[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUICRhD1HxTdP-d7JDIW_ootGT8-AKsZKBNSLYst7tWA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":14,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":133,"fingerprints":178},"login-monitor","Login Monitor","1.0.3","PRESSMAN","https:\u002F\u002Fprofiles.wordpress.org\u002Fpressmaninc\u002F","\u003Cp>Displays current logged in users in administration screens in real time.\u003C\u002Fp>\n","Displays current logged in users in administration screens in real time.",10,1303,0,"","5.2.24","4.9","7.1.24",[19,20,21,22],"login","pressman","user","users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-monitor.1.0.3.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":24,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"pressmaninc",20,90,30,87,"2026-04-04T23:07:38.934Z",[36,48,71,91,113],{"slug":37,"name":38,"version":39,"author":7,"author_profile":8,"description":40,"short_description":41,"active_installs":13,"downloaded":42,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":43,"requires_at_least":44,"requires_php":17,"tags":45,"homepage":14,"download_link":47,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"admin-user-control","Admin User Control","2.0.0","\u003Cp>This plugin adds a useful feature to the administration screen that allows administrators to control the users involved in their operations.\u003C\u002Fp>\n\u003Ch4>Notification function\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Administrators can post notifications for users.\u003C\u002Fli>\n\u003Cli>Notifications are listed on the dashboard.\u003C\u002Fli>\n\u003Cli>Users can mark each notification as read.\u003C\u002Fli>\n\u003Cli>A warning will appear in the toolbar for users with unread notifications.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Maintenance Notification Function\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Administrators can post maintenance announcements for users. At this time, you can register the start time and end time of the maintenance and the message to be displayed on the login screen during the maintenance.\u003C\u002Fli>\n\u003Cli>During a maintenance period, non-administrative users are forced to logout of the administration screen. Also they will not be able to login to the administration screen until the end of the maintenance period.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login user monitoring function\u003C\u002Fh4>\n\u003Cp>This feature is the successor to \u003Ca href=\"https:\u002F\u002Fwww.wordpress.org\u002Fplugins\u002Flogin-monitor\u002F\" rel=\"nofollow ugc\">Login Monitor\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The user who is currently logged in to the administration screen is displayed in real time in the toolbar.\u003C\u002Fli>\n\u003Cli>Clicking on a user in the list of users will take you to that user’s profile screen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Precautions\u003C\u002Fh3>\n\u003Cp>Internet Explorer is not supported.\u003C\u002Fp>\n","This plugin adds a useful feature to the administration screen that allows administrators to control the users involved in their operations.",1279,"5.6.17","5.4",[19,46,20,21,22],"logout","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-user-control.zip",{"slug":49,"name":50,"version":51,"author":52,"author_profile":53,"description":54,"short_description":55,"active_installs":56,"downloaded":57,"rating":24,"num_ratings":58,"last_updated":59,"tested_up_to":60,"requires_at_least":61,"requires_php":62,"tags":63,"homepage":66,"download_link":67,"security_score":24,"vuln_count":68,"unpatched_count":13,"last_vuln_date":69,"fetched_at":70},"disable-user-login","Disable User Login","1.3.12","Saint Systems","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaintsystems\u002F","\u003Cp>This plugin gives you the ability to disable specific user accounts via a profile setting.\u003C\u002Fp>\n\u003Cp>Once installed and activated, a checkbox appears on the user profile settings (only for admins). When checked, the user’s account will be disabled and they will be unable to login with the account. If they try to login, they are instantly logged out and redirected to the login page with a message that notifies them their account is disabled.\u003C\u002Fp>\n\u003Cp>This can be useful in a few situations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You want freelance writers to still show up in the authors box, but you don’t want them to be able to login.\u003C\u002Fli>\n\u003Cli>You have former employees who have authored posts and you don’t want to delete them or reassign their posts to other users, but still need them to show up in the “Authors box.”\u003C\u002Fli>\n\u003Cli>You are working on a site for a client who has an account, but do not want him to login and\u002For make changes during development.\u003C\u002Fli>\n\u003Cli>You have a client who has an unpaid invoice.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsaintsystems\u002Fdisable-user-login\u002F\" rel=\"nofollow ugc\">This plugin is on GitHub!\u003C\u002Fa>\u003C\u002Fstrong> Pull requests are welcome. If possible please report issues through Github.\u003C\u002Fp>\n","Provides the ability to disable user accounts and prevent them from logging in.",5000,60770,4,"2025-09-08T14:13:00.000Z","6.8.5","4.7.0","5.6",[64,65,19,21,22],"account","disable","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-user-login.1.3.12.zip",1,"2023-11-15 00:00:00","2026-03-15T15:16:48.613Z",{"slug":72,"name":73,"version":39,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":56,"downloaded":78,"rating":31,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":86,"download_link":87,"security_score":88,"vuln_count":89,"unpatched_count":13,"last_vuln_date":90,"fetched_at":70},"simple-login-log","Simple Login Log","Joris Le Blansch","https:\u002F\u002Fprofiles.wordpress.org\u002Fapiosys\u002F","\u003Cp>Simple log of user logins. Tracks user name, time of login, IP address and browser user agent.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>ability to filter by user name, successful\u002Ffailed logins, month and year;\u003C\u002Fli>\n\u003Cli>export into CSV file;\u003C\u002Fli>\n\u003Cli>log auto-truncation;\u003C\u002Fli>\n\u003Cli>option to record failed login attempts.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Translations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Persian [fa_IR] by \u003Ca href=\"http:\u002F\u002Ftaktaweb.ir\u002F\" rel=\"nofollow ugc\">MohammadHadi Nasiri\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German [de_DE] by Philipp Moore\u003C\u002Fli>\n\u003Cli>Russian [ru_RU]\u003C\u002Fli>\n\u003Cli>Ukrainian [ua_UA]\u003C\u002Fli>\n\u003Cli>Chinese [zh_CN] by \u003Ca href=\"http:\u002F\u002Fwww.mihuwa.com\u002F\" rel=\"nofollow ugc\">Mihuwa\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>French [fr_FR] by Mehdi Hamida\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Author: Max Chirkov\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Author: Joris Le Blansch\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>If you would like to contribute, the POT file is available in the \u003Cem>languages\u003C\u002Fem> folder. Translation file name convention is \u003Cem>sll-{locale}.mo\u003C\u002Fem>, where {locale} is the locale of your language. Fore example, Russian file name would be \u003Cem>sll-ru_RU.po\u003C\u002Fem>.\u003C\u002Fp>\n","This plugin keeps a log of WordPress user logins. Offers user and date filtering, and export features.",137544,27,"2025-12-31T17:24:00.000Z","6.9.4","6.5","8.2",[85,19,22],"log","https:\u002F\u002Fapio.systems","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-log.2.0.0.zip",89,3,"2025-08-17 00:00:00",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":60,"requires_at_least":44,"requires_php":104,"tags":105,"homepage":109,"download_link":110,"security_score":111,"vuln_count":68,"unpatched_count":68,"last_vuln_date":112,"fetched_at":70},"expire-users","Expire Users","1.2.2","Ben Huson","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusobj\u002F","\u003Cblockquote>\n\u003Cp>Important security update – if you are using version 0.2 or earlier please upgrade\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin allows you to set expiry dates for user logins. You can set a user to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never expire (default)\u003C\u002Fli>\n\u003Cli>Expire in X days, weeks, moths or years\u003C\u002Fli>\n\u003Cli>Expire on a specific date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a user expires you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the role of that user\u003C\u002Fli>\n\u003Cli>Replace the user’s password with a randomly generated one\u003C\u002Fli>\n\u003Cli>Send an email notification to the user\u003C\u002Fli>\n\u003Cli>Send an email notification to the site administrator\u003C\u002Fli>\n\u003Cli>Remove expiry details and allow user to continue to login\u003C\u002Fli>\n\u003Cli>Perform you own actions using an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\u002Fexpire_users_expired\" rel=\"nofollow ugc\">\u003Ccode>expire_users_expired\u003C\u002Fcode>\u003C\u002Fa> hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can automatically assign expiry details to users who sign up via the register form.\u003C\u002Fp>\n\u003Cp>The email notification messages can be configured in the admin settings.\u003C\u002Fp>\n\u003Cp>Please post in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpire-users\" rel=\"ugc\">support forum\u003C\u002Fa> if you have any questions, or refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fwiki\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">report bugs\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002Fissues\" rel=\"nofollow ugc\">submit translations\u003C\u002Fa> at the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbenhuson\u002Fexpire-users\u002F\" rel=\"nofollow ugc\">GitHub page\u003C\u002Fa>.\u003C\u002Fp>\n","Set expiry dates for user logins.",4000,53229,96,25,"2025-09-19T16:05:00.000Z","7.4",[106,19,107,108,22],"expire","password","roles","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexpire-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-users.1.2.2.zip",75,"2026-03-20 14:37:35",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":81,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":14,"download_link":132,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":70},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,84,5,"2026-02-17T09:27:00.000Z","4.0","8.1",[19,129,130,131,22],"membership","passwords","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",{"attackSurface":134,"codeSignals":162,"taintFlows":169,"riskAssessment":170,"analyzedAt":177},{"hooks":135,"ajaxHandlers":154,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":68,"unprotectedCount":68},[136,142,146,149],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","plugins_loaded","load_text_domain","login-monitor.php",35,{"type":137,"name":143,"callback":144,"file":140,"line":145},"wp_enqueue_scripts","enqueue",36,{"type":137,"name":147,"callback":144,"file":140,"line":148},"admin_enqueue_scripts",37,{"type":137,"name":150,"callback":151,"priority":152,"file":140,"line":153},"admin_bar_menu","add_lm_node",999,38,[155],{"action":4,"nopriv":156,"callback":157,"hasNonce":156,"hasCapCheck":156,"file":140,"line":158},false,"admin_ajax",39,[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":68,"bundledLibraries":168},[],{"prepared":68,"raw":13,"locations":165},[],{"escaped":13,"rawEcho":13,"locations":167},[],[],[],{"summary":171,"deductions":172},"The 'login-monitor' plugin v1.0.3 exhibits a mixed security posture.  On the positive side, its code analysis reveals no dangerous functions, all SQL queries use prepared statements, and outputs are properly escaped.  Furthermore, there is no recorded vulnerability history, suggesting a lack of publicly known exploits.  However, a significant concern arises from the single AJAX handler that lacks authentication checks. This creates a direct entry point for potential attackers to interact with the plugin without proper authorization, which could lead to unexpected behavior or exploitation depending on the functionality of that handler.\n\nThe taint analysis did not reveal any issues, which is a good sign.  However, the absence of nonce checks, while not directly flagged as a deduction due to the presence of a capability check (though the details of that check are not provided), is a common oversight that can sometimes accompany unprotected AJAX endpoints.  Given the sole unprotected entry point and the lack of any recorded vulnerabilities to learn from, the primary risk lies in the potential for an unauthenticated attacker to leverage this AJAX handler.  While no vulnerabilities have been reported, this unprotected endpoint represents a significant potential weakness that should be addressed.",[173,175],{"reason":174,"points":11},"AJAX handler without auth checks",{"reason":176,"points":124},"Missing nonce checks on AJAX","2026-03-16T23:32:10.907Z",{"wat":179,"direct":192},{"assetPaths":180,"generatorPatterns":185,"scriptPaths":186,"versionParams":187},[181,182,183,184],"\u002Fwp-content\u002Fplugins\u002Flogin-monitor\u002Fcss\u002Flogin-monitor.css","\u002Fwp-content\u002Fplugins\u002Flogin-monitor\u002Fcss\u002Flogin-monitor.min.css","\u002Fwp-content\u002Fplugins\u002Flogin-monitor\u002Fjs\u002Flogin-monitor.js","\u002Fwp-content\u002Fplugins\u002Flogin-monitor\u002Fjs\u002Flogin-monitor.min.js",[],[183,184],[188,189,190,191],"login-monitor.css?ver=","login-monitor.min.css?ver=","login-monitor.js?ver=","login-monitor.min.js?ver=",{"cssClasses":193,"htmlComments":198,"htmlAttributes":199,"restEndpoints":200,"jsGlobals":202,"shortcodeOutput":204},[194,195,196,197],"ab-icon","ab-label","lm-cnt","lm-list",[],[],[201],"\u002Fwp-json\u002Flogin-monitor\u002F",[203],"LOGIN_MONITOR_CONST",[]]