Does Password Reset Enforcement have any unpatched vulnerabilities?

No. All known vulnerabilities in Password Reset Enforcement have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Password Reset Enforcement compatible with WordPress 6.9.4?

According to WordPress.org data, Password Reset Enforcement 1.11.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Password Reset Enforcement compatible with PHP 7.4+?

Password Reset Enforcement requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Password Reset Enforcement updated?

Password Reset Enforcement was last updated on Nov 28, 2025. Frequent updates are generally a positive security signal.

What is Password Reset Enforcement's security score?

Password Reset Enforcement has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Password Reset Enforcement Security & Risk Analysis

wordpress.org/plugins/password-reset-enforcement

Easily enforce password reset for WordPress users. Choose to force password changes site-wide, by user and/or by role, to boost your site's security.

100 active installs v1.11.1 PHP 7.4+ WP 6.6+ Updated Nov 28, 2025

force-password-changepassword-enforcementreset-passwordsecure-loginwordpress-security

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Password Reset Enforcement Safe to Use in 2026?

Generally Safe

Score 100/100

Password Reset Enforcement has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The password-reset-enforcement plugin v1.11.1 appears to have a strong security posture based on the provided static analysis and vulnerability history. The absence of any detected dangerous functions, external HTTP requests, or file operations, combined with 100% output escaping and a high percentage of SQL queries using prepared statements, indicates good coding practices. The plugin also demonstrates a commitment to security by including nonce checks and capability checks (though the latter is not explicitly listed as a code signal, its absence implies it might be handled elsewhere or is not applicable given the attack surface). The total entry points are low and none are unprotected.

The vulnerability history further reinforces this positive assessment, with zero known CVEs recorded. This suggests a well-maintained and secure plugin that has not historically been a target or source of significant security flaws. The lack of any reported vulnerabilities, regardless of severity, is a significant strength. While the taint analysis found no issues, this is based on zero flows analyzed, which is a limitation of the static analysis in this context and could indicate either a very simple plugin or a gap in the analysis coverage.

In conclusion, the plugin exhibits strong defensive coding practices and a clean vulnerability history, making it appear quite secure. The primary concern, albeit minor and derived from the analysis scope, is the limited depth of the taint analysis, which, if the plugin were more complex, could miss issues. However, given the other positive indicators, the overall risk is assessed as very low.

Vulnerabilities

None known

Password Reset Enforcement Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Password Reset Enforcement Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

83% prepared6 total queries

Output Escaping

100% escaped38 total outputs

Attack Surface

Password Reset Enforcement Attack Surface

Entry Points1

Unprotected0

REST API Routes 1

POST/wp-json/password-reset-enforcement/v1/actionsrc\modules\class-module-endpoint-action.php:38

WordPress Hooks 39

actioninitdeps\php\universal-modules\class-module-cache-invalidation.php:23

actionrest_api_initdeps\php\universal-modules\class-module-endpoint-user-coverage.php:26

actionrest_api_initdeps\php\universal-modules\class-module-endpoint-user-role-search.php:25

actionrest_api_initdeps\php\universal-modules\class-module-endpoint-user-search.php:27

actionrest_api_initdeps\php\universal-modules\class-module-endpoint-users-by-logins.php:27

actioninitdeps\php\universal-modules\class-module-settings-page.php:66

actionnetwork_admin_menudeps\php\universal-modules\class-module-settings-page.php:69

actionadmin_menudeps\php\universal-modules\class-module-settings-page.php:70

actionadmin_initdeps\php\universal-modules\class-module-settings-page.php:73

actionadmin_enqueue_scriptsdeps\php\universal-modules\class-module-settings-page.php:76

filteradmin_body_classdeps\php\universal-modules\class-module-settings-page.php:79

actioninitdeps\php\universal-modules\class-module-translations.php:24

actionadmin_initdeps\php\utils\class-container.php:266

actiongranted_super_admindeps\php\utils\class-container.php:271

actionrevoked_super_admindeps\php\utils\class-container.php:274

actionplugins_loadedpassword-reset-enforcement.php:37

filterretrieve_password_messagesrc\class-user.php:62

actionrest_api_initsrc\modules\class-module-endpoint-action.php:29

filterlogin_redirectsrc\modules\class-module-processing-on-login.php:26

actionwp_update_usersrc\modules\class-module-processing-on-password-change.php:25

actionwp_set_passwordsrc\modules\class-module-processing-on-password-change.php:28

filterwpmu_users_columnssrc\modules\class-module-reset-indicator.php:33

filtermanage_users_columnssrc\modules\class-module-reset-indicator.php:34

filtermanage_users_custom_columnsrc\modules\class-module-reset-indicator.php:37

actionnetwork_admin_noticessrc\modules\class-module-reset-indicator.php:40

actionadmin_noticessrc\modules\class-module-reset-indicator.php:41

filterms_user_row_actionssrc\modules\class-module-user-row-actions.php:54

filteruser_row_actionssrc\modules\class-module-user-row-actions.php:55

actionnetwork_admin_noticessrc\modules\class-module-user-row-actions.php:62

actionadmin_noticessrc\modules\class-module-user-row-actions.php:63

actionnetwork_admin_noticessrc\modules\class-module-user-row-actions.php:66

actionadmin_noticessrc\modules\class-module-user-row-actions.php:67

filterbulk_actions-users-networksrc\modules\class-module-user-row-actions.php:70

filterbulk_actions-userssrc\modules\class-module-user-row-actions.php:71

filterhandle_network_bulk_actions-users-networksrc\modules\class-module-user-row-actions.php:74

filterhandle_bulk_actions-userssrc\modules\class-module-user-row-actions.php:75

filterpassword_reset_enforcement__settings_page_script_inline_datasrc\modules\settings-page\class-module-settings-page.php:26

filterpassword_reset_enforcement__settings_page_script_additional_dependenciessrc\modules\settings-page\class-module-settings-page.php:29

filterpassword_reset_enforcement__settings_page_stylesheet_additional_dependenciessrc\modules\settings-page\class-module-settings-page.php:32

Maintenance & Trust

Password Reset Enforcement Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 28, 2025

PHP min version7.4

Downloads4K

Community Trust

Rating80/100

Number of ratings2

Active installs100

Alternatives

Password Reset Enforcement Alternatives

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

malcare-security

100

Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.

200K No CVEs

Temporary Login Without Password

temporary-login-without-password

100

Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username/password) with your developers or editors.

100K 1 CVE

SecuPress with Simple SSL – Simple and Performant Security

secupress

Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily.

40K 6 CVEs

Frontend Reset Password

frontend-reset-password

100

Let your users reset their forgotten passwords from the frontend of your website.

10K No CVEs

Protect WP Admin

protect-wp-admin

Protect your WP site by changing the default wp-admin URL and customizing the login page for enhanced security.

10K 4 CVEs

Developer Profile

Password Reset Enforcement Developer Profile

Teydea Studio

5 plugins · 10K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Password Reset Enforcement

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/password-reset-enforcement/build/password-reset-enforcement/index.css/wp-content/plugins/password-reset-enforcement/build/password-reset-enforcement/index.js

Script Paths

/wp-content/plugins/password-reset-enforcement/build/password-reset-enforcement/index.js

Version Parameters

password-reset-enforcement/build/password-reset-enforcement/index.js?ver=password-reset-enforcement/build/password-reset-enforcement/index.css?ver=

HTML / DOM Fingerprints

Data Attributes

data-prefix="pre"

JS Globals

window.teydeaStudiowindow.teydeaStudio.password_reset_enforcementwindow.teydeaStudio.password_reset_enforcement.environmentwindow.teydeaStudio.password_reset_enforcement.password_reset_enforcement

FAQ