[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ft-_JezOAdN2tbOAblZKQNS_9C0z_8bNzp952AC3s8Aw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":130,"fingerprints":243},"lees-membership-hierarchy","Lee's Membership Hierarchy","1.0.0","Lee Thomas","https:\u002F\u002Fprofiles.wordpress.org\u002Fradiodj787\u002F","\u003Cp>This plugin enables site administrators to manage users in a structured hierarchy with additional metadata and logic.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n– Assign users to organisations\u003Cbr \u002F>\n– Set membership types (e.g., Member, Admin, Delegate)\u003Cbr \u002F>\n– Define expiry dates (organisation-wide or user-specific)\u003Cbr \u002F>\n– Status control (Active, Inactive, or custom)\u003Cbr \u002F>\n– Optional inheritance of expiry\u002Fstatus from organisations\u003Cbr \u002F>\n– Admin interface for managing organisations and members\u003Cbr \u002F>\n– Highlighted user lists for active\u002Finactive members\u003C\u002Fp>\n\u003Cp>Ideal for associations, federated networks, or multi-tiered membership models.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Navigate to \u003Cstrong>Users > Membership List\u003C\u002Fstrong> to view and manage all assigned members.\u003Cbr \u002F>\nUse \u003Cstrong>Settings > Membership Hierarchy\u003C\u002Fstrong> to customise the labels and options.\u003C\u002Fp>\n\u003Ch3>Shortcode\u003C\u002Fh3>\n\u003Cp>No front-end shortcodes are included in version 1.0.0.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPLv2 or later.\u003Cbr \u002F>\nSee https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html for details.\u003C\u002Fp>\n","Manage hierarchical memberships by grouping users into organisations with roles, statuses, and expiry options.",0,297,"2025-06-21T07:07:00.000Z","6.8.5","5.0","7.4",[18,19,20,21,22],"expiry","membership","organisation","status","user-management","https:\u002F\u002Flee-t.com\u002Flees-membership-hierarchy\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flees-membership-hierarchy.1.0.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"radiodj787",1,30,94,"2026-04-04T18:18:10.036Z",[36,54,77,95,113],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"expiryflow","ExpiryFlow – Temporary User Access & Expiry Manager","1.0.2","Ga Satrya","https:\u002F\u002Fprofiles.wordpress.org\u002Fgasatrya\u002F","\u003Cp>Giving temporary access to contractors, guest writers, or support agents is a standard part of managing a WordPress site. The problem? \u003Cstrong>Administrators often forget to revoke that access.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>These “Zombie Accounts” are a major security risk and lead to database bloat over time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ExpiryFlow\u003C\u002Fstrong> solves this by automating the offboarding process. You set an expiry date at the moment of account creation, and the plugin handles the rest—from blocking login to permanent deletion.\u003C\u002Fp>\n\u003Cp>Built with a performance-first, object-oriented architecture for modern WordPress sites.\u003C\u002Fp>\n\u003Cp>For more information, visit the official plugin page: \u003Ca href=\"https:\u002F\u002Fwww.ctaflow.com\u002Fplugins\u002Fexpiryflow\u002F\" rel=\"nofollow ugc\">ExpiryFlow\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Who is this for?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Agencies & Developers\u003C\u002Fstrong> giving temporary site access to contractors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership Sites\u003C\u002Fstrong> offering limited-time “Trial” or “Preview” accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>News & Blogs\u003C\u002Fstrong> hiring guest contributors for specific projects.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security-Conscious Admins\u003C\u002Fstrong> who want to ensure access is always revoked on time.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Expiry Date Management\u003C\u002Fstrong> — Easily set an expiration date for any non-administrator user directly from the user profile or registration screen.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual Status Control\u003C\u002Fstrong> — Revoke access immediately with a single click using the “Account Status” toggle, overriding the automated expiry date.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Enforcement\u003C\u002Fstrong> — Expired users are blocked immediately.\u003Cbr \u002F>\nEven if they are already logged in, the system re-validates their status hourly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Deletion System\u003C\u002Fstrong> — Choose to have expired users automatically removed from your database after a configurable grace period.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Preservation\u003C\u002Fstrong> — When a user is auto-deleted, all their posts and comments are safely reassigned to a site administrator.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Immunity\u003C\u002Fstrong> — Site administrators are protected from accidental expiration to ensure you never lose access to your own site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Admin Interface\u003C\u002Fstrong> — Adds “Status” and “Expires” columns to the Users list with color-coded badges for at-a-glance management.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong> — Namespaced, class-based architecture following PHP 8 standards and WordPress best practices.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy First\u003C\u002Fh4>\n\u003Cp>This plugin is built with data minimization in mind. It helps you comply with GDPR by ensuring personal data (user accounts) is not kept longer than necessary. No external tracking, no “Powered by” links, and no remote data collection.\u003C\u002Fp>\n\u003Ch4>Future Roadmap\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email Notifications\u003C\u002Fstrong> — Automated warnings sent to users before their access expires.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Actions\u003C\u002Fstrong> — Set or clear expiry dates for multiple users at once from the Users list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Settings\u003C\u002Fstrong> — Adjust the grace period and auto-deletion batch sizes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>More Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.ctaflow.com\u002Fplugins\u002Fbuttonflow\u002F\" rel=\"nofollow ugc\">ButtonFlow\u003C\u002Fa>\u003C\u002Fstrong> — The easiest way to create high-converting, beautiful call-to-action buttons in WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","Automate the lifecycle of temporary WordPress users. Set expiry dates, enforce strict access control, and keep your database lean with auto-deletion.",142,"2026-03-11T17:08:00.000Z","6.9.4","6.4","8.0",[50,18,19,51,22],"auto-delete","temporary-access","https:\u002F\u002Fwww.ctaflow.com\u002Fplugins\u002Fexpiryflow","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpiryflow.1.0.2.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":25,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":73,"download_link":74,"security_score":75,"vuln_count":31,"unpatched_count":31,"last_vuln_date":76,"fetched_at":27},"user-registration-aide","User Registration Aide","1.5.3.8","bnovotny","https:\u002F\u002Fprofiles.wordpress.org\u002Fbnovotny\u002F","\u003Cp>Customize the entire user management experience to your own liking!. Now you can have all user management features in one plugin! Includes New User Approve and Email Verification Features new in 1.5.3.0 and optional lost password security questions. Also allows you to add additional fields of any input type to registration form and profile for better user management and control. Customize the Default WordPress Registration Form & Login Page CSS & Messaging.  It also helps reduce unwanted spam registrations. Has anti-spam built in, customize default WordPress login\u002Fregistration forms both in design and messaging, adds agreement policy and link to policy to registration form for members, can create custom redirects after login and registration, templates for password change and lost password and email verification, custom password strength options, and password update management. Can limit amount of time between password changes and the number of times before duplicate passwords allowed, set minimum password length and also require special characters, upper and lower case letters and numbers so your site is made more secure. New templates allow you to use custom password strength for both lost password and reset password options.\u003C\u002Fp>\n\u003Cp>WordPress User Registration Aide allows you to require more fields when a new user registers. This not only can help to stop spammers, but it can also increase your user management capabilities and services for your user base. All the new fields that you add also are added to existing users profiles, but the users will have to fill them out of course, but any new users will be required to fill out these fields if they are included in the registration process. The new fields can be any variety, select, text, radio button or checkbox, and all the standard html input types, and optional if you like.\u003C\u002Fp>\n\u003Cp>New in 1.5.3.0\u003Cbr \u002F>\nNew User Approve Feature\u003Cbr \u002F>\nNew User Email Verification Feature\u003Cbr \u002F>\nLost Password Reset Form Security Question for added Security.\u003Cbr \u002F>\nAll user features are added to the all users table for easy access to approve, deny, resend emails, activate, and delete denied users.\u003C\u002Fp>\n\u003Cp>Another important option is that you can also add new fields to the users profile page but not require them for registration, so you can increase you user management capabilities. This is an exciting new feature for Web-masters that wish to increase contact options, communications, and information obtained from your user base.\u003C\u002Fp>\n\u003Cp>Plugin Features:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Easy to use\nQuickly and easily add new fields to user registration\nAdd your own custom fields or existing fields like First Name, Last Name & Nickname to the registration form\nReduce bots and spammers with additional fields on the registration form\nGet better control over your user base\nNew fields are added to existing WordPress User Profiles!\nIncrease your knowledge of, and interaction with your customers & users!\nAdd Custom Logo & Messages to Registration & Login Pages!\nAdd Custom Background Image or Background Color to Login & Registration Pages!\nAnti-Spam Math Problem\nPassword Strength Meter\nCustom Password Strength Options to Create Your Own Password Strength Definition\nChoose custom display name fields for users by roles or for all users\nForce New Users to change password after getting password from email\nForce Existing Users to change password after specified amount of time\nNot allow same password to be used for specified number of times\nOptional fields on registration form -- Use or don't use * for required fields\nDifferent input types for fields like checkbox, select, radio buttons, numbers\nNew User Approve\u002FDeny\u002FDelete Feature\nNew User Email Verification\nLost Password Reset Security Questions\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Read more: http:\u002F\u002Fcreative-software-design-solutions.com\u002Fwordpress-user-registration-aide-force-add-new-user-fields-on-registration-form\u002F#ixzz22CCABfOx\u003C\u002Fp>\n\u003Cp>Instructions: http:\u002F\u002Fcreative-software-design-solutions.com\u002Fwp-content\u002Fuploads\u002F2017\u002F05\u002FUSER_REGISTRATION_AIDE_INSTRUCTIONS.pdf\u003C\u002Fp>\n\u003Cp>Instruction Video for using new filters to fix URA custom page template styling issues: https:\u002F\u002Fyoutu.be\u002Fnar71ttdjVg\u003C\u002Fp>\n","Adds custom user fields to better manage users & members & customize login-registration page css & messages. Lets you customize the entire &hellip;",79354,66,20,"2017-05-01T19:50:00.000Z","4.7.32","4.4","",[70,19,71,72,22],"members","registration","user","http:\u002F\u002Fcreative-software-design-solutions.com\u002Fwordpress-user-registration-aide-force-add-new-user-fields-on-registration-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-registration-aide.zip",63,"2025-06-08 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":11,"num_ratings":11,"last_updated":87,"tested_up_to":14,"requires_at_least":88,"requires_php":16,"tags":89,"homepage":93,"download_link":94,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"members-for-kofi","Members for Ko-fi","1.0.1","trudslev","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrudslev\u002F","\u003Cp>Members for Ko-fi is a WordPress plugin that integrates with Ko-fi to manage WordPress users and roles based on Ko-fi webhooks. This plugin allows you to automate user role assignments, log donations (in a database table), and manage memberships seamlessly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Automatically assign roles to users based on Ko-fi donations or memberships.\u003Cbr \u002F>\n– Log user actions, such as donations and role changes, in a dedicated database table (no file logging).\u003Cbr \u002F>\n– Lightweight debug logging to the PHP error log when WP_DEBUG is enabled.\u003Cbr \u002F>\n– Fully compatible with GDPR and WordPress privacy tools.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use Cases:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Reward your Ko-fi supporters with exclusive access to content or features.\u003Cbr \u002F>\n– Automate user role management for subscription-based memberships.\u003Cbr \u002F>\n– Track and log user activity for better insights.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv3 or later. See the \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa> for more details.\u003C\u002Fp>\n","Integrate with Ko-fi to manage WordPress users or roles via webhook.",10,253,"2025-09-06T11:34:00.000Z","5.6",[90,19,91,22,92],"ko-fi","roles","webhook","https:\u002F\u002Fgithub.com\u002Ftrudslev\u002Fmembers-for-kofi","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmembers-for-kofi.1.0.1.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":85,"downloaded":103,"rating":25,"num_ratings":31,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":68,"tags":107,"homepage":68,"download_link":111,"security_score":112,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"network-restricted-members","Network Restricted Members","0.3.1","Luis Rodrigues","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoblindegook\u002F","\u003Cp>If you have a private network where all sites are open to anyone with an account, but still want the ability to invite someone from outside and limit their access to a single site, then Network Restricted Members is for you.\u003C\u002Fp>\n\u003Cp>This plugin was developed for our private \u003Ca href=\"http:\u002F\u002Fp2theme.com\" rel=\"nofollow ugc\">P2\u003C\u002Fa> network, which is open to all company employees. However, we still wanted to be able to bring contractors and clients over without giving them access to everything on the network.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Network Restricted Members provides a user setting that allows multisite network administrators to restrict a user to the sites he or she is a member of.\u003C\u002Fp>\n\u003Col>\n\u003Cli>As a super admin, navigate to the Users dashboard\u003C\u002Fli>\n\u003Cli>Click ‘Edit’ on the user you wish to restrict\u003C\u002Fli>\n\u003Cli>Check the option ‘Restrict User Access’\u003C\u002Fli>\n\u003Cli>Save your changes\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>From this point on, administrators will need to add this user to their sites before he or she is able to see them.\u003C\u002Fp>\n\u003Cp>If you wish to lift the restrictions on a user, repeat the steps above but \u003Cem>uncheck\u003C\u002Fem> the option box instead.\u003C\u002Fp>\n\u003Ch4>Other plugins\u003C\u002Fh4>\n\u003Cp>Network Restricted Members works best when combined with a network privacy plugin, such as one of the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmore-privacy-options\u002F\" rel=\"ugc\">More Privacy Options\u003C\u002Fa> by David Sader\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnetwork-privacy\u002F\" rel=\"ugc\">Network Privacy\u003C\u002Fa> by Ron Rennick\u003C\u002Fli>\n\u003C\u002Ful>\n","Restrict user access to selected sites on open multisite networks.",2115,"2016-02-14T04:35:00.000Z","4.4.34","4.0",[108,19,109,110,22],"access-control","multisite","network","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-restricted-members.0.3.1.zip",85,{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":11,"downloaded":121,"rating":25,"num_ratings":31,"last_updated":122,"tested_up_to":46,"requires_at_least":123,"requires_php":16,"tags":124,"homepage":68,"download_link":129,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"admin-alert-email-for-pmpro-membership-expiry","Admin Email for PMPro Membership Expiry","1.0.5","Craze Collective","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrazeco\u002F","\u003Cp>Sends an email to the WordPress admin when a Paid Memberships Pro membership expires.\u003C\u002Fp>\n\u003Cp>⏰ Admin Email for PMPro Membership Expiry automatically notifies the site administrator whenever a Paid Memberships Pro membership expires.\u003C\u002Fp>\n\u003Cp>Once the plugin is installed and activated, it will automatically send an email notification to the email address configured in ‘WordPress Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> General \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Email Address’ in the WordPress admin dashboard. No additional settings need to be configured.\u003C\u002Fp>\n\u003Cp>🔒 The plugin uses official PMPro hooks and does not modify any core or add-on files, making it fully update-safe. The plugin is super lightweight and contains a very small amount of code.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* 📬 Notification to admin on membership expiry\u003Cbr \u002F>\n* ✅ Works with all PMPro membership levels\u003Cbr \u002F>\n* 🔄 Fully update-safe; no core edits required\u003Cbr \u002F>\n* 🪝 Uses WordPress core APIs and PMPro hooks only\u003Cbr \u002F>\n* ✉️ Plain-text email notifications by default\u003Cbr \u002F>\n* 🛠️ Optional customization via filters if needed\u003C\u002Fp>\n","Sends an email to the WordPress admin when a Paid Memberships Pro membership expires.",164,"2026-01-08T06:00:00.000Z","6.0",[125,19,126,127,128],"admin-notification","membership-expiry","paid-memberships-pro","pmpro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-alert-email-for-pmpro-membership-expiry.1.0.5.zip",{"attackSurface":131,"codeSignals":178,"taintFlows":200,"riskAssessment":239,"analyzedAt":242},{"hooks":132,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":11,"unprotectedCount":11},[133,139,143,146,150,153,157,162,165,168,170,172],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_menu","leethomashierarchy_add_plugin_menu","lees-membership-hierarchy.php",21,{"type":134,"name":140,"callback":141,"file":137,"line":142},"show_user_profile","leethomashierarchy_show_user_profile_fields",24,{"type":134,"name":144,"callback":141,"file":137,"line":145},"edit_user_profile",25,{"type":134,"name":147,"callback":148,"file":137,"line":149},"personal_options_update","leethomashierarchy_save_user_profile_fields",26,{"type":134,"name":151,"callback":148,"file":137,"line":152},"edit_user_profile_update",27,{"type":134,"name":135,"callback":154,"file":155,"line":156},"closure","menu-redirect.php",12,{"type":134,"name":158,"callback":159,"file":160,"line":161},"admin_init","leethomashierarchy_register_settings","options.php",15,{"type":134,"name":163,"callback":154,"file":160,"line":164},"admin_enqueue_scripts",136,{"type":134,"name":140,"callback":141,"file":166,"line":167},"users.php",103,{"type":134,"name":144,"callback":141,"file":166,"line":169},104,{"type":134,"name":147,"callback":148,"file":166,"line":171},105,{"type":134,"name":151,"callback":148,"file":166,"line":173},106,[],[],[],[],{"dangerousFunctions":179,"sqlUsage":180,"outputEscaping":182,"fileOperations":11,"externalRequests":11,"nonceChecks":198,"capabilityChecks":31,"bundledLibraries":199},[],{"prepared":11,"raw":11,"locations":181},[],{"escaped":183,"rawEcho":184,"locations":185},79,5,[186,190,192,194,196],{"file":187,"line":188,"context":189},"organisation.php",57,"raw output",{"file":187,"line":191,"context":189},60,{"file":166,"line":193,"context":189},42,{"file":166,"line":195,"context":189},50,{"file":166,"line":197,"context":189},61,4,[],[201,228],{"entryPoint":202,"graph":203,"unsanitizedCount":11,"severity":227},"leethomashierarchy_organisation_page (organisation.php:2)",{"nodes":204,"edges":223},[205,210,216,220],{"id":206,"type":207,"label":208,"file":187,"line":209},"n0","source","$_GET (x2)",55,{"id":211,"type":212,"label":213,"file":187,"line":214,"wp_function":215},"n1","sink","echo() [XSS]",58,"echo",{"id":217,"type":207,"label":218,"file":187,"line":219},"n2","$_POST",40,{"id":221,"type":212,"label":213,"file":187,"line":222,"wp_function":215},"n3",74,[224,226],{"from":206,"to":211,"sanitized":225},true,{"from":217,"to":221,"sanitized":225},"low",{"entryPoint":229,"graph":230,"unsanitizedCount":11,"severity":227},"\u003Corganisation> (organisation.php:0)",{"nodes":231,"edges":236},[232,233,234,235],{"id":206,"type":207,"label":208,"file":187,"line":209},{"id":211,"type":212,"label":213,"file":187,"line":214,"wp_function":215},{"id":217,"type":207,"label":218,"file":187,"line":219},{"id":221,"type":212,"label":213,"file":187,"line":222,"wp_function":215},[237,238],{"from":206,"to":211,"sanitized":225},{"from":217,"to":221,"sanitized":225},{"summary":240,"deductions":241},"The \"lees-membership-hierarchy\" v1.0.0 plugin exhibits a generally strong security posture based on the provided static analysis.  The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface.  Furthermore, the code demonstrates good practices with 100% of SQL queries using prepared statements and a very high percentage of properly escaped output (94%).  The presence of nonce checks (4) and capability checks (1) indicates an awareness of fundamental WordPress security principles.\n\nThe taint analysis reveals no critical or high severity flows with unsanitized paths, and the vulnerability history is entirely clear, with no known CVEs recorded. This lack of historical vulnerabilities and the clean taint analysis suggest a well-written and secure codebase.\n\nWhile the plugin scores well in these areas, the total entry points being zero might also indicate a very limited functionality or a plugin that is not intended for direct user interaction or dynamic content generation.  The overall conclusion is that this plugin appears to be very secure, with no immediate or evident vulnerabilities identified in the static analysis or historical data. The strengths lie in its limited attack surface and adherence to secure coding practices for SQL and output handling.",[],"2026-03-17T06:50:55.475Z",{"wat":244,"direct":253},{"assetPaths":245,"generatorPatterns":248,"scriptPaths":249,"versionParams":250},[246,247],"\u002Fwp-content\u002Fplugins\u002Flees-membership-hierarchy\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Flees-membership-hierarchy\u002Fadmin.js",[],[247],[251,252],"lees-membership-hierarchy\u002Fadmin.css?ver=","lees-membership-hierarchy\u002Fadmin.js?ver=",{"cssClasses":254,"htmlComments":257,"htmlAttributes":265,"restEndpoints":268,"jsGlobals":269,"shortcodeOutput":271},[255,256],"leethomashierarchy-membership-type","leethomashierarchy-status",[258,259,260,261,262,263,264],"\u003C!-- leethomashierarchy_show_user_profile_fields -->","\u003C!-- leethomashierarchy_save_user_profile_fields -->","\u003C!-- Options -->","\u003C!-- Organisations -->","\u003C!-- User List -->","\u003C!-- Fixed: Active -->","\u003C!-- Fixed: Inactive -->",[266,267],"data-leethomashierarchy-membership-type","data-leethomashierarchy-status",[],[270],"leethomashierarchy_addField",[]]