[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzyynSaR18Ys8NtCxPturfaF78FwWqJwJHHH0THNJ628":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":135,"fingerprints":177},"ozh-no-duplicate-comments","Ozh' No Duplicate Comments","1.0","Ozh","https:\u002F\u002Fprofiles.wordpress.org\u002Fozh\u002F","\u003Cp>A new trend in spam is to duplicate legit comments from your readers to hopefully pass spam filters. Spammers post content that was previously approved on your site, but with their own name and URL. This plugin prevents this.\u003C\u002Fp>\n","Prevents spammers from duplicating legit comments but with their commenter name and URL",10,2414,0,"2010-09-18T12:33:00.000Z","9.9","1.5","",[19,20,21,22,23],"admin","auth","login","nologin","ozh","http:\u002F\u002Fplanetozh.com\u002Fblog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fozh-no-duplicate-comments.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":23,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":26,"computed_at":35},27,5470,87,30,"2026-04-04T16:17:07.092Z",[37,53,73,96,114],{"slug":38,"name":39,"version":40,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":11,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":51,"download_link":52,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"no-login","No Login","1.1.3","\u003Cp>Skip the login form: every visitor automatically auths as an admin. FOR ‘LOCALHOST’ TEST SITES only, obviously, like when designing a plugin or a theme and testing it across various browsers.\u003C\u002Fp>\n\u003Cp>For a hassle free integration, drop the plugin file into \u003Ccode>wp-content\u002Fmu-plugins\u003C\u002Fcode> (create the directory if needed) and it will be automatically activated.\u003C\u002Fp>\n\u003Cp>For live blogs, see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Falways-remember-me\u002F\" rel=\"ugc\">Always Remember Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>On \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fozh\u002Fno-login\" rel=\"nofollow ugc\">Github\u003C\u002Fa>. I don’t read WordPress support forums.\u003C\u002Fp>\n","Skip the login form and always auth as admin. FOR TEST SITES.",5716,94,3,"2020-06-07T13:57:00.000Z","5.4.19","3.3","5.6",[19,20,21,22,23],"http:\u002F\u002Fplanetozh.com\u002Fblog\u002Fmy-projects\u002Fwordpress-plugin-no-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-login.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":61,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":17,"tags":67,"homepage":71,"download_link":72,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-require-login","Simple Require Login","0.2","timmcdaniels","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimmcdaniels\u002F","\u003Cp>WordPress plugin that adds a metabox to posts, pages, and custom post types where you can select if the content requires a login and what role is allowed to view the content. The native auth_redirect function is used to redirect users to the login page.\u003C\u002Fp>\n","Require login for content on a per page\u002Fpost\u002Fcustom post type basis. You can also select a specific role required to view the content.",100,3709,1,"2016-07-06T18:28:00.000Z","4.3.34","3.5",[19,68,21,69,70],"authentication","password","roles","http:\u002F\u002Fwww.weareconvoy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-require-login.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":61,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":94,"download_link":95,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"kolorweb-access-admin-notification","KolorWeb Access Admin Notification: extreme rescue for unauthorized admin logins","1.0.1","Vincenzo Casu","https:\u002F\u002Fprofiles.wordpress.org\u002Fvincent06\u002F","\u003Cp>\u003Cstrong>What sets this plugin apart?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In a sea of admin login notification plugins, KolorWeb Access Admin Notification stands out for a few key reasons:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Simplicity\u003C\u002Fstrong>: This plugin is designed to be lightweight, clean, and simple to use in just 20kb (I challenge you to find something better).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: It is regularly updated to ensure compatibility with the latest WordPress versions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Right checking\u003C\u002Fstrong>: Unlike many others, this plugin checks capabilities instead of roles, and this makes a really big big difference when an attacker modifies them by granting administrator privileges to roles that shouldn’t have them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong>: There are no options to manage and no information overload to store in the database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pratical & Quick\u003C\u002Fstrong>: One-click logout and password reset capability for unauthorized access directly from mail notification.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>I created this plugin because I couldn’t find any existing options that met my specific criteria. If you’re looking for a no-nonsense solution that gets the job done without any extra frills, this is the plugin for you.\u003C\u002Fp>\n\u003Cp>Specifically, if you have tried any of these plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-login-notification\u002F\" rel=\"ugc\">Simple Login Notification\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-notification-on-login\u002F\" rel=\"ugc\">Email Notification on Login\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-notification-on-admin-login\" rel=\"ugc\">Email notification on admin login\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkaya-login-notification\u002F\" rel=\"ugc\">Kaya Login Notification\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>I think it is time to abandon them and move on to a better solution like this one.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protecting Your Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Your privacy is really really important, which is why KolorWeb Access Admin Notification is committed to safeguarding your data. This plugin does not collect or store any user information, set cookies, or connect to third-party sites. The only data it captures is related to admin-level logins, such as usernames, IP addresses, and user agents.\u003Cbr \u002F>\nKolorWeb Access Admin Notification: extreme rescue for unauthorized admin logins is created and maintained by Vincenzo Casu, a seasoned WordPress developer with 20 years of experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Updates\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you don’t find any updates, it means that everything is working correctly with the latest WordPress release. But if you have an idea to improve this plugin, write to me.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Intro to the problem and my simple solution\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Every day I receive many emails of attempted access to the sites I manage. So I asked myself: “And if suddenly one attempt among the millions of those executed were to be successful, how could I know if not when it is already too late?”\u003C\u002Fp>\n\u003Cp>I thought the only way to know is to track admin account logins.\u003C\u002Fp>\n\u003Cp>If the login is successful, an email is sent containing the account data and the IP of origin. So as soon as you log in through the email and two links inside it, I can immediately disconnect the sessions of the compromised account, and also reset the password for that account, which will be notified by email with a second sending.\u003C\u002Fp>\n\u003Cp>In short, a solution that could save the life of your site because it allows you to become aware that there is some backdoor on the site that allows unauthorized access.\u003C\u002Fp>\n\u003Cp>This plugin sends an email notification for every access that is made by the website administrators. When a login is detected by a site administrator, the login time is stored and a notification is sent containing the details of the account that is logged in. If access is not authorized, through a link it is possible to disconnect the account from all devices, or disconnect the account from all devices that have logged in and at the same time reset the access password for that account. In this second case, a new notification is sent containing the new password.\u003C\u002Fp>\n","Extreme rescue for unauthorized admin logins.",70,2019,2,"2025-04-08T11:11:00.000Z","6.8.5","5.2","7.2",[89,90,91,92,93],"admin-login-notification","email-notify-on-admin-login","login-notification","track-admin-login","unauthorized-admin-logins","https:\u002F\u002Fgithub.com\u002Fvincenzocasu\u002Fkolorweb-access-admin-notification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkolorweb-access-admin-notification.1.0.1.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":81,"downloaded":104,"rating":13,"num_ratings":13,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":17,"tags":108,"homepage":112,"download_link":113,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-auth","Wp Auth","1","ivansf","https:\u002F\u002Fprofiles.wordpress.org\u002Fivansf\u002F","\u003Cp>WP Auth is a set of tools to make your site new users friendly. It contains shortcodes and options that allows site owners to create registration and login pages that follow their design guidelines instead of having to skin the default WP login page.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n– Login shortcode that renders a login form.\u003Cbr \u002F>\n– Registration shortcode that renders a registration page.\u003Cbr \u002F>\n– Recover form shortcode.\u003Cbr \u002F>\n– Login\u002FLogout Widget for quick user access.\u003Cbr \u002F>\n– Admin bar hiding options\u003Cbr \u002F>\n– Different button styles\u003Cbr \u002F>\n– Ability to hide \u002Fwp-admin and wp-login.php pages.\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","WP Auth is a set of tools to make your site new users friendly. It contains shortcodes and options that allows site owners to create registration and  &hellip;",11858,"2012-10-14T23:39:00.000Z","3.4.2","3.0",[20,109,21,110,111],"lockdown","shortcode","wpadmin","http:\u002F\u002Fwww.ivansotof.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-auth.1.0.zip",{"slug":115,"name":116,"version":6,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":13,"num_ratings":13,"last_updated":123,"tested_up_to":124,"requires_at_least":107,"requires_php":17,"tags":125,"homepage":17,"download_link":134,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"gp","GP – GeePress","Louy Alakkad","https:\u002F\u002Fprofiles.wordpress.org\u002Flouyx\u002F","\u003Cp>GeePress, gives you all the tools you need to integrate your WordPress and Google+, including “Login with Google+” and “Comment via Google+”… Highly customizable and easy to use.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow your visitors to comment using their Google+ accounts\u003C\u002Fli>\n\u003Cli>Allow your blog users to sign in with their Google+ accounts. one click signin!\u003C\u002Fli>\n\u003Cli>Easily customizable by theme authors.\u003C\u002Fli>\n\u003C\u002Ful>\n","All the tools you need to integrate your WordPress and Google+.",40,1904,"2013-10-12T20:22:00.000Z","3.5.2",[19,126,127,128,129,130,131,21,132,133],"button","comment","comments","connect","google","google-plus","oauth","wpmu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp.1.0.zip",{"attackSurface":136,"codeSignals":155,"taintFlows":165,"riskAssessment":166,"analyzedAt":176},{"hooks":137,"ajaxHandlers":151,"restRoutes":152,"shortcodes":153,"cronEvents":154,"entryPointCount":13,"unprotectedCount":13},[138,143,147],{"type":139,"name":140,"callback":141,"file":142,"line":34},"filter","pre_comment_approved","anonymous","plugin.php",{"type":139,"name":144,"callback":145,"file":142,"line":146},"comment_post_redirect","ozh_no_duplicate_reject_screen",32,{"type":139,"name":148,"callback":149,"file":142,"line":150},"pre_comment_content","ozh_no_duplicate_comments",44,[],[],[],[],{"dangerousFunctions":156,"sqlUsage":160,"outputEscaping":162,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":164},[157],{"fn":158,"file":142,"line":34,"context":159},"create_function","add_filter('pre_comment_approved', create_function('$a', 'return \\'spam\\';'));",{"prepared":63,"raw":13,"locations":161},[],{"escaped":13,"rawEcho":13,"locations":163},[],[],[],{"summary":167,"deductions":168},"The \"ozh-no-duplicate-comments\" plugin version 1.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface, and the fact that all identified entry points are protected is a positive sign. Furthermore, the code demonstrates good practices with 100% of SQL queries using prepared statements and 100% of outputs being properly escaped, along with no file operations or external HTTP requests. The lack of any known vulnerabilities in its history reinforces this impression of a secure plugin.\n\nHowever, a notable concern is the presence of the `create_function` dangerous function. While there are no evident taint flows in the current analysis, the use of `create_function` is generally discouraged due to potential security risks if not handled with extreme care, as it can lead to arbitrary code execution in certain contexts. The absence of nonce checks and capability checks, while not directly exploitable due to the limited attack surface, represents a missed opportunity for robust security implementation. Overall, the plugin is secure in its current state due to its minimal attack surface and good code practices, but the presence of `create_function` warrants attention for future development.",[169,172,174],{"reason":170,"points":171},"Use of dangerous function `create_function`",7,{"reason":173,"points":45},"Missing nonce checks",{"reason":175,"points":45},"Missing capability checks","2026-03-17T00:51:29.977Z",{"wat":178,"direct":183},{"assetPaths":179,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[],[],[],[],{"cssClasses":184,"htmlComments":185,"htmlAttributes":186,"restEndpoints":187,"jsGlobals":188,"shortcodeOutput":189},[],[],[],[],[],[]]