[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjugyF6M0pXeJf5F9d8RUw_GPJqnepmhomW5DWn4kbiU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":136,"fingerprints":240},"modal-register","Register Modal","1.0","kureikain","https:\u002F\u002Fprofiles.wordpress.org\u002Fkureikain\u002F","\u003Cp>Register Modal provides a modal Ajax-ify box to register for WordPress! Pretty thing about it is\u003Cbr \u002F>\nit alow you to set custom password, and it have built-in captcha as well! It’s fully Ajax! User\u003Cbr \u002F>\nclick register link, pop-up open! User fill in, waiting and voila, he can login instantly (if you turn off\u003Cbr \u002F>\nactive feature for new user)\u003C\u002Fp>\n","Register Modal provides a modal Ajax-ify box to register for WordPress!",10,12725,0,"2010-10-14T07:51:00.000Z","3.0.5","2.2.0","",[19,20,21,22,23],"admin","ajax","custom-register-password","login","modal","http:\u002F\u002Faxcoto.com\u002Fblog\u002Farticle\u002F282","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmodal-register.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T04:19:16.670Z",[36,55,77,96,113],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":53,"download_link":54,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simplemodal-login","SimpleModal Login","1.1","Eric","https:\u002F\u002Fprofiles.wordpress.org\u002Femartin24\u002F","\u003Cp>\u003Cstrong>SimpleModal Login 1.0 now includes a user registration and password reset feature!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SimpleModal Login provides a modal Ajax login, registration and password reset feature for WordPress and utilizes jQuery and the SimpleModal jQuery plugin.\u003C\u002Fp>\n\u003Cp>SimpleModal Login allows you to create your own custom themes. See the FAQ for details.\u003C\u002Fp>\n\u003Cp>Translations: https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimplemodal-login\u002FI18n (check the version number for the correct file)\u003C\u002Fp>\n","SimpleModal Login provides a modal Ajax login, registration, and password reset feature for WordPress which utilizes jQuery and the SimpleModal jQuery",800,187883,80,33,"2017-11-28T19:50:00.000Z","4.0.38","2.5.0",[19,20,22,23,52],"password","http:\u002F\u002Fwww.studiofuel.com\u002Fsimplemodal-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimplemodal-login.1.1.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":17,"tags":70,"homepage":73,"download_link":74,"security_score":75,"vuln_count":31,"unpatched_count":31,"last_vuln_date":76,"fetched_at":28},"ultimate-ajax-login","Ultimate AJAX Login","1.2.1","Samer Bechara","https:\u002F\u002Fprofiles.wordpress.org\u002Farbet01\u002F","\u003Cp>After testing all of the AJAX plugins in the WordPress repository, I got frustrated. They’re all great, but it seems that they’re like 90% complete. They still need polishing.  This is why I decided to create this plugin\u003C\u002Fp>\n\u003Cp>How is this plugin different:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Three different templates to choose from: Modal login form, Classic login form and popup login form (jQuery UI based)\u003C\u002Fli>\n\u003Cli>24 themes to choose from (jQuery UI based)  \u003C\u002Fli>\n\u003Cli>Fully customizable: Just copy the template you’re using from \u002Ftemplates\u002F directory in the plugin to the “ultimate_ajax_login” directory in your theme, and modify as you need to.\u003C\u002Fli>\n\u003Cli>After a user is logged in, nothing shows up. I found this pretty frustrating with other plugins, there was no way to hide things.\u003C\u002Fli>\n\u003Cli>If you need to show anything after a user logs in, just copy the template widget-logged-in.php to your ultimate_ajax_login folder and add whatever you need. You can call any WP function from there.\u003C\u002Fli>\n\u003Cli>Has three templates, one an AJAX-based classic login form, and the other is a jQuery UI dialog box (Tested and works on mobile), and the third one is a popmodal dialog box\u003C\u002Fli>\n\u003Cli>Blocks the login form whenever a user is being logged in.\u003C\u002Fli>\n\u003Cli>Allows you to specify a global login redirect URL in your settings page, which applies to all of your widgets.\u003C\u002Fli>\n\u003Cli>Login redirect URL can be overridden on a per-widget basis from the widget options page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Shortcode Usage\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Instead of using the widget, you can insert the shortcode inside any post. If you’re a theme developer, you can use it with the do_shortcode() function. Here are the varius option\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using with classic template and no redirect url specified: \u003Cem>[ultimate_ajax_login]\u003C\u002Fem> \u003C\u002Fli>\n\u003Cli>Using the dialog box template: \u003Cem>[ultimate_ajax_login template=’dialog’]\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Using the dialog box template and a jquery theme: \u003Cem>[ultimate_ajax_login template=’dialog’ theme=’cupertino’]\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n","Very flexible and easy to use AJAX Login plugin with redirects, customizable templates...",100,14301,90,2,"2015-01-15T09:48:00.000Z","4.1.42","3.1",[19,20,71,22,72],"ajax-login","multi-site","http:\u002F\u002Fthoughtengineer.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-ajax-login.1.2.1.zip",63,"2025-09-05 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":17,"tags":89,"homepage":94,"download_link":95,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"els-ajax-login","Ajax Login","1.0.1","sagormax","https:\u002F\u002Fprofiles.wordpress.org\u002Fsagortouch\u002F","\u003Cp>Ajax Login demo: http:\u002F\u002Fpmzez.com\u002Fplugins\u002Fajax-login\u003C\u002Fp>\n\u003Cp>Go to “Ajax Login Menu to Find shortcode OR Appearance to Widgets and find els Ajax Login”\u003C\u002Fp>\n\u003Cp>Plugin Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Click to Loading a progress bar and redirect to admin page.\u003C\u002Fli>\n\u003Cli>Enable ajax login in wp-login.php page.\u003C\u002Fli>\n\u003Cli>Add ajax login widget. \u003C\u002Fli>\n\u003Cli>Ajax’y applications. \u003C\u002Fli>\n\u003Cli>Added WP Security. \u003C\u002Fli>\n\u003Cli>Form class name customizable. \u003C\u002Fli>\n\u003Cli>Dynamically call jQuery Library.\u003C\u002Fli>\n\u003Cli>Fully Responsive. \u003C\u002Fli>\n\u003Cli>Mobile supported. \u003C\u002Fli>\n\u003Cli>Very Lightweight.\u003Cbr \u002F>\n& many More\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Youtube :\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.youtube.com\u002Fwatch?v=jEQ9w76rJk8\u003C\u002Fp>\n\u003Cp>Live Preview: http:\u002F\u002Fpmzez.com\u002Fplugins\u002Fajax-login\u003C\u002Fp>\n","Ajax Login is a sample login interface that you login your admin panel by using ajax.",3227,"2015-10-22T20:40:00.000Z","4.3.34","4.0",[90,71,91,92,93],"admin-login","ajax-admin-login","page-login","sidebar-ajax-login","http:\u002F\u002Fwww.easyloopsoft.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fels-ajax-login.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":13,"downloaded":104,"rating":63,"num_ratings":31,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":17,"download_link":112,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"loginregistration-form","EasySecure LoginRegistration Form – Inline & Modal Popup","1.1.2","imminentsoftwares","https:\u002F\u002Fprofiles.wordpress.org\u002Fimminentsoftware\u002F","\u003Cp>\u003Cstrong>EasySecure LoginRegistration Form – Inline & Modal Popup\u003C\u002Fstrong> is a modern, lightweight, and security-focused WordPress authentication plugin that allows users to log in, register, and reset passwords directly from the frontend using AJAX — without page reloads.\u003C\u002Fp>\n\u003Cp>Designed for performance and usability, the plugin supports both inline forms via shortcode and modal popup login triggers. It includes advanced security features like \u003Cstrong>Google reCAPTCHA v3\u003C\u002Fstrong> and \u003Cstrong>mandatory email verification\u003C\u002Fstrong>, ensuring only verified users can access your website.\u003C\u002Fp>\n\u003Cp>With customizable fields, email templates, redirection settings, and flexible design options, EasySecure helps you create a seamless and professional login experience on any WordPress site.\u003C\u002Fp>\n\u003Cp>Perfect for membership sites, business websites, communities, and eCommerce platforms.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>AJAX-based login, registration, and password reset  \u003C\u002Fli>\n\u003Cli>Inline form shortcode & modal popup trigger  \u003C\u002Fli>\n\u003Cli>Mandatory email verification (admin and user controlled)  \u003C\u002Fli>\n\u003Cli>Custom registration fields (text, number, email, dropdown, checkbox)  \u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3 integration for spam protection  \u003C\u002Fli>\n\u003Cli>Fully customizable email notifications  \u003C\u002Fli>\n\u003Cli>Redirect control after login, logout, and registration  \u003C\u002Fli>\n\u003Cli>Option to change the form’s primary theme color  \u003C\u002Fli>\n\u003Cli>Tab display type selector (icons or text for Login\u002FRegister tabs)  \u003C\u002Fli>\n\u003Cli>Custom logo upload for branded authentication forms  \u003C\u002Fli>\n\u003Cli>Fully responsive, mobile-friendly design  \u003C\u002Fli>\n\u003Cli>Compatible with any WordPress theme  \u003C\u002Fli>\n\u003Cli>Lightweight, fast, and built for performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong> to detect and prevent spam and automated abuse.\u003Cbr \u002F>\nThe user’s reCAPTCHA token is securely sent to Google for verification.\u003C\u002Fp>\n\u003Cp>Service Provider: Google\u003Cbr \u002F>\nTerms of Service: https:\u002F\u002Fpolicies.google.com\u002Fterms\u003Cbr \u002F>\nPrivacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n","Secure AJAX Login & Registration Plugin with Email Verification, Custom Fields, Modal Popup, Google reCAPTCHA, and Full Redirection Control.",579,"2026-02-10T08:14:00.000Z","6.9.4","6.0","8.0",[20,22,110,23,111],"lost-password","registration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginregistration-form.1.1.2.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":106,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":131,"download_link":132,"security_score":133,"vuln_count":134,"unpatched_count":13,"last_vuln_date":135,"fetched_at":28},"loginizer","Loginizer","2.0.6","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.\u003C\u002Fp>\n\u003Cp>Loginizer is actively used by more than 1000000+ WordPress websites.\u003C\u002Fp>\n\u003Cp>You can find our official documentation at \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.com\u002Fdocs\u003C\u002Fa>. We are also active in our community support forums on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Floginizer\" rel=\"ugc\">wordpress.org\u003C\u002Fa> if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Floginizer.deskuss.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.deskuss.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection. IPs trying to brute force your website will be blocked for 15 minutes after 3 failed login attempts. After multiple lockouts the IP is blocked for 24 hours. This is the default configuration and can be changed from Loginizer -> Brute force page in WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Failed login attempts logs.\u003C\u002Fli>\n\u003Cli>Blacklist IPs\u003C\u002Fli>\n\u003Cli>Whitelist IPs\u003C\u002Fli>\n\u003Cli>Custom error messages on failed login.\u003C\u002Fli>\n\u003Cli>Permission check for important files and folders.\u003C\u002Fli>\n\u003Cli>Allow only Trusted IP.\u003C\u002Fli>\n\u003Cli>Blocked Screen in place of the Login page.\u003C\u002Fli>\n\u003Cli>Email Notification on successful login.\u003C\u002Fli>\n\u003Cli>Let users login with LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Support and Pro Features\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fpricing\" rel=\"nofollow ugc\">Loginizer-Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Pro Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MD5 Checksum – of Core WordPress Files. The admin can check and ignore files as well.\u003C\u002Fli>\n\u003Cli>PasswordLess Login – At the time of Login, the username \u002F email address will be asked and an email will be sent to the email address of that account with a temporary link to login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via Email – On login, an email will be sent to the email address of that account with a temporary 6 digit code to complete the login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via App – The user can configure the account with a 2FA App like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Login Challenge Question – The user can setup a Challenge Question and Answer as an additional security layer. After Login, the user will need to answer the question to complete the login.\u003C\u002Fli>\n\u003Cli>reCAPTCHA – Google’s reCAPTCHA v3\u002Fv2, Cloudflare Turnstile, hCAPTCHA can be configured for the Login screen, Comments Section, Registration Form, etc. to prevent automated brute force attacks. Supports WooCommerce as well.\u003C\u002Fli>\n\u003Cli>Rename Login Page – The Admin can rename the login URL (slug) to something different from wp-login.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename WP-Admin URL – The Admin area in WordPress is accessed via wp-admin. With loginizer you can change it to anything e.g. site-admin\u003C\u002Fli>\n\u003Cli>CSRF Protection – This helps in preventing CSRF attacks as it updates the admin URL with a session string which makes it difficult and nearly impossible for the attacker to predict the URL.\u003C\u002Fli>\n\u003Cli>Rename Login with Secrecy – If set, then all Login URL’s will still point to wp-login.php and users will have to access the New Login Slug by typing it in the browser.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC – An option to simply disable XML-RPC in WordPress. Most of the WordPress users don’t need XML-RPC and can disable it to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename XML-RPC – The Admin can rename the XML-RPC to something different from xmlrpc.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Username Auto Blacklist – Attackers generally use common usernames like admin, administrator, or variations of your domain name \u002F business name. You can specify such username here and Loginizer will auto-blacklist the IP Address(s) of clients who try to use such username(s).\u003C\u002Fli>\n\u003Cli>New Registration Domain Blacklist – If you would like to ban new registrations from a particular domain, you can use this utility to do so.\u003C\u002Fli>\n\u003Cli>Change the Admin Username – The Admin can rename the admin username to something more difficult.\u003C\u002Fli>\n\u003Cli>Auto Blacklist IPs – IPs will be auto blacklisted, if certain usernames saved by the Admin are used to login by malicious bots \u002F users.\u003C\u002Fli>\n\u003Cli>Disable Pingbacks – Simple way to disable PingBacks.\u003C\u002Fli>\n\u003Cli>SSO – Single Sign-on, let any user access to your WordPress Dashboard without the need to share username or password.\u003C\u002Fli>\n\u003Cli>Limit Concurrent Logins – It prevents user to login from different devices concurrently, you can define how many devices you want to allow, and how you want to restrict the user when concurrent limit is reached.\u003C\u002Fli>\n\u003Cli>Social Login – Users can login or register with their Google, Github, Facebook, X (Twitter), Discord, Twitch, LinkedIn, Microsoft with support for WooCommerce and Ultimate Member.\u003C\u002Fli>\n\u003Cli>Key Less Social Login – Use Loginizer’s Social Auth for easy key less Social login configuration, now supports Google, GitHub, X, LinkedIn more to be added later\u003C\u002Fli>\n\u003Cli>Country Blocking – Block IPs from specific countries to restrict access to your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features in Loginizer include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocks IP after maximum retries allowed\u003C\u002Fli>\n\u003Cli>Extended Lockout after maximum lockouts allowed\u003C\u002Fli>\n\u003Cli>Email notification to admin after max lockouts\u003C\u002Fli>\n\u003Cli>Blacklist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Whitelist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Check logs of failed attempts\u003C\u002Fli>\n\u003Cli>Create IP ranges\u003C\u002Fli>\n\u003Cli>Delete IP ranges\u003C\u002Fli>\n\u003Cli>Licensed under LGPLv2.1\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003C\u002Ful>\n","Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.",1000000,29791210,96,1020,"2026-03-02T12:38:00.000Z","3.0","5.5",[129,19,22,114,130],"access","security","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Floginizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginizer.2.0.6.zip",87,8,"2024-11-04 00:00:00",{"attackSurface":137,"codeSignals":180,"taintFlows":200,"riskAssessment":227,"analyzedAt":239},{"hooks":138,"ajaxHandlers":169,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":66,"unprotectedCount":66},[139,145,150,154,158,162,166],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_menu","admin_menu_link","modal-register.php",68,{"type":146,"name":147,"callback":148,"file":143,"line":149},"filter","register","registerLink",71,{"type":140,"name":151,"callback":152,"file":143,"line":153},"wp_head","header",72,{"type":140,"name":155,"callback":156,"file":143,"line":157},"wp_footer","footer",73,{"type":140,"name":159,"callback":160,"file":143,"line":161},"wp_print_styles","css",74,{"type":140,"name":163,"callback":164,"file":143,"line":165},"wp_print_scripts","js",75,{"type":140,"name":167,"callback":167,"file":143,"line":168},"init",78,[170,174],{"action":171,"nopriv":172,"callback":173,"hasNonce":172,"hasCapCheck":172,"file":143,"line":46},"modal_register",false,"doUserAjax",{"action":171,"nopriv":175,"callback":173,"hasNonce":172,"hasCapCheck":172,"file":143,"line":176},true,81,[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":184,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":199},[],{"prepared":13,"raw":13,"locations":183},[],{"escaped":13,"rawEcho":185,"locations":186},6,[187,190,192,194,197,198],{"file":143,"line":188,"context":189},109,"raw output",{"file":143,"line":191,"context":189},168,{"file":143,"line":193,"context":189},177,{"file":195,"line":196,"context":189},"templates\\register.php",28,{"file":195,"line":196,"context":189},{"file":195,"line":196,"context":189},[],[201,218],{"entryPoint":202,"graph":203,"unsanitizedCount":31,"severity":217},"doUserAjax (modal-register.php:162)",{"nodes":204,"edges":215},[205,210],{"id":206,"type":207,"label":208,"file":143,"line":209},"n0","source","$_POST",173,{"id":211,"type":212,"label":213,"file":143,"line":193,"wp_function":214},"n1","sink","echo() [XSS]","echo",[216],{"from":206,"to":211,"sanitized":172},"medium",{"entryPoint":219,"graph":220,"unsanitizedCount":31,"severity":226},"\u003Cmodal-register> (modal-register.php:0)",{"nodes":221,"edges":224},[222,223],{"id":206,"type":207,"label":208,"file":143,"line":209},{"id":211,"type":212,"label":213,"file":143,"line":193,"wp_function":214},[225],{"from":206,"to":211,"sanitized":172},"low",{"summary":228,"deductions":229},"The plugin \"modal-register\" v1.0 exhibits several significant security concerns despite having no recorded vulnerability history. The most prominent issue is the presence of two AJAX handlers that lack any authentication or capability checks. This creates a substantial attack surface, allowing unauthenticated users to potentially interact with critical plugin functionality.  Furthermore, the code analysis reveals a complete lack of output escaping for all identified outputs. This is a critical weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities if any user-supplied data is processed and displayed without proper sanitization.\n\nWhile the plugin does not appear to use dangerous functions, perform file operations, or make external HTTP requests, and its SQL queries are properly prepared, these positive aspects are overshadowed by the critical vulnerabilities identified. The absence of nonces and capability checks on the AJAX endpoints, coupled with the unescaped output, presents a clear risk of unauthorized actions and code injection. The lack of historical vulnerabilities might suggest either a lack of widespread use, thorough auditing, or simply that these specific vulnerabilities have not been discovered or exploited yet. Overall, the plugin's security posture is weak due to fundamental flaws in handling user input and controlling access to its functionalities.",[230,232,234,237],{"reason":231,"points":11},"AJAX handlers without auth checks",{"reason":233,"points":134},"All outputs unescaped",{"reason":235,"points":236},"No nonce checks on AJAX",7,{"reason":238,"points":236},"No capability checks on AJAX","2026-03-17T01:27:29.110Z",{"wat":241,"direct":250},{"assetPaths":242,"generatorPatterns":245,"scriptPaths":246,"versionParams":247},[243,244],"\u002Fwp-content\u002Fplugins\u002Fmodal-register\u002Fassets\u002Fcss\u002Fdefault.css","\u002Fwp-content\u002Fplugins\u002Fmodal-register\u002Fassets\u002Fjs\u002Fdefault.js",[],[244],[248,249],"modal-register\u002Fassets\u002Fcss\u002Fdefault.css?ver=","modal-register\u002Fassets\u002Fjs\u002Fdefault.js?ver=",{"cssClasses":251,"htmlComments":253,"htmlAttributes":254,"restEndpoints":256,"jsGlobals":257,"shortcodeOutput":259},[252],"axcoto-register-modal",[],[255],"data-url=\"",[],[258],"blogUrl",[]]