[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKy6xdwEjPv_9HawgmuVSE5J0vT6kxqz8tEEXSj2UPFc":3,"$fiDZd0nrRRj7VyGYZ-QEVNQscDhebY7zqaveIroEdQEk":231,"$fr1S4GwOPUcJPTATsy3SAFNg1XrM8Fe-5YogIG3yDFb4":236},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":38,"analysis":134,"fingerprints":206},"login-terms-acceptance","Login Terms Acceptance","1.2.4","XTND","https:\u002F\u002Fprofiles.wordpress.org\u002Fxtnd2030\u002F","\u003Cp>\u003Cstrong>Compatible with WordPress 6.7+ and PHP 8.3\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Restrict access for selected user roles unless they accept the Terms and Conditions. This plugin ensures users acknowledge and accept your terms before they can fully access the site.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Redirect users to the Terms and Conditions page upon login.\u003C\u002Fli>\n\u003Cli>Restrict access for selected user roles until the terms are accepted.\u003C\u002Fli>\n\u003Cli>Customizable Terms and Conditions content.\u003C\u002Fli>\n\u003Cli>Track which users have accepted the terms.\u003C\u002Fli>\n\u003Cli>New: Option to send a confirmation email after accepting the terms.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here is the basic setup->\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F1025425118\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cp>This plugin is available in the following languages:\u003Cbr \u002F>\n* English\u003Cbr \u002F>\n* German (Deutsch)\u003Cbr \u002F>\n* Italian (Italiano)\u003Cbr \u002F>\n* Spanish (Español)\u003Cbr \u002F>\n* Arabic (العربية)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the LICENSE file for more information.\u003C\u002Fp>\n","Restrict access for selected user roles unless they accept the Terms and Conditions. Ensure users accept your terms before accessing the site.",10,1056,100,1,"2025-07-14T12:56:00.000Z","6.8.5","5.0","7.2",[20,21,22,23,24],"access-control","compliance","login","terms-and-conditions","user-roles","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-terms-acceptance.1.2.4.zip",0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"xtnd2030",2,30,94,"2026-05-20T01:11:55.467Z",[39,58,76,94,115],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":13,"num_ratings":49,"last_updated":50,"tested_up_to":16,"requires_at_least":17,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"menu-by-user-roles","Menu By User Roles","2.0.4","kahnu044","https:\u002F\u002Fprofiles.wordpress.org\u002Fkahnu044\u002F","\u003Cp>Menu By User Roles is a WordPress plugin that allows you to control the visibility of menu items based on user roles. You can assign specific user roles to each menu item, ensuring that only users with those roles can see and access the corresponding links.\u003C\u002Fp>\n\u003Cp>For more information and usage instructions, visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkahnu044\u002Fmenu-by-user-roles\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support and inquiries, please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkahnu044\u002Fmenu-by-user-roles\u002Fissues\" rel=\"nofollow ugc\">open an issue on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL-2.0+ License. See \u003Ccode>LICENSE\u003C\u002Fcode> for more information.\u003C\u002Fp>\n\u003Ch3>Author\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkahnu044\" rel=\"nofollow ugc\">Kahnu Charan Swain\u003C\u002Fa>\u003C\u002Fp>\n","Menu By User Roles allows you to control the visibility of menu items based on user roles.",1000,8663,3,"2025-10-02T15:41:00.000Z","7.0",[20,53,54,55,24],"role-based-menus","site-navigation","tags-menu-visibility","https:\u002F\u002Fgithub.com\u002Fkahnu044\u002Fmenu-by-user-roles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmenu-by-user-roles.2.0.4.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":13,"num_ratings":49,"last_updated":68,"tested_up_to":69,"requires_at_least":17,"requires_php":70,"tags":71,"homepage":25,"download_link":75,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"easy-basic-authentication","Easy Basic Authentication – Add basic auth to site or admin area","3.9.1","Matteo Enna","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatteoenna\u002F","\u003Cp>The Easy Basic Authentication plugin provides a simple method to add basic authentication to your WordPress site. You can enable basic authentication for the entire site or only for the admin area by setting a custom username and password. Secure your site by restricting access only to authorized users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Try it on a free mock site: \u003Ca href=\"https:\u002F\u002Ftastewp.org\u002Fplugins\u002Feasy-basic-authentication\u002F\" rel=\"nofollow ugc\">click here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Simple Configuration:\u003C\u002Fstrong> With Easy Basic Authentication, you can easily set up basic authentication for your entire website or specifically for the admin area. Set a custom username and password to ensure secure access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Admin Area Protection:\u003C\u002Fstrong> If you wish to restrict access to your WordPress admin area, Easy Basic Authentication allows you to do so quickly and effectively. Only users with the correct credentials will be able to access this critical part of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Entire site protection:\u003C\u002Fstrong> If you wish, there is an option to extend the access limitation to the entire site and not just for your WordPress admin area, Easy Basic authentication allows you to do this quickly and effectively. Only users with the correct credentials will be able to access this critical part of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Access Logging:\u003C\u002Fstrong> The plugin keeps track of failed login attempts, helping you identify unauthorized access attempts. This is particularly useful for monitoring your site’s security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Access Log:\u003C\u002Fstrong> If you choose to enable this feature, Easy Basic Authentication allows you to log successful logins, providing a comprehensive overview of login activities on your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Easy Management:\u003C\u002Fstrong> The plugin’s intuitive interface makes it simple to manage basic authentication settings. You can easily enable or disable basic authentication and adjust credentials to suit your needs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Alert Functionality:\u003C\u002Fstrong> Easy Basic Authentication includes an email alert feature to notify you of unauthorized access attempts. You can receive email alerts when someone tries to access your site without proper credentials.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>White List Functionality:\u003C\u002Fstrong> Easy Basic Authentication now includes a White List feature, allowing you to specify trusted IP addresses exempt from basic authentication. Configure this list to grant immediate access to known users or systems without requiring credentials, enhancing convenience while maintaining security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Protect your WordPress site with basic authentication quickly and reliably. Easy Basic Authentication gives you control to ensure that only authorized users can access your online resources. Maintain your site’s security and prevent unwanted access today with Easy Basic Authentication.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Visit the plugin settings page to configure your desired basic authentication options.\u003C\u002Fli>\n\u003Cli>Choose whether to enable basic authentication for the entire site or just the admin area.\u003C\u002Fli>\n\u003Cli>Set a custom username and password for secure access.\u003C\u002Fli>\n\u003Cli>Monitor failed access attempts and access logs for added security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Troubleshooting: Resetting Basic Authentication\u003C\u002Fh3>\n\u003Cp>If you’re having trouble logging in due to the basic authentication, you can reset it and regain access by following these steps:\u003C\u002Fp>\n\u003Cp>1 \u003Cstrong>Connect to your website via FTP.\u003C\u002Fstrong>\u003Cbr \u002F>\n2 \u003Cstrong>Navigate to the plugin directory:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>wp-content\u002Fplugins\u002Feasy-basic-authentication\u002Fclass\u002F\u003C\u002Fpre>\n\u003Cp>3 \u003Cstrong>Locate the file:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>easy-basic-authentication-class.php\u003C\u002Fpre>\n\u003Cp>4 \u003Cstrong>Find the following line:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>add_action( 'init', array($this,'basic_auth_admin') );\u003C\u002Fpre>\n\u003Cp>5 \u003Cstrong>Comment out that line\u003C\u002Fstrong> by adding a \u003Ccode>#\u003C\u002Fcode> at the beginning:\u003C\u002Fp>\n\u003Cpre>#add_action( 'init', array($this,'basic_auth_admin') );\u003C\u002Fpre>\n\u003Cp>6 \u003Cstrong>Save the file\u003C\u002Fstrong> and re-upload it to your server.\u003C\u002Fp>\n\u003Cp>This will disable the basic authentication temporarily, allowing you to log in. Once logged in, you can adjust the plugin settings as needed.\u003C\u002Fp>\n\u003Cp>If you need further assistance, feel free to reach out.\u003C\u002Fp>\n\u003Ch3>GitHub Repository\u003C\u002Fh3>\n\u003Cp>You can find the source code and contribute to the project on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FEllusu\u002Feasy-basic-authentication\" rel=\"nofollow ugc\">Easy Basic Authentication on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Secure your WordPress site with easy and effective basic authentication. Restrict access, monitor attempts, and enhance security.",700,11542,"2025-12-03T06:03:00.000Z","6.9.4","7.2.5",[20,72,22,73,74],"authentication","security","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-basic-authentication.3.9.1.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":13,"downloaded":84,"rating":27,"num_ratings":27,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":25,"download_link":93,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"myasp-membership","MyASP MemberShip","1.0.6","myaspdev","https:\u002F\u002Fprofiles.wordpress.org\u002Fmyaspdev\u002F","\u003Cp>MyASP MemberShip Plugin is a membership site creation plug-in for \u003Ca href=\"https:\u002F\u002Fmyasp.jp\u002F\" rel=\"nofollow ugc\">MyASP\u003C\u002Fa> users.\u003C\u002Fp>\n\u003Cp>A subscription to \u003Ca href=\"https:\u002F\u002Fmyasp.jp\u002F\" rel=\"nofollow ugc\">MyASP\u003C\u002Fa> is required to use this plugin.\u003C\u002Fp>\n\u003Cp>User registration and management is done on MyASP side. (It is not stored in WordPress).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>What the plugin can do.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can create a membership site easily by using WordPress plugins and themes.\u003C\u002Fli>\n\u003Cli>You can manage public or members-only articles for each article.\u003C\u002Fli>\n\u003Cli>You can create paid articles by using MyASP’s payment functions (subscriptions, monthly billing, etc.)\u003C\u002Fli>\n\u003Cli>Use the MyASP registration form to register as a member\u003C\u002Fli>\n\u003Cli>You can create a page where only part of an article (the first half) is published and\u003Cbr \u002F>\nlogin is required to view the second half.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Handling of member information\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User registration and management is done on MyASP side. (It is not stored in WordPress).\u003C\u002Fli>\n\u003Cli>The configuration information of the article is sent to MyASP. \u003C\u002Fli>\n\u003Cli>This will be used to investigate any failures and to answer any questions about how to configure the settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Membership plugin for MyASP Users.",2078,"2025-06-11T02:33:00.000Z","6.7.5","5.9.4","7.3.33",[20,22,90,91,92],"member","membership","user-registration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmyasp-membership.1.0.6.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":16,"requires_at_least":107,"requires_php":25,"tags":108,"homepage":112,"download_link":113,"security_score":114,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"diarypress","DiaryPress","5.4","Tom","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomhowson\u002F","\u003Cp>DiaryPress is a plugin designed to allow your blog to operate like a private diary. It will ask you to login in order to see any of the content on the wordpress site. This is handy even if you keep a diary on a local web server such as WAMP as it protects your blog against nosey family and friends. Alternatively if you like to write your diary on the go and keep your diary on an internet accessible server the plugin is fully compatible with all WordPress for mobile applications such as WordPress for iPhone.  The plugin is also compatible with the native WordPress e-mail to blog feature.\u003C\u002Fp>\n\u003Cp>Key features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Keeps your blog private\u003C\u002Fli>\n\u003Cli>Works with Mars Edit 4 \u003C\u002Fli>\n\u003Cli>Works with all WordPress for mobile applications\u003C\u002Fli>\n\u003Cli>Works with the native e-mail to blog feature\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See installation tab for instructions on how to install.\u003C\u002Fp>\n","DiaryPress lets you keep a private diary.",70,7569,40,5,"2025-04-12T09:42:00.000Z","3.0",[20,109,22,110,111],"diary","private","private-diary","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdiarypress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdiarypress.zip",92,{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":35,"downloaded":123,"rating":13,"num_ratings":14,"last_updated":124,"tested_up_to":125,"requires_at_least":107,"requires_php":25,"tags":126,"homepage":131,"download_link":132,"security_score":133,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"single-sign-on-sso","Single Sign-On – Professional SSO solution for WordPress","2.1.2","Claude","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaudeschlesser\u002F","\u003Ch4>WordPress Single Sign-On\u003C\u002Fh4>\n\u003Cp>Single Sign-On for WordPress is a professional SSO extension that automatically creates accounts and signs users in as they browse between multiple and independent WordPress blogs in your network.\u003C\u002Fp>\n\u003Cp>Works across different and independent servers, domains and databases. Seamless transition for users from one website to another.\u003C\u002Fp>\n\u003Cp>\u003Cem>Please note that the central \u003Ca href=\"https:\u002F\u002Fwww.oneall.com\u002Fservices\u002Fcustomer-identity-management\u002Fsingle-sign-on\u002F\" rel=\"nofollow ugc\">SSO Server\u003C\u002Fa> is provided by the OneAll User Integration Platform and requires a plan that includes the SSO API.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advantages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Take away the need for your users to create new accounts or re-enter their authentication credentials when they switch from one of your blogs to another.\u003Cbr \u002F> \u003Cbr \u002F>\nReduce the user abandonment rates by making the transition from one domain to another as seamless as possible.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reduces user abandonment rates,\u003C\u002Fli>\n\u003Cli>Seamless transition for users from one blog to another,\u003C\u002Fli>\n\u003Cli>Installed in just a few minutes,\u003C\u002Fli>\n\u003Cli>No need to setup your own server,\u003C\u002Fli>\n\u003Cli>State-of-the-art security environment,\u003C\u002Fli>\n\u003Cli>100% compliant with all US & EU data protection laws,\u003C\u002Fli>\n\u003Cli>Works across different and independent domains or databases,\u003C\u002Fli>\n\u003Cli>Integrates with our turnkey plugins for \u003Ca href=\"https:\u002F\u002Fwww.opencart.com\u002Findex.php?route=marketplace\u002Fextension\u002Finfo&extension_id=32346\" rel=\"nofollow ugc\">OpenCart\u003C\u002Fa> and Magento,\u003C\u002Fli>\n\u003Cli>Integrates with any website using our \u003Ca href=\"https:\u002F\u002Fdocs.oneall.com\u002Fservices\u002Fimplementation-guide\u002Fsingle-sign-on\u002F\" rel=\"nofollow ugc\">SSO API\u003C\u002Fa>,\u003C\u002Fli>\n\u003Cli>Top-notch support and integration help.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>State-of-the-art security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Single Sign-On is powered by the \u003Ca href=\"https:\u002F\u002Fwww.oneall.com\" rel=\"nofollow ugc\">OneAll User Integration platform\u003C\u002Fa>, a state-of-the-art security environment that is 100% compliant with all US & EU data protection laws – including GDPR – and used by more than 300,000 websites worldwide – including small websites, growing startups and large corporate enterprises.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Works across different websites and platforms\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The extension is fully compatible with our other \u003Ca href=\"https:\u002F\u002Fdocs.oneall.com\u002Fplugins\u002F\" rel=\"nofollow ugc\">SSO plugins\u003C\u002Fa> like per example for OpenCart or Magento.\u003C\u002Fp>\n\u003Cp>Just install the extensions for WordPress and OpenCart or Magento and easily create a single sign-on network between multiple platforms.\u003C\u002Fp>\n\u003Cp>Optionally you can also use our \u003Ca href=\"https:\u002F\u002Fdocs.oneall.com\u002Fservices\u002Fimplementation-guide\u002Fsingle-sign-on\u002F\" rel=\"nofollow ugc\">SSO API\u003C\u002Fa> to create a single sign-on network between your WordPress and any other website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dedicated support team\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A dedicated support teams is there to assist you if you should have any questions or custom needs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Professionally developed and maintained\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Single Sign-On is maintained by \u003Ca href=\"https:\u002F\u002Fwww.oneall.com\" rel=\"nofollow ugc\">OneAll\u003C\u002Fa>, a technology company offering a set of web-delivered tools to simplify the user integration into business and personal websites and apps.\u003C\u002Fp>\n","Single Sign-On is a professional SSO extension that works accross different domains, servers and websites. Installed in just a few minutes.",21647,"2022-02-11T18:50:00.000Z","5.9.13",[20,127,128,129,130],"single-login","single-password","single-sign-on","sso","http:\u002F\u002Fwww.oneall.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsingle-sign-on-sso.2.1.2.zip",85,{"attackSurface":135,"codeSignals":191,"taintFlows":199,"riskAssessment":200,"analyzedAt":205},{"hooks":136,"ajaxHandlers":183,"restRoutes":184,"shortcodes":185,"cronEvents":190,"entryPointCount":14,"unprotectedCount":27},[137,143,147,151,155,159,163,166,169,172,175,180],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_menu","xlta_add_menu","app\u002Fclass-settings.php",47,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_enqueue_scripts","xlta_enqueue_admin_assets",48,{"type":138,"name":148,"callback":149,"file":141,"line":150},"wp_enqueue_scripts","xlta_enqueue_front_assets",49,{"type":138,"name":152,"callback":153,"file":141,"line":154},"init","xlta_create_terms_acceptance_page",50,{"type":138,"name":156,"callback":157,"priority":11,"file":141,"line":158},"wp_login","xlta_user_redirect_after_login",51,{"type":138,"name":160,"callback":161,"file":141,"line":162},"admin_init","xlta_restrict_access_based_on_terms",52,{"type":138,"name":164,"callback":161,"file":141,"line":165},"template_redirect",53,{"type":138,"name":160,"callback":167,"file":141,"line":168},"xlta_register_settings",54,{"type":138,"name":152,"callback":170,"file":141,"line":171},"xlta_terms_acceptance_actions",56,{"type":138,"name":160,"callback":173,"file":141,"line":174},"xlta_rating_notice",57,{"type":138,"name":176,"callback":177,"file":178,"line":179},"plugins_loaded","get_instance","login-terms-acceptance.php",36,{"type":138,"name":176,"callback":181,"file":178,"line":182},"closure",38,[],[],[186],{"tag":187,"callback":188,"file":141,"line":189},"xlta_terms_acceptance","xlta_terms_acceptance_form_shortcode",55,[],{"dangerousFunctions":192,"sqlUsage":193,"outputEscaping":195,"fileOperations":27,"externalRequests":27,"nonceChecks":197,"capabilityChecks":27,"bundledLibraries":198},[],{"prepared":27,"raw":27,"locations":194},[],{"escaped":133,"rawEcho":27,"locations":196},[],4,[],[],{"summary":201,"deductions":202},"The \"login-terms-acceptance\" plugin v1.2.4 demonstrates a strong security posture based on the provided static analysis.  There are no identified dangerous functions, all SQL queries utilize prepared statements, and 100% of output is properly escaped.  Furthermore, the absence of file operations and external HTTP requests reduces the attack surface significantly.  The presence of nonce checks and the lack of critical or high severity taint flows are positive indicators of secure coding practices.  The plugin also has no recorded vulnerabilities, which suggests a history of stability and potentially good maintenance.\n\nHowever, a notable absence of capability checks is a concern. While the plugin has a very small attack surface (only one shortcode and no unprotected AJAX handlers or REST API routes), the lack of explicit capability checks means that any user, regardless of their role or permissions, could potentially interact with the shortcode. This could lead to unintended behavior or even information disclosure if the shortcode's functionality is more complex than what is immediately apparent.  While the current data doesn't indicate a direct vulnerability, this is a common area for security weaknesses to emerge in WordPress plugins.\n\nIn conclusion, the plugin is well-built with many security best practices implemented. The use of prepared statements, output escaping, and the absence of known vulnerabilities are significant strengths. The primary area for improvement is the implementation of capability checks to ensure that only authorized users can interact with the plugin's features. This would further harden the plugin's security.",[203],{"reason":204,"points":105},"Missing capability checks","2026-04-16T12:05:48.924Z",{"wat":207,"direct":216},{"assetPaths":208,"generatorPatterns":211,"scriptPaths":212,"versionParams":213},[209,210],"\u002Fwp-content\u002Fplugins\u002Flogin-terms-acceptance\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Flogin-terms-acceptance\u002Fassets\u002Fcss\u002Fxlta-front.css",[],[],[214,215],"login-terms-acceptance\u002Fassets\u002Fcss\u002Fadmin.css?ver=","login-terms-acceptance\u002Fassets\u002Fcss\u002Fxlta-front.css?ver=",{"cssClasses":217,"htmlComments":222,"htmlAttributes":224,"restEndpoints":226,"jsGlobals":227,"shortcodeOutput":229},[218,219,220,221],"xlta-settings-wrapper","xlta-wrap","xlta-inner-wrap","xlta-terms-acceptance-form-container",[223],"\u003C!-- xlta_terms_acceptance_form_shortcode -->",[225],"data-xlta-terms-page-id",[],[228],"xlta_params",[230],"\u003Cdiv class=\"xlta-terms-acceptance-form-container\">",{"error":232,"url":233,"statusCode":234,"statusMessage":235,"message":235},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Flogin-terms-acceptance\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":237,"versions":238},8,[239,245,252,259,266,273,280,287],{"version":6,"download_url":26,"svn_tag_url":240,"released_at":28,"has_diff":241,"diff_files_changed":242,"diff_lines":28,"trac_diff_url":243,"vulnerabilities":244,"is_current":232},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-terms-acceptance\u002Ftags\u002F1.2.4\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flogin-terms-acceptance%2Ftags%2F1.2.3&new_path=%2Flogin-terms-acceptance%2Ftags%2F1.2.4",[],{"version":246,"download_url":247,"svn_tag_url":248,"released_at":28,"has_diff":241,"diff_files_changed":249,"diff_lines":28,"trac_diff_url":250,"vulnerabilities":251,"is_current":241},"1.2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-terms-acceptance.1.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-terms-acceptance\u002Ftags\u002F1.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flogin-terms-acceptance%2Ftags%2F1.2.2&new_path=%2Flogin-terms-acceptance%2Ftags%2F1.2.3",[],{"version":253,"download_url":254,"svn_tag_url":255,"released_at":28,"has_diff":241,"diff_files_changed":256,"diff_lines":28,"trac_diff_url":257,"vulnerabilities":258,"is_current":241},"1.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-terms-acceptance.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-terms-acceptance\u002Ftags\u002F1.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flogin-terms-acceptance%2Ftags%2F1.2.1&new_path=%2Flogin-terms-acceptance%2Ftags%2F1.2.2",[],{"version":260,"download_url":261,"svn_tag_url":262,"released_at":28,"has_diff":241,"diff_files_changed":263,"diff_lines":28,"trac_diff_url":264,"vulnerabilities":265,"is_current":241},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-terms-acceptance.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-terms-acceptance\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flogin-terms-acceptance%2Ftags%2F1.2.0&new_path=%2Flogin-terms-acceptance%2Ftags%2F1.2.1",[],{"version":267,"download_url":268,"svn_tag_url":269,"released_at":28,"has_diff":241,"diff_files_changed":270,"diff_lines":28,"trac_diff_url":271,"vulnerabilities":272,"is_current":241},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-terms-acceptance.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-terms-acceptance\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flogin-terms-acceptance%2Ftags%2F1.1.1&new_path=%2Flogin-terms-acceptance%2Ftags%2F1.2.0",[],{"version":274,"download_url":275,"svn_tag_url":276,"released_at":28,"has_diff":241,"diff_files_changed":277,"diff_lines":28,"trac_diff_url":278,"vulnerabilities":279,"is_current":241},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-terms-acceptance.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-terms-acceptance\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flogin-terms-acceptance%2Ftags%2F1.1.0&new_path=%2Flogin-terms-acceptance%2Ftags%2F1.1.1",[],{"version":281,"download_url":282,"svn_tag_url":283,"released_at":28,"has_diff":241,"diff_files_changed":284,"diff_lines":28,"trac_diff_url":285,"vulnerabilities":286,"is_current":241},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-terms-acceptance.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-terms-acceptance\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flogin-terms-acceptance%2Ftags%2F1.0.0&new_path=%2Flogin-terms-acceptance%2Ftags%2F1.1.0",[],{"version":288,"download_url":289,"svn_tag_url":290,"released_at":28,"has_diff":241,"diff_files_changed":291,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":292,"is_current":241},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-terms-acceptance.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-terms-acceptance\u002Ftags\u002F1.0.0\u002F",[],[]]