[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffyXgcIEkcKciJDt4zhUDYru0iVUNbf07ikH_v22PeJI":3,"$fZlRUe7RXNrxciETGPf8EPyBCwvPjprc8l8fBBQYHD-8":118,"$fkWb6O1RYr8h8XAEBDikE_NK0HEn3HnMeYZRfGiFOpbE":123},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":37,"analysis":38,"fingerprints":94},"mc-protected-page-upgrade","MC Protected Page Upgrade","2.5.4","Mike Hickcox","https:\u002F\u002Fprofiles.wordpress.org\u002Fmike-hickcox\u002F","\u003Cp>Set the time allowed before a password must be again entered for a password-protected post or page. Also, enhance the page password form.\u003Cbr \u002F>\nBy default, when you password-protect a page or post in WordPress, a user can get back into that page, without a password, for 10 days.\u003Cbr \u002F>\nWith this plugin, you can set your own duration, and allow for better protection of password-protected pages.\u003Cbr \u002F>\n* This plugin allows you to easily change the lifetime of that cookie.\u003Cbr \u002F>\n* Set it to any combination of hours, minutes, and seconds.\u003Cbr \u002F>\n* You can even set it for zero hours, zero minutes, and zero seconds, so users always must use the password to access the page.\u003Cbr \u002F>\n* The page password form is also enhanced for a better look in the website, and shows the user the length of time allowed before a password will again be required.\u003Cbr \u002F>\n* If you create pages with a builder, that system may overwrite the password page created by this plugin, but the times you set will still work on your website.\u003C\u002Fp>\n","Set the time allowed before a password must be again entered for a password-protected post or page. Also enhances the page password form.",10,1643,0,"2025-11-25T21:39:00.000Z","6.8.5","5.0","7.0",[19,20,21],"better-password-pages","custom-password-pages","page-password-duration","https:\u002F\u002Fhttps:\u002F\u002Fmid-coast.com\u002Fmc6397-protected-page-upgrade","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmc-protected-page-upgrade.2.5.4.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"mike-hickcox",6,240,99,30,93,"2026-05-20T04:00:05.753Z",[],{"attackSurface":39,"codeSignals":63,"taintFlows":83,"riskAssessment":84,"analyzedAt":93},{"hooks":40,"ajaxHandlers":59,"restRoutes":60,"shortcodes":61,"cronEvents":62,"entryPointCount":13,"unprotectedCount":13},[41,46,51,55],{"type":42,"name":43,"callback":44,"file":45,"line":31},"action","the_password_form","mc6397ppu_custom_password_form","inc\\mc6397ppu_update-form.php",{"type":42,"name":47,"callback":48,"file":49,"line":50},"wp","mc6397ppu_expire_password","mc-protected-page-upgrade.php",105,{"type":42,"name":52,"callback":53,"file":49,"line":54},"admin_menu","mc6397ppu_expire_plugin_menu",107,{"type":42,"name":56,"callback":57,"file":49,"line":58},"admin_init","register_mc6397_page_pwd_duration_setting",108,[],[],[],[],{"dangerousFunctions":64,"sqlUsage":65,"outputEscaping":67,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":82},[],{"prepared":13,"raw":13,"locations":66},[],{"escaped":68,"rawEcho":69,"locations":70},9,5,[71,74,76,78,80],{"file":45,"line":72,"context":73},20,"raw output",{"file":45,"line":75,"context":73},54,{"file":45,"line":77,"context":73},57,{"file":45,"line":79,"context":73},60,{"file":49,"line":81,"context":73},84,[],[],{"summary":85,"deductions":86},"The \"mc-protected-page-upgrade\" v2.5.4 plugin exhibits a generally good security posture based on the provided static analysis. The absence of any identified dangerous functions, SQL queries without prepared statements, file operations, external HTTP requests, and critical\u002Fhigh severity taint flows suggests a well-written and secure codebase. Furthermore, the plugin's vulnerability history is clean, with no recorded CVEs, which is a strong indicator of ongoing security diligence or a lack of past exploitable issues.\n\nHowever, a significant concern arises from the complete lack of nonces and capability checks across all identified entry points (even though there are currently zero). This absence, while not currently exploitable due to the zero entry points, represents a fundamental security oversight. Should any AJAX handlers, REST API routes, or shortcodes be introduced in future versions or through configuration without proper authentication and authorization checks, they would be immediately vulnerable to various attacks, such as unauthorized actions or data manipulation.\n\nIn conclusion, while the current version of \"mc-protected-page-upgrade\" appears secure due to its minimal attack surface and clean history, the lack of built-in security mechanisms like nonces and capability checks on potential entry points is a notable weakness. This indicates a potential future risk if the plugin's functionality expands or if its configuration allows for new interaction points without explicit security measures.",[87,89,91],{"reason":88,"points":11},"No nonce checks implemented",{"reason":90,"points":11},"No capability checks implemented",{"reason":92,"points":69},"Escaping issues in output (36% unescaped)","2026-03-16T23:45:51.710Z",{"wat":95,"direct":101},{"assetPaths":96,"generatorPatterns":98,"scriptPaths":99,"versionParams":100},[97],"\u002Fwp-content\u002Fplugins\u002Fmc-protected-page-upgrade\u002Fassets\u002FMC-PPU-Head.jpg",[],[],[],{"cssClasses":102,"htmlComments":104,"htmlAttributes":105,"restEndpoints":112,"jsGlobals":113,"shortcodeOutput":114},[103],"bootstrap-wrapper",[],[106,107,108,109,110,111],"id=\"mc6397ppu_duration_hours\"","id=\"mc6397ppu_duration_minutes\"","id=\"mc6397ppu_duration_seconds\"","name=\"mc6397ppu_duration_hours\"","name=\"mc6397ppu_duration_minutes\"","name=\"mc6397ppu_duration_seconds\"",[],[],[115,116,117],"\u003Cimg src=\"","assets\u002FMC-PPU-Head.jpg\">","\u003Ch3>These settings determine when a user must again enter the password to access a password-protected post or page on this website. Note: The password itself is set by going to Dashboard \u002F Pages \u002F All Pages \u002F Find the page you want and use the dropdown for Quick Edit \u002F Enter what you want in the Password field. \u003C\u002Fh3>\u003Cstrong>Enter any combination of hours, minutes, and seconds to set access time.\u003Cbr>Leave all fields empty (zero) to require users to always enter the password.\u003C\u002Fstrong>",{"error":119,"url":120,"statusCode":121,"statusMessage":122,"message":122},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmc-protected-page-upgrade\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":124,"versions":125},4,[126,132,139,146],{"version":6,"download_url":23,"svn_tag_url":127,"released_at":25,"has_diff":128,"diff_files_changed":129,"diff_lines":25,"trac_diff_url":130,"vulnerabilities":131,"is_current":119},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmc-protected-page-upgrade\u002Ftags\u002F2.5.4\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmc-protected-page-upgrade%2Ftags%2F2.5.3&new_path=%2Fmc-protected-page-upgrade%2Ftags%2F2.5.4",[],{"version":133,"download_url":134,"svn_tag_url":135,"released_at":25,"has_diff":128,"diff_files_changed":136,"diff_lines":25,"trac_diff_url":137,"vulnerabilities":138,"is_current":128},"2.5.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmc-protected-page-upgrade.2.5.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmc-protected-page-upgrade\u002Ftags\u002F2.5.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmc-protected-page-upgrade%2Ftags%2F2.5.2&new_path=%2Fmc-protected-page-upgrade%2Ftags%2F2.5.3",[],{"version":140,"download_url":141,"svn_tag_url":142,"released_at":25,"has_diff":128,"diff_files_changed":143,"diff_lines":25,"trac_diff_url":144,"vulnerabilities":145,"is_current":128},"2.5.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmc-protected-page-upgrade.2.5.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmc-protected-page-upgrade\u002Ftags\u002F2.5.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmc-protected-page-upgrade%2Ftags%2F2.5.1&new_path=%2Fmc-protected-page-upgrade%2Ftags%2F2.5.2",[],{"version":147,"download_url":148,"svn_tag_url":149,"released_at":25,"has_diff":128,"diff_files_changed":150,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":151,"is_current":128},"2.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmc-protected-page-upgrade.2.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmc-protected-page-upgrade\u002Ftags\u002F2.5.1\u002F",[],[]]