[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fg8oax5WEIVntYgzAtJ3uhZcRuWUTV-RualU0CGt5uT8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":89,"crawl_stats":38,"alternatives":97,"analysis":212,"fingerprints":365},"premmerce-user-roles","Premmerce User Roles","1.0.14","Premmerce","https:\u002F\u002Fprofiles.wordpress.org\u002Fpremmerce\u002F","\u003Cp>This plugin has been developed for creating user roles from the WordPress admin area and assigning the arbitrary access rights to them.\u003C\u002Fp>\n\u003Cp>Full documentation is available here: \u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fwordpress-custom-user-roles\u002F\" rel=\"nofollow ugc\">Premmerce User Roles\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Major features of “Premmerce User Roles”\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>adding user roles with the features needed\u003C\u002Fli>\n\u003Cli>viewing the features of the standard WordPress roles\u003C\u002Fli>\n\u003Cli>deleting the created user roles\u003C\u002Fli>\n\u003Cli>editing the created user roles\u003C\u002Fli>\n\u003Cli>granting the arbitrary access rights to the user roles\u003C\u002Fli>\n\u003Cli>inheriting the features of the existing roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>You can create your personal demo store and test  this plugin together with \u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Ffeatures\u002F\" rel=\"nofollow ugc\">Premmerce Premium\u003C\u002Fa> and all other Premmerce plugins and themes  developed by our team here:  \u003Ca href=\"https:\u002F\u002Fpremmerce.com\u002Fpremmerce-woocommerce-demo\u002F\" rel=\"nofollow ugc\">Premmerce WooCommerce Demo\u003C\u002Fa> .\u003C\u002Fp>\n\u003Ch4>Compatibility with the other Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>WooCommerce Multilingual\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin has been  developed for creating user roles from the WordPress admin area and assigning the arbitrary access rights to them.",700,19546,100,2,"2026-02-19T19:23:00.000Z","6.9.4","4.8","5.6",[20,21,22,23,24],"create-custom-user-role","custom-user-roles","user-roles","user-roles-management","users-roles","https:\u002F\u002Fpremmerce.com\u002Fwordpress-custom-user-roles\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpremmerce-user-roles.1.0.14.zip",93,4,0,"2025-07-28 00:00:00","2026-03-15T15:16:48.613Z",[33,48,62,75],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-60193","premmerce-user-roles-unauthenticated-local-file-inclusion","Premmerce User Roles \u003C= 1.0.13 - Unauthenticated Local File Inclusion","The Premmerce User Roles plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.",null,"\u003C=1.0.13","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2026-02-25 12:53:40",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff37852ae-a190-43f2-8f67-256a3f2dba26?source=api-prod",213,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2025-62883","premmerce-user-roles-missing-authorization","Premmerce User Roles \u003C= 1.0.13 - Missing Authorization","The Premmerce User Roles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-06-13 00:00:00","2026-02-24 22:17:41",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F19d50a14-dbef-476d-8171-24ef84f380f3?source=api-prod",257,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":53,"cvss_score":67,"cvss_vector":68,"vuln_type":69,"published_date":70,"updated_date":71,"references":72,"days_to_patch":74},"CVE-2025-64291","premmerce-user-roles-authenticated-administrator-stored-cross-site-scripting","Premmerce User Roles \u003C= 1.0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Premmerce User Roles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-05-10 00:00:00","2026-02-25 12:53:22",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa9cf7103-e644-4328-bd14-e8fd53f9489b?source=api-prod",292,{"id":76,"url_slug":77,"title":78,"description":79,"plugin_slug":4,"theme_slug":38,"affected_versions":80,"patched_in_version":81,"severity":40,"cvss_score":82,"cvss_vector":83,"vuln_type":56,"published_date":84,"updated_date":85,"references":86,"days_to_patch":88},"CVE-2023-41130","premmerce-user-roles-missing-authorization-via-role-management-functions","Premmerce User Roles \u003C= 1.0.12 - Missing Authorization via role management functions","The Premmerce User Roles plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability and nonce checks on the 'createRole', 'updateRole', and 'deleteRole' functions in versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to create, modify, and delete custom roles.","\u003C=1.0.12","1.0.13",8.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:L","2023-08-24 00:00:00","2024-01-22 19:56:02",[87],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff53cd4a3-a6db-42c2-b4d8-218071c4bcd4?source=api-prod",152,{"slug":90,"display_name":7,"profile_url":8,"plugin_count":91,"total_installs":92,"avg_security_score":93,"avg_patch_time_days":94,"trust_score":95,"computed_at":96},"premmerce",14,59700,94,401,75,"2026-04-04T20:21:23.553Z",[98,123,145,166,189],{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":16,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":118,"download_link":119,"security_score":120,"vuln_count":121,"unpatched_count":29,"last_vuln_date":122,"fetched_at":31},"advanced-access-manager","Advanced Access Manager – Access Governance for WordPress","7.1.0","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>\u003Cstrong>Advanced Access Manager (AAM)\u003C\u002Fstrong> introduces \u003Cstrong>Access Governance for WordPress\u003C\u002Fstrong> – a systematic approach to securing your site by controlling who can access what, when, and why.\u003C\u002Fp>\n\u003Cp>Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the \u003Cstrong>root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Instead of reacting to attacks, AAM helps you \u003Cstrong>design security into your WordPress site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>What Access Governance means in practice\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mitigate Broken Access Controls\u003C\u002Fstrong>. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate Excessive Privileges\u003C\u002Fstrong>. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Content by Design\u003C\u002Fstrong>. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govern Access with Policy\u003C\u002Fstrong>. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Custom Security Logic\u003C\u002Fstrong>. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong>. Detect risky role assignments, misconfigurations, and compromised accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Access Control\u003C\u002Fstrong>. Manage permissions for any user, role, or visitor with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role & Capability Management\u003C\u002Fstrong>. Customize WordPress roles and capabilities beyond defaults.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin & Menu Control\u003C\u002Fstrong>. Restrict dashboard areas and tailor the admin experience per user or role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API & Endpoint Protection\u003C\u002Fstrong>. Secure REST and XML-RPC access with fine-grained controls.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication Options\u003C\u002Fstrong>. Support passwordless and secure login flows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Ready Framework\u003C\u002Fstrong>. Extend WordPress security using AAM’s powerful SDK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad-Free & Transparent\u003C\u002Fstrong>. – No ads, no tracking, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Security-Conscious WordPress Users\u003C\u002Fh4>\n\u003Cp>AAM is trusted by \u003Cstrong>150,000+ websites\u003C\u002Fstrong> to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you \u003Cstrong>full control over WordPress access — by design\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Most core features are free. Advanced capabilities are available via premium add-ons.\u003C\u002Fp>\n\u003Cp>No hidden tracking. No data collection. No unwanted changes.\u003Cbr \u002F>\nJust \u003Cstrong>security you can reason about, audit, and trust\u003C\u002Fstrong>.\u003C\u002Fp>\n","Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.",100000,7384389,84,420,"2026-03-08T15:53:00.000Z","5.8.0","5.6.0",[114,115,116,117,22],"access-governance","api-security","restricted-content","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-access-manager.7.1.0.zip",95,11,"2024-03-20 00:00:00",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":106,"downloaded":131,"rating":93,"num_ratings":132,"last_updated":133,"tested_up_to":16,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":141,"download_link":142,"security_score":143,"vuln_count":28,"unpatched_count":29,"last_vuln_date":144,"fetched_at":31},"capability-manager-enhanced","PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus","2.40.0","PublishPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fpublishpress\u002F","\u003Cp>PublishPress Capabilities is the access control plugin for WordPress. You can control all the capabilities and permissions on your WordPress site. We built this user role editor plugin so you have an easy and powerful way to manage user capabilities.\u003C\u002Fp>\n\u003Cp>You can use PublishPress Capabilities to \u003Cstrong>manage all your WordPress user roles\u003C\u002Fstrong>, from Administrators and Editors to Authors, Contributors, Subscribers and custom roles. Each user role can have the exact capabilities that your site needs.\u003C\u002Fp>\n\u003Cp>PublishPress Capabilities can clean up your post editing screen, admin area, and even the Profile screen. You can decide what authors see when they’re writing posts. You can \u003Cstrong>hide any feature on the Gutenberg or Classic Editor screens\u003C\u002Fstrong>. You can remove items in the WordPress dashboard and inside user accounts screens.\u003C\u002Fp>\n\u003Cp>The Pro version of PublishPress Capabilities has many extra features, including the ability to edit admin menu links, clean up the post editing screen, block admin pages by URL, and much more.\u003C\u002Fp>\n\u003Ch3>PublishPress Capabilities Pro\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Upgrade to Capabilities Pro\u003C\u002Fstrong>\u003Cbr \u002F>\n  This plugin is the free version of PublishPress Capabilities. The Pro version of Capabilities has all the features you need to control permissions for your WordPress users. With Capabilities Pro you can manage access to posts, pages, media and custom post types. \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fcapabilities\" title=\"Capabilities Pro\" rel=\"nofollow ugc\">Click here to control access to your WordPress site with Capabilities Pro!\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>The Key Features of PublishPress Capabilities\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Roles\u003C\u002Fstrong>: You can edit, create, duplicate any WordPress user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Capabilities\u003C\u002Fstrong>: You can control all WordPress and plugin capabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editor Features\u003C\u002Fstrong>: You decide what users see when they’re writing posts in Gutenberg or the Classic Editor.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Features\u003C\u002Fstrong>: You can remove items from the WordPress admin, toolbar, and even dashboard widgets.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend Features\u003C\u002Fstrong>: This feature allows you to modify the site’s frontend by hiding or adding CSS.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Menus (Pro version)\u003C\u002Fstrong>: You can edit admin menu links and control who can access them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Profile Features\u003C\u002Fstrong>: You can hide features for users in the “Profile” screen.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirects\u003C\u002Fstrong>: You can hide features for users in the “Profile” screen.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Nav Menus\u003C\u002Fstrong>: You can restrict access to navigation menus by user role, or logged in status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Testing\u003C\u002Fstrong>: Safely test any user’s account without resetting their password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Notices\u003C\u002Fstrong>: Organize all the message and advertisements in your admin area.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Feature 1. Roles\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities gives you detailed control over all the permission levels on your WordPress site. You can edit user roles on your site, from Administrator and Editor to Contributor and Subscriber.\u003C\u002Fp>\n\u003Cp>With PublishPress Capabilities you can create or copy any existing WordPress user role. These roles can be customized in exactly the same way as the default WordPress roles. These new roles can be added to single sites or to an entire multisite network.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcapabilities-screen\u002F\" rel=\"nofollow ugc\">Click here to see how to manage user roles\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 2. Capabilities\u003C\u002Fh3>\n\u003Cp>With the Capabilities plugin, you can choose who can Publish, Read, Edit and Delete content. You can choose permissions for posts, pages, custom content types, categories, tags, and more.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fpermissions-start\u002F\" rel=\"nofollow ugc\">Click here to see how to manage capabilities\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Many WordPress users have sites with custom post types. This can be done using custom code, a theme, or with a plugin. No matter how your post type is created, PublishPress Capabilities lets you enforce and assign distinct capabilities for your post type.\u003C\u002Fp>\n\u003Cp>PublishPress Capabilities enables you to add extra permissions to the taxonomies on your site. This feature includes the default Categories and Tags, but also applies to other taxonomies. For example, in WooCommerce you can apply custom permissions to Product categories, Product tags, and Product shipping classes. You can enforce and assign “Manage”, “Edit” and “Assign” distinct capabilities for all your taxonomies.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Ftaxonomy-specific-capabilities\u002F\" rel=\"nofollow ugc\">Click here to learn about taxonomy permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 3. Editor Features\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities has an option called “Editor Features” allows you to clean up the post editing screen. You can decide what users see when they’re writing posts. You can hide anything on the Gutenberg or Classic Editor screens. You can hide boxes inside the sidebar such Tags, Categories, or Excerpt. You can the “Publish” button. You can even hide the post title, body, or permalink. This is a great alternative to plugins such as Adminimize.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Feditor-features\u002F\" rel=\"nofollow ugc\">Click here to learn about hiding editor features\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>WordPress has a feature called “metaboxes”. This is a strange name, but you have seen them often if you use WordPress. When a user edits a post, the edit screen has several default boxes: Status & visibility, Featured image, Categories, Tags, etc. These boxes are metaboxes. Plugins can add also add their own metaboxes. The Pro version of the PublishPress Capabilities plugin allows you to hide metaboxes for specific user roles.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fhide-metaboxes-in-wordpress-posts\u002F\" rel=\"nofollow ugc\">Click here to learn about hiding metaboxes\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 4. Admin Features\u003C\u002Fh3>\n\u003Cp>“Admin Features” allows you to hide features in the WordPress admin area and toolbar. You can decide what users see in your WordPress dashboard. You can use this option to hide all the links in the toolbar including “About WordPress”, “Visit Site” and more. You can also hide dashboard widgets such as “At a Glance”, “Quick Draft”, and “WordPress Events and News”.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fadmin-features-screen\u002F\" rel=\"nofollow ugc\">Click here to learn about removing toolbar items and dashboard widgets\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 5. Frontend Features\u003C\u002Fh3>\n\u003Cp>The “Frontend Features” screen allows you to modify the features that show on the frontend of your website. You can choose to  hide IDs or classes, add CSS styles, or add body classes. All of these changes can be targeted to specific user roles.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Ffrontend-features\u002F\" rel=\"nofollow ugc\">Click here to learn about frontend changes\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 6. WordPress Admin Menu Restrictions (Pro version)\u003C\u002Fh3>\n\u003Cp>With PublishPress Capabilities you can edit all your admin menu links. You can also restrict access to admin menu screens by user roles. This is useful because many plugin do not have any way to control who can access their admin screens.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fadmin-menus-screen\u002F\" rel=\"nofollow ugc\">Click to see how to block Admin menu access\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 7. Profile Features\u003C\u002Fh3>\n\u003Cp>“Profile Features” allows you to hide features in the “Profile” screen. You can decide what users see in their accounts.  This “Profile” area is used as a dumping ground for the settings of many different plugins.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fprofile-features\u002F\" rel=\"nofollow ugc\">Click here to learn about the Profile Features option\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 8. Nav Menu Restrictions\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities enables you to restrict access to navigation menus by roles, logged in and logged out users. This is useful because a default WordPress site does not give you way to control the visibility of your links.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fnav-menus\u002F\" rel=\"nofollow ugc\">Click to see how to block frontend menu access\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 9. Redirects\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities has a “Redirects” screen that allows you to control where users are sent before and after logging in to your site. There are four options available:\u003Cbr \u002F>\n* Login Redirect: Where users are sent when they log in.\u003Cbr \u002F>\n* Logout Redirect: Where users are sent when they log out.\u003Cbr \u002F>\n* Registration Redirect: Where users are sent when they register on your site.\u003Cbr \u002F>\n* First Login Redirect: Where users are sent when they log in to your site for the first time.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fredirects\u002F\" rel=\"nofollow ugc\">Click to see how to redirect users\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 10. User Testing \u002F User Switching\u003C\u002Fh3>\n\u003Cp>If you run a WordPress website which allows users to log in, you probably spend a lot of time answering account questions or solving website bugs for your users. Site administrators often have to browse their site and see exactly what the user sees. They need to test the user’s account without resetting their password. This is possible with PublishPress Capabilities.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fuser-testing\u002F\" rel=\"nofollow ugc\">Click here to learn about user testing\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 11. Admin Notices\u003C\u002Fh3>\n\u003Cp>This feature helps organize messages and advertisements in your WordPress admin area. It helps remove clutter from your WordPress experience. This feature will organize all these admin notices into a new area in the top-right corner of your screen. This “Admin Notices” area will show all the notices in a clean, organized area. Nothing is changed about the notices so you can deal with them as normal. The only difference is that you won’t be pestered by these notices on your main admin dashboard.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fadmin-notices-feature\u002F\" rel=\"nofollow ugc\">Click here to learn about Admin Notices\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PublishPress Capabilities is Safe to Use\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities is completely \u003Cstrong>safe to use\u003C\u002Fstrong>. Every time you change your site’s permissions, this plugin will take a backup that you can restore if anything goes wrong. You can use these backups to migrate your roles and permissions from one site to another.\u003C\u002Fp>\n\u003Cp>This security feature is also very helpful if you want to test out changes on your site, or if you’ve installed a new plugin that has changed your site’s permissions.\u003C\u002Fp>\n\u003Cp>Every time you change your permissions, the PublishPress Capabilities plugin will now automatically create a backup. If you make a mistake, go to the “Backup” menu link and you’ll be able to roll back to a previous version.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fbackup-restore-permissions\u002F\" rel=\"nofollow ugc\">Click here to see how to backup permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support for Media Library Permissions\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities enables you to decide who can upload, edit and delete files from your site’s Media Library. By default, only Administrators are able to delete files in your Media Library. Subscribers and Contributors are not even allowed to upload files. You can customize these permissions for the Media Library and also the Featured Image box.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcontrol-media-library-access\u002F\" rel=\"nofollow ugc\">Click here to learn about Media Library permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support for WooCommerce Permissions\u003C\u002Fh3>\n\u003Cp>We mentioned earlier that PublishPress Capabilities has special support for WooCommerce taxonomies. This is true for the rest of WooCommerce also. With PublishPress Capabilities you can control permissions for WooCommerce products, orders and coupons.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fwoocommerce-permissons\u002F\" rel=\"nofollow ugc\">Click here to learn about WooCommerce permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support for WordPress Multisite\u003C\u002Fh3>\n\u003Cp>PublishPress Capabilities allows you to control permissions on a single site or across your whole network. Every time you update permissions in PublishPress Capabilities, you can choose to sync those changes across your multisite network.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fmultisite-network\u002F\" rel=\"nofollow ugc\">Click here to learn about multisite permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Join PublishPress and get the Pro plugins\u003C\u002Fh3>\n\u003Cp>The Pro versions of the PublishPress plugins are well worth your investment. The Pro versions have extra features and faster support. \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Click here to join PublishPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Join PublishPress and you’ll get access to these ten Pro plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fauthors\" rel=\"nofollow ugc\">PublishPress Authors Pro\u003C\u002Fa> allows you to add multiple authors and guest authors to WordPress posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fblocks\" rel=\"nofollow ugc\">PublishPress Blocks Pro\u003C\u002Fa> has everything you need to build professional websites with the WordPress block editor.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fcapabilities\" rel=\"nofollow ugc\">PublishPress Capabilities Pro\u003C\u002Fa> is the plugin to manage your WordPress user roles, permissions, and capabilities.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fchecklists\" rel=\"nofollow ugc\">PublishPress Checklists Pro\u003C\u002Fa> enables you to define tasks that must be completed before content is published.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Ffuture\" rel=\"nofollow ugc\">PublishPress Future Pro\u003C\u002Fa> is the plugin for scheduling changes to your posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermissions\" rel=\"nofollow ugc\">PublishPress Permissions Pro\u003C\u002Fa>  is the plugin for restricted content and advanced WordPress permissions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpublishpress\" rel=\"nofollow ugc\">PublishPress Planner Pro\u003C\u002Fa> is the plugin for managing and scheduling WordPress content.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Frevisions\" rel=\"nofollow ugc\">PublishPress Revisions Pro\u003C\u002Fa> allows you to update your published pages with teamwork and precision.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fseries\" rel=\"nofollow ugc\">PublishPress Series Pro\u003C\u002Fa> enables you to group content together into a series.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fseries\" rel=\"nofollow ugc\">PublishPress Statuses Pro\u003C\u002Fa> enables you to create additional publishing steps for your posts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Together, these plugins are a suite of powerful publishing tools for WordPress. If you need to create a professional workflow in WordPress, with moderation, revisions, permissions and more… then you should try PublishPress.\u003C\u002Fp>\n\u003Ch3>Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports for PublishPress Capabilities are welcomed in our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpublishpress\u002Fpublishpress-capabilities\" rel=\"nofollow ugc\">repository on GitHub\u003C\u002Fa>. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed.\u003C\u002Fp>\n","PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.",3929513,142,"2026-03-04T19:12:00.000Z","5.5","7.2.5",[137,138,139,140,22],"admin-menus","capabilities","permissions","user-role-editor","https:\u002F\u002Fpublishpress.com\u002Fcapability-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcapability-manager-enhanced.2.40.0.zip",96,"2022-10-10 00:00:00",{"slug":146,"name":147,"version":101,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":152,"downloaded":153,"rating":154,"num_ratings":155,"last_updated":156,"tested_up_to":16,"requires_at_least":134,"requires_php":18,"tags":157,"homepage":162,"download_link":163,"security_score":13,"vuln_count":164,"unpatched_count":29,"last_vuln_date":165,"fetched_at":31},"hide-admin-bar-based-on-user-roles","Hide Admin Bar Based on User Roles","Ankit Panchal","https:\u002F\u002Fprofiles.wordpress.org\u002Fankitmaru\u002F","\u003Cp>\u003Cstrong>Hide Admin Bar Based On User Roles\u003C\u002Fstrong> gives you complete control over who sees the WordPress toolbar.\u003C\u002Fp>\n\u003Cp>Whether you are running a membership site, a WooCommerce store, or simply want a cleaner frontend for your subscribers, this plugin lets you hide the admin bar with precision — by role, capability, device, page, or time. Stop exposing backend links to users who don’t need them.\u003C\u002Fp>\n\u003Cp>The plugin is lightweight, developer-friendly, and works immediately upon activation — no configuration required to get started.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F25WBldgArAk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_BAwxGVnKNY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Simple but great plugin. 🙂\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-but-great-plugin-12\u002F\" rel=\"ugc\">wptoolsdev\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Works flawlessly! 🙂\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fworks-flawlessly-129\u002F\" rel=\"ugc\">thebrazeneye\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>🚀 Key Features (Free)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hide for All Users:\u003C\u002Fstrong> Completely remove the admin bar from the frontend for everyone.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide for Guests:\u003C\u002Fstrong> Ensure non-logged-in visitors never see the toolbar.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Hiding:\u003C\u002Fstrong> Select specific roles (e.g., Subscriber, Customer, Editor) to hide the bar for.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Capability-Based Hiding:\u003C\u002Fstrong> Hide the bar based on WordPress capabilities (e.g., hide for anyone who cannot \u003Ccode>manage_options\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Fast:\u003C\u002Fstrong> Zero bloat — no external requests, no database overhead on the frontend.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🏆 Premium Features (Pro)\u003C\u002Fh3>\n\u003Cp>Unlock advanced visibility logic with the \u003Ca href=\"https:\u002F\u002Fpluginstack.dev\u002Fplugins\u002Fhide-admin-bar-pro\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa>:\u003Cbr \u002F>\n* \u003Cstrong>Page-Based Targeting:\u003C\u002Fstrong> Show or hide the admin bar only on specific URLs, post types, or page templates.\u003Cbr \u002F>\n* \u003Cstrong>Device Detection:\u003C\u002Fstrong> Hide the toolbar on Mobile or Tablet to save screen space, while keeping it on Desktop.\u003Cbr \u002F>\n* \u003Cstrong>Per-User Overrides:\u003C\u002Fstrong> Manually force the admin bar to show or hide for individual user accounts.\u003Cbr \u002F>\n* \u003Cstrong>Time-Based Visibility:\u003C\u002Fstrong> Automatically hide the bar during specific hours of the day.\u003Cbr \u002F>\n* \u003Cstrong>Smart Redirects:\u003C\u002Fstrong> Redirect users to the homepage or a custom URL when they try to access the backend.\u003Cbr \u002F>\n* \u003Cstrong>Inactivity Auto-Hide:\u003C\u002Fstrong> Automatically slide the toolbar away after a configurable period of inactivity.\u003Cbr \u002F>\n* \u003Cstrong>Import \u002F Export Settings:\u003C\u002Fstrong> Back up and migrate your configuration across sites in one click.\u003C\u002Fp>\n\u003Ch3>You can check our other plugins:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimakit-for-wp\u002F\" rel=\"ugc\">All-in-One WordPress Toolkit for SEO, Security, Customization, and Performance\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flike-dislike-for-wp\u002F\" rel=\"ugc\">Like Dislike For WP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-block-editor-fullscreen-mode\u002F\" rel=\"ugc\">Disable Block Editor FullScreen mode\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnoteflow\u002F\" rel=\"ugc\">NoteFlow – Smart Notes Manager for WordPress Admin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Hide the WordPress Admin Bar for specific user roles, capabilities, devices, pages, or time windows. The ultimate toolbar control plugin for membershi &hellip;",20000,762894,78,20,"2026-02-24T15:00:00.000Z",[158,159,160,161,22],"admin-bar","admin-toolbar","hide-admin-bar","toolbar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-admin-bar-based-on-user-roles\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-admin-bar-based-on-user-roles.7.1.0.zip",1,"2022-02-21 00:00:00",{"slug":167,"name":168,"version":169,"author":170,"author_profile":171,"description":172,"short_description":173,"active_installs":174,"downloaded":175,"rating":143,"num_ratings":176,"last_updated":177,"tested_up_to":178,"requires_at_least":179,"requires_php":118,"tags":180,"homepage":185,"download_link":186,"security_score":187,"vuln_count":164,"unpatched_count":164,"last_vuln_date":188,"fetched_at":31},"user-roles-and-capabilities","User Roles and Capabilities","1.2.6","mahabub81","https:\u002F\u002Fprofiles.wordpress.org\u002Fmahabub81\u002F","\u003Cp>manage user roles and capabilities. Create new roles and delete existing roles. Using this plugin you will not be able to modify any capabilities for administrator user role.\u003Cbr \u002F>\nWordPress built in roles cant be deleted.\u003Cbr \u002F>\nIf you find any issue just let us know we will get back to you with the fix in 24 hours.\u003C\u002Fp>\n\u003Ch3>Features of Roles and Capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fully tested by QA team.\u003C\u002Fli>\n\u003Cli>Create new roles.\u003C\u002Fli>\n\u003Cli>Delete existing roles.\u003C\u002Fli>\n\u003Cli>Clone existing roles.\u003C\u002Fli>\n\u003Cli>Rename Role\u003C\u002Fli>\n\u003Cli>Import \u002F Export Roles and Capabilities\u003C\u002Fli>\n\u003Cli>Manage user Capabilities.\u003C\u002Fli>\n\u003Cli>set permission.\u003C\u002Fli>\n\u003Cli>Change default user role.\u003C\u002Fli>\n\u003Cli>Assign multiple roles to users.\u003C\u002Fli>\n\u003Cli>set permissions \u002F capabilities to users.\u003C\u002Fli>\n\u003Cli>single screen to manage capability for all roles.\u003C\u002Fli>\n\u003Cli>easy to use.\u003C\u002Fli>\n\u003C\u002Ful>\n","Manage user roles and Capabilities, create new roles and change default role.",8000,125081,21,"2021-05-09T07:04:00.000Z","5.7.15","3.5",[181,182,22,183,184],"roles-and-capabilities","user-capabilities","wordpress-capabilities","wordpress-user-roles","http:\u002F\u002Fsolvease.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-roles-and-capabilities.1.2.6.zip",63,"2025-06-19 00:00:00",{"slug":190,"name":191,"version":192,"author":193,"author_profile":194,"description":195,"short_description":196,"active_installs":197,"downloaded":198,"rating":93,"num_ratings":199,"last_updated":200,"tested_up_to":201,"requires_at_least":202,"requires_php":203,"tags":204,"homepage":208,"download_link":209,"security_score":210,"vuln_count":14,"unpatched_count":29,"last_vuln_date":211,"fetched_at":31},"multiple-roles","Multiple Roles","1.3.7","Christian Neumann","https:\u002F\u002Fprofiles.wordpress.org\u002Fcneumann\u002F","\u003Cp>This plugin allows you to select multiple roles for a user – something that WordPress already supports “under the hood”, but doesn’t provide a user interface for.\u003C\u002Fp>\n\u003Cp>User edit and Add new user screens will display a checklist of roles instead of the default role dropdown. The main user list screen will also display all roles a user has.\u003C\u002Fp>\n\u003Cp>It also supports well Multisite mode.\u003C\u002Fp>\n\u003Cp>That’s it. No extra settings.\u003C\u002Fp>\n\u003Cp>If you want to contribute to this plugin, feel free to check the Github repository : https:\u002F\u002Fgithub.com\u002Fchrneumann\u002Fmultiple-roles\u003C\u002Fp>\n","Allow users to have multiple roles on one site.",5000,101497,15,"2025-08-05T11:53:00.000Z","6.3.8","3.1","5.4",[205,206,190,207,22],"edit-roles","edit-user-roles","multiple-roles-per-user","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmultiple-roles\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultiple-roles.1.3.7.zip",99,"2022-07-26 00:00:00",{"attackSurface":213,"codeSignals":251,"taintFlows":285,"riskAssessment":353,"analyzedAt":364},{"hooks":214,"ajaxHandlers":243,"restRoutes":248,"shortcodes":249,"cronEvents":250,"entryPointCount":164,"unprotectedCount":29},[215,221,225,228,232,237],{"type":216,"name":217,"callback":218,"file":219,"line":220},"action","admin_menu","addMenuPage","src\\Admin\\Admin.php",72,{"type":216,"name":222,"callback":223,"file":219,"line":224},"admin_post_premmerce_create_role","createRole",77,{"type":216,"name":226,"callback":227,"file":219,"line":154},"admin_post_premmerce_update_role","updateRole",{"type":216,"name":229,"callback":230,"file":219,"line":231},"admin_post_premmerce_delete_role","deleteRole",79,{"type":216,"name":233,"callback":234,"file":235,"line":236},"init","loadTextDomain","src\\UsersRolesPlugin.php",30,{"type":238,"name":239,"callback":240,"file":241,"line":242},"filter","hide_account_tabs","__return_true","views\\admin\\tabs\\account.php",7,[244],{"action":245,"nopriv":246,"callback":245,"hasNonce":247,"hasCapCheck":247,"file":219,"line":95},"getRoleCapabilities",false,true,[],[],[],{"dangerousFunctions":252,"sqlUsage":260,"outputEscaping":265,"fileOperations":29,"externalRequests":29,"nonceChecks":14,"capabilityChecks":164,"bundledLibraries":280},[253,258],{"fn":254,"file":255,"line":256,"context":257},"unserialize","src\\Models\\AdminModel.php",26,"$queryRoles = unserialize($data);",{"fn":254,"file":255,"line":236,"context":259},"$roles = unserialize($data);",{"prepared":29,"raw":164,"locations":261},[262],{"file":255,"line":263,"context":264},22,"$wpdb->get_var() with variable interpolation",{"escaped":266,"rawEcho":267,"locations":268},38,6,[269,272,274,276,278,279],{"file":270,"line":121,"context":271},"views\\admin\\edit.php","raw output",{"file":270,"line":273,"context":271},50,{"file":270,"line":275,"context":271},51,{"file":277,"line":121,"context":271},"views\\admin\\tabs\\list.php",{"file":277,"line":108,"context":271},{"file":277,"line":93,"context":271},[281],{"name":282,"version":283,"knownCves":284},"Freemius","1.0",[],[286,302,313,322,334],{"entryPoint":287,"graph":288,"unsanitizedCount":164,"severity":53},"createRole (src\\Admin\\Admin.php:206)",{"nodes":289,"edges":300},[290,295],{"id":291,"type":292,"label":293,"file":219,"line":294},"n0","source","$_SERVER['HTTP_REFERER']",233,{"id":296,"type":297,"label":298,"file":219,"line":294,"wp_function":299},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[301],{"from":291,"to":296,"sanitized":246},{"entryPoint":303,"graph":304,"unsanitizedCount":164,"severity":53},"deleteRole (src\\Admin\\Admin.php:239)",{"nodes":305,"edges":311},[306,309],{"id":291,"type":292,"label":307,"file":219,"line":308},"$_GET",248,{"id":296,"type":297,"label":298,"file":219,"line":310,"wp_function":299},265,[312],{"from":291,"to":296,"sanitized":246},{"entryPoint":314,"graph":315,"unsanitizedCount":164,"severity":53},"updateRole (src\\Admin\\Admin.php:271)",{"nodes":316,"edges":320},[317,319],{"id":291,"type":292,"label":293,"file":219,"line":318},304,{"id":296,"type":297,"label":298,"file":219,"line":318,"wp_function":299},[321],{"from":291,"to":296,"sanitized":246},{"entryPoint":323,"graph":324,"unsanitizedCount":29,"severity":333},"authorizeRequest (src\\Admin\\Admin.php:312)",{"nodes":325,"edges":331},[326,329],{"id":291,"type":292,"label":327,"file":219,"line":328},"$_REQUEST",314,{"id":296,"type":297,"label":298,"file":219,"line":330,"wp_function":299},322,[332],{"from":291,"to":296,"sanitized":247},"low",{"entryPoint":335,"graph":336,"unsanitizedCount":29,"severity":333},"\u003CAdmin> (src\\Admin\\Admin.php:0)",{"nodes":337,"edges":349},[338,340,341,343,345,347],{"id":291,"type":292,"label":339,"file":219,"line":294},"$_SERVER['HTTP_REFERER'] (x2)",{"id":296,"type":297,"label":298,"file":219,"line":294,"wp_function":299},{"id":342,"type":292,"label":307,"file":219,"line":308},"n2",{"id":344,"type":297,"label":298,"file":219,"line":310,"wp_function":299},"n3",{"id":346,"type":292,"label":327,"file":219,"line":328},"n4",{"id":348,"type":297,"label":298,"file":219,"line":330,"wp_function":299},"n5",[350,351,352],{"from":291,"to":296,"sanitized":247},{"from":342,"to":344,"sanitized":247},{"from":346,"to":348,"sanitized":247},{"summary":354,"deductions":355},"The \"premmerce-user-roles\" v1.0.14 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a small attack surface with a single AJAX handler, and critically, this handler appears to be protected by an authentication check. The plugin also demonstrates good output escaping practices, with 86% of outputs properly escaped, and includes nonce and capability checks, which are fundamental security measures.  However, the presence of two instances of the `unserialize` function is a significant concern, as it can lead to Remote Code Execution if not handled with extreme caution and sanitization, especially if data originating from user input is involved. While no critical or high severity taint flows were identified in this specific analysis, the historical vulnerability data paints a concerning picture.",[356,358,360,362],{"reason":357,"points":199},"Uses unserialize() function",{"reason":359,"points":242},"SQL queries not using prepared statements",{"reason":361,"points":28},"Bundled Freemius library v1.0",{"reason":363,"points":155},"4 known vulnerabilities (2 high, 2 medium)","2026-03-16T19:21:36.713Z",{"wat":366,"direct":375},{"assetPaths":367,"generatorPatterns":370,"scriptPaths":371,"versionParams":372},[368,369],"\u002Fwp-content\u002Fplugins\u002Fpremmerce-user-roles\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fpremmerce-user-roles\u002Fadmin\u002Fjs\u002Fadmin.js",[],[369],[373,374],"premmerce-user-roles\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","premmerce-user-roles\u002Fadmin\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":376,"htmlComments":380,"htmlAttributes":381,"restEndpoints":384,"jsGlobals":385,"shortcodeOutput":387},[4,377,378,379],"premmerce-user-role-list","premmerce-user-role-edit","premmerce-user-roles-tabs-wrapper",[],[382,383],"data-role-slug","data-role-name",[],[386],"premmerce_user_roles_admin_data",[]]