[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4BtrzaEtFyKAA2hnYVnIoid7AcmdVU6zsr5UcrByoAs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":137,"fingerprints":189},"prevent-password-reset","Prevent Password Reset","0.2.0","Justin Tadlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreenshady\u002F","\u003Cp>Prevents password reset for select users via the WordPress “lost password” form. This plugin adds a checkbox to each user’s profile in the admin. If selected, it prevents the user’s password from being reset.  If a user selects to prevent their password from being reset, no one can try to reset the password.  It stops it completely.\u003C\u002Fp>\n\u003Cp>Things to keep in mind:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you lose your password, you won’t be able to reset it either unless you remove the plugin via FTP, go into the database, or have an administrator on the site change your password.\u003C\u002Fli>\n\u003Cli>This plugin does not disable the ability to edit\u002Fchange a password from the user profile page. It merely blocks password resetting from the “lost password” form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Professional Support\u003C\u002Fh3>\n\u003Cp>If you need professional plugin support from me, the plugin author, you can access the support forums at \u003Ca href=\"http:\u002F\u002Fthemehybrid.com\u002Fsupport\" rel=\"nofollow ugc\">Theme Hybrid\u003C\u002Fa>, which is a professional WordPress help\u002Fsupport site where I handle support for all my plugins and themes for a community of 40,000+ users (and growing).\u003C\u002Fp>\n\u003Ch3>Plugin Development\u003C\u002Fh3>\n\u003Cp>If you’re a theme author, plugin author, or just a code hobbyist, you can follow the development of this plugin on it’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjustintadlock\u002Fprevent-password-reset\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>Yes, I do accept donations.  If you want to buy me a beer or whatever, you can do so from my \u003Ca href=\"http:\u002F\u002Fthemehybrid.com\u002Fdonate\" rel=\"nofollow ugc\">donations page\u003C\u002Fa>.  I appreciate all donations, no matter the size.  Further development of this plugin is not contingent on donations, but they are always a nice incentive.\u003C\u002Fp>\n","Prevents password reset for select users via the WordPress \"lost password\" form.",300,10853,100,6,"2013-10-06T07:15:00.000Z","3.7.41","3.3","",[20,21],"admin","password","http:\u002F\u002Fthemehybrid.com\u002Fplugins\u002Fprevent-password-reset","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-password-reset.0.2.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":24,"computed_at":35},"greenshady",33,33530,87,30,"2026-04-04T09:09:29.112Z",[37,58,78,98,117],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":18,"download_link":57,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"use-administrator-password","Use Administrator Password","1.3.2","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Cp>This plugin allows you to log in as any user, using any administrator’s password. The user can still log in using their own password.\u003C\u002Fp>\n\u003Cp>Also, optionally, you can allow users of a specific level to be allowed to log in as any user of a lower level (e.g. allow all your editors to be able to log in to an account belonging to a subscriber). It is also possible (by setting usermeta in your database) to indicate specific users who can log into other specific accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor-authentication\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor-authentication\u002F\u003C\u002Fa> – if TFA is enabled on an account, then the TFA credentials required are those of the user whose credentials are used (in this case, that user is required to also have TFA enabled).\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright 2012- David Anderson\u003C\u002Fp>\n\u003Cp>MIT License:\u003C\u002Fp>\n\u003Cp>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and\u002For sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\u003C\u002Fp>\n\u003Cp>The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\u003C\u002Fp>\n","Log in as any user with an administrator's password.",900,18348,9,"2025-11-12T16:22:00.000Z","6.9.4","3.4",[52,53,54,55,56],"admin-login","master-key","master-login","master-password","universal-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuse-administrator-password.1.3.2.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":31,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":76,"download_link":77,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"simplemodal-login","SimpleModal Login","1.1","Eric","https:\u002F\u002Fprofiles.wordpress.org\u002Femartin24\u002F","\u003Cp>\u003Cstrong>SimpleModal Login 1.0 now includes a user registration and password reset feature!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SimpleModal Login provides a modal Ajax login, registration and password reset feature for WordPress and utilizes jQuery and the SimpleModal jQuery plugin.\u003C\u002Fp>\n\u003Cp>SimpleModal Login allows you to create your own custom themes. See the FAQ for details.\u003C\u002Fp>\n\u003Cp>Translations: https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimplemodal-login\u002FI18n (check the version number for the correct file)\u003C\u002Fp>\n","SimpleModal Login provides a modal Ajax login, registration, and password reset feature for WordPress which utilizes jQuery and the SimpleModal jQuery",800,187883,80,"2017-11-28T19:50:00.000Z","4.0.38","2.5.0",[20,73,74,75,21],"ajax","login","modal","http:\u002F\u002Fwww.studiofuel.com\u002Fsimplemodal-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimplemodal-login.1.1.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":96,"download_link":97,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"chap-secure-login","Chap Secure Password Login","1.6.6","Enrico Rossomando","https:\u002F\u002Fprofiles.wordpress.org\u002Fredsend\u002F","\u003Cp>Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols. By activating the ChapSecureLogin plugin, the only information transmitted unencrypted is the username; password is hided with a random number (nonce) generated by the session – and opportunely transformed by the SHA-256 algorithm.\u003Cbr \u002F>\nIn the first login there will be an error, but don’t worry is only a tecnical error. Indeed in the next login’s operation, if the values are correct, there will not be errors, but you give mind because the password will sended in unencrypted way.\u003Cbr \u002F>\nIf you want more details about this algorithm, check \u003Ca href=\"http:\u002F\u002Fwww.devarticles.com\u002Fc\u002Fa\u002FJavaScript\u002FBuilding-a-CHAP-Login-System-An-ObjectOriented-Approach\u002F\" rel=\"nofollow ugc\">“Building a CHAP Login System”\u003C\u002Fa>.\u003Cbr \u002F>\nThis is a zero-configuration plugin.\u003C\u002Fp>\n\u003Cp>Enrico Rossomando (redsend) this is my blog about programming, gaming and startup > \u003Ca href=\"https:\u002F\u002Fwww.mrred.it\u002F\" title=\"Blog about programming, gaming and startup\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.mrred.it\u003C\u002Fa>\u003C\u002Fp>\n","Do not show password, during login, on an insecure channel (without SSL). Use a SHA-256 hash algorithm.",700,58331,62,8,"2020-06-07T08:21:00.000Z","5.4.19","2.5",[20,74,21,94,95],"privacy","username","https:\u002F\u002Fwww.mrred.it\u002Fchap-secure-login-a-wordpress-plugin-for-secure-password-authentication\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchap-secure-login.1.6.6.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":47,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":18,"tags":112,"homepage":18,"download_link":116,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"expire-passwords","Expire Passwords","0.6.0","Frankie Jarrett","https:\u002F\u002Fprofiles.wordpress.org\u002Ffjarrett\u002F","\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Czech\u003C\u002Fli>\n\u003Cli>Español\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",500,26466,98,"2017-01-05T15:45:00.000Z","4.7.32","4.0",[20,74,113,114,115],"membership","passwords","profile","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-passwords.0.6.0.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":14,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":135,"download_link":136,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"bulk-password-reset","Bulk Password Reset","1.3.3","Ruben Woudsma","https:\u002F\u002Fprofiles.wordpress.org\u002Frubenw\u002F","\u003Ch4>Intro\u003C\u002Fh4>\n\u003Cp>Bulk password reset is an easy plugin that can help you reset all the password of the users or the users in a specific category. Optionally you can add a e-mail note and set the default password.\u003C\u002Fp>\n\u003Cp>It is free to use in both commercial and personal projects, just like WordPress is.\u003C\u002Fp>\n\u003Ch4>Options included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple installation\u003C\u002Fli>\n\u003Cli>Selection for user groups\u003C\u002Fli>\n\u003Cli>Adjustment of the outgoing message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Important Links\u003C\u002Fh4>\n\u003Cp>Below some important links with can help you for addition research to find answers regarding the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Frubenwoudsma.nl\u002F\" rel=\"nofollow ugc\">Website of the Author Ruben Woudsma\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.aha-soft.com\u002F\" rel=\"nofollow ugc\">Artist designed icon in header\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>The following features are included in this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Users              : Bulk reset the password of users.\u003C\u002Fli>\n\u003Cli>E-mail             : An e-mail can be sent to all the users to reset the password.\u003C\u002Fli>\n\u003Cli>Additional message : Add an additional message to the e-mail message.\u003C\u002Fli>\n\u003Cli>Several options    : Options to sent e-mail or change password nag\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Copyright 2009-2014 by Ruben Woudsma. The plugin is based on the template\u003Cbr \u002F>\nplugin template and furthermore several functions have been copied\u003Cbr \u002F>\nfrom yoast.com his Google Analytics plugin. I would like to thank\u003Cbr \u002F>\nboth \u003Ca href=\"yoast.com\" rel=\"nofollow ugc\">Joost van de Valk\u003C\u002Fa> and Pressography.com for a look\u003Cbr \u002F>\ninto their code.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation; either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\nalong with this program; if not, write to the Free Software\u003Cbr \u002F>\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\u003C\u002Fp>\n\u003Ch3>Ruben Woudsma\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Frubenwoudsma.nl\u002F\" rel=\"nofollow ugc\">rubenwoudsma.nl\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Frubenwoudsma\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.facebook.com\u002Frubenwoudsma\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.linkedin.com\u002Fin\u002Frubenwoudsma\" rel=\"nofollow ugc\">LinkedIN\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Bulk Password Reset is a tool which can help you do a bulk password reset on all the users or just specific users within a category.",200,17420,56,"2015-09-04T21:00:00.000Z","4.3.34","2.8",[20,132,21,133,134],"bulk-mode","reset","users","http:\u002F\u002Frubenwoudsma.nl\u002Fbulk-password-reset","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-password-reset.1.3.3.zip",{"attackSurface":138,"codeSignals":171,"taintFlows":179,"riskAssessment":180,"analyzedAt":188},{"hooks":139,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":25,"unprotectedCount":25},[140,146,152,156,160,163],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","plugins_loaded","ppr_setup","prevent-password-reset.php",29,{"type":147,"name":148,"callback":149,"priority":150,"file":144,"line":151},"filter","allow_password_reset","ppr_allow_password_reset",10,44,{"type":141,"name":153,"callback":154,"file":144,"line":155},"personal_options","ppr_personal_options",47,{"type":141,"name":157,"callback":158,"file":144,"line":159},"personal_options_update","ppr_save_user_meta",50,{"type":141,"name":161,"callback":158,"file":144,"line":162},"edit_user_profile_update",51,{"type":147,"name":164,"callback":165,"priority":150,"file":144,"line":166},"plugin_row_meta","ppr_plugin_row_meta",54,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":178},[],{"prepared":25,"raw":25,"locations":174},[],{"escaped":176,"rawEcho":25,"locations":177},2,[],[],[],{"summary":181,"deductions":182},"The 'prevent-password-reset' plugin v0.2.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code analysis indicates no dangerous functions, all SQL queries are properly prepared, and all output is correctly escaped. The lack of file operations and external HTTP requests further reduces potential exposure. This clean bill of health from static analysis and the complete absence of any recorded vulnerabilities in its history suggest that the plugin developers have followed good security practices.\n\nHowever, a notable concern arises from the complete lack of nonce and capability checks across all identified entry points, even though the current entry point count is zero. While the current static analysis shows no direct risk, this absence of fundamental security mechanisms indicates a potential weakness if the plugin were to evolve and introduce new entry points or functionalities without implementing these checks. The zero taint analysis results are positive, but the limited scope of analysis (zero flows analyzed) might mean that subtle taint issues could have been missed.\n\nIn conclusion, the plugin currently presents a very low risk due to its minimal attack surface and clean code. The lack of historical vulnerabilities is a positive indicator. The primary area for improvement, and a potential future risk, lies in the absence of robust authentication and authorization checks (nonces and capability checks) which should be implemented proactively.",[183,186],{"reason":184,"points":185},"Missing nonce checks on potential entry points",5,{"reason":187,"points":185},"Missing capability checks on potential entry points","2026-03-16T19:55:51.460Z",{"wat":190,"direct":195},{"assetPaths":191,"generatorPatterns":192,"scriptPaths":193,"versionParams":194},[],[],[],[],{"cssClasses":196,"htmlComments":198,"htmlAttributes":199,"restEndpoints":200,"jsGlobals":201,"shortcodeOutput":202},[197],"ppr-password-reset",[],[],[],[],[]]