[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKLFx7UmrG60T1S75F6ykfkvO7lcPDDY3WTpQWQ8_vBc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":137,"fingerprints":192},"post-password-plugin","Post Password Token","2.0.3","Shawn Parker","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawnparker\u002F","\u003Cp>The Post Password Token plugin lets you issue secret urls that allow readers to access protected content without having to enter a password. It extends the default WordPress post password protection functionality by creating secret urls to the post that have an encoded token. This is similar to the guest pass functionality that can be found on Flickr.\u003C\u002Fp>\n\u003Ch4>Who is it for?\u003C\u002Fh4>\n\u003Cp>Sometimes you would like to share your blog posts with a specific group of people, but not with the wider world. For example, a family might want to blog about their adventures together for friends and family, but would rather not broadcast this to everyone. WordPress provides for this scenario by allowing you to password-protect a post. Unfortunately, we’ve found through experience that a lot of our friends never make it past the password form. Either they mis-type the password, are confused about what it is, or are simply scared off by an intimidating form.\u003C\u002Fp>\n\u003Cp>The solution: give password-protected posts a secret url that can be shared with friends and family. The url allows your select audience to see the content without the confusion and hassle of an authentication form, while hiding the special content from search spiders and the wider-world. You can revoke secret urls at any time, so if a secret url gets to someone you don’t want it to, you can simply invalidate it.\u003C\u002Fp>\n\u003Ch4>The Details\u003C\u002Fh4>\n\u003Cp>The encoded tokens are made by taking the post-name and post-password and encoding them together. The plugin’s admin page also allows you to create a “salt”, or a unique key that makes the resulting encoded token more secure. Please note that once the salt option is set, changing it will change the secret urls for all posts. Unless you want to invalidate all of your old secret urls, it is recommended that you set the salt and leave it.\u003C\u002Fp>\n","The Post Password Token plugin allows readers to access protected posts without having to enter a password by creating secret token urls for the post.",600,17703,98,7,"2023-07-06T19:57:00.000Z","6.2.9","5.7","7.4",[20,21,22,23,24],"guest","pass","password","post","token","http:\u002F\u002Ftop-frog.com\u002Fprojects\u002Fpost-password-token\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-password-plugin.2.0.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"shawnparker",2,700,30,84,"2026-04-05T07:38:40.145Z",[40,64,87,102,116],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":60,"download_link":61,"security_score":50,"vuln_count":62,"unpatched_count":28,"last_vuln_date":63,"fetched_at":30},"multiple-post-passwords","Multiple Post Passwords","1.1.4","Andreas Münch","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreasmuench\u002F","\u003Cp>This is a simple Plugin that lets you set multiple passwords for your password protected posts and pages.\u003C\u002Fp>\n\u003Cp>On posts\u002Fpages with password protection it will show an extra Metabox with a field to input additional passwords, one in each line.\u003C\u002Fp>\n\u003Cp>Note that if you just changed a post\u002Fpage to password protection you have to save once so that the extra field appears.\u003C\u002Fp>\n\u003Ch4>Expire passwords\u003C\u002Fh4>\n\u003Cp>You can also make passwords expire after x hours when being used. You can find the settings under Settings -> Multiple Post Passwords.\u003C\u002Fp>\n\u003Cp>Note that the actual deletion of the passwords is triggered by a cronjob which is run every 30 minutes. So even if you set your expiry time to very short, it may still take 30 minutes until the password really expires.\u003C\u002Fp>\n\u003Cp>Also note that the expiration only works for the additional passwords, not for the standard WordPress page\u002Fpost password.\u003C\u002Fp>\n\u003Ch4>Using lots of passwords on one page\u003C\u002Fh4>\n\u003Cp>If you are using lots of passwords on one page and the password check takes a long time, you should activate the alternative password check in the settings to speed up the password check.\u003C\u002Fp>\n","Set multiple passwords for your protected pages so you can give them to different users.",2000,24287,100,11,"2026-01-17T16:46:00.000Z","6.8.5","4.7.0","5.6",[57,58,22,23,59],"multiple","page","protected","https:\u002F\u002Fwww.andreasmuench.de\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultiple-post-passwords.1.1.4.zip",1,"2023-11-28 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":13,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":78,"tags":79,"homepage":83,"download_link":84,"security_score":37,"vuln_count":85,"unpatched_count":28,"last_vuln_date":86,"fetched_at":30},"protected-posts-logout-button","Protected Posts Logout Button","1.4.6","Nate Reist","https:\u002F\u002Fprofiles.wordpress.org\u002Fnatereist\u002F","\u003Cp>This plugin simply adds a logout button to the content of any password protected post. Sometimes clients want a password protected page to share information with privileged individuals and the default 10 days for the cookie to expire is too long for their liking. So I wrote a little plugin to do this with AJAX and set the cookie to expire immediately, well actually 10 days in the past.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works logged in or out as a WordPress user.\u003C\u002Fli>\n\u003Cli>Uses the same functionality WordPress uses to set post cookies.\u003C\u002Fli>\n\u003Cli>Has a simple settings page to make everything easier.\u003C\u002Fli>\n\u003Cli>Allows you to alert user they have logged out.\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatically adds a logout button to your password protected content.",1000,33408,13,"2023-02-16T00:46:00.000Z","6.1.10","2.8","",[80,81,82],"logout","password-protected-posts-logout-button","wordpress-security","http:\u002F\u002Fmindutopia.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotected-posts-logout-button.1.4.6.zip",3,"2023-02-20 00:00:00",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":11,"downloaded":95,"rating":50,"num_ratings":96,"last_updated":97,"tested_up_to":53,"requires_at_least":98,"requires_php":78,"tags":99,"homepage":78,"download_link":101,"security_score":50,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"password-passthrough","Password Passthrough","2.0.0","KaeruCT","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaeruct\u002F","\u003Cp>This plugin allows passwords for password-protected pages\u002Fposts to be passed directly through the URL.\u003C\u002Fp>\n\u003Cp>The query string parameter that should contain the password is \u003Ccode>pw\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>For example, if the URL of your post is \u003Ccode>http:\u002F\u002Fmyblog.com\u002Fpassword-protected-page\u002F\u003C\u002Fcode> and the password is \u003Ccode>PASSWORD\u003C\u002Fcode>,\u003Cbr \u002F>\nthen just append \u003Ccode>?pw=PASSWORD\u003C\u002Fcode> to it.\u003C\u002Fp>\n\u003Cp>If the URL already contains a query string (for example, \u003Ccode>http:\u002F\u002Fmyblog.com\u002F?p=5\u003C\u002Fcode>), then be sure to append \u003Ccode>&pw=PASSWORD\u003C\u002Fcode> instead.\u003C\u002Fp>\n","This plugin allows passwords for password-protected pages\u002Fposts to be passed directly through the URL.",6589,6,"2025-06-21T19:23:00.000Z","5.4",[58,22,23,59,100],"url","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-passthrough.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":11,"downloaded":110,"rating":28,"num_ratings":28,"last_updated":111,"tested_up_to":76,"requires_at_least":112,"requires_php":78,"tags":113,"homepage":114,"download_link":115,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"replace-protected-password","Replace Protected Password","1.0.3","Ko Takagi","https:\u002F\u002Fprofiles.wordpress.org\u002Fko31\u002F","\u003Cp>This plugin allows you to update the password for the post or page at a time.\u003C\u002Fp>\n\u003Cp>Manage your protected passwords easier.\u003C\u002Fp>\n\u003Ch4>Related Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fko31\u002Freplace-protected-password\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to update the password for the post or page at a time.",4344,"2022-11-18T12:48:00.000Z","4.3",[58,22,23],"https:\u002F\u002Fgithub.com\u002Fko31\u002Freplace-protected-password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freplace-protected-password.1.0.3.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":50,"num_ratings":34,"last_updated":126,"tested_up_to":53,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":135,"download_link":136,"security_score":50,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"multi-site-post-publisher","Multi Site Post Publisher","1.2.0","WP Plugin Pilot","https:\u002F\u002Fprofiles.wordpress.org\u002Fusmanr\u002F","\u003Cp>\u003Cstrong>Multi Site Post Publisher\u003C\u002Fstrong> allows WordPress admins to push content to multiple remote WordPress sites using their REST API and Application Passwords. Perfect for bloggers, content teams, or agencies managing a network of sites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add multiple remote WordPress sites\u003C\u002Fli>\n\u003Cli>Secure authentication using Application Passwords\u003C\u002Fli>\n\u003Cli>Simple UI for managing site credentials\u003C\u002Fli>\n\u003Cli>Easily publish posts across multiple domains\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No need for complex multisite setups or syncing tools. Just enter your credentials and publish away!\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Publish posts to multiple remote WordPress websites from a single dashboard using application passwords. Simple, secure, and efficient.",60,758,"2025-12-15T16:53:00.000Z","5.5","7.2",[130,131,132,133,134],"application-password","multisite","post-publisher","publish","remote-publishing","https:\u002F\u002Fwppluginpilot.com\u002Fmultisitepostpublisher\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmulti-site-post-publisher.1.2.0.zip",{"attackSurface":138,"codeSignals":153,"taintFlows":184,"riskAssessment":185,"analyzedAt":191},{"hooks":139,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":28,"unprotectedCount":28},[140,146],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","plugins_loaded","admin_init","post-password-token.php",32,{"type":141,"name":142,"callback":147,"file":144,"line":148},"client_init",33,[],[],[],[],{"dangerousFunctions":154,"sqlUsage":155,"outputEscaping":157,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":183},[],{"prepared":28,"raw":28,"locations":156},[],{"escaped":28,"rawEcho":158,"locations":159},10,[160,164,166,169,171,173,175,177,179,181],{"file":161,"line":162,"context":163},"templates\\meta-box.php",17,"raw output",{"file":161,"line":165,"context":163},24,{"file":167,"line":168,"context":163},"templates\\settings.php",43,{"file":167,"line":170,"context":163},50,{"file":167,"line":172,"context":163},54,{"file":167,"line":174,"context":163},69,{"file":167,"line":176,"context":163},80,{"file":167,"line":178,"context":163},95,{"file":167,"line":180,"context":163},117,{"file":167,"line":182,"context":163},118,[],[],{"summary":186,"deductions":187},"The \"post-password-plugin\" v2.0.3 exhibits a strong security posture from a static analysis perspective, with no identified direct attack vectors like unprotected AJAX handlers, REST API routes, shortcodes, or cron events. The absence of dangerous functions and file operations further contributes to this positive assessment.  Furthermore, all SQL queries are properly prepared, and the plugin does not make external HTTP requests or bundle external libraries, reducing the potential for common vulnerabilities.  The lack of any recorded CVEs in its history, with no unpatched or past vulnerabilities, strongly suggests a commitment to security maintenance or a very limited feature set that avoids common pitfalls.  However, the analysis does highlight a significant concern: 100% of the 10 identified output operations are not properly escaped. This absence of output escaping represents a considerable risk, as it leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks if any user-supplied data is ever rendered directly in the output. While the attack surface appears minimal, this unescaped output is a critical weakness that needs immediate attention to prevent potential compromises.",[188],{"reason":189,"points":190},"100% of outputs are not properly escaped",8,"2026-03-16T19:27:58.409Z",{"wat":193,"direct":206},{"assetPaths":194,"generatorPatterns":199,"scriptPaths":200,"versionParams":201},[195,196,197,198],"\u002Fwp-content\u002Fplugins\u002Fpost-password-plugin\u002Fassets\u002Fcss\u002Fclient.css","\u002Fwp-content\u002Fplugins\u002Fpost-password-plugin\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fpost-password-plugin\u002Fassets\u002Fjs\u002Fclient.js","\u002Fwp-content\u002Fplugins\u002Fpost-password-plugin\u002Fassets\u002Fjs\u002Fadmin.js",[],[197,198],[202,203,204,205],"post-password-plugin\u002Fassets\u002Fcss\u002Fclient.css?ver=","post-password-plugin\u002Fassets\u002Fcss\u002Fadmin.css?ver=","post-password-plugin\u002Fassets\u002Fjs\u002Fclient.js?ver=","post-password-plugin\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":207,"htmlComments":220,"htmlAttributes":225,"restEndpoints":228,"jsGlobals":229,"shortcodeOutput":232},[208,209,210,211,212,213,214,215,216,217,218,219],"ppt-wrap","ppt-hr","ppt-form-box","ppt-rounded","ppt-inset","ppt-post-type-options","ppt-danger-box","advanced-option-input","unlock","ppt-unlock","advanced-option-control","ppt-hide",[221,222,223,224],"Requires\u002FAssumes being loaded via PPTAdmin","Copyright (c) 2009-2022 Shawn Parker, Gordon Brander. All rights reserved.","Warning: changing the salt will modify all \u003Cem>Password Token URLs\u003C\u002Fem> site-wide: readers will no longer be able to use old \u003Cem>Password Token URLs\u003C\u002Fem> to view protected content.","Cryptography is a complex subject, so the short of it is \"newer is better\". However, \u003Cb>upgrading the hashing algorithm will obsolete your old urls\u003C\u002Fb>, so if you need to maintain backwards compatability, then you should leave this alone.",[226,227],"data-slug","data-postid",[],[230,231],"PPTAdmin","PPTClient",[]]