[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdOyVgnnWi_fyaUeB6CYjD8PgZ4UuuHYzODIHTBu0iMs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":133,"fingerprints":201},"multisite-new-user-form","Multisite New User Form","1.0","Robert Kampas","https:\u002F\u002Fprofiles.wordpress.org\u002Fironleg\u002F","\u003Cp>By default WordPress does not allow you to create users with custom password on multisite website. This plugin will add password fields to new user form on individual multisite website so that you could type in new user’s password. However, please be warned that it is not advised by WordPress due to possibility of registering users to network they should not belong to and possibity of resetting existing user’s password.\u003C\u002Fp>\n","This plugin allows you to create users with custom password on multisite website.",0,1258,"2018-03-20T22:12:00.000Z","4.9.29","4.6","",[18,19,20,21,22],"multisite","network","new","password","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-new-user-form.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"ironleg",2,10,30,84,"2026-04-05T17:24:35.371Z",[36,56,76,96,115],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":31,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":44,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"create-user-with-password-multisite","Create User With Password Multisite","1.10.0","Moove Agency","https:\u002F\u002Fprofiles.wordpress.org\u002Fmooveagency\u002F","\u003Cp>\u003Cstrong>Allow website administrators to allocate passwords to users as they add them to invidivual sites in WordPress Multisite with this incredibly powerful, easy-to-use, well supported and 100% free WordPress cookie plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple to use, no setup required\u003C\u002Fli>\n\u003Cli>Site Admins can allocate user passwords\u003C\u002Fli>\n\u003Cli>In your CMS, go to \u003Ccode>Users -> Add New\u003C\u002Fcode> and you will see the new password fields\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Great and useful.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgreat-and-useful-and-not-just-for-wordpress-mu\u002F\" rel=\"ugc\">cristiscu\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Perfect. Works fine, thanks for your work!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fperfect-2679\u002F\" rel=\"ugc\">orbitaloop\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Very useful!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fvery-useful-657\u002F\" rel=\"ugc\">Maul\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Simple to use. A nice plugin that just simply works!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-to-use-50\u002F\" rel=\"ugc\">danmaby\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>About us\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002F\" rel=\"nofollow ugc\">Moove Agency\u003C\u002Fa> is a premium supplier of quality WordPress plugins, services and support. \u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fservices\u002Fwordpress-development\u002F\" rel=\"nofollow ugc\">Visit our site\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Allow website administrators to allocate passwords to users as they add them to invidivual sites in WordPress Multisite.",100,10658,86,"2026-01-22T09:10:00.000Z","6.9.4","3.0.1","5.6",[52,18,21,53,22],"admin","registration","http:\u002F\u002Fwww.mooveagency.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcreate-user-with-password-multisite.1.10.0.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":44,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":16,"tags":70,"homepage":74,"download_link":75,"security_score":44,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"network-subsite-user-registration","Network Subsite User Registration","4.1","Justin Fletcher","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustinticktock\u002F","\u003Cp>The ‘Network Subsite User Registration’ (NSUR) plugin removes the WordPress Multisite restriction that registration is on the Network main site, subsite Administrators can now allow user registration for their site only.\u003C\u002Fp>\n\u003Cp>WordPress Network (Multisite) installations by default only allow user registration for the whole Network, e.g. users can only register for the main site and not the other sites on the network.  The ‘Network Subsite User Registration’ plugin allows local admins of sub-sites within the Network\u002FMultisite the ability to enable user registration themselves for their site.\u003C\u002Fp>\n\u003Cp>The role by default that a new user receives is ‘subscriber’, however, there is a setting which allows you to define a different initial role (per sub-site) that a user receives after registration.\u003C\u002Fp>\n\u003Cp>@Developers – If you want to use your own template you can override the template used for the ..\u002Flocal-signup page by creating a template with the file ‘page-signup.php’ and add this to either the parent or child theme.\u003C\u002Fp>\n\u003Ch4>Plugin site\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fjustinandco.com\u002Fplugins\u002Fnetwork-subsite-user-registration\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fjustinandco.com\u002Fplugins\u002Fnetwork-subsite-user-registration\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>GitHub – Development\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjustinticktock\u002Fnetwork-subsite-user-registration\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fjustinticktock\u002Fnetwork-subsite-user-registration\u003C\u002Fa>\u003C\u002Fp>\n","Allow the public to register user accounts on Subsites within a Network (MultiSite) installation.",50,45539,52,"2025-04-17T15:48:00.000Z","6.8.5","4.7",[18,19,71,72,73],"register","signup","user-registration","http:\u002F\u002Fjustinandco.com\u002Fplugins\u002Fnetwork-subsite-user-registration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-subsite-user-registration.4.1.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":16,"tags":91,"homepage":16,"download_link":95,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"wp-notifications-manager","WP Notifications Manager","1.1","Chad","https:\u002F\u002Fprofiles.wordpress.org\u002Fcanderson3\u002F","\u003Cp>Allows you to manage new user registration & password change notifications. You can enable\u002Fdisable the notifications and also specify the email address to which you want the notifications sent.\u003C\u002Fp>\n","Manage new user registration & password change notifications.",20,2178,74,3,"2014-04-22T10:43:00.000Z","3.9.40","3.1",[92,93,94],"new-user-registration","notifications","password-change","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-notifications-manager.1.1.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":31,"downloaded":104,"rating":105,"num_ratings":30,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":16,"tags":109,"homepage":113,"download_link":114,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"multisite-new-user-no-confirmation","MultiSite New User, No Confirmation","1.0.1","Brian Santalone","https:\u002F\u002Fprofiles.wordpress.org\u002Fcaptainbri\u002F","\u003Cp>When working in a WordPress MultiSite Network, users with Admin\u002FEditor level access can create new users if enabled but they lack the “Skip Confirmation Email” toggle that Super Admins have which allows them to add the user without sending an email that requires their confirmation.\u003C\u002Fp>\n\u003Cp>PS: After adding a new user you’ll still see this message on screen: “Invitation email sent to new user. A confirmation link must be clicked before their account is created.”\u003C\u002Fp>\n","Mimic the super-admin \"Skip Confirmation Email\" checkbox for regular users.",1804,60,"2016-10-31T15:04:00.000Z","4.4.34","3.2",[110,18,111,112,22],"confirmation","new-user","skip-confirmation-email","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmultisite-new-user-no-confirmation\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-new-user-no-confirmation.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":31,"downloaded":123,"rating":11,"num_ratings":11,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":16,"tags":127,"homepage":131,"download_link":132,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"network-blog-manager","Network Blog Manager","0.354","artilibere","https:\u002F\u002Fprofiles.wordpress.org\u002Fartilibere\u002F","\u003Cp>Network Blog Manager aspire to be the perfect companion of every Super Administrator of a WP Blog’s Network.\u003C\u002Fp>\n\u003Cp>With Network Blog Manager you can find easily every blog in your network due an internal search engine.\u003Cbr \u002F>\nThen you can contact the administrator and have a quick overlook of the number of contents (posts, pages, comments) each blog has.\u003C\u002Fp>\n\u003Cp>Extensible with an internal plugin support: you can build your own functionality!\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>Briefly:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ideal companion for Super Admin \u003C\u002Fli>\n\u003Cli>Internal Search Engine for Blog’s Networks\u003C\u002Fli>\n\u003Cli>Quick Overlook of Multisite’s Instances\u003C\u002Fli>\n\u003Cli>Useful SEO Stats: Google and Alexa Ranks, Sites linking in, Average Load Time, Yahoo! Site Links\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple but powerful blog manager to be used in blog networks. Include an internal search engine, statistics, and some useful tool.",5478,"2011-05-11T10:45:00.000Z","3.0.5","3.0",[128,129,18,130,19],"dashboard","manager","multiuser","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fnetwork-blog-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-blog-manager.zip",{"attackSurface":134,"codeSignals":153,"taintFlows":166,"riskAssessment":194,"analyzedAt":200},{"hooks":135,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":11,"unprotectedCount":11},[136,142,145],{"type":137,"name":138,"callback":139,"priority":87,"file":140,"line":141},"action","admin_action_createuser","listenPost","class\\MultisiteNewUserForm.php",9,{"type":137,"name":143,"callback":144,"file":140,"line":31},"user_new_form","passwordFields",{"type":137,"name":146,"callback":147,"file":140,"line":148},"admin_notices","printMessages",11,[],[],[],[],{"dangerousFunctions":154,"sqlUsage":159,"outputEscaping":161,"fileOperations":11,"externalRequests":11,"nonceChecks":164,"capabilityChecks":164,"bundledLibraries":165},[155],{"fn":156,"file":140,"line":157,"context":158},"unserialize",22,"$transientMessage = unserialize($transientMessage);",{"prepared":11,"raw":11,"locations":160},[],{"escaped":162,"rawEcho":11,"locations":163},8,[],1,[],[167,186],{"entryPoint":168,"graph":169,"unsanitizedCount":11,"severity":185},"passwordFields (class\\MultisiteNewUserForm.php:30)",{"nodes":170,"edges":182},[171,176],{"id":172,"type":173,"label":174,"file":140,"line":175},"n0","source","$_POST (x2)",33,{"id":177,"type":178,"label":179,"file":140,"line":180,"wp_function":181},"n1","sink","echo() [XSS]",41,"echo",[183],{"from":172,"to":177,"sanitized":184},true,"low",{"entryPoint":187,"graph":188,"unsanitizedCount":11,"severity":185},"\u003CMultisiteNewUserForm> (class\\MultisiteNewUserForm.php:0)",{"nodes":189,"edges":192},[190,191],{"id":172,"type":173,"label":174,"file":140,"line":175},{"id":177,"type":178,"label":179,"file":140,"line":180,"wp_function":181},[193],{"from":172,"to":177,"sanitized":184},{"summary":195,"deductions":196},"The multisite-new-user-form v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. There are no identified vulnerabilities in its attack surface, such as AJAX handlers, REST API routes, shortcodes, or cron events, that lack proper authentication or permission checks.  Furthermore, the code demonstrates good practices by exclusively using prepared statements for SQL queries, properly escaping all output, and implementing nonce and capability checks. The absence of file operations and external HTTP requests also reduces potential attack vectors.\n\nHowever, a significant concern is the presence of the `unserialize` function. While not directly flagged as a vulnerability in the static analysis or taint analysis (which found no unsanitized flows), the use of `unserialize` with untrusted input is a well-known risk that can lead to remote code execution if the input is manipulated. The lack of vulnerability history for this plugin is positive, suggesting a history of secure development or limited exposure, but it does not negate the inherent risk associated with `unserialize`.\n\nIn conclusion, the plugin has many strengths, particularly in its handling of common web vulnerabilities. The primary weakness lies in the potential risk posed by the `unserialize` function, which, despite the absence of exploitable taint flows in this analysis, warrants caution and potential mitigation through careful input validation before deserialization.",[197],{"reason":198,"points":199},"Presence of unserialize function",15,"2026-03-17T06:36:14.929Z",{"wat":202,"direct":207},{"assetPaths":203,"generatorPatterns":204,"scriptPaths":205,"versionParams":206},[],[],[],[],{"cssClasses":208,"htmlComments":212,"htmlAttributes":214,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":219},[209,210,211],"custom-fields","wp-pwd","password-input-wrapper",[213],"\u003C!-- #24364 workaround -->",[215,216],"data-reveal","data-pw",[],[],[]]