[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-mxBft7xFC8ceja8K4zuDcZf8iau7rHpdsPcmLUS9oM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":78,"fingerprints":296},"manage-user-access-permission","Manage User Access Permission","2.1.6","Net Tutorial","https:\u002F\u002Fprofiles.wordpress.org\u002Fmbmipak\u002F","\u003Cp>Plugin features :\u003Cbr \u002F>\nUser role management\u003Cbr \u002F>\nManaging access to menus in such a way that if the menu is not accessed, the screen will be locked\u003Cbr \u002F>\nPost type support\u003Cbr \u002F>\nSupport for plugins and template menus\u003Cbr \u002F>\ncompletely free\u003C\u002Fp>\n","User access permission management plugin by role",10,940,100,2,"2023-01-02T07:56:00.000Z","6.1.10","3.0.1","",[20,21,22,23,24],"access-permissions","manage-access","manage-user-access","manage-user-access-permissions","user-access-permissions","https:\u002F\u002Fmbmti.ir\u002Fmanage-user-access-permission-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanage-user-access-permission.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"mbmipak",20,30,84,"2026-04-04T03:56:54.422Z",[39,60,67],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":28,"num_ratings":28,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"download-monitor-restrict-content-integration","Download Monitor & Restrict Content integration","1.0.0","WP Chill","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchill\u002F","\u003Cp>With Download Monitor & Restrict Content integration you can allow only certain Restrict Content groups users to download from your website and set a maximum number of downloads based on their subscription duration.\u003C\u002Fp>\n","The WordPress gallery plugin that's highly customizable & you can use to impress your clients. Create beautiful image galleries in minutes.",200,4887,"2025-12-02T10:22:00.000Z","6.9.4","5.2","5.6",[54,55,56,22,57],"best-download-monitor-plugin","download-counts","manage-downloads-access","restrict-downloads","https:\u002F\u002Fwww.download-monitor.com\u002Fextensions\u002Fdlm-restrict-content-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-monitor-restrict-content-integration.1.0.0.zip",{"slug":61,"name":62,"version":42,"author":43,"author_profile":44,"description":63,"short_description":46,"active_installs":13,"downloaded":64,"rating":28,"num_ratings":28,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":65,"homepage":18,"download_link":66,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"download-monitor-paid-membership-pro-integration","Download Monitor & Paid Membership Pro integration","\u003Cp>With Download Monitor & Paid Membership Pro integration you can allow only certain Paid Membership Pro groups users to download from your website and set a maximum number of downloads based on their subscription duration.\u003C\u002Fp>\n",4467,[54,55,56,22,57],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-monitor-paid-membership-pro-integration.1.0.0.zip",{"slug":68,"name":69,"version":70,"author":43,"author_profile":44,"description":71,"short_description":46,"active_installs":72,"downloaded":73,"rating":28,"num_ratings":28,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":74,"homepage":76,"download_link":77,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"download-monitor-learndash-integration","Download Monitor & LearnDash integration","1.0.1","\u003Cp>With Download Monitor & LearnDash integration you can allow only certain LearnDash groups users to download from your website.\u003C\u002Fp>\n",60,2723,[54,55,75,56,22],"learndash-downloads","https:\u002F\u002Fwww.download-monitor.com\u002Fextensions\u002Fdlm-learndash-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-monitor-learndash-integration.1.0.1.zip",{"attackSurface":79,"codeSignals":129,"taintFlows":157,"riskAssessment":283,"analyzedAt":295},{"hooks":80,"ajaxHandlers":125,"restRoutes":126,"shortcodes":127,"cronEvents":128,"entryPointCount":28,"unprotectedCount":28},[81,87,90,94,98,102,105,109,114,118,123],{"type":82,"name":83,"callback":84,"file":85,"line":86},"action","admin_enqueue_scripts","styles","include\\core.php",11,{"type":82,"name":83,"callback":88,"file":85,"line":89},"scripts",12,{"type":82,"name":91,"callback":92,"file":85,"line":93},"admin_menu","menu",13,{"type":82,"name":95,"callback":96,"file":85,"line":97},"admin_init","permission",14,{"type":82,"name":99,"callback":100,"file":85,"line":101},"init","wpdocs_load_textdomain",15,{"type":82,"name":99,"callback":103,"file":85,"line":104},"permission_front",16,{"type":82,"name":106,"callback":107,"file":85,"line":108},"in_admin_header","remove_admin_notices",17,{"type":82,"name":110,"callback":111,"priority":112,"file":85,"line":113},"wp_dashboard_setup","remove_all_metaboxes",99,18,{"type":82,"name":115,"callback":116,"priority":112,"file":85,"line":117},"editable_roles","wpse32738_get_editable_roles",19,{"type":119,"name":120,"callback":121,"priority":11,"file":85,"line":122},"filter","post_row_actions","closure",365,{"type":119,"name":120,"callback":121,"priority":11,"file":85,"line":124},406,[],[],[],[],{"dangerousFunctions":130,"sqlUsage":131,"outputEscaping":133,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":156},[],{"prepared":28,"raw":28,"locations":132},[],{"escaped":134,"rawEcho":86,"locations":135},182,[136,140,141,142,144,146,147,148,149,151,154],{"file":137,"line":138,"context":139},"controller\\access.php",311,"raw output",{"file":137,"line":138,"context":139},{"file":137,"line":138,"context":139},{"file":137,"line":143,"context":139},322,{"file":137,"line":145,"context":139},333,{"file":137,"line":145,"context":139},{"file":137,"line":145,"context":139},{"file":137,"line":145,"context":139},{"file":137,"line":150,"context":139},340,{"file":152,"line":153,"context":139},"controller\\role.php",107,{"file":152,"line":155,"context":139},145,[],[158,193,209,223,244,265,275],{"entryPoint":159,"graph":160,"unsanitizedCount":14,"severity":192},"index (controller\\access.php:7)",{"nodes":161,"edges":186},[162,166,172,176,178,181],{"id":163,"type":164,"label":165,"file":137,"line":34},"n0","source","$_GET",{"id":167,"type":168,"label":169,"file":137,"line":170,"wp_function":171},"n1","sink","update_option() [Settings Manipulation]",38,"update_option",{"id":173,"type":164,"label":174,"file":137,"line":175},"n2","$_POST",37,{"id":177,"type":168,"label":169,"file":137,"line":170,"wp_function":171},"n3",{"id":179,"type":164,"label":180,"file":137,"line":34},"n4","$_GET (x3)",{"id":182,"type":168,"label":183,"file":137,"line":184,"wp_function":185},"n5","echo() [XSS]",114,"echo",[187,189,190],{"from":163,"to":167,"sanitized":188},false,{"from":173,"to":177,"sanitized":188},{"from":179,"to":182,"sanitized":191},true,"low",{"entryPoint":194,"graph":195,"unsanitizedCount":208,"severity":192},"AccessOtherRoles (controller\\access.php:163)",{"nodes":196,"edges":205},[197,199,201,203],{"id":163,"type":164,"label":165,"file":137,"line":198},172,{"id":167,"type":168,"label":169,"file":137,"line":200,"wp_function":171},183,{"id":173,"type":164,"label":202,"file":137,"line":198},"$_GET (x2)",{"id":177,"type":168,"label":183,"file":137,"line":204,"wp_function":185},191,[206,207],{"from":163,"to":167,"sanitized":188},{"from":173,"to":177,"sanitized":191},1,{"entryPoint":210,"graph":211,"unsanitizedCount":208,"severity":192},"cap (controller\\access.php:220)",{"nodes":212,"edges":220},[213,215,217,218],{"id":163,"type":164,"label":165,"file":137,"line":214},231,{"id":167,"type":168,"label":169,"file":137,"line":216,"wp_function":171},260,{"id":173,"type":164,"label":202,"file":137,"line":214},{"id":177,"type":168,"label":183,"file":137,"line":219,"wp_function":185},274,[221,222],{"from":163,"to":167,"sanitized":188},{"from":173,"to":177,"sanitized":191},{"entryPoint":224,"graph":225,"unsanitizedCount":14,"severity":192},"url (controller\\access.php:370)",{"nodes":226,"edges":240},[227,229,231,233,235,238],{"id":163,"type":164,"label":202,"file":137,"line":228},389,{"id":167,"type":168,"label":169,"file":137,"line":230,"wp_function":171},434,{"id":173,"type":164,"label":232,"file":137,"line":228},"$_GET (x5)",{"id":177,"type":168,"label":183,"file":137,"line":234,"wp_function":185},455,{"id":179,"type":164,"label":236,"file":137,"line":237},"$_POST (x3)",440,{"id":182,"type":168,"label":183,"file":137,"line":239,"wp_function":185},460,[241,242,243],{"from":163,"to":167,"sanitized":188},{"from":173,"to":177,"sanitized":191},{"from":179,"to":182,"sanitized":191},{"entryPoint":245,"graph":246,"unsanitizedCount":264,"severity":192},"\u003Caccess> (controller\\access.php:0)",{"nodes":247,"edges":259},[248,249,250,251,252,254,255,257],{"id":163,"type":164,"label":232,"file":137,"line":34},{"id":167,"type":168,"label":169,"file":137,"line":170,"wp_function":171},{"id":173,"type":164,"label":174,"file":137,"line":175},{"id":177,"type":168,"label":169,"file":137,"line":170,"wp_function":171},{"id":179,"type":164,"label":253,"file":137,"line":34},"$_GET (x12)",{"id":182,"type":168,"label":183,"file":137,"line":184,"wp_function":185},{"id":256,"type":164,"label":236,"file":137,"line":237},"n6",{"id":258,"type":168,"label":183,"file":137,"line":239,"wp_function":185},"n7",[260,261,262,263],{"from":163,"to":167,"sanitized":188},{"from":173,"to":177,"sanitized":188},{"from":179,"to":182,"sanitized":191},{"from":256,"to":258,"sanitized":191},6,{"entryPoint":266,"graph":267,"unsanitizedCount":28,"severity":192},"index (controller\\role.php:7)",{"nodes":268,"edges":273},[269,271],{"id":163,"type":164,"label":236,"file":152,"line":270},47,{"id":167,"type":168,"label":183,"file":152,"line":272,"wp_function":185},92,[274],{"from":163,"to":167,"sanitized":191},{"entryPoint":276,"graph":277,"unsanitizedCount":28,"severity":192},"\u003Crole> (controller\\role.php:0)",{"nodes":278,"edges":281},[279,280],{"id":163,"type":164,"label":236,"file":152,"line":270},{"id":167,"type":168,"label":183,"file":152,"line":272,"wp_function":185},[282],{"from":163,"to":167,"sanitized":191},{"summary":284,"deductions":285},"The \"manage-user-access-permission\" plugin v2.1.6 exhibits a generally strong security posture with no known historical vulnerabilities. The static analysis indicates a clean codebase with a complete absence of dangerous functions, file operations, and external HTTP requests. SQL queries are all properly prepared, and a high percentage of output is correctly escaped, minimizing the risk of cross-site scripting (XSS) vulnerabilities. The presence of capability checks is also a positive indicator of security awareness.\n\nHowever, the analysis does reveal some areas for concern. The taint analysis shows a notable number of flows with unsanitized paths (5 out of 7 analyzed), although these did not escalate to critical or high severity. This suggests a potential for vulnerabilities if the input data were to be processed in a more sensitive context or if the sanitization were less robust for certain data types. The complete lack of nonce checks and the limited number of capability checks (2) across the plugin's entry points, while currently not exploitable due to a zero attack surface, indicates a lack of defense-in-depth for future expansions or potential undiscovered entry points.\n\nIn conclusion, the plugin is well-written with a strong foundation. The absence of known vulnerabilities and the use of secure coding practices like prepared statements are commendable. The primary weaknesses lie in the potential for unsanitized paths in taint flows and the limited use of nonces and capability checks. While these do not present an immediate exploitable risk based on the current data, they represent areas that could be strengthened to further enhance the plugin's security.",[286,289,292],{"reason":287,"points":288},"Flows with unsanitized paths (5\u002F7)",8,{"reason":290,"points":291},"Limited capability checks (2)",3,{"reason":293,"points":294},"No nonce checks",5,"2026-03-17T00:39:47.766Z",{"wat":297,"direct":317},{"assetPaths":298,"generatorPatterns":306,"scriptPaths":307,"versionParams":312},[299,300,301,302,303,304,305],"\u002Fwp-content\u002Fplugins\u002Fmanage-user-access-permission\u002Fassets\u002Fcss\u002Ftree.css","\u002Fwp-content\u002Fplugins\u002Fmanage-user-access-permission\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fmanage-user-access-permission\u002Fassets\u002Fcss\u002Ftab.css","\u002Fwp-content\u002Fplugins\u002Fmanage-user-access-permission\u002Fassets\u002Fjs\u002Ftree.js","\u002Fwp-content\u002Fplugins\u002Fmanage-user-access-permission\u002Fassets\u002Fjs\u002Fadmin-tree.js","\u002Fwp-content\u002Fplugins\u002Fmanage-user-access-permission\u002Fassets\u002Fjs\u002Ftab.js","\u002Fwp-content\u002Fplugins\u002Fmanage-user-access-permission\u002Fassets\u002Fjs\u002Fadmin.js",[],[308,309,310,311],"assets\u002Fjs\u002Ftree.js","assets\u002Fjs\u002Fadmin-tree.js","assets\u002Fjs\u002Ftab.js","assets\u002Fjs\u002Fadmin.js",[313,314,315,316],"manage-user-access-permission\u002Fassets\u002Fcss\u002Fadmin.css?ver=","manage-user-access-permission\u002Fassets\u002Fcss\u002Ftab.css?ver=","manage-user-access-permission\u002Fassets\u002Fjs\u002Ftab.js?ver=","manage-user-access-permission\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":318,"htmlComments":320,"htmlAttributes":321,"restEndpoints":322,"jsGlobals":323,"shortcodeOutput":331},[319],"muap-styles-tree",[],[],[],[324,325,326,327,328,329,330],"MUAP_MPMTI_VERSION","MUAP_MPMTI_BASE","MUAP_MPMTI_URI","MUAP_MPMTI_FILE","MUAP_MPMTI_Include","MUAP_MPMTI_Controller","MUAP_MPMTI_Core",[]]