[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMRDQAK0NlfvLF5sCdQVYJVhwxEOQr8iaPqovW1SQlUI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":134,"fingerprints":183},"password-change-notification","Password Change Notification","1.0b2","Simon Fransson","https:\u002F\u002Fprofiles.wordpress.org\u002Fchokladzingo\u002F","\u003Cp>This plugin lets you send users an email with the new password whenever their password changes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disclainmer\u003C\u002Fstrong>: It should be noted that sending passwords in cleartext is \u003Ca href=\"http:\u002F\u002Fsecurity.stackexchange.com\u002Fquestions\u002F17979\u002Fis-sending-password-to-user-email-secure\" rel=\"nofollow ugc\">VERY MUCH ADVISED AGAINST\u003C\u002Fa>, and you should probably not \u003Cstrong>never ever\u003C\u002Fstrong> be using this plugin in production envorinment.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>All filters include a default value and the user id.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>pwcn_to_name\u003C\u002Fcode> – Email To: header name\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_to_email\u003C\u002Fcode> – Email To: header email address\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_to_header\u003C\u002Fcode> – Email To: header\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_site_url\u003C\u002Fcode> – Site URL used in notification email\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_login_url\u003C\u002Fcode> – Site login URL used in notification email\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_login_url_redirect\u003C\u002Fcode> – Login redirect\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_site_name\u003C\u002Fcode> – Site name used in notification email\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_site_hostname\u003C\u002Fcode> – Site hostname used in notification email\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_subject\u003C\u002Fcode> – Subject line of notification email\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_message\u003C\u002Fcode> – Message sent in notification email\u003C\u002Fli>\n\u003Cli>\u003Ccode>pwcn_notification_default_value\u003C\u002Fcode> – Wether or not to send notification emails for a given user\u003C\u002Fli>\n\u003C\u002Ful>\n","A WordPress plugin for sending users an email notification when their password changes",10,1589,0,"2013-12-21T08:12:00.000Z","3.7.41","2.7","",[19,20,21,22],"change","email","notification","password","http:\u002F\u002Fdessibelle.se","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-change-notification.1.0b2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"chokladzingo",2,20,30,84,"2026-04-05T15:11:39.640Z",[37,61,80,99,119],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":11,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"mass-users-password-reset","MASS Users Password Reset","2.1.1","KrishaWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fkrishaweb\u002F","\u003Cp>Managing passwords for hundreds or thousands of WordPress users can quickly become a time-consuming and frustrating task. Resetting passwords manually for each user is inefficient and increases administrative overhead.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Mass Users Password Reset\u003C\u002Fstrong> solves this problem by allowing administrators to reset passwords for multiple users at once directly from the WordPress dashboard.\u003C\u002Fp>\n\u003Cp>With a simple interface, administrators can filter users by role, review user details, and generate new secure passwords for multiple accounts in just a few clicks.\u003C\u002Fp>\n\u003Cp>Once the reset process is complete, affected users automatically receive an email containing their new password so they can log in immediately.\u003C\u002Fp>\n\u003Cp>This plugin is especially useful for Learning Management Systems (LMS), Membership websites, Corporate employee portals, Educational institutions, Community platforms, Multi-author blogs, Websites with large numbers of registered users. Whenever you need to enforce password changes across many users, this plugin helps you do it quickly and securely.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bulk Password Reset: Reset passwords for multiple users at once instead of manually updating each account.\u003C\u002Fli>\n\u003Cli>Role-Based User Filtering: Filter users by role to target specific groups for password resets.\u003C\u002Fli>\n\u003Cli>Support for Custom User Roles: Works with custom roles created by membership plugins, LMS systems, or other user management tools.\u003C\u002Fli>\n\u003Cli>Secure Auto-Generated Passwords: Automatically generates secure random passwords for selected users.\u003C\u002Fli>\n\u003Cli>Email Notification to Users: Users receive an email notification containing their newly generated password after the reset process is completed.\u003C\u002Fli>\n\u003Cli>User List Overview: View user details such as username, name, and email address before performing password reset operations.\u003C\u002Fli>\n\u003Cli>Simple Admin Interface: Easy-to-use interface integrated directly within the WordPress admin dashboard.\u003C\u002Fli>\n\u003Cli>Multilingual Support: Fully translatable with support for multiple languages.\u003C\u002Fli>\n\u003Cli>WooCommerce Compatible: Works with WooCommerce user roles.\u003C\u002Fli>\n\u003Cli>Free Support: Get help with any issues or questions you may have.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Free Version Limitations\u003C\u002Fh3>\n\u003Cp>The free version includes core functionality but has some limitations designed for smaller websites.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Maximum 100 users per reset operation\u003C\u002Fli>\n\u003Cli>New secure passwords are sent via email\u003C\u002Fli>\n\u003Cli>Secure reset link \u002F OTP reset not available\u003C\u002Fli>\n\u003Cli>WP-CLI support not available\u003C\u002Fli>\n\u003Cli>Sandbox \u002F test mode not available\u003C\u002Fli>\n\u003Cli>Email template customization not available\u003C\u002Fli>\n\u003Cli>Multisite support not available\u003C\u002Fli>\n\u003Cli>Limited advanced filtering options\u003C\u002Fli>\n\u003Cli>WooCommerce compatible custom roles not supported\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Unlimited Password Resets: Reset passwords for unlimited users in a single operation.\u003C\u002Fli>\n\u003Cli>Secure Password Reset Links: Send secure password reset links instead of plain passwords in emails.\u003C\u002Fli>\n\u003Cli>Reset Password from Users Page: Reset passwords for individual users directly from the WordPress Users page.\u003C\u002Fli>\n\u003Cli>Bulk Reset from Users Table: Perform bulk password resets directly from the users table.\u003C\u002Fli>\n\u003Cli>Custom Email Templates: Customize the email notifications sent to users after password resets.\u003C\u002Fli>\n\u003Cli>Advanced User Filtering: Filter users using additional parameters such as metadata or custom fields.\u003C\u002Fli>\n\u003Cli>WP-CLI Support: Run password reset operations using WP-CLI, ideal for automation and server-level operations.\u003C\u002Fli>\n\u003Cli>Test \u002F Sandbox Mode: Test the reset process before executing it on live users.\u003C\u002Fli>\n\u003Cli>Optimized for Large Websites: Improved performance when handling thousands of users.\u003C\u002Fli>\n\u003Cli>WooCommerce Compatible Custom Roles: Works with WooCommerce custom roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fstore.krishaweb.com\u002Fdocs\u002Fmass-users-password-reset\u002F?utm_source=readme&utm_medium=wporg&utm_campaign=MUPR\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Fmass-users-password-reset-pro\u002F20809350\" rel=\"nofollow ugc\">Download the Mass Users Password Reset Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Free vs Pro: What You Gain with the Upgrade\u003C\u002Fh3>\n\u003Cp>While the Free version gives you the basics auto-password generation Pro unlocks essential tools if you run heavy sites or care about customized workflows. Pro adds email template editing, advanced user filters, reset-link expiration, test\u002Fsandbox modes, and the ability to exclude users already having valid reset links. If you manage a WooCommerce store, BuddyPress community, Dokan marketplace, or large multisite network, Pro pays for itself in time savings, peace of mind, and fewer support headaches.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fstore.krishaweb.com\u002Fschedule-password-reset-mupr-add-on\u002F?utm_source=readme&utm_medium=wporg&utm_campaign=MUPR\" rel=\"nofollow ugc\">Get Schedule Password Reset Add On\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pre-defined password reset schedule\u003C\u002Fli>\n\u003Cli>Unlimited password reset\u003C\u002Fli>\n\u003Cli>Role based schedule option\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fstore.krishaweb.com\u002Fproduct\u002Fpassword-reset-log\u002F?utm_source=readme&utm_medium=wporg&utm_campaign=MUPR\" rel=\"nofollow ugc\">Get Password Reset Log Add On\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Maintain the password reset log reset by MUPR plugin\u003C\u002Fli>\n\u003Cli>Accurate user password reset log\u003C\u002Fli>\n\u003Cli>Available for MUPR and MUPR Pro\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Our Customer Says:\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Awesome plugin\u003C\u002Fstrong>\u003Cbr \u002F>\n  “it’s very useful and great plugin to reset all the users password.” ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fawesome-plugin-3939\u002F\" rel=\"ugc\">@ashkanram\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Does a really good job\u003C\u002Fstrong>\u003Cbr \u002F>\n  “Seems to do a really good job of sending out password resets for multiple users. The pro version is definitely worth paying for the extra features.” ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fdoes-a-really-good-job-2\u002F\" rel=\"ugc\">@lightwavin\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Very nice\u003C\u002Fstrong>\u003Cbr \u002F>\n  “This is for the Pro version, which is a very nice plugin!” ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fvery-nice-1679\u002F\" rel=\"ugc\">@kostas45\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Reset passwords for multiple WordPress users at once. Filter users by role and send new passwords via email.",600,27269,72,"2026-03-12T10:59:00.000Z","6.9.4","5.9","8.1",[53,54,55,56,57],"email-notification","logs","reset-password","schedule","user-role","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmass-users-password-reset\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmass-users-password-reset.2.1.1.zip",100,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":60,"num_ratings":31,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":78,"download_link":79,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-password-changed-email","Disable Password Changed Admin Email","1.0.4","wildoperation","https:\u002F\u002Fprofiles.wordpress.org\u002Fwildoperation\u002F","\u003Cp>Stop password changed emails from being sent to site admin after a user resets their password.\u003C\u002Fp>\n\u003Cp>This plugin has no settings. Just enable the plugin, and the outgoing admin notifications will be disabled.\u003C\u002Fp>\n","Stop password changed emails from being sent to site admin after a user resets their password.",200,3040,"2025-04-10T13:52:00.000Z","6.8.5","4.3.0","7.4",[76,20,21,22,77],"admin","reset","https:\u002F\u002Fgithub.com\u002Fwildoperation\u002FDisable-Password-Changed-Email-WordPress-Plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-password-changed-email.1.0.4.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":60,"downloaded":88,"rating":60,"num_ratings":31,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":17,"tags":92,"homepage":97,"download_link":98,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"content-update-notification","Content Update Notification","1.0.2","Andrew Norcross","https:\u002F\u002Fprofiles.wordpress.org\u002Fnorcross\u002F","\u003Cp>Content Update Notification allows your site to notify nearly anyone by email anytime a post or page is added or updated.\u003C\u002Fp>\n\u003Cp>You can customize your email alerts with the following fields:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Name of your website\u003C\u002Fli>\n\u003Cli>Name of the content area edited\u003C\u002Fli>\n\u003Cli>Time the content was edited\u003C\u002Fli>\n\u003Cli>A link to the page that was edited\u003C\u002Fli>\n\u003Cli>The username of the user who edited the content\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is ideal for administrators who have multiple content authors and need to be alerted to content changes for review or regulatory compliance.\u003C\u002Fp>\n","Content Update Notification allows your site to notify nearly anyone by email anytime a post or page is added or updated.",4281,"2015-06-19T01:43:00.000Z","4.2.39","3.7",[93,94,95,21,96],"change-notification","compliance","email-updates","notify","http:\u002F\u002Freaktivstudios.com\u002Fcustom-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-update-notification.1.0.2.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":60,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":17,"tags":113,"homepage":17,"download_link":118,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-custom-emails","WP Custom Emails","1.2.2","Damian Góra","https:\u002F\u002Fprofiles.wordpress.org\u002Fdamian-gora\u002F","\u003Ch4>How it works?\u003C\u002Fh4>\n\u003Cp>WP Custom Emails allows you easily customize WordPress notifications, so you can make it prettier and significantly improve user experience. Additionally the plugin gives possibility to complete turn off sending selected emails.\u003C\u002Fp>\n\u003Cp>Emails are sent via WordPress \u003Cem>wp_mail()\u003C\u002Fem> function, so it is possible to use 3rd part plugin, to authenticate them by SMTP protocol.\u003C\u002Fp>\n\u003Ch4>Notifications that are currently available to use are:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Lost Password (user)\u003C\u002Fli>\n\u003Cli>Password Changed (admin)\u003C\u002Fli>\n\u003Cli>New User Registration (user)\u003C\u002Fli>\n\u003Cli>New User Registration (admin)\u003C\u002Fli>\n\u003Cli>New Comment (moderator)\u003C\u002Fli>\n\u003Cli>New Comment (post author)\u003C\u002Fli>\n\u003Cli>New Trackback (moderator)\u003C\u002Fli>\n\u003Cli>New Trackback (post author)\u003C\u002Fli>\n\u003Cli>New Pingback (moderator)\u003C\u002Fli>\n\u003Cli>New Pingback (post author)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Define sender name\u003C\u002Fli>\n\u003Cli>Define sender email\u003C\u002Fli>\n\u003Cli>HTML content type\u003C\u002Fli>\n\u003Cli>WPML compatibility\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily customize WordPress notification emails.",4275,90,4,"2016-11-12T17:22:00.000Z","4.4.34","3.5",[20,114,115,116,117],"lost-password","mail","notifications","pingback","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-custom-emails.1.2.2.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":33,"downloaded":127,"rating":13,"num_ratings":13,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":17,"tags":131,"homepage":132,"download_link":133,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-password-changed-notifications","Disable Password Changed Notifications","1.0","Pippin Williamson","https:\u002F\u002Fprofiles.wordpress.org\u002Fmordauk\u002F","\u003Cp>Disables the notification email sent to site administrators when users change their passwords. There are no settings to configure.\u003C\u002Fp>\n","Disables the notification email sent to site administrators when users change their passwords.",1842,"2016-11-06T17:06:00.000Z","4.7.32","4.4",[20,21,22],"https:\u002F\u002Fpippinsplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-password-changed-notifications.1.0.zip",{"attackSurface":135,"codeSignals":154,"taintFlows":171,"riskAssessment":172,"analyzedAt":182},{"hooks":136,"ajaxHandlers":150,"restRoutes":151,"shortcodes":152,"cronEvents":153,"entryPointCount":13,"unprotectedCount":13},[137,142,147],{"type":138,"name":139,"callback":139,"priority":11,"file":140,"line":141},"action","profile_update","password-change-notification.php",22,{"type":138,"name":143,"callback":144,"priority":145,"file":140,"line":146},"show_user_profile","render_profile_options",5,25,{"type":138,"name":148,"callback":144,"priority":145,"file":140,"line":149},"edit_user_profile",26,[],[],[],[],{"dangerousFunctions":155,"sqlUsage":156,"outputEscaping":158,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":170},[],{"prepared":13,"raw":13,"locations":157},[],{"escaped":159,"rawEcho":109,"locations":160},1,[161,164,166,168],{"file":140,"line":162,"context":163},88,"raw output",{"file":140,"line":165,"context":163},89,{"file":140,"line":167,"context":163},91,{"file":140,"line":169,"context":163},92,[],[],{"summary":173,"deductions":174},"The \"password-change-notification\" plugin v1.0b2 exhibits a strong security posture based on the provided static analysis. There are no identified entry points like AJAX handlers, REST API routes, or shortcodes that are exposed without authentication or permission checks. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and avoiding risky operations such as file modifications or external HTTP requests. The absence of dangerous functions and critical taint flows further bolsters its security profile.  \n\nHowever, a significant concern arises from the limited output escaping. With only 20% of identified output properly escaped, there is a substantial risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is directly rendered in the frontend without adequate sanitization. The complete lack of nonce checks and capability checks, while not immediately exploitable due to the zero attack surface, indicates a potential weakness if the plugin were to expand its functionality or if new entry points were introduced in the future without corresponding security measures. The plugin's history of zero vulnerabilities is a positive indicator, but it does not negate the current code-level risks.\n\nIn conclusion, while the plugin demonstrates a commendable effort in avoiding common security pitfalls and has a clean vulnerability history, the unescaped output represents a clear and present danger. Addressing this output sanitization issue should be the top priority to mitigate XSS risks. The absence of comprehensive checks like nonces and capabilities, though not currently exploitable, suggests a need for more robust security implementation if the plugin evolves.",[175,178,180],{"reason":176,"points":177},"Unescaped output detected",12,{"reason":179,"points":145},"Missing nonce checks",{"reason":181,"points":145},"Missing capability checks","2026-03-17T00:36:34.539Z",{"wat":184,"direct":189},{"assetPaths":185,"generatorPatterns":186,"scriptPaths":187,"versionParams":188},[],[],[],[],{"cssClasses":190,"htmlComments":191,"htmlAttributes":192,"restEndpoints":195,"jsGlobals":196,"shortcodeOutput":197},[],[],[193,194],"name=\"pwcn_password_change_notification\"","id=\"pwcn_password_change_notification\"",[],[],[]]