[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flVxc4Ggx2d3E87k1wPqwZE5aEbqZ3letov-UJOyejwU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":131,"fingerprints":200},"password-change-reminder","Password Change Reminder","0.2.20131123","Ralf Albert","https:\u002F\u002Fprofiles.wordpress.org\u002Fralf-albert\u002F","\u003Cp>Password Change Reminder helps to raise the security of your WordPress installation with little effort. It will remind the users to regularly change their password. If the password is expired, a nag screen reminds the user to change the password.\u003C\u002Fp>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>More security through regularly changing passwords. “Password Change Reminder” reminds the users to regularly change their password.\u003C\u002Fp>\n\u003Cp>Password Change Reminder requires PHP v5.3+\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Password Change Reminder helps to raise the security of your WordPress installation with little effort. It will remind the users to regularly change t …",10,1482,20,1,"2013-11-24T11:23:00.000Z","3.7.41","3.5","",[20,21,22],"admin","password","security","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-change-reminder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-change-reminder.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"ralf-albert",3,120,30,84,"2026-04-05T15:26:15.041Z",[38,61,78,94,113],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":13,"downloaded":46,"rating":47,"num_ratings":14,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":60,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"reset-password-removed","Reset Password Removed","1.2","Md Taufiqur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmartshovon\u002F","\u003Cp>Easily enhance the security of your WordPress site by removing the ability for non-admin users to change or reset their passwords. The “Reset Password Removed” plugin ensures that only administrators have the power to modify password settings, reducing the risk of unauthorized access.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Restrict Password Resets:\u003C\u002Fstrong> Prevents non-admin users from resetting their passwords, adding an extra layer of security to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Control:\u003C\u002Fstrong> Keeps password management accessible only to site administrators, ensuring critical access remains in trusted hands.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience:\u003C\u002Fstrong> Automatically removes the “Lost your password?” link from the login page for non-admin users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Efficient:\u003C\u002Fstrong> The plugin is built to be lightweight, ensuring it doesn’t slow down your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Reset Password Removed?\u003C\u002Fh3>\n\u003Cp>If you’re looking to enhance your WordPress security without complicating user management, this plugin is the perfect solution. Ideal for websites where password security is paramount, it simplifies control and prevents potential vulnerabilities from password resets.\u003C\u002Fp>\n\u003Cp>Compatible with: WordPress 6.x and PHP 7.4+\u003C\u002Fp>\n","Enhance the security of your blogs by preventing password reset over email function.",2924,100,"2024-11-03T13:58:00.000Z","6.6.5","5.0","7.4",[53,54,55,56,57],"admin-only-password-control","disable-password-reset","secure-login-management","wordpress-password-security","wordpress-user-security-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freset-password-removed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-password-removed.1.2.zip",92,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":11,"downloaded":69,"rating":47,"num_ratings":14,"last_updated":70,"tested_up_to":71,"requires_at_least":50,"requires_php":18,"tags":72,"homepage":18,"download_link":77,"security_score":47,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"admin-notify","Admin Notify","1.0.5","Eliyahna","https:\u002F\u002Fprofiles.wordpress.org\u002Feliyahna\u002F","\u003Cp>The \u003Cstrong>Admin Notify\u003C\u002Fstrong> plugin sends email notifications to the administrator whenever an \u003Cstrong>administrator account\u003C\u002Fstrong> is:\u003Cbr \u002F>\n– Added\u003Cbr \u002F>\n– Password is changed\u003Cbr \u002F>\n– Downgraded\u003Cbr \u002F>\n– Deleted\u003C\u002Fp>\n\u003Cp>This plugin helps keep your WordPress site secure by notifying the administrator of important changes to user accounts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Email notification when a new administrator is added.\u003Cbr \u002F>\n– Email notification when an administrator’s password is changed.\u003Cbr \u002F>\n– Email notification when an administrator is deleted.\u003Cbr \u002F>\n– Email notification when an administrator is downgraded.\u003Cbr \u002F>\n– Easily configurable via the plugin settings page.\u003C\u002Fp>\n\u003Cp>This plugin requires the administrator’s email to be configured in the plugin settings.\u003C\u002Fp>\n\u003Ch3>Acknowledgments\u003C\u002Fh3>\n\u003Cp>Special thanks to the contributors at WordPress.org for providing a platform for plugins and helping make WordPress an open and secure CMS.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>This plugin has been developed with security in mind and follows WordPress best practices for securing input and output. However, it is important to:\u003Cbr \u002F>\n– Ensure that your WordPress installation and all plugins are kept up to date.\u003Cbr \u002F>\n– Use strong passwords for your administrator accounts.\u003Cbr \u002F>\n– Regularly monitor your site’s user activity.\u003C\u002Fp>\n","Short Description: Admin Notify sends email notifications when administrator accounts are added, updated, or deleted.",733,"2025-04-16T18:58:00.000Z","6.8.5",[73,74,75,22,76],"admin-notification","admin-role-change","password-change","user-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-notify.1.0.5.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":11,"downloaded":86,"rating":26,"num_ratings":26,"last_updated":87,"tested_up_to":71,"requires_at_least":50,"requires_php":51,"tags":88,"homepage":92,"download_link":93,"security_score":47,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"section-specific-dashboard-lock","Section-Specific Dashboard Lock","1.1.0","newwaypmsco","https:\u002F\u002Fprofiles.wordpress.org\u002Fnewwaypmsco\u002F","\u003Cp>The \u003Cstrong>Section-Specific Dashboard Lock\u003C\u002Fstrong> plugin enables you to lock access to specific sections and submenus within the WordPress admin dashboard. Ideal for website owners or developers who want to limit access to sensitive dashboard areas for certain users or even administrators.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Lock main dashboard sections and submenus individually.\u003C\u002Fli>\n\u003Cli>Assign custom passwords to different areas.\u003C\u002Fli>\n\u003Cli>Reset locks on logout or re-login.\u003C\u002Fli>\n\u003Cli>Simple UI for enabling locks and setting passwords.\u003C\u002Fli>\n\u003Cli>Improves security without modifying user roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin does not connect to or rely on any external services.\u003C\u002Fp>\n\u003Ch3>Resources\u003C\u002Fh3>\n\u003Cp>This plugin uses WordPress core APIs and does not include any third-party libraries or dependencies.\u003C\u002Fp>\n","Lock specific sections and submenus of the WordPress admin dashboard with custom passwords for enhanced control and security.",291,"2025-05-02T15:46:00.000Z",[89,90,91,21,22],"access-control","admin-protection","dashboard-lock","https:\u002F\u002Fnewwaypmsco.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsection-specific-dashboard-lock.1.1.0.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":11,"downloaded":102,"rating":26,"num_ratings":26,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":110,"download_link":111,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":112},"wp-expire-passwords","WP Expire Passwords","1.1.1","rob.divincenzo","https:\u002F\u002Fprofiles.wordpress.org\u002Frobdivincenzo\u002F","\u003Cp>This plugin allows you to set passwords to expire every X amount of days (default is 90) and to expire all non-admin user passwords (requiring new unique passwords).\u003C\u002Fp>\n","This plugin allows you to set passwords to expire every X amount of days (default is 90) and to expire all non-admin user passwords (requiring new uni …",1708,"2013-09-03T18:20:00.000Z","3.6.1","3.3",[107,108,21,22,109],"administration","expire","user","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-expire-passwords\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-expire-passwords.zip","2026-03-15T14:54:45.397Z",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":26,"downloaded":121,"rating":26,"num_ratings":26,"last_updated":122,"tested_up_to":71,"requires_at_least":123,"requires_php":124,"tags":125,"homepage":18,"download_link":130,"security_score":47,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"gatelink-client","GateLink Client – Passwordless SSO & One‑Click Admin Access","1.8.3","NUMAN RASHEED","https:\u002F\u002Fprofiles.wordpress.org\u002Fnumanrki\u002F","\u003Cp>\u003Cstrong>GateLink Client\u003C\u002Fstrong> is the receiving end of the GateLink ecosystem. It pairs with \u003Cstrong>GateLink Manager\u003C\u002Fstrong> to deliver instant, passwordless admin access to your WordPress sites. Once installed and trusted, it accepts HMAC‑signed login links from your Manager site, validates them, and redirects the user straight to wp‑admin—no passwords, no hassle. Designed for developers, freelancers and site admins who maintain multiple installations, GateLink Client makes it easy to manage trust relationships and keep your sites secure.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Trust Management\u003C\u002Fstrong> – Explicitly approve or revoke which Manager sites can access your admin.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quick Connect & Manual Pairing\u003C\u002Fstrong> – Choose between instant pairing or manual shared token setup for finer control.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>HMAC‑Signed Security\u003C\u002Fstrong> – Enforces HMAC‑SHA256 signatures with TTL and replay protection for every login URL.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Health Monitoring\u003C\u002Fstrong> – Provides a REST endpoint for status checks, so you know when connections are healthy.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logs\u003C\u002Fstrong> – Tracks connection attempts and logins for auditing and troubleshooting.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessible Admin Interface\u003C\u002Fstrong> – Built with modern design and accessibility support for a seamless user experience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Establish Trust\u003C\u002Fstrong> – Generate a Shared Token in the Manager and paste it under \u003Cstrong>GateLink Client \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Trusted Manager\u003C\u002Fstrong>.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Validate Links\u003C\u002Fstrong> – When the Manager issues a login link, the Client verifies the HMAC signature and checks the timestamp.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Login\u003C\u002Fstrong> – Upon successful validation, the user is logged into wp‑admin without needing credentials.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Expire & Revoke\u003C\u002Fstrong> – Links expire after two minutes and can only be used once; you can revoke trust anytime via the admin interface.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Security & Privacy\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Short‑lived Tokens\u003C\u002Fstrong> – Login URLs are valid for only a couple of minutes to minimize exposure.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server‑Side Signing\u003C\u002Fstrong> – All signatures are generated on the Manager; the Client never stores admin passwords.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTTPS Recommended\u003C\u002Fstrong> – Run both Manager and Client over HTTPS and avoid caching login requests.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Peer‑to‑Peer Communication\u003C\u002Fstrong> – The Client only exchanges data (site info, tokens, timestamps) with your Manager sites; no third parties are involved.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure, zero‑config SSO for WordPress sites—validate HMAC‑signed links and log users into wp‑admin automatically.",159,"2025-10-17T08:15:00.000Z","6.3","8.0",[126,127,128,22,129],"admin-login","one-click-login","passwordless","single-sign-on","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgatelink-client.1.8.3.zip",{"attackSurface":132,"codeSignals":169,"taintFlows":187,"riskAssessment":188,"analyzedAt":199},{"hooks":133,"ajaxHandlers":161,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":14,"unprotectedCount":14},[134,140,144,149,153,156],{"type":135,"name":136,"callback":137,"priority":14,"file":138,"line":139},"action","admin_init","settings_api_init","classes\\backend.php",47,{"type":135,"name":141,"callback":142,"priority":11,"file":138,"line":143},"admin_menu","add_menu_page",48,{"type":135,"name":145,"callback":146,"priority":14,"file":147,"line":148},"init","init_translation","classes\\pwcr.php",35,{"type":135,"name":150,"callback":151,"priority":14,"file":147,"line":152},"personal_options_update","pw_was_updated",44,{"type":135,"name":154,"callback":151,"priority":14,"file":147,"line":155},"edit_user_profile_update",45,{"type":135,"name":157,"callback":158,"priority":11,"file":159,"line":160},"plugins_loaded","anonymous","pwchangereminder.php",42,[162],{"action":163,"nopriv":164,"callback":163,"hasNonce":164,"hasCapCheck":164,"file":147,"line":165},"ignore_nag",false,41,[],[],[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":174,"fileOperations":14,"externalRequests":26,"nonceChecks":26,"capabilityChecks":172,"bundledLibraries":186},[],{"prepared":172,"raw":26,"locations":173},2,[],{"escaped":32,"rawEcho":175,"locations":176},4,[177,180,182,184],{"file":138,"line":178,"context":179},278,"raw output",{"file":138,"line":181,"context":179},300,{"file":138,"line":183,"context":179},362,{"file":147,"line":185,"context":179},254,[],[],{"summary":189,"deductions":190},"The password-change-reminder plugin v0.2.20131123 exhibits a mixed security posture. On the positive side, the plugin utilizes prepared statements for all its SQL queries, indicating a good practice against SQL injection vulnerabilities. It also performs capability checks, which are essential for securing functionalities. However, a significant concern arises from the presence of an unprotected AJAX handler, representing a direct entry point into the plugin's functionality without any authentication or authorization checks. The static analysis also reveals that a notable percentage of output is not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these outputs.\n\nThe plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator of past security diligence or a lack of targeted attacks. However, the absence of past vulnerabilities should not be interpreted as a guarantee of current security, especially given the identified unprotected AJAX handler. The taint analysis shows no flows, which is a good sign, but the limited scope of this analysis (0 flows analyzed) might not be comprehensive.\n\nIn conclusion, while the plugin demonstrates strengths in data handling with prepared statements and capability checks, the unprotected AJAX handler and the significant proportion of unescaped output represent clear and present risks. The clean vulnerability history is reassuring but doesn't negate the identified code-level weaknesses. A balanced assessment suggests that the plugin has potential vulnerabilities that require immediate attention.",[191,193,196],{"reason":192,"points":11},"Unprotected AJAX handler",{"reason":194,"points":195},"Significant unescaped output",6,{"reason":197,"points":198},"Missing nonce checks on AJAX handler",5,"2026-03-17T01:31:06.886Z",{"wat":201,"direct":211},{"assetPaths":202,"generatorPatterns":207,"scriptPaths":208,"versionParams":210},[203,204,205,206],"\u002Fwp-content\u002Fplugins\u002Fpassword-change-reminder\u002Fcss\u002Fpwcr_frontend.css","\u002Fwp-content\u002Fplugins\u002Fpassword-change-reminder\u002Fcss\u002Fpwcr_frontend.min.css","\u002Fwp-content\u002Fplugins\u002Fpassword-change-reminder\u002Fscripts\u002Fpwcr_backend.js","\u002Fwp-content\u002Fplugins\u002Fpassword-change-reminder\u002Fscripts\u002Fpwcr_backend.min.js",[],[209],"jquery",[],{"cssClasses":212,"htmlComments":214,"htmlAttributes":215,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":220},[213],"pwcr-nag",[],[216],"data-ajaxurl",[],[219],"PwCR",[]]