[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEedK1sqJkH7mxvjZXnlN5RuZDWCx7jj8OaopkqToM0o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":16,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":131,"fingerprints":196},"ip-blacklist-cloudflare","IP Blacklist for Cloudflare","1.2.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Cloudflare provides security and optimization services for websites all around the internet. WordPress sites are often attacked by bots or hackers and, while Cloudflare has preset firewall rules to help, it doesn’t always filter out all malicious activity.\u003C\u002Fp>\n\u003Cp>Cloudflare IP Blacklist allows WordPress admins to add a list of prohibited usernames and if someone attempts to log in with one of these usernames, this users IP address is automatically added to the Cloudflare blacklist. By doing this, the next time this user attempts to load the site, they will be blocked by Cloudflare before their requests get to your site’s server. Add an extra layer of security today to your site!\u003C\u002Fp>\n\u003Cp>** This plugin relies on the use of Cloudflare, a third-party service that increases security and performance for web sites and services across the internet. For more information, visit the Cloudflare website and their privacy policy. This plugin is not officially endorsed, built or maintained by the Cloudflare team; rather, we are a development company that uses their services every day! **\u003C\u002Fp>\n\u003Ch3>Localizations\u003C\u002Fh3>\n\u003Cp>This plugin is available in the following languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n","Blacklist IP addresses that attempt to login with a banned username through Cloudflare.",30,1782,0,"2026-02-17T09:25:00.000Z","6.9.4","","8.1",[19,20,21,22,23],"login","password","passwords","profile","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-blacklist-cloudflare.1.2.2.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"millermedianow",7,11130,28,94,"2026-04-04T21:06:21.634Z",[37,53,70,89,109],{"slug":38,"name":39,"version":40,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":15,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":16,"download_link":52,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"expire-user-passwords","Expire User Passwords","1.4.2","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,84,5,"2026-02-17T09:27:00.000Z","4.0",[19,50,21,23,51],"membership","users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":42,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":48,"requires_php":16,"tags":66,"homepage":16,"download_link":68,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"expire-passwords","Expire Passwords","0.6.0","Frankie Jarrett","https:\u002F\u002Fprofiles.wordpress.org\u002Ffjarrett\u002F","\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Czech\u003C\u002Fli>\n\u003Cli>Español\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n",500,26466,98,9,"2017-01-05T15:45:00.000Z","4.7.32",[67,19,50,21,22],"admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-passwords.0.6.0.zip",85,{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":31,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":16,"tags":84,"homepage":87,"download_link":88,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-qr-code-login","Unlock Digital (No Passwords)","1.4.3","Jack Reichert","https:\u002F\u002Fprofiles.wordpress.org\u002Fjackreichert\u002F","\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FK-YuU7NAMZM?version=3&rel=0&showsearch=0&showinfo=0&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>With this plugin you can make passwords a thing of the past. All you need is your trusty smartphone with a QR Code reading app.\u003C\u002Fp>\n\u003Cp>(Coming soon, iOS companion app that will negate your need for a separate QR Code reading app!)\u003C\u002Fp>\n\u003Cp>Disclaimer: A website is only as secure as the least secure component on it. This plugin aims to be more secure than using the default login page.\u003C\u002Fp>\n","Log into your WordPress site using a smartphone... No typing and no passwords! (almost)",10,4400,88,"2015-06-28T20:09:00.000Z","4.2.39","4",[19,85,20,86,23],"no-more-passwords","qr-code","http:\u002F\u002Funlock.digital\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-qr-code-login.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":13,"downloaded":97,"rating":13,"num_ratings":13,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":107,"download_link":108,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"plugeguard","PlugeGuard – Hidden Login Detector","1.1","Maruf Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaruffwp\u002F","\u003Cp>PlugeGuard improves WordPress security by detecting hidden or hardcoded login credentials within your PHP files. It provides an admin UI to review and remove potential backdoors or malicious injections manually.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Deep file scanning for hidden login credentials\u003Cbr \u002F>\n* Secure file viewing and removal\u003Cbr \u002F>\n* Lightweight and easy to use\u003Cbr \u002F>\n* Fully compatible with modern WordPress standards\u003C\u002Fp>\n","Scans your WordPress installation for hardcoded login credentials (usernames\u002Fpasswords) and allows safe removal from PHP files.",1218,"2025-09-16T15:28:00.000Z","6.8.5","5.6","8.0",[103,104,105,106,23],"firewall","hidden-login-scanner","remove-hidden-passwords","scanner","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugeguard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugeguard.1.2.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":16,"tags":124,"homepage":127,"download_link":128,"security_score":69,"vuln_count":129,"unpatched_count":13,"last_vuln_date":130,"fetched_at":27},"google-authenticator","Google Authenticator","0.54","Ivan","https:\u002F\u002Fprofiles.wordpress.org\u002Fivankk\u002F","\u003Cp>The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android\u002FiPhone\u002FBlackberry.\u003C\u002Fp>\n\u003Cp>If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail\u002FDropbox\u002FLastpass\u002FAmazon etc.\u003C\u002Fp>\n\u003Cp>The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.\u003C\u002Fp>\n\u003Cp>If You need to maintain your blog using an Android\u002FiPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin,\u003Cbr \u002F>\nbut please note that enabling the App password feature will make your blog less secure.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fevinak\u002F\" rel=\"nofollow ugc\">Oleksiy\u003C\u002Fa> for a bugfix in multisite.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpancek\" rel=\"nofollow ugc\">Paweł Nowacki\u003C\u002Fa> for the Polish translation\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFabioZumbi12\" rel=\"nofollow ugc\">Fabio Zumbi\u003C\u002Fa> for the Portuguese translation\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.guidoschalkx.com\u002F\" rel=\"nofollow ugc\">Guido Schalkx\u003C\u002Fa> for the Dutch translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=henrik%40schack%2edk&lc=US&item_name=Google%20Authenticator&item_number=Google%20Authenticator&no_shipping=0&no_note=1&tax=0&bn=PP%2dDonationsBF&charset=UTF%2d8\" rel=\"nofollow ugc\">Henrik.Schack\u003C\u002Fa> for writing\u002Fmaintaining versions 0.20 through 0.48\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftobias.baethge.com\u002F\" rel=\"nofollow ugc\">Tobias Bäthge\u003C\u002Fa> for his code rewrite and German translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.pcode.nl\u002F\" rel=\"nofollow ugc\">Pascal de Bruijn\u003C\u002Fa> for his “relaxed mode” idea.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftechnobabbl.es\u002F\" rel=\"nofollow ugc\">Daniel Werl\u003C\u002Fa> for his usability tips.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdd32.id.au\u002F\" rel=\"nofollow ugc\">Dion Hulse\u003C\u002Fa> for his bugfixes.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fusers\u002Faldolat\u002F\" rel=\"nofollow ugc\">Aldo Latino\u003C\u002Fa> for his Italian translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.kaijia.me\u002F\" rel=\"nofollow ugc\">Kaijia Feng\u003C\u002Fa> for his Simplified Chinese translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.buayacorp.com\u002F\" rel=\"nofollow ugc\">Alex Concha\u003C\u002Fa> for his security tips.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fjetienne.com\u002F\" rel=\"nofollow ugc\">Jerome Etienne\u003C\u002Fa> for his jquery-qrcode plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Forizhial.com\u002F\" rel=\"nofollow ugc\">Sébastien Prunier\u003C\u002Fa> for his Spanish and French translation.\u003C\u002Fp>\n","Google Authenticator for your WordPress blog.",20000,687508,86,134,"2022-07-04T04:55:00.000Z","6.0.11","4.5",[125,19,126,20,23],"authentication","otp","https:\u002F\u002Fgithub.com\u002Fivankruchkoff\u002Fgoogle-authenticator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-authenticator.0.54.zip",1,"2016-04-28 00:00:00",{"attackSurface":132,"codeSignals":179,"taintFlows":188,"riskAssessment":189,"analyzedAt":195},{"hooks":133,"ajaxHandlers":161,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":178,"unprotectedCount":178},[134,141,145,149,152,157],{"type":135,"name":136,"callback":137,"priority":138,"file":139,"line":140},"action","admin_enqueue_scripts","adminEnqueueScripts",40,"classes\\Plugin.php",62,{"type":135,"name":142,"callback":143,"priority":78,"file":139,"line":144},"wp_authenticate","checkUserLoginName",65,{"type":135,"name":146,"callback":147,"file":139,"line":148},"admin_menu","addSiteMenu",73,{"type":135,"name":146,"callback":150,"file":139,"line":151},"verifyNonce",74,{"type":135,"name":153,"callback":154,"file":155,"line":156},"admin_notices","show_review_notice","classes\\ReviewNotice.php",33,{"type":135,"name":158,"callback":159,"file":155,"line":160},"admin_init","handle_dismiss",34,[162,167,171],{"action":163,"nopriv":164,"callback":165,"hasNonce":164,"hasCapCheck":164,"file":139,"line":166},"cfip_unblacklist_ip",false,"ajaxUnblacklistIP",68,{"action":168,"nopriv":164,"callback":169,"hasNonce":164,"hasCapCheck":164,"file":139,"line":170},"cfip_clearlog","ajaxClearLog",69,{"action":172,"nopriv":164,"callback":173,"hasNonce":164,"hasCapCheck":164,"file":139,"line":174},"cfip_loadlog","ajaxLoadLog",70,[],[],[],3,{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":183,"fileOperations":13,"externalRequests":186,"nonceChecks":129,"capabilityChecks":129,"bundledLibraries":187},[],{"prepared":13,"raw":13,"locations":182},[],{"escaped":184,"rawEcho":13,"locations":185},113,[],2,[],[],{"summary":190,"deductions":191},"The \"ip-blacklist-cloudflare\" plugin v1.2.2 exhibits a mixed security posture.  On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all output. There are no known vulnerabilities in its history, nor are there any reported critical or high-severity taint analysis findings, suggesting a generally secure coding approach for sensitive operations.\n\nHowever, a significant concern arises from the plugin's attack surface. It exposes three AJAX handlers, and alarmingly, all three lack any authentication checks. This means any unauthenticated user could potentially trigger these AJAX actions, which could lead to unintended consequences or be leveraged as a stepping stone for further attacks. While the static analysis did not reveal dangerous functions or file operations, the absence of authentication on such critical entry points is a major security weakness that needs immediate attention.\n\nIn conclusion, while the plugin avoids common pitfalls like unescaped output and raw SQL, the unauthenticated AJAX endpoints represent a substantial risk. The lack of vulnerability history is a positive indicator, but it does not negate the immediate threat posed by the exposed AJAX handlers. Addressing these unauthenticated entry points should be the highest priority.",[192],{"reason":193,"points":194},"Unprotected AJAX handlers",15,"2026-03-16T22:40:30.576Z",{"wat":197,"direct":208},{"assetPaths":198,"generatorPatterns":201,"scriptPaths":202,"versionParams":206},[199,200],"\u002Fwp-content\u002Fplugins\u002Fip-blacklist-cloudflare\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fip-blacklist-cloudflare\u002Fassets\u002Fjs\u002Fadmin.js",[],[203,204,205],"\u002Fwp-content\u002Fplugins\u002Fcloudflare\u002Fstylesheets\u002Fcf.core.css","\u002Fwp-content\u002Fplugins\u002Fcloudflare\u002Fstylesheets\u002Fcomponents.css","\u002Fwp-content\u002Fplugins\u002Fcloudflare\u002Fstylesheets\u002Fhacks.css",[207],"ip-blacklist-cloudflare\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":209,"htmlComments":210,"htmlAttributes":211,"restEndpoints":212,"jsGlobals":213,"shortcodeOutput":215},[],[],[],[],[214],"cfip_i18n",[]]