[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUtljtJ-KAcmrQcQ_lYc53evn3DkzXj0b2Gmhik3YVBQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":57,"analysis":160,"fingerprints":243},"loggedin","Loggedin – Limit Concurrent Sessions","2.0.4","Joel James","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoelcj91\u002F","\u003Cp>Loggedin is a lightweight WordPress plugin that lets you easily limit the number of simultaneous active sessions a user can have. This is a crucial feature for membership sites, online courses, and other platforms where you need to prevent users from sharing their accounts.\u003C\u002Fp>\n\u003Ch3>🎁 Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Set Global Limits\u003C\u002Fstrong>: Define a maximum number of concurrent logins for all users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Login Behavior\u003C\u002Fstrong>: Choose to either block new logins when the limit is reached or automatically log out the oldest session to allow a new one.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent Account Sharing\u003C\u002Fstrong>: By limiting sessions, you can effectively stop users from sharing their login credentials with others.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Control\u003C\u002Fstrong>: Easily force log out a user from the admin dashboard, giving you full control over active sessions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Friendly\u003C\u002Fstrong>: The plugin is built with a hook-based architecture, making it highly customizable and extensible for developers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📦 Addons\u003C\u002Fh3>\n\u003Cp>Enhance LoggedIn’s functionality with these simple yet powerful \u003Ca href=\"https:\u002F\u002Fduckdev.com\u002Faddons\u002Floggedin\u002F\" rel=\"nofollow ugc\">add-ons\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduckdev.com\u002Faddon\u002Flimit-per-user\u002F\" rel=\"nofollow ugc\">Limit Per User\u003C\u002Fa>\u003C\u002Fstrong>: For more granular control, the Limit Per User addon allows you to set specific login limits for individual users, overriding the global settings. This is perfect for offering different tiers of access or special privileges.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduckdev.com\u002Faddon\u002Freal-time-logout\u002F\" rel=\"nofollow ugc\">Real-time Logout\u003C\u002Fa>\u003C\u002Fstrong>: This add-on ensures a truly seamless experience by checking for logouts in real time. When a user’s session is terminated in the background due to a login limit, the add-on will automatically refresh their page, instantly restricting access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🐛 Bug Reports\u003C\u002Fh3>\n\u003Cp>Found a bug? We welcome your bug reports! Please report any issues directly on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoel-James\u002Floggedin\u002Fissues\" rel=\"nofollow ugc\">Loggedin GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Please note: GitHub is for bug reports and development-related issues only. For support, please use the WordPress.org support forums.\u003C\u002Fem>\u003C\u002Fp>\n","Lightweight plugin that limits an account to a specific number of concurrent logins.",8000,115897,98,110,"2026-01-02T06:30:00.000Z","6.9.4","5.0","7.4",[20,21,22,23,24],"limit","login","logout","sessions","user-login","https:\u002F\u002Fduckdev.com\u002Fproducts\u002Floggedin-limit-active-logins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floggedin.2.0.4.zip",99,1,0,"2024-09-30 19:43:37","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-9228","loggedin-limit-active-logins-reflected-cross-site-scripting","Loggedin – Limit Active Logins \u003C= 1.3.1 - Reflected Cross-Site Scripting","The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present.",null,"\u003C=1.3.1","1.3.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-10-04 12:43:52",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F59707c64-a34c-45bc-bbbe-d447fe2ca6ab?source=api-prod",4,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":54,"trust_score":55,"computed_at":56},"joelcj91",7,117030,95,1175,76,"2026-04-04T05:06:13.159Z",[58,82,102,123,142],{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":16,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":29,"last_vuln_date":81,"fetched_at":31},"inactive-logout","Inactive Logout","3.6.1","Deepen Bajracharya","https:\u002F\u002Fprofiles.wordpress.org\u002Fj_3rk\u002F","\u003Cp>Protect your WordPress users’ sessions from prying eyes and snoopers!\u003C\u002Fp>\n\u003Cp>The Inactive Logout plugin automatically terminates idle user sessions, safeguarding your site if users leave their sessions unattended.\u003C\u002Fp>\n\u003Cp>A simple plugin which is easy to configure and use. After installing and activating it, just set the idle timeout from the plugin settings. From then on, any unattended idle WordPress sessions will be automatically terminated. You can also display a custom message to users, warning them that their session is about to end.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Try it out ==> \u003Ca href=\"https:\u002F\u002Ftastewp.org\u002Fplugins\u002Finactive-logout\u002F\" title=\"Demo Link\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES:\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change idle timeout time.\u003C\u002Fli>\n\u003Cli>Count down of 10 seconds before actual logout. You can remove this feature if you dont want it.\u003C\u002Fli>\n\u003Cli>Add only \u003Cstrong>Wake Up!\u003C\u002Fstrong> message where user will not logout but instead a wakeup message will be shown upon inactive.\u003C\u002Fli>\n\u003Cli>Custom Popup Message.\u003C\u002Fli>\n\u003Cli>Show idle message for non authenticated users or redirect them.\u003C\u002Fli>\n\u003Cli>Concurrent user logouts.\u003C\u002Fli>\n\u003Cli>Toast notification on Logout.\u003C\u002Fli>\n\u003Cli>Redirect to a Different Page instead of Popup box. Create a page such as timeout page and add your content there by creating a blank template or style it as you wish according to your theme.\u003C\u002Fli>\n\u003Cli>Multiple User Role Configurations for individual timeout and session logout redirects.\u003C\u002Fli>\n\u003Cli>Logout to custom page or existing page.\u003C\u002Fli>\n\u003Cli>Clean UI\u003C\u002Fli>\n\u003Cli>WooCommerce Supported.\u003C\u002Fli>\n\u003Cli>Multisite Support: Override all sites with one setting.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>EXTEND OTHER FEATURES:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Few of the key features to \u003Cstrong>\u003Ca href=\"https:\u002F\u002Finactive-logout.com\u002Fpricing\u002F\" title=\"Inactive Logout Pro\" rel=\"nofollow ugc\">Inactive Logout Pro\u003C\u002Fa>\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Auto browser close logout after defined duration.\u003C\u002Fli>\n\u003Cli>Fully functional multi-tab support.\u003C\u002Fli>\n\u003Cli>User Based Logout\u003C\u002Fli>\n\u003Cli>Track Visitors based on \u003Cstrong>(Login time, logout time, browser, online status, session duration, role, os, IP)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Force Logout All Users\u003C\u002Fli>\n\u003Cli>Logout Specific User(s)\u003C\u002Fli>\n\u003Cli>Bulk Logout Users\u003C\u002Fli>\n\u003Cli>Concurrent Login Limits.\u003C\u002Fli>\n\u003Cli>Last Login Activity\u003C\u002Fli>\n\u003Cli>Override Multiple Login priority\u003C\u002Fli>\n\u003Cli>User Lock whenever certain limit login has been reached.\u003C\u002Fli>\n\u003Cli>Track user login sessions.\u003C\u002Fli>\n\u003Cli>Logout redirects.\u003C\u002Fli>\n\u003Cli>Login redirects.\u003C\u002Fli>\n\u003Cli>Email notification and email template overrides for Locked concurrent session.\u003C\u002Fli>\n\u003Cli>Disable inactive logout for specified pages according to your need. Check this \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgist.github.com\u002Ftechies23\u002F6d2852eedd6ae56c486056e021e4ee48\" title=\"documentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong> for additional post type support.\u003C\u002Fli>\n\u003Cli>Disable native wordpress login popup after logout\u003C\u002Fli>\n\u003Cli>Modal Customizer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>**See the \u003Ca href=\"https:\u002F\u002Finactive-logout.com\u002F\" title=\"Inactive Logout\" rel=\"nofollow ugc\">Inactive Logout\u003C\u002Fa> homepage for further information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please consider giving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Finactive-logout\u002Freviews\u002F#new-post\" title=\"5 star thumbs up\" rel=\"ugc\">5 star thumbs up\u003C\u002Fa> if you found this useful.\u003C\u002Fstrong>\u003C\u002Fp>\n","Automatically logout idle user sessions, with logout redirections and concurrent limit logins all in one place.",20000,656143,94,106,"2025-12-09T05:09:00.000Z","6.6",[73,74,22,75,76],"concurrent-login-limit","idle-logout","security","user-redirection","https:\u002F\u002Finactive-logout.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finactive-logout.3.6.1.zip",96,3,"2025-10-31 13:27:51",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":80,"last_updated":93,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":94,"homepage":99,"download_link":100,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"basic-front-end-login","Basic Front-End Login","2.1","Mitchell Bennis","https:\u002F\u002Fprofiles.wordpress.org\u002Feemitch\u002F","\u003Cp>Adds a basic front-end login for to any page, post or widget and redirects to the page you choose. It also can block access to the back-end and disable the Admin Bar. This plugin is for when you want your users to be logged-in, but do not want them to have access to the WordPress Dashboard.\u003C\u002Fp>\n\u003Cp>To display the login form, place this shortcode on any page, post, or widget: \u003Cem>[eeBFEL]\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>After the user has logged in, they will be redirected to your home page or the URL you define in the plugin settings. You can also optionaly display a logout button at the bottom-right of each page.\u003C\u002Fp>\n\u003Ch3>Redirect After Login\u003C\u002Fh3>\n\u003Cp>To define destinations in additional login forms, use the “redirect” attribute to over-ride the default. There is no limit to the number of forms you can use.\u003C\u002Fp>\n\u003Cp>\u003Cem>[eeBFEL redirect=”https:\u002F\u002Fwebsite.com\u002Fyour-files-page\u002F”]\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Deny Dashboard Access\u003C\u002Fh3>\n\u003Cp>In the plugin settings you can optionally select roles that you want to deny back-end access to. All built-in and custom roles, except Administrator, can be blocked. The Admin Bar will not appear and direct back-end access attempts will simply redirect to your home page. This restriction will be site-wide and is unrelated to the use of the shortcode.\u003C\u002Fp>\n\u003Cp>Even if you don’t need a login form, this can add an extra measure of security to your website by denying back-end access to all roles except Administrators.\u003C\u002Fp>\n\u003Ch3>NEW – Show a Logout Button\u003C\u002Fh3>\n\u003Cp>Optionally show a small logout button on the bottom-right of each page if the user is logged in. Logging out returns the user to the home page.\u003C\u002Fp>\n","Adds a basic front-end login form to any page, post or widget and redirects to the page you choose.",300,5310,74,"2025-12-25T22:12:00.000Z",[95,96,97,98,24],"login-form","login-redirect","logout-button","no-admin-bar","https:\u002F\u002Fsimplefilelist.com\u002Fbasic-front-end-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasic-front-end-login.zip",100,{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":90,"downloaded":110,"rating":101,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":17,"requires_php":114,"tags":115,"homepage":120,"download_link":121,"security_score":122,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"only-one-device-login-limit","Only one device login limit","1.2.5","AddonsPress","https:\u002F\u002Fprofiles.wordpress.org\u002Faddonspress\u002F","\u003Cp>This plugin limits login to one device at a time for a user.\u003Cbr \u002F>\nIf the same user login from another device, that user won’t be allowed to log in.\u003Cbr \u002F>\nAdmin can set up an ‘Already login message’ for that user.\u003C\u002Fp>\n\u003Cp>If the user has been inactive for too long, then the user is automatically logged out and that user allows to log in again either from the same device or another device.\u003Cbr \u002F>\nAdmin can set up ‘Auto Logout Duration’ for users.\u003C\u002Fp>\n\u003Cp>It tracks the user’s activity like user status ( Active\u002FInactive ) and Last active time.\u003Cbr \u002F>\nAdmin can view user status from  WP Admin > Users > All users.  From the “User Status” column, the user current status can be viewed.\u003C\u002Fp>\n\u003Cp>Admin can set up only one device login limit plugin from WP Admin > Settings > Limit login\u003C\u002Fp>\n\u003Cp>Note: This plugin is compatible with most of the membership plugins.\u003Cbr \u002F>\nIf you find any issues, please use \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fonly-one-device-login-limit\" rel=\"ugc\">support forum\u003C\u002Fa> to report.\u003C\u002Fp>\n","Limit login to one device at a time for a user. Configured options from the admin",13494,13,"2024-11-12T14:22:00.000Z","6.7.5","",[116,117,118,119],"auto-logout","idle-time","limit-login","one-device","https:\u002F\u002Fwww.addonspress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonly-one-device-login-limit.1.2.5.zip",92,{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":29,"num_ratings":29,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":114,"download_link":140,"security_score":141,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"limit-login-sessions","Limit Login Session","1.0.0","Bhavey Bansal","https:\u002F\u002Fprofiles.wordpress.org\u002Fbbansmusic\u002F","\u003Cp>Limit Login Sessions plugin allows you the manage the number for login sessions from same account.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Maintain concurrent logins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>set the number of session you want to allow for a user at one time, and this plugin will not let user to login with another session.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Quality, flexible, multilingual support.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin is flexible and can be extended easily.\u003C\u002Fli>\n\u003Cli>Support for multi language websites.\u003C\u002Fli>\n\u003C\u002Ful>\n","Limits the multiple login sessions from same account.",10,1007,"2020-08-04T11:13:00.000Z","5.4.19","4.9.0","5.6",[138,124,139],"blog-multiple-sessions","php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-sessions.zip",85,{"slug":143,"name":144,"version":126,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":29,"downloaded":149,"rating":29,"num_ratings":29,"last_updated":150,"tested_up_to":16,"requires_at_least":151,"requires_php":18,"tags":152,"homepage":158,"download_link":159,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"extendmate-session-manager","Extendmate Session Manager – Monitor & Control User Sessions and Force Logout From Admin and Frontend","extendmate.com","https:\u002F\u002Fprofiles.wordpress.org\u002Fextendmate\u002F","\u003Cp>Manage active sessions directly from admin dashboard or through frontend shortcodes. It improves account security by allowing session control per device.\u003C\u002Fp>\n\u003Ch4>Admin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sessions Column\u003C\u002Fstrong>: View the number of active sessions for each user directly in the user list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Count Display\u003C\u002Fstrong>: View session counts on user profile page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Session View\u003C\u002Fstrong>: Click on any user’s session count to view comprehensive session details in a popup.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quick Access\u003C\u002Fstrong>: Click the session count on user profile page to open the same detailed session management popup.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Information\u003C\u002Fstrong>: See IP address, login date\u002Ftime, session expiry date\u002Ftime etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Individual Session Control\u003C\u002Fstrong>: Destroy specific sessions with a single-click logout options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Logout\u003C\u002Fstrong>: Quickly log out multiple users at once using the bulk action feature in the user listing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Session Management\u003C\u002Fstrong>: Select multiple sessions of a user and log them out simultaneously.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite Compatible\u003C\u002Fstrong>: The plugin is compatible with WordPress Multisite networks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Frontend Display With Shortcode\u003C\u002Fh4>\n\u003Cp>Display user sessions in a modern card-based layout on any page using the simple shortcode: \u003Ccode>[emsm_session_list]\u003C\u002Fcode>.\u003Cbr \u002F>\nThis will show the list of active sessions for the currently logged-in user only.\u003Cbr \u002F>\nThis is intended to help users control their own account security.\u003C\u002Fp>\n\u003Ch4>Shortcode Parameters\u003C\u002Fh4>\n\u003Cp>Customize the frontend session display using the following attributes within the \u003Ccode>[emsm_session_list]\u003C\u002Fcode> shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>fontawesome_enable\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Enables or disables FontAwesome icons.\u003Cbr \u002F>\nAccepted values: true or any other value (treated as false)\u003Cbr \u002F>\nDefault: true\u003C\u002Fp>\n\u003Cpre>\u003Ccode>fontawesome_version\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Specifies the major version of FontAwesome to load.\u003Cbr \u002F>\nAccepted values: Version string (e.g. 6.5.1)\u003Cbr \u002F>\nDefault: 7.0.0\u003C\u002Fp>\n\u003Cpre>\u003Ccode>fontawesome_cdn\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Provides the full URL to a custom FontAwesome CSS file.\u003Cbr \u002F>\nThis overrides the default FontAwesome source used by the plugin.\u003Cbr \u002F>\nAccepted values: Valid URL\u003Cbr \u002F>\nDefault: Plugin’s local asset path\u003C\u002Fp>\n\u003Cpre>\u003Ccode>limit\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Defines the maximum number of session cards to display on the frontend.\u003Cbr \u002F>\nAccepted values: Positive integer (e.g. 5, 20)\u003Cbr \u002F>\nDefault: 10\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important Note:\u003C\u002Fstrong> If you provide fontawesome_cdn, also set fontawesome_version for proper loading.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage Example:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[emsm_session_list limit=\"5\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Frontend Session Management\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Current Session Highlight\u003C\u002Fstrong>: The current active session always appears at the top of the list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Organized Display\u003C\u002Fstrong>: Sessions are ordered by login time (newest first).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Individual Logout\u003C\u002Fstrong>: Log out specific devices with “Log Out This Device” buttons on each session card.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Logout Option\u003C\u002Fstrong>: Use the “Log Out Everywhere Else” button to keep only your current session active.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Template Overrides\u003C\u002Fh4>\n\u003Cp>Developers can override the plugin’s frontend templates by placing custom template files in the active theme.\u003Cbr \u002F>\nThis allows for complete customization of the session list display without modifying the plugin’s core files.\u003C\u002Fp>\n\u003Ch4>How to Override Templates\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>In your active theme’s root directory, create a new folder called:\u003Cbr \u002F>\n   extendmate-session-manager\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Copy the template files you wish to customize from the plugin’s directory:\u003Cbr \u002F>\n   wp-content\u002Fplugins\u002Fextendmate-session-manager\u002Finc\u002Ftemplate\u002Ffrontend\u002F\u003Cbr \u002F>\nto your theme’s new directory:\u003Cbr \u002F>\n   wp-content\u002Fthemes\u002Fyour-theme\u002Fextendmate-session-manager\u002F\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Edit the copied template files in your theme directory. The plugin will automatically use these custom templates instead of the default ones.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Enabling Template Overrides\u003C\u002Fh4>\n\u003Cp>Template overrides are disabled by default. To enable this feature, use the following filter:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'emsm_enable_template_overrides', '__return_true' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch4>Admin Dashboard\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Navigate to Users > All Users to see the new “Sessions” column.\u003C\u002Fli>\n\u003Cli>Click on any session count to view detailed session information.\u003C\u002Fli>\n\u003Cli>Use bulk actions to log out multiple users at once.\u003C\u002Fli>\n\u003Cli>Visit individual user profiles to see session counts and manage sessions for specific users.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Frontend Display\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Add the shortcode \u003Ccode>[emsm_session_list]\u003C\u002Fcode> to any page where you want to display session information.\u003C\u002Fli>\n\u003Cli>Customize the display using the available shortcode attributes.\u003C\u002Fli>\n\u003Cli>Users can manage their own sessions directly from the frontend.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>For detailed technical information on action and filter hooks for developers, please see the complete \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fextendmate\u002Fwordpress-plugin-session-manager\u002Fblob\u002Fmain\u002Fdocs\u002Fhooks.md\" rel=\"nofollow ugc\">Hooks Reference\u003C\u002Fa>.\u003C\u002Fp>\n","Manage active sessions directly from admin dashboard or through frontend shortcodes.",103,"2026-03-15T01:52:00.000Z","6.0",[153,154,155,156,157],"active-sessions","force-logout","login-sessions","session-tracking","user-activity","https:\u002F\u002Fextendmate.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextendmate-session-manager.1.0.0.zip",{"attackSurface":161,"codeSignals":218,"taintFlows":232,"riskAssessment":233,"analyzedAt":242},{"hooks":162,"ajaxHandlers":214,"restRoutes":215,"shortcodes":216,"cronEvents":217,"entryPointCount":29,"unprotectedCount":29},[163,169,172,175,180,185,188,191,194,198,201,205,209],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","admin_init","init_freemius","includes\\class-addons.php",54,{"type":164,"name":165,"callback":170,"file":167,"line":171},"process_license",56,{"type":164,"name":165,"callback":173,"file":167,"line":174},"process_addons_refresh",58,{"type":176,"name":177,"callback":178,"file":167,"line":179},"filter","loggedin_admin_page_vars","admin_page_vars",60,{"type":164,"name":181,"callback":182,"file":183,"line":184},"admin_menu","register_menu","includes\\class-admin.php",38,{"type":164,"name":165,"callback":186,"file":183,"line":187},"register_settings",39,{"type":164,"name":165,"callback":189,"file":183,"line":190},"old_options_page",40,{"type":164,"name":165,"callback":192,"file":183,"line":193},"force_logout",43,{"type":164,"name":195,"callback":196,"file":183,"line":197},"admin_notices","review_notice",46,{"type":164,"name":165,"callback":199,"file":183,"line":200},"review_action",47,{"type":176,"name":202,"callback":203,"file":204,"line":187},"wp_authenticate_user","validate_block_logic","includes\\class-core.php",{"type":176,"name":206,"callback":207,"priority":131,"file":204,"line":208},"check_password","validate_allow_logic",41,{"type":164,"name":210,"callback":211,"file":212,"line":213},"plugins_loaded","anonymous","loggedin.php",81,[],[],[],[],{"dangerousFunctions":219,"sqlUsage":220,"outputEscaping":222,"fileOperations":29,"externalRequests":29,"nonceChecks":48,"capabilityChecks":48,"bundledLibraries":228},[],{"prepared":29,"raw":29,"locations":221},[],{"escaped":190,"rawEcho":28,"locations":223},[224],{"file":225,"line":226,"context":227},"app\\templates\\addons\\addon-card.php",75,"raw output",[229],{"name":230,"version":38,"knownCves":231},"Freemius",[],[],{"summary":234,"deductions":235},"The \"loggedin\" v2.0.4 plugin exhibits a generally good security posture based on the static analysis. The complete absence of identified entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. The code also demonstrates strong adherence to security best practices, with all SQL queries utilizing prepared statements and a very high percentage of output being properly escaped. The presence of nonce and capability checks further enhances its security by protecting against common web vulnerabilities. \n\nHowever, the plugin does have a history of vulnerabilities, specifically one medium-severity Cross-Site Scripting (XSS) vulnerability reported relatively recently. While this vulnerability is currently patched, it suggests that the plugin has had exploitable flaws in the past, indicating a potential for future issues if development practices are not consistently maintained at a high standard. The presence of the Freemius bundled library is noted but doesn't directly present a risk without further information on its specific version or known vulnerabilities. \n\nIn conclusion, the current version of the \"loggedin\" plugin appears secure based on the provided static analysis. The developers have implemented several key security features. The primary concern stems from the past vulnerability history, which warrants vigilance. A balance of strong current practices and awareness of past issues should guide its ongoing assessment.",[236,239],{"reason":237,"points":238},"Past medium severity XSS vulnerability",5,{"reason":240,"points":241},"Bundled Freemius library",2,"2026-03-16T17:56:05.500Z",{"wat":244,"direct":255},{"assetPaths":245,"generatorPatterns":249,"scriptPaths":250,"versionParams":251},[246,247,248],"\u002Fwp-content\u002Fplugins\u002Floggedin\u002Fassets\u002Fcss\u002Floggedin.css","\u002Fwp-content\u002Fplugins\u002Floggedin\u002Fassets\u002Fjs\u002Floggedin.js","\u002Fwp-content\u002Fplugins\u002Floggedin\u002Fassets\u002Fjs\u002Fadmin.js",[],[247,248],[252,253,254],"loggedin\u002Fassets\u002Fcss\u002Floggedin.css?ver=","loggedin\u002Fassets\u002Fjs\u002Floggedin.js?ver=","loggedin\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":256,"htmlComments":260,"htmlAttributes":264,"restEndpoints":267,"jsGlobals":268,"shortcodeOutput":270},[257,258,259],"loggedin-settings-page","loggedin-support-page","loggedin-addons-page",[261,262,263],"\u003C!-- Main plugin header. -->","\u003C!-- Info page template. -->","\u003C!-- Admin side functionality of the plugin. -->",[265,266],"data-loggedin-action","data-loggedin-user-id",[],[269],"loggedin_vars",[]]