258,260,262,264],{"file":194,"line":249,"context":250},132,"$wpdb->query() with variable interpolation",{"file":194,"line":252,"context":250},144,{"file":194,"line":254,"context":250},340,{"file":194,"line":256,"context":257},506,"$wpdb->get_results() with variable interpolation",{"file":194,"line":259,"context":250},885,{"file":194,"line":261,"context":250},895,{"file":194,"line":263,"context":250},916,{"file":194,"line":265,"context":257},1329,{"escaped":267,"rawEcho":268,"locations":269},47,99,[270,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,359,361,363,365,367,369,371,373,374,375,377,379,381,383,385,387,389,391,393,395,397,399,400,402,404,406,408,409,410,412,414,415,416,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455,457,459],{"file":271,"line":272,"context":273},"functions.php",174,"raw output",{"file":271,"line":275,"context":273},196,{"file":271,"line":277,"context":273},200,{"file":194,"line":279,"context":273},603,{"file":194,"line":281,"context":273},886,{"file":194,"line":283,"context":273},896,{"file":194,"line":285,"context":273},918,{"file":194,"line":287,"context":273},946,{"file":194,"line":289,"context":273},960,{"file":194,"line":291,"context":273},1034,{"file":194,"line":293,"context":273},1157,{"file":194,"line":295,"context":273},1161,{"file":194,"line":297,"context":273},1298,{"file":194,"line":299,"context":273},1304,{"file":194,"line":301,"context":273},1454,{"file":194,"line":303,"context":273},1459,{"file":194,"line":305,"context":273},1470,{"file":194,"line":307,"context":273},1474,{"file":194,"line":309,"context":273},1476,{"file":194,"line":311,"context":273},1478,{"file":194,"line":313,"context":273},1483,{"file":194,"line":315,"context":273},1485,{"file":194,"line":317,"context":273},1488,{"file":194,"line":319,"context":273},1494,{"file":194,"line":321,"context":273},1496,{"file":194,"line":323,"context":273},1504,{"file":194,"line":325,"context":273},1510,{"file":194,"line":327,"context":273},1513,{"file":194,"line":329,"context":273},1517,{"file":194,"line":331,"context":273},1518,{"file":194,"line":333,"context":273},1521,{"file":194,"line":335,"context":273},1522,{"file":194,"line":337,"context":273},1525,{"file":194,"line":339,"context":273},1529,{"file":194,"line":341,"context":273},1530,{"file":194,"line":343,"context":273},1533,{"file":194,"line":345,"context":273},1537,{"file":194,"line":347,"context":273},1538,{"file":194,"line":349,"context":273},1541,{"file":194,"line":351,"context":273},1545,{"file":194,"line":353,"context":273},1546,{"file":194,"line":355,"context":273},1549,{"file":194,"line":357,"context":273},1550,{"file":194,"line":357,"context":273},{"file":194,"line":360,"context":273},1554,{"file":194,"line":362,"context":273},1556,{"file":194,"line":364,"context":273},1557,{"file":194,"line":366,"context":273},1558,{"file":194,"line":368,"context":273},1559,{"file":194,"line":370,"context":273},1564,{"file":194,"line":372,"context":273},1566,{"file":194,"line":372,"context":273},{"file":194,"line":372,"context":273},{"file":194,"line":376,"context":273},1570,{"file":194,"line":378,"context":273},1577,{"file":194,"line":380,"context":273},1578,{"file":194,"line":382,"context":273},1583,{"file":194,"line":384,"context":273},1587,{"file":194,"line":386,"context":273},1589,{"file":194,"line":388,"context":273},1601,{"file":194,"line":390,"context":273},1610,{"file":194,"line":392,"context":273},1614,{"file":194,"line":394,"context":273},1615,{"file":194,"line":396,"context":273},1624,{"file":194,"line":398,"context":273},1625,{"file":194,"line":398,"context":273},{"file":194,"line":401,"context":273},1634,{"file":194,"line":403,"context":273},1636,{"file":194,"line":405,"context":273},1640,{"file":194,"line":407,"context":273},1642,{"file":194,"line":407,"context":273},{"file":194,"line":407,"context":273},{"file":194,"line":411,"context":273},1646,{"file":194,"line":413,"context":273},1648,{"file":194,"line":413,"context":273},{"file":194,"line":413,"context":273},{"file":194,"line":413,"context":273},{"file":194,"line":418,"context":273},1652,{"file":194,"line":420,"context":273},1654,{"file":194,"line":422,"context":273},1658,{"file":194,"line":424,"context":273},1668,{"file":194,"line":426,"context":273},1678,{"file":194,"line":428,"context":273},1680,{"file":194,"line":430,"context":273},1681,{"file":194,"line":432,"context":273},1682,{"file":194,"line":434,"context":273},1686,{"file":194,"line":436,"context":273},1687,{"file":194,"line":438,"context":273},1692,{"file":194,"line":440,"context":273},1695,{"file":194,"line":442,"context":273},1699,{"file":194,"line":444,"context":273},1700,{"file":194,"line":446,"context":273},1701,{"file":194,"line":448,"context":273},1702,{"file":194,"line":450,"context":273},1703,{"file":194,"line":452,"context":273},1704,{"file":194,"line":454,"context":273},1705,{"file":194,"line":456,"context":273},1706,{"file":194,"line":458,"context":273},1732,{"file":194,"line":460,"context":273},1784,2,[],[464,486,505],{"entryPoint":465,"graph":466,"unsanitizedCount":156,"severity":40},"triger_login (init.php:234)",{"nodes":467,"edges":483},[468,473,477],{"id":469,"type":470,"label":471,"file":194,"line":472},"n0","source","$_REQUEST",453,{"id":474,"type":475,"label":476,"file":194,"line":472},"n1","transform","→ ipbl_debug_log()",{"id":478,"type":479,"label":480,"file":194,"line":481,"wp_function":482},"n2","sink","file_put_contents() [File Write]",228,"file_put_contents",[484,485],{"from":469,"to":474,"sanitized":238},{"from":474,"to":478,"sanitized":238},{"entryPoint":487,"graph":488,"unsanitizedCount":156,"severity":40},"\u003Cinit> (init.php:0)",{"nodes":489,"edges":501},[490,493,496,497,499],{"id":469,"type":470,"label":491,"file":194,"line":492},"$_POST (x2)",893,{"id":474,"type":479,"label":494,"file":194,"line":261,"wp_function":495},"query() [SQLi]","query",{"id":478,"type":470,"label":471,"file":194,"line":472},{"id":498,"type":475,"label":476,"file":194,"line":472},"n3",{"id":500,"type":479,"label":480,"file":194,"line":481,"wp_function":482},"n4",[502,503,504],{"from":469,"to":474,"sanitized":239},{"from":478,"to":498,"sanitized":238},{"from":498,"to":500,"sanitized":238},{"entryPoint":506,"graph":507,"unsanitizedCount":29,"severity":513},"ip_based_login_option_page (init.php:854)",{"nodes":508,"edges":511},[509,510],{"id":469,"type":470,"label":491,"file":194,"line":492},{"id":474,"type":479,"label":494,"file":194,"line":261,"wp_function":495},[512],{"from":469,"to":474,"sanitized":239},"low",{"summary":515,"deductions":516},"The \"ip-based-login\" plugin v2.4.4 presents a mixed security posture. While it exhibits good practices such as having a limited attack surface, no unprotected entry points, and a decent number of capability checks, several concerning areas emerge from the static analysis. A significant portion of SQL queries (67%) are not using prepared statements, increasing the risk of SQL injection. Furthermore, a worrying 68% of output operations are not properly escaped, leaving the plugin vulnerable to Cross-Site Scripting (XSS) attacks. The taint analysis reveals two flows with unsanitized paths, indicating potential vulnerabilities, although these are not classified as critical or high severity. The vulnerability history is concerning, with four documented medium-severity CVEs, specifically related to XSS and CSRF. Although there are no currently unpatched vulnerabilities, the pattern of past issues suggests recurring weaknesses in input validation and output sanitization. The last known vulnerability was in the future, suggesting this data may be illustrative or contain an error. Overall, while the plugin has some strengths, the prevalence of unescaped output, raw SQL queries, and a history of XSS\u002FCSRF vulnerabilities indicate a moderate to high risk that requires careful attention and remediation.",[517,519,522,524,526],{"reason":518,"points":98},"SQL queries not using prepared statements",{"reason":520,"points":521},"Improperly escaped output",12,{"reason":523,"points":71},"Flows with unsanitized paths",{"reason":525,"points":521},"Medium severity CVEs in history",{"reason":527,"points":71},"Common vulnerability types (XSS, CSRF)","2026-03-16T19:41:05.741Z",{"wat":530,"direct":539},{"assetPaths":531,"generatorPatterns":534,"scriptPaths":535,"versionParams":536},[532,533],"\u002Fwp-content\u002Fplugins\u002Fip-based-login\u002Fcss\u002Fip-based-login.css","\u002Fwp-content\u002Fplugins\u002Fip-based-login\u002Fjs\u002Fip-based-login.js",[],[533],[537,538],"ip-based-login\u002Fcss\u002Fip-based-login.css?ver=","ip-based-login\u002Fjs\u002Fip-based-login.js?ver=",{"cssClasses":540,"htmlComments":541,"htmlAttributes":544,"restEndpoints":545,"jsGlobals":546,"shortcodeOutput":547},[],[542,543],"\u003C!--\n\tCopyright (C) 2013  Brijesh Kothari (email : admin@wp-inspired.com)\n\tThis program is free software: you can redistribute it and\u002For modify\n\tit under the terms of the GNU General Public License as published by\n\tthe Free Software Foundation, either version 3 of the License, or\n\t(at your option) any later version.\n\n\tThis program is distributed in the hope that it will be useful,\n\tbut WITHOUT ANY WARRANTY; without even the implied warranty of\n\tMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n\tGNU General Public License for more details.\n\n\tYou should have received a copy of the GNU General Public License\n\talong with this program.  If not, see \u003Chttp:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F>.\n-->","\u003C!--\n\tTable structure for table `wp_ip_based_login`\n-->",[],[],[],[]]