[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpIYWHO6xvccybpvgvZn2vZlsFcZymDtcjIL7_1-pAiw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":119},"mywp-custom-login","MyWP Custom Login","0.4","Whodunit","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhodunitagency\u002F","\u003Cp>The easiest way to customize your WordPress Login Screen.\u003Cbr \u002F>\nWith MyWP Custom Login, create your own Custom WordPress Login Page with just a few clicks!\u003Cbr \u002F>\nAdd your Logo and Customize your Title tag\u003Cbr \u002F>\nChange Logo Width and Height\u003Cbr \u002F>\nDefine the Login Page Background Color\u003Cbr \u002F>\nPut a Background Image\u003Cbr \u002F>\nCustomize completely your Login Form\u003Cbr \u002F>\nRemove links from the WordPress Login Page\u003Cbr \u002F>\nDelete the WordPress Text by default\u003Cbr \u002F>\nFind all the settings to customize your WordPress Login Page in Settings > Custom Login & Dashboard.\u003C\u002Fp>\n\u003Ch4>Import your Erident Custom Login Plugin settings\u003C\u002Fh4>\n\u003Cp>If you are using the Erident Custom Login plugin on your website, when you activate our plugin, you keep automatically all your settings and files.\u003Cbr \u002F>\nIt’s a quick and easy migration process !\u003C\u002Fp>\n\u003Ch3>About us\u003C\u002Fh3>\n\u003Cp>MyWP Custom Login is one of the WordPress Plugins made by \u003Ca href=\"https:\u002F\u002Fwww.whodunit.fr\u002F\" rel=\"nofollow ugc\">Whodunit Agency\u003C\u002Fa>.\u003Cbr \u002F>\nWhodunit is a full-remote French WordPress agency. Founded in 2009, we are deeply involved in open-source development. Whodunit is the biggest agency in France in terms of contribution to WordPress ecosystem.\u003Cbr \u002F>\nWe are building tailor-made editorial experiences for our clients and also providing high-level maintenance services. This activity is strongly dependent on our involvement in WordPress core development.\u003C\u002Fp>\n\u003Ch3>Next features\u003C\u002Fh3>\n\u003Cp>If you have some ideas, or suggestions, send here in the support forum your wishes.\u003C\u002Fp>\n","The easiest way to customize your WordPress Login Screen.",60,1602,0,"2025-11-27T08:54:00.000Z","6.9.4","6.1","5.3",[],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmywp-custom-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmywp-custom-login.0.4.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"whodunitagency",3,390,95,30,91,"2026-04-04T09:15:24.455Z",[],{"attackSurface":35,"codeSignals":97,"taintFlows":112,"riskAssessment":113,"analyzedAt":118},{"hooks":36,"ajaxHandlers":93,"restRoutes":94,"shortcodes":95,"cronEvents":96,"entryPointCount":13,"unprotectedCount":13},[37,44,48,53,57,62,67,71,75,79,85,89],{"type":38,"name":39,"callback":40,"priority":41,"file":42,"line":43},"action","init","register_login_style_sheet",20,"class\\whodunit\\mywpCustomLogin\\behavior\\BehaviorLogin.php",16,{"type":38,"name":45,"callback":46,"priority":41,"file":42,"line":47},"login_enqueue_scripts","enqueue_login_style_sheet",17,{"type":49,"name":50,"callback":51,"priority":41,"file":42,"line":52},"filter","login_headerurl","login_logo_url",26,{"type":49,"name":54,"callback":55,"priority":41,"file":42,"line":56},"login_headertext","login_logo_title",27,{"type":38,"name":39,"callback":58,"priority":59,"file":60,"line":61},"migrate_erident_custom_login_dashboard_parameters",10,"class\\whodunit\\mywpCustomLogin\\behavior\\BehaviorMigrateECL.php",51,{"type":38,"name":39,"callback":63,"priority":64,"file":65,"line":66},"closure",1,"class\\whodunit\\mywpCustomLogin\\MyWPCustomLogin.php",70,{"type":38,"name":68,"callback":68,"file":69,"line":70},"admin_menu","class\\whodunit\\mywpCustomLogin\\page\\Page.php",45,{"type":49,"name":72,"callback":72,"priority":73,"file":69,"line":74},"admin_footer_text",15,46,{"type":49,"name":76,"callback":77,"priority":73,"file":69,"line":78},"update_footer","admin_footer_update",47,{"type":38,"name":80,"callback":81,"priority":82,"file":83,"line":84},"admin_enqueue_scripts","admin_enqueue",5,"class\\whodunit\\mywpCustomLogin\\page\\PageAdminSettings.php",32,{"type":38,"name":86,"callback":87,"priority":82,"file":83,"line":88},"in_admin_header","admin_header",34,{"type":38,"name":90,"callback":63,"file":91,"line":92},"rest_api_init","class\\whodunit\\mywpCustomLogin\\rest\\RestRoute.php",58,[],[],[],[],{"dangerousFunctions":98,"sqlUsage":99,"outputEscaping":101,"fileOperations":103,"externalRequests":13,"nonceChecks":13,"capabilityChecks":64,"bundledLibraries":111},[],{"prepared":13,"raw":13,"locations":100},[],{"escaped":102,"rawEcho":103,"locations":104},96,2,[105,109],{"file":106,"line":107,"context":108},"class\\whodunit\\mywpCustomLogin\\utility\\Helpers.php",184,"raw output",{"file":110,"line":84,"context":108},"views\\parts\\admin_settings_header.php",[],[],{"summary":114,"deductions":115},"The static analysis of mywp-custom-login v0.4 reveals a generally positive security posture. The plugin demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and properly escaping almost all output.  The absence of external HTTP requests and bundled libraries is also a favorable sign.  The code signals indicate a limited attack surface with no identified unprotected entry points, and a single capability check, which is better than none.  The vulnerability history is also remarkably clean, with no known CVEs, indicating a history of security diligence or a lack of prior significant issues.\n\nHowever, the complete absence of nonce checks across the entire plugin is a significant concern. While there are no identified AJAX handlers or REST API routes directly reported as unprotected, the lack of nonces on any potential entry points or functions that might be indirectly invoked leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks.  This is particularly worrying given the zero taint analysis results, which might suggest that complex attack chains were not uncovered, or that the analysis was not comprehensive enough to detect subtle vulnerabilities that could be exploited in conjunction with a CSRF vulnerability.  The limited number of file operations and lack of dangerous functions are strengths, but the CSRF risk is a notable weakness that requires attention.\n\nIn conclusion, mywp-custom-login v0.4 exhibits commendable secure coding practices regarding data handling and output sanitization. Its clean vulnerability history is also a positive indicator. However, the critical omission of nonce checks represents a significant security gap that exposes the plugin to CSRF attacks.  This weakness, coupled with the zero taint analysis which may not capture all risks, necessitates a cautious approach. The plugin has the potential to be very secure with the implementation of nonce checks.",[116],{"reason":117,"points":73},"Missing nonce checks on all entry points","2026-03-16T21:43:10.751Z",{"wat":120,"direct":126},{"assetPaths":121,"generatorPatterns":123,"scriptPaths":124,"versionParams":125},[122],"\u002Fwp-content\u002Fplugins\u002Fmywp-custom-login\u002Fassets\u002Fcss\u002Flogin_style.min.css",[],[],[],{"cssClasses":127,"htmlComments":128,"htmlAttributes":129,"restEndpoints":130,"jsGlobals":131,"shortcodeOutput":133},[],[],[],[],[132],"whodunit",[]]