[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyr44flCSfA6TIReIh9_h488BoHJUpHu_JTZfrGZzLRI":3,"$fJzOzw4uZbo093LJrgYL5WNEU7PSzhCiQeVpkHPDMYJA":181,"$fcxtcSClqOE1HgxQcegZIkTQ7nEN6UrKOKFz2DqlFVTs":186},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":21,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":33,"analysis":132,"fingerprints":168},"multisite-logout-all-users","Multisite Logout Users","1.0.0","m1tk00","https:\u002F\u002Fprofiles.wordpress.org\u002Fm1tk00\u002F","\u003Cp>This plugin allows your site to logout users from all blogs in the same time.\u003C\u002Fp>\n","Requires Wordpress Multisite Installation Stable Tag: 1.0 License: GPLv3 License URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html",0,1548,"2017-06-09T22:51:00.000Z","4.7.33","3.8","",[18,19,20],"logout","users","wordpress-multisite","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-logout-all-users.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":22,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},3,150,30,84,"2026-05-20T08:03:27.397Z",[34,55,76,95,111],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":30,"downloaded":42,"rating":11,"num_ratings":11,"last_updated":43,"tested_up_to":44,"requires_at_least":45,"requires_php":46,"tags":47,"homepage":51,"download_link":52,"security_score":53,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":54},"users-login-monitor","Users Login Monitor","5.22","wpgear","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpgear\u002F","\u003Cp>Ext Security.\u003Cbr \u002F>\nDashboard & Daily-Digest about users activity.\u003Cbr \u002F>\nNow the console has a widget that displays last login users, whith: Date-Time, IP address (whith Whois info) and Device type\u002FBrowser.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Even without going to the site admin area, you will be informed about the activity of the current day.\u003C\u002Fli>\n\u003Cli>Any person can be a recipient of notifications. Not necessarily the Administrator.\u003C\u002Fli>\n\u003Cli>Now in the Admin console you have a new widget with a list of users in order of decreasing Login time.\u003C\u002Fli>\n\u003Cli>Determine and save the IP address, device and browser details, from which the was made Login. (if your server is configured correctly). For better informational content, in order to be able to determine the parameters of the User’s devices (OS, Browser, Type Device), you should have a PHP extension on the server: “Browscap”. Alternatively, you can use the Lite-Version – Plugin: “quick-browscap” from the official WP repository.\u003C\u002Fli>\n\u003Cli>It is important to understand that the time to enter the site and the time of the last activity of the user are different events.\u003C\u002Fli>\n\u003Cli>Displays “Login Success” Statistics for each User.\u003C\u002Fli>\n\u003Cli>Displays Count “Users Activity” in Admin Bar.\u003C\u002Fli>\n\u003C\u002Ful>\n","A freeware plugin, for daily-notify site administrator, about users who logged in during the day.",2575,"2026-02-26T09:01:00.000Z","6.9.4","4.1","5.4",[48,18,49,50,19],"login","members","security","https:\u002F\u002Fwpgear.xyz\u002Fusers-login-monitor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusers-login-monitor.zip",100,"2026-04-06T09:54:40.288Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":11,"num_ratings":11,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":16,"tags":68,"homepage":73,"download_link":74,"security_score":75,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"login-logout-redirect","Login Logout Redirect – Redirects users after login\u002Flogout to a specific URL or page","1.4","Roxnor","https:\u002F\u002Fprofiles.wordpress.org\u002Froxnor\u002F","\u003Cp>The Login Logout Redirect plugin helps you manage user redirection after login or logout. You can set a custom URL or select a specific page on your website. Additionally, this plugin tracks user login time and displays it in the admin user table. The login tracking feature is enabled by default but can be disabled via the settings.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>Redirect users to a specific URL or page after login.\u003C\u002Fp>\n\u003Cp>Redirect users to a specific URL or page after logout.\u003C\u002Fp>\n\u003Cp>Option to use a custom URL or choose from existing pages.\u003C\u002Fp>\n\u003Ch3>Settings Options\u003C\u002Fh3>\n\u003Cp>The plugin adds a settings page under Settings > Redirect Options where you can configure:\u003C\u002Fp>\n\u003Cp>Login Redirect: Set a custom URL or select a page to redirect users after login.\u003C\u002Fp>\n\u003Cp>Logout Redirect: Set a custom URL or select a page to redirect users after logout.\u003C\u002Fp>\n","A simple WordPress plugin that redirects users after login\u002Flogout.",10,739,"2024-11-17T06:35:00.000Z","6.7.5","5.0",[69,70,71,72],"login-logout-redirect-into-page","login-redirects-to-specific-page","logout-redirect-to-specific-url","redirects-users-after-login-logout","https:\u002F\u002Fwpmet.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-logout-redirect.1.4.zip",92,{"slug":77,"name":78,"version":6,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":63,"downloaded":83,"rating":53,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":16,"download_link":94,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"tavakal-destroy-user-sessions","Tavakal – Destroy user sessions","tavakal4devs","https:\u002F\u002Fprofiles.wordpress.org\u002Ftavakal4devs\u002F","\u003Cp>By default in wordpress sessions have expiration date, it might be too long for some kind of websites. With this plugin, you can set N time for afk (away from keyboard) users, before ending their session. For example if N time is 1 hour, users will be logged out after 1 hour from the last activity time.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Ch4>Tavakal – Destroy user sessions Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Set maximum inactive time before ending user session\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set roles that should apply this logic.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>🔐 Important Notice\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin requires cron jobs enabled to work\u003C\u002Fp>\n","Free light plugin to kick out user after being afk, or inactive for long time even if the browser is closed. You can change the time and users roles a …",850,1,"2022-02-10T14:54:00.000Z","5.9.13","4.0","5.6",[90,91,92,93],"inactive-users","kick-inactive-users","kick-user","logout-afk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftavakal-destroy-user-sessions.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":11,"downloaded":103,"rating":11,"num_ratings":11,"last_updated":104,"tested_up_to":105,"requires_at_least":46,"requires_php":106,"tags":107,"homepage":16,"download_link":110,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"admin-user-control","Admin User Control","2.0.0","PRESSMAN","https:\u002F\u002Fprofiles.wordpress.org\u002Fpressmaninc\u002F","\u003Cp>This plugin adds a useful feature to the administration screen that allows administrators to control the users involved in their operations.\u003C\u002Fp>\n\u003Ch4>Notification function\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Administrators can post notifications for users.\u003C\u002Fli>\n\u003Cli>Notifications are listed on the dashboard.\u003C\u002Fli>\n\u003Cli>Users can mark each notification as read.\u003C\u002Fli>\n\u003Cli>A warning will appear in the toolbar for users with unread notifications.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Maintenance Notification Function\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Administrators can post maintenance announcements for users. At this time, you can register the start time and end time of the maintenance and the message to be displayed on the login screen during the maintenance.\u003C\u002Fli>\n\u003Cli>During a maintenance period, non-administrative users are forced to logout of the administration screen. Also they will not be able to login to the administration screen until the end of the maintenance period.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login user monitoring function\u003C\u002Fh4>\n\u003Cp>This feature is the successor to \u003Ca href=\"https:\u002F\u002Fwww.wordpress.org\u002Fplugins\u002Flogin-monitor\u002F\" rel=\"nofollow ugc\">Login Monitor\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The user who is currently logged in to the administration screen is displayed in real time in the toolbar.\u003C\u002Fli>\n\u003Cli>Clicking on a user in the list of users will take you to that user’s profile screen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Precautions\u003C\u002Fh3>\n\u003Cp>Internet Explorer is not supported.\u003C\u002Fp>\n","This plugin adds a useful feature to the administration screen that allows administrators to control the users involved in their operations.",1323,"2020-12-18T11:35:00.000Z","5.6.17","7.1.24",[48,18,108,109,19],"pressman","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-user-control.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":44,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":130,"download_link":131,"security_score":53,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"user-switching","User Switching","1.11.2","John Blackbourn","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnbillion\u002F","\u003Cp>This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You’ll be instantly logged out and logged in as your desired user. This is handy for helping customers on WooCommerce sites, membership sites, testing environments, or for any site where administrators need to switch between multiple accounts.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Switch user: Instantly switch to any user account from the \u003Cem>Users\u003C\u002Fem> screen.\u003C\u002Fli>\n\u003Cli>Switch back: Instantly switch back to your originating account.\u003C\u002Fli>\n\u003Cli>Switch off: Log out of your account but retain the ability to instantly switch back in again.\u003C\u002Fli>\n\u003Cli>Compatible with Multisite, WooCommerce, BuddyPress, and bbPress.\u003C\u002Fli>\n\u003Cli>Compatible with most membership and user management plugins.\u003C\u002Fli>\n\u003Cli>Compatible with most two-factor authentication solutions (see the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for more info).\u003C\u002Fli>\n\u003Cli>Approved for use on enterprise-grade WordPress platforms such as \u003Ca href=\"https:\u002F\u002Fwww.altis-dxp.com\u002F\" rel=\"nofollow ugc\">Altis\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwpvip.com\u002F\" rel=\"nofollow ugc\">WordPress VIP\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: User Switching supports versions of WordPress up to three years old, and PHP version 7.4 or higher.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.\u003C\u002Fli>\n\u003Cli>Passwords are not (and cannot be) revealed.\u003C\u002Fli>\n\u003Cli>Uses the cookie authentication system in WordPress when remembering the account(s) you’ve switched from and when switching back.\u003C\u002Fli>\n\u003Cli>Implements the nonce security system in WordPress, meaning only those who intend to switch users can switch.\u003C\u002Fli>\n\u003Cli>Full support for user session validation where appropriate.\u003C\u002Fli>\n\u003Cli>Full support for HTTPS.\u003C\u002Fli>\n\u003Cli>Backed by \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fuser-switching\" rel=\"nofollow ugc\">the Patchstack Vulnerability Disclosure Program\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit the \u003Cem>Users\u003C\u002Fem> menu in WordPress and you’ll see a \u003Cem>Switch To\u003C\u002Fem> link in the list of action links for each user.\u003C\u002Fli>\n\u003Cli>Click this and you will immediately switch into that user account.\u003C\u002Fli>\n\u003Cli>You can switch back to your originating account via the \u003Cem>Switch back\u003C\u002Fem> link on each dashboard screen or in your profile menu in the WordPress toolbar.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for information about the \u003Cem>Switch Off\u003C\u002Fem> feature.\u003C\u002Fp>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquery-monitor\u002F\" rel=\"ugc\">Query Monitor\u003C\u002Fa> is the developer tools panel for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-crontrol\u002F\" rel=\"ugc\">WP Crontrol\u003C\u002Fa> lets you view and control what’s happening in the WP-Cron system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.\u003C\u002Fp>\n\u003Cp>User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, which means their values contain the user’s \u003Ccode>user_login\u003C\u002Fcode> field in plain text which should be treated as potentially personally identifiable information (PII) for privacy and regulatory reasons (GDPR, CCPA, etc). The names of the cookies are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wordpress_user_sw_{COOKIEHASH}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wordpress_user_sw_secure_{COOKIEHASH}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wordpress_user_sw_olduser_{COOKIEHASH}\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See also the FAQ for some questions relating to privacy and safety when switching between users.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>User Switching aims to be fully accessible to all of its users. It implements best practices for web accessibility, outputs semantic and structured markup, adheres to the default styles and accessibility guidelines of WordPress, uses the accessibility APIs provided by WordPress and web browsers where appropriate, and is fully accessible via keyboard.\u003C\u002Fp>\n\u003Cp>User Switching should adhere to Web Content Accessibility Guidelines (WCAG) 2.0 at level AA when used with a recent version of WordPress where its admin area itself adheres to these guidelines. If you’ve experienced or identified an accessibility issue in User Switching, please open a thread in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fuser-switching\u002F\" rel=\"ugc\">the User Switching plugin support forum\u003C\u002Fa> and I’ll address it swiftly.\u003C\u002Fp>\n","Instant switching between user accounts in WordPress and WooCommerce.",200000,5569897,98,238,"2026-02-27T00:17:00.000Z","6.1","7.4",[127,128,112,19,129],"fast-user-switching","multisite","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-switching.1.11.2.zip",{"attackSurface":133,"codeSignals":150,"taintFlows":158,"riskAssessment":159,"analyzedAt":167},{"hooks":134,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":11,"unprotectedCount":11},[135,141],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","plugins_loaded","mlu_plugins_loaded","multisite-logout-users.php",16,{"type":136,"name":142,"callback":143,"priority":144,"file":139,"line":145},"clear_auth_cookie","mlu_forse_logout_on_sites",99,23,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":155,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":157},[],{"prepared":153,"raw":11,"locations":154},2,[],{"escaped":11,"rawEcho":11,"locations":156},[],[],[],{"summary":160,"deductions":161},"The \"multisite-logout-all-users\" v1.0.0 plugin demonstrates a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, SQL injection vulnerabilities through prepared statements, and improperly escaped output are significant positive indicators. Furthermore, the lack of file operations and external HTTP requests reduces the potential for common attack vectors. The plugin also exhibits no known CVEs, indicating a clean vulnerability history.  However, the complete absence of nonce checks and capability checks is a notable concern. While the static analysis shows no direct entry points that are unprotected, this omission leaves room for potential CSRF attacks or unauthorized access if an administrative function were to be introduced or if the plugin's functionality were to be extended in the future without proper authorization checks. The plugin's current minimal attack surface and clean history are strengths, but the lack of explicit authorization and CSRF protection mechanisms represent a potential weakness that could become exploitable with future modifications or in conjunction with other vulnerabilities.",[162,165],{"reason":163,"points":164},"Missing nonce checks",5,{"reason":166,"points":164},"Missing capability checks","2026-04-16T15:02:41.259Z",{"wat":169,"direct":174},{"assetPaths":170,"generatorPatterns":171,"scriptPaths":172,"versionParams":173},[],[],[],[],{"cssClasses":175,"htmlComments":176,"htmlAttributes":177,"restEndpoints":178,"jsGlobals":179,"shortcodeOutput":180},[],[],[],[],[],[],{"error":182,"url":183,"statusCode":184,"statusMessage":185,"message":185},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmultisite-logout-all-users\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":11,"versions":187},[]]