[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgCInRhnzBDv21LJ_Puy5op-93NJeqi6sGkfGvBNEbvM":3,"$fvy-TKgnUd-lZrNOlGRB74BhrKx7S3wceYBOPlY8Cbjk":1310,"$fyNQSCofYs7Xntslvgg6IwBdUSRCRsjEYiWmDN1kwsEU":1314},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":67,"crawl_stats":37,"alternatives":74,"analysis":179,"fingerprints":1276},"privatecontent-free","PrivateContent Free","1.3.1","LCweb","https:\u002F\u002Fprofiles.wordpress.org\u002Flcweb-projects\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Flcweb.it\u002Fprivatecontent-multilevel-content-plugin\u002Ffree-version\u002F\" rel=\"nofollow ugc\">PrivateContent\u003C\u002Fa> born in 2012, aiming to be the \u003Cstrong>best solution to restrict your website contents\u003C\u002Fstrong> and a different membership platform. Different because it uses a standalone database: \u003Cstrong>quicker than the normal WordPress users one and not limited by the bulky roles assignments.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To have a multi-level users database will be easy and fast, keeping your users out of the WordPress backend while creating a modern and optimized users management area in the backend.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No forced pages, no forced URLs\u003C\u002Fstrong>: the plugin is designed to seamlessly work and integrate into any website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Flcweb.it\u002Fprivatecontent-multilevel-content-plugin\u002Ffree-version\u002F\" rel=\"nofollow ugc\">CHECK THE DEMO »\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🌟 Main Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>User levels:\u003C\u002Fstrong> unlimited. Each user can have one or multiple levels\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy user management:\u003C\u002Fstrong> Forget the outdated WP users management, everything is clean and fast. From admin user addition to users sort and search\u003C\u002Fli>\n\u003Cli>\u003Cstrong>3 user statuses:\u003C\u002Fstrong> Users can be disabled without deleting them and registered users can be also placed in pending status, waiting for the admin approval\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contents restrictions:\u003C\u002Fstrong> restrict WP pages and posts in few clicks. Bulk restrict through post categories. Precisely define which user levels can access contents. Restricted elements will be totally unreachable, also for search engines\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User reserved page:\u003C\u002Fstrong> target a container page and it will show different contents depending on the logged user. Everything under a single website URL!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>1-click website lock:\u003C\u002Fstrong> Do you need a totally private website? It only takes a click!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login and registration forms:\u003C\u002Fstrong> Place them everywhere you want in your website: you will never have to change your desired workflow to adapt PrivateContent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Registration form builder:\u003C\u002Fstrong> add\u002Fremove\u002Fsort the fields as you prefer. Add text blocks and paginate fields. Finally, a modern HTML5 data validation and honeypot anti-spam\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocks and shortcodes:\u003C\u002Fstrong> Quickly insert your forms into your website directly through WP blocks or using the shortcode wizard\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import\u002Fexport hub:\u003C\u002Fstrong> Move users through websites, import existing WP users, export in CSV\u002FXSLX, move the whole plugin setup  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Style it as you prefer:\u003C\u002Fstrong> Choose among six message styles and tune every aesthetic aspect to fully integrate into your website\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And even if it’s a free version, each system is packed with a lot of options.\u003Cbr \u002F>\nEverything to adapt as best as possible to every website’s need!\u003C\u002Fp>\n\u003Ch3>🕒 Get started in minutes\u003C\u002Fh3>\n\u003Cp>Whether you have a large site or creating a new project, PrivateContent is \u003Cstrong>ready to operate out of the box\u003C\u002Fstrong>. With \u003Cstrong>6 preset styles\u003C\u002Fstrong> and eventually importing existing WordPress users, your multilevel-protected website will be ready in a flash!\u003C\u002Fp>\n\u003Ch3>🌎 100% translatable\u003C\u002Fh3>\n\u003Cp>Each section is translatable: the plugin has already been (fully or partially) \u003Cstrong>translated into 27 languages!\u003C\u002Fstrong>\u003Cbr \u002F>\nAdditionally, it is fully compatible with WPML and Polylang for dynamic strings.\u003C\u002Fp>\n\u003Ch3>📑 GDPR Compliant\u003C\u002Fh3>\n\u003Cp>The plugin fully satisfies the most recent law requirements in terms of data protection and users management. For example, there is a dedicated module to let users \u003Cstrong>delete their profiles autonomously\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>⌨️ Dev oriented API and hooks\u003C\u002Fh3>\n\u003Cp>PrivateContent is extremely flexible and \u003Cstrong>ready to be extended\u003C\u002Fstrong> almost in any way you could imagine. The \u003Ca href=\"https:\u002F\u002Flcweb.it\u002Fproducts-overview\u002F#pc_suite\" rel=\"nofollow ugc\">official premium add-ons\u003C\u002Fa> offers incredible features for specific needs, but if you are a developer there’s a \u003Ca href=\"https:\u002F\u002Flcweb.it\u002Fprivatecontent\u002Fpublic-api\" rel=\"nofollow ugc\">dedicated documentation\u003C\u002Fa> guiding you step-by-step to build your systems on top of the PrivateContent engine!\u003C\u002Fp>\n\u003Ch3>🚀 PrivateContent Free version is just the beginning\u003C\u002Fh3>\n\u003Cp>Since 2012, the plugin has been constantly improved and extended, becoming a real reference in the WordPress world when it comes to protect WordPress website contents. Here’s a summary of what you get with the \u003Ca href=\"https:\u002F\u002Flcweb.it\u002Fprivatecontent-multilevel-content-plugin\u002F\" rel=\"nofollow ugc\">premium version\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional core systems\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Lightbox engine\u003C\u002Fli>\n\u003Cli>Native \u003Ca href=\"https:\u002F\u002Fbe.elementor.com\u002Fvisit\u002F?bta=1930&brand=elementor\" rel=\"nofollow ugc\">Elementor\u003C\u002Fa>, Divi, WPBakery Builder widgets integration\u003C\u002Fli>\n\u003Cli>Google reCaptcha anti-spam integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Users membership\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Multiple registration forms\u003C\u002Fli>\n\u003Cli>Advanced users search with direct search-to-export\u003C\u002Fli>\n\u003Cli>Users action tracking through Google Analytics or User Activities add-on\u003C\u002Fli>\n\u003Cli>WordPress roles emulation to integrate with specific systems (eg. WooCommerce dashboard)\u003C\u002Fli>\n\u003Cli>User sessions control (no concurrent login)\u003C\u002Fli>\n\u003Cli>Preset\u002Ffixed contents for Users reserved page with advanced themes\u002Fbuilders integrations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Contents restriction\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Private block shortcode with optional warning box containing login\u002Fregister buttons\u003C\u002Fli>\n\u003Cli>Restrict any public custom post type or taxonomy\u003C\u002Fli>\n\u003Cli>Persistent modal lightbox on page’s opening to force user’s interaction\u003C\u002Fli>\n\u003Cli>Comments form hiding\u003C\u002Fli>\n\u003Cli>Custom (URL-based) restriction with regular expressions support\u003C\u002Fli>\n\u003Cli>Menu items \u003C\u002Fli>\n\u003Cli>WooCommerce products sell lock and price hiding\u003C\u002Fli>\n\u003Cli>Sidebar widgets\u003C\u002Fli>\n\u003Cli>Any Elementor widget (or column or section)\u003C\u002Fli>\n\u003Cli>Any Gutenberg block\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Test it on the \u003Ca href=\"https:\u002F\u002Flcweb.it\u002Fprivatecontent-multilevel-content-plugin\u002F\" rel=\"nofollow ugc\">preview page\u003C\u002Fa> or also get a \u003Ca href=\"https:\u002F\u002Flcweb.dikelicensing.com\u002Ftrial-license-request\u002F?prod=pc\" rel=\"nofollow ugc\">7-days free trial\u003C\u002Fa>!\u003C\u002Fp>\n","Restrict pages, posts, and menus by user level or login status. Create private areas for members or logged-in users with ease and FREE!",10,1271,0,"2026-04-02T19:49:00.000Z","6.9.4","5.0","7.0",[19,20,21,22,23],"content-restriction","members-area","private-content","restrict-content","user-role-access","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprivatecontent-free\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.3.1.zip",99,1,"2026-04-07 21:05:38","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":28,"updated_date":44,"references":45,"days_to_patch":27,"patch_diff_files":47,"patch_trac_url":37,"research_status":56,"research_verified":57,"research_rounds_completed":58,"research_plan":59,"research_summary":60,"research_vulnerable_code":61,"research_fix_diff":62,"research_exploit_outline":63,"research_model_used":64,"research_started_at":65,"research_completed_at":66,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":57,"poc_model_used":37,"poc_verification_depth":37},"CVE-2026-4025","privatecontent-free-authenticated-contributor-stored-cross-site-scripting-via-align-shortcode-attribute","PrivateContent Free \u003C= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Shortcode Attribute","The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the [pc-login-form] shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute. Specifically, the attribute value flows from the shortcode through pc_login_form() to pc_static::form_align(), where it is directly concatenated into an HTML class attribute without esc_attr() or any escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2.0","1.3.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-04-08 09:25:49",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa9ed2943-e108-49e3-ba16-f74ce3136bde?source=api-prod",[48,49,50,51,52,53,54,55],"builders_integration\u002Fguten_elements\u002Flogin\u002Flogin.js","builders_integration\u002Fguten_elements\u002Flogin\u002Flogin.php","builders_integration\u002Fguten_elements\u002Flogout\u002Flogout.js","builders_integration\u002Fguten_elements\u002Flogout\u002Flogout.php","builders_integration\u002Fguten_elements\u002Fregistr\u002Fregistr.js","builders_integration\u002Fguten_elements\u002Fregistr\u002Fregistr.php","builders_integration\u002Fguten_elements\u002Fuser_del\u002Fuser_del.js","builders_integration\u002Fguten_elements\u002Fuser_del\u002Fuser_del.php","researched",false,3,"# Research Plan: CVE-2026-4025 - PrivateContent Free Stored XSS\n\n## 1. Vulnerability Summary\nThe **PrivateContent Free** plugin (up to 1.2.0) contains a stored cross-site scripting (XSS) vulnerability. The plugin fails to sanitize or escape the `align` attribute within the `[pc-login-form]` shortcode (and likely other related shortcodes). This value is passed to `pc_static::form_align()` and concatenated directly into an HTML class attribute without using `esc_attr()`. Authenticated users with **Contributor** level access or higher can inject malicious JavaScript into pages, which will execute when any user (including administrators) views that page.\n\n## 2. Attack Vector Analysis\n- **Endpoint\u002FShortcode:** `[pc-login-form]` (also check `[pc-registration-form]` and `[pc-user-del-box]`).\n- **Vulnerable Parameter:** The `align` attribute within the shortcode.\n- **Authentication Level:** Contributor+ (any role allowed to create or edit posts and use shortcodes).\n- **Preconditions:** The plugin must be active, and a post containing the malicious shortcode must be published or previewed.\n\n## 3. Code Flow\nBased on the vulnerability description and provided source files:\n1. **Entry Point:** A user with Contributor permissions creates a post with the shortcode `[pc-login-form align='PAYLOAD']`.\n2. **Shortcode Handling:** WordPress parses the shortcode and calls the handler function (inferred as `pc_login_form()` or the `render_callback` defined in Gutenberg integration like `pvtcont_login_guten_handler`).\n3. **Data Processing:** The `align` attribute value is extracted from the `$atts` array.\n4. **Vulnerable Sink:** The value is passed to `pc_static::form_align()`.\n5. **Output Generation:** Inside `pc_static::form_align()`, the code likely performs a concatenation similar to:\n   ```php\n   \u002F\u002F Inferred vulnerable code in pc_static::form_align()\n   return 'pc_form_' . $align_attr; \n   ```\n   This returned string is then placed into a template:\n   ```php\n   \u002F\u002F Inferred output context\n   echo '\u003Cdiv class=\"' . pc_static::form_align($atts['align']) . '\">';\n   ```\n6. **Result:** The lack of `esc_attr()` allows an attacker to break out of the `class` attribute and inject event handlers (e.g., `onmouseover`, `autofocus onfocus`).\n\n## 4. Nonce Acquisition Strategy\nShortcodes in WordPress do not require nonces for rendering. They are processed on the server whenever a post is rendered for display. Therefore, **no nonce is required** for the core exploitation of this vulnerability.\n\nHowever, if the PoC involves using the Gutenberg editor via the REST API to save the post, a standard WordPress REST API nonce (`_wpnonce`) would be required. This can be obtained by:\n1. Navigating to the post editor page (`\u002Fwp-admin\u002Fpost-new.php`).\n2. Extracting the `wpApiSettings.nonce` from the page source using `browser_eval`.\n\n## 5. Exploitation Strategy\nThe goal is to demonstrate that a Contributor user can inject a script that executes when viewed.\n\n### Step 1: Create a Post with Payload\nUsing the `http_request` tool, the agent will authenticate as a Contributor and create a post containing the malicious shortcode.\n\n- **URL:** `http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fpost-new.php` (to initiate) or using `wp-cli` to create the post directly.\n- **Shortcode Payload:** `[pc-login-form align=' \" onmouseover=\"alert(document.domain)\" style=\"padding:100px;border:1px solid red;\" ']`\n  - *Note:* We use `style` to make the element large and easy to trigger the `onmouseover` event.\n\n### Step 2: View the Post\nThe agent will navigate to the newly created post's permalink using `http_request`.\n\n### Step 3: Analyze Response\nSearch the response body for the injected payload to confirm it rendered without escaping.\n- **Target String:** `class=\"pc_login_form  \" onmouseover=\"alert(document.domain)\"`\n\n## 6. Test Data Setup\n1. **Plugin:** Ensure `privatecontent-free` version 1.2.0 is installed and active.\n2. **User:** Create a user with the **Contributor** role.\n   ```bash\n   wp user create attacker attacker@example.com --role=contributor --user_pass=password123\n   ```\n3. **Post Content:** Use the following content for the post:\n   ```text\n   Check out this login form:\n   [pc-login-form align=' \" onmouseover=\"alert(document.domain)\" ']\n   ```\n\n## 7. Expected Results\n- The HTTP response from the published page should contain the raw, unescaped payload within the class attribute of a `div` or `form` element.\n- Specifically, the HTML output should look like:\n  `\u003Cdiv class=\"pc_login_form  \" onmouseover=\"alert(document.domain)\" ...`\n- The `\"` character in the `align` attribute will close the `class` attribute value, allowing the `onmouseover` attribute to be injected as a separate HTML attribute.\n\n## 8. Verification Steps\n1. **HTML Inspection:** After the `http_request` to the post, use `grep` or string matching on the output:\n   ```bash\n   # Confirm the injection\n   grep -P 'class=\"[^\"]*\"\\s+onmouseover=\"alert'\n   ```\n2. **Database Check:** Verify the shortcode was stored correctly via `wp-cli`:\n   ```bash\n   wp post get \u003CPOST_ID> --field=post_content\n   ```\n\n## 9. Alternative Approaches\nIf `[pc-login-form]` is patched or blocked, try the other Gutenberg-integrated elements found in the source:\n1. **Registration Form:** `[pc-registration-form align=' \" onmouseover=\"alert(1)\" ']` (linked to `builders_integration\u002Fguten_elements\u002Fregistr\u002Fregistr.php`)\n2. **User Deletion Box:** `[pc-user-del-box align=' \" onmouseover=\"alert(1)\" ']` (linked to `builders_integration\u002Fguten_elements\u002Fuser_del\u002Fuser_del.php`)\n\nBoth of these use the `pc_align` \u002F `align` attribute pattern and are registered with similar render handlers that likely share the vulnerable `pc_static::form_align()` function.","The PrivateContent Free plugin for WordPress (up to version 1.2.0) is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on the 'align' attribute in shortcodes such as [pc-login-form]. An authenticated attacker with Contributor-level access or higher can inject arbitrary JavaScript by breaking out of the HTML class attribute context where the value is concatenated in pc_static::form_align().","\u002F\u002F builders_integration\u002Fguten_elements\u002Flogin\u002Flogin.php @ 1.2.0\n'pc_align' => array(\n\t'label'\t\t=> esc_html__('Form alignment', 'privatecontent-free'),\n\t'type'\t\t=> 'select',\n\t'opts'\t\t=> array(\n\t\t'center'\t=> esc_html__('Center', 'privatecontent-free'),\n\t\t'left'\t\t=> esc_html__('Left', 'privatecontent-free'),\n\t\t'right'\t\t=> esc_html__('Right', 'privatecontent-free'),\n\t),\n\t'default' \t=> 'center',\n\t'panel'\t\t=> 'main',\n),\n\n---\n\n\u002F\u002F builders_integration\u002Fguten_elements\u002Fregistr\u002Fregistr.php @ 1.2.0\n'pc_align' => array(\n\t'label'\t\t=> esc_html__('Form alignment', 'privatecontent-free'),\n\t'type'\t\t=> 'select',\n\t'opts'\t\t=> array(\n\t\t'center'\t=> esc_html__('Center', 'privatecontent-free'),\n\t\t'left'\t\t=> esc_html__('Left', 'privatecontent-free'),\n\t\t'right'\t\t=> esc_html__('Right', 'privatecontent-free'),\n\t),\n\t'default' \t=> 'center',\n\t'panel'\t\t=> 'main',\n),","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprivatecontent-free\u002F1.2.0\u002Fbuilders_integration\u002Fguten_elements\u002Flogin\u002Flogin.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprivatecontent-free\u002F1.3.0\u002Fbuilders_integration\u002Fguten_elements\u002Flogin\u002Flogin.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprivatecontent-free\u002F1.2.0\u002Fbuilders_integration\u002Fguten_elements\u002Flogin\u002Flogin.php\t2026-01-20 10:38:14.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fprivatecontent-free\u002F1.3.0\u002Fbuilders_integration\u002Fguten_elements\u002Flogin\u002Flogin.php\t2026-04-02 10:00:16.000000000 +0000\n@@ -13,12 +13,12 @@\n \t\t'panel'\t\t=> 'main',\n \t),\n \t'pc_align' => array(\n-\t\t'label'\t\t=> esc_html__('Form alignment', 'privatecontent-free'),\n+\t\t'label'\t\t=> esc_html__('Form alignment', 'pc_ml'),\n \t\t'type'\t\t=> 'select',\n \t\t'opts'\t\t=> array(\n-\t\t\t'center'\t=> esc_html__('Center', 'privatecontent-free'),\n-\t\t\t'left'\t\t=> esc_html__('Left', 'privatecontent-free'),\n-\t\t\t'right'\t\t=> esc_html__('Right', 'privatecontent-free'),\n+\t\t\t'center'\t=> esc_html__('Center', 'pc_ml'),\n+\t\t\t'left'\t\t=> esc_html__('Left', 'pc_ml'),\n+\t\t\t'right'\t\t=> esc_html__('Right', 'pc_ml'),\n \t\t),\n \t\t'default' \t=> 'center',\n \t\t'panel'\t\t=> 'main', (truncated)","1. Log in to the WordPress site as a user with Contributor-level permissions (or higher).\n2. Create a new post or edit an existing one.\n3. Insert a shortcode for a PrivateContent form (e.g., [pc-login-form]) and provide a malicious payload for the 'align' attribute, such as: [pc-login-form align=' \" onmouseover=\"alert(document.domain)\" '].\n4. Publish the post.\n5. View the post as any user (including an Administrator). The double-quote in the payload will close the intended class attribute, allowing the onmouseover event handler to be injected as a new attribute on the form container element. The script executes when a user hovers over the form.","gemini-3-flash-preview","2026-04-17 20:24:55","2026-04-17 20:25:12",{"slug":68,"display_name":7,"profile_url":8,"plugin_count":69,"total_installs":70,"avg_security_score":71,"avg_patch_time_days":27,"trust_score":72,"computed_at":73},"lcweb-projects",4,70,96,97,"2026-05-19T17:36:16.719Z",[75,99,119,141,159],{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":95,"download_link":96,"security_score":97,"vuln_count":58,"unpatched_count":13,"last_vuln_date":98,"fetched_at":29},"page-and-post-restriction","Page and Post Restriction","1.3.9","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>CONTENT RESTRICTION \u002F PAGE POST RESTRICTION | PROTECT CONTENT FOR WORDPRESS\u003C\u002Fp>\n\u003Cp>Content Restriction provide control of the entire content of your WordPress sites. This includes Page Restriction and Post Restriction i.e. Content restriction according to User Roles. You can Protect content by setting consent for single-entity users on WordPress sites based on their roles. Here a user role has permission to access a page; the authorization enables access to that user. By default, all roles will have access to the content of the page.\u003Cbr \u002F>\nPage Restriction provides page protection by allowing content access to only Logged In Users to specific or all pages. Restrict access of your pages to logged-out users by showing them an error message letting them know they do not have permission to look into the content on the particular page.\u003C\u002Fp>\n\u003Cp>Besides Page Restrictions, we also provide Post Restrictions (Content restriction) feature which helps to Protect content by Restricting access for posts on logged-in\u002Fout status to users or specific user roles. Our WordPress Post restrictions feature also helps you to Restrict access in categories to logged-in\u002Fout users or specific user roles. We Display a custom message to users who do not have permission to view the content or redirect them to a specified URL. In our Page restriction, Post restriction Plugin our Individual Posts feature will enable protection for default posts as well as custom post types.\u003C\u002Fp>\n\u003Cp>Content Restriction also includes role-based capabilities which help in creating new custom roles and provide capabilities. You can create roles and customize them by assigning various WordPress capabilities to them according to requirements. You can also restrict content of your WordPress according to these custom roles with the help of our roles and capabilities feature.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>We provide integration with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fminiorange-saml-20-single-sign-on\u002F\" rel=\"ugc\"> SAML Single Sign-On (SAML SSO) \u003C\u002Fa> and OAuth Single Sign-On (OAuth SSO) which helps in content restriction and allows content access to only those users who are authenticated by the configured Identity Provider or the Identity Server.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>CONTENT RESTRICTION – FREE VERSION FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Page restriction\u003C\u002Fstrong>: Restrict pages \u002F Protect Content \u002F Restrict user access by applying Page restriction on all or specific pages of your site. You can apply Page restriction to all the pages or restrict particular pages from the users that are not logged-in. Restricted users will be shown a static \u002F default error message \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post restriction\u003C\u002Fstrong>: Restrict access for individual posts. Restrict user access by applying Post restriction on all or specific posts. Restrict posts by showing a static \u002F default error message to the users who do not have permission to access the content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site restriction\u003C\u002Fstrong>: You can enable site restriction and restrict access of your site to logged-in users and restrict\u002Fprotect content of your site from those who are not logged- in. Complete site restriction will restrict your entire site and users won’t have the content access. Restricted users will be shown a static \u002F default error message. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Restriction based on user login status\u003C\u002Fstrong>: Restrict content (Page restriction | Post restriction | site restriction | tag restriction | widgets restriction | taxonomies restriction) and allow only logged-in users the content access. Protect content from those who are not logged-in users of the site. Those who are not logged-in won’t have the content access and will be shown a static \u002F default error restriction message \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict content based on one or more WordPress Roles\u003C\u002Fstrong>: This option allows content restriction according to the roles. Assign roles to the users and then give the content access according to the roles assigned to the users. Protect content confidential to a specific user role by restricting other user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict Pages\u002FPosts while Creating (Meta Box)\u003C\u002Fstrong>: Page restriction \u002F Post restriction option while creating a particular page or post. This provides page restriction and Post restriction options to users while creating and editing posts\u002Fpages. This shows all the site’s user roles based on which Page restriction and Post restriction can be made. The meta box also asks if login is required to access the page\u002Fpost.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict all of your WordPress pages or posts\u003C\u002Fstrong>:  this option allows you to restrict all the pages or posts available on your WordPress site. This option gives an effortless experience if you want to restrict pages, restrict posts or restrict content as you don’t have to list down individual pages or posts to restrict them from unauthorized users. A convenient way to protect all of your content in one step.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited WordPress Content restriction\u003C\u002Fstrong>:  Restrict pages | Restrict posts | Restrict content to an unlimited extent. Any number of Page restrictions | Post restriction | Content restriction is allowed. The Page Restriction Plugin can work with large number of pages, posts and other WordPress content without overloading your servers. You can restrict as many pages \u002F posts as you have in your WordPress, control their content, restrict users to have content access to your WordPress pages \u002F posts and you won’t be held back by safety concerns due to the increasing number of pages\u002Fposts in you WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Static Error Message\u003C\u002Fstrong>: Protect content by restricting users who do not have permission to view the content by redirecting to a static \u002F default error message.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Apply Parent Page Post Restriction to all Child Pages\u003C\u002Fstrong>: Configure restrictions for the parent page and apply to all its child pages. Choose which parent page’s restrictions should be applied to its child pages.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create New Roles\u003C\u002Fstrong>: The Page restriction and post restriction plugin allows you to create new WordPress Roles and assign capabilities as per the requirements. Create unlimited custom roles in your WordPress and protect content according to the user roles created\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modify Role Capabilities\u003C\u002Fstrong>: Apply different WordPress capabilities to the roles created. Users will be able to update the capabilities of the new roles created as well as modify the capabilities of the custom roles. You can assign \u002F delete \u002F update new capabilities to the default WordPress roles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Update existing Roles\u003C\u002Fstrong>: Default existing roles can be updated according to the requirements of the users. With the Page restriction plugin, users will be able to edit role names, delete or update roles, create a copy of an existing role etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict using Quick Edit\u003C\u002Fstrong>: Page Restriction \u002F Post Restriction Plugin gives an option of quick edit on the restriction interface to make it convenient for you to edit the content restriction settings without going to the very restricted content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict specific blocks\u002Fexcerpts in a Page\u002FPost\u003C\u002Fstrong>: Restrict specific blocks in the content of pages or posts. Use opening and closing tags of the shortcode anywhere in the page\u002Fpost to restrict the access to the content present in the between the tags of the shortcode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>PAGE RESTRICTION – PREMIUM VERSION FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All features of the free version\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict Tags\u003C\u002Fstrong>: Restrict users from accessing specific tags. Apply tag restriction on all or specific tags to restrict access of all or specific users from accessing the posts with the tag and the main page of the tag.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict Nav Menu Items\u003C\u002Fstrong>: Control the access to navigation menu of your site. Protect the content of the navigation menu and restrict specific user roles or logged out users from accessing the navigation menu items. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict Widgets\u003C\u002Fstrong>: Get better access control of the WordPress widgets. Restrict widgets by hiding them from the users. You can apply widget restriction to all widgets or have an option to restrict particular widgets from the users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict Custom Post Types\u003C\u002Fstrong>: Allows extending restrictions of posts to custom post types. Protect posts of custom post types by assigning user roles to a page who can access content of that post.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role based Block Restriction\u003C\u002Fstrong>: Restrict blocks to one or more user roles and enable displaying content dynamically on your pages or posts. Allow only specific user roles to view some content on your page or post.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Category restrictions\u003C\u002Fstrong>: Page restriction WordPress plugin controls the visibility of content for post categories without the hassle of editing every post on your site and defining the restrictions individually to logged in\u002Fout users or specific user roles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict access to Meta Box\u003C\u002Fstrong>: Restrict Access to the custom Meta Box based on user roles. This allows you to have control over who can restrict access to a page or post while creating\u002Fediting content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Error Message\u003C\u002Fstrong>: Restrict content from users who do not have permission to view the protected content by displaying a custom error message.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirect Restricted user to WP Login Page\u003C\u002Fstrong>:  Redirects users who do not have permission to view the restricted content to WordPress default login page (redirects to page\u002Fpost after login).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict Category based on User’s Login Status\u003C\u002Fstrong>: Restrict content based on user’s logged in\u002Fout status and after successful authentication, redirect back to the restricted page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirect Restricted User to a URL\u003C\u002Fstrong>: Users trying to access a restricted page (content restrict) will be redirected to a specific page URL. This post restriction \u002F page restriction option lets you modify the behaviour of restricted pages and posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page Post restriction Plugin Integration with SAML\u002FOAuth SSO\u003C\u002Fstrong>: This page restriction and post restriction feature allows Protected content access to only the users who have been authenticated by the configured IdP. Allows redirecting not logged in users to your Identity Provider \u002FOauth Server login page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WHY DO YOU NEED \u003Ca href=\"https:\u002F\u002Fblog.miniorange.com\u002Fwordpress-page-post-restriction-addon\u002F\" rel=\"nofollow ugc\">PAGE RESTRICTION WORDPRESS – PROTECT WP PAGES\u002FPOST\u003C\u002Fa> PLUGIN?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Managing a website is easier than ever nowadays. Do you have content you only want certain WordPress users to access? Now you can manage content for specific users as well as control or restrict content access for certain groups.\u003C\u002Fp>\n\u003Cp>Page restrictions and Post restrictions permit you to control \u002F protect who can see as well as alter restrictions on individual pages in a space. Content Restriction allows to restrict entire WordPress content (site restriction | tag restriction | widgets restriction | taxonomies restriction) according to the user login status or their WordPress roles.We energetically suggest investigating your site needs and provide you the miniOrange Page Restriction WordPress plugin specially designed for integrating with WordPress Sites to keep your website safe with a user-friendly experience at an affordable price.\u003C\u002Fp>\n\u003Ch3>BENEFITS OF USING CONTENT RESTRICTION WORDPRESS PLUGIN\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Restrict access to complete site\u003C\u002Fstrong>: Our Page restriction WordPress plugin helps to Protect content on your WordPress site and its feed make it completely private with more flexibility to restrict to private pages. This is very useful for intranet sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited content restriction\u003C\u002Fstrong>: Content Restriction WordPress provides granular access to your content by applying restrictions on unlimited pages and posts on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports Custom Post Types\u003C\u002Fstrong>: You can even restrict access to custom post types which gives you complete control over your content on WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple User Roles\u003C\u002Fstrong>: Page Restriction | Post restriction plugin can provide one, two, or even more roles to any pages. Multiple roles could be assigned to pages\u002Fposts simultaneously.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inherited Restrictions\u003C\u002Fstrong>: Page Restriction | Post restriction plugin helps you to make content restriction as easy as possible by reflecting the changes down to child pages\u002Fposts when a restriction is applied to the parent one.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customize redirect\u003C\u002Fstrong>: Helps you integrate the plugin seamlessly by allowing you to customize restricted messages and choose login authentication for Single Sign-On (SSO) redirecting to the IDP login page and redirecting to the WP login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to use\u003C\u002Fstrong>: Ease to set up and designed with user-friendly interfaces or Ease of use with protected content integrates User management and role-based content access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-level content access\u003C\u002Fstrong>: The option to hide content from different user roles and even nested pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict Anonymous\u002FOther users\u003C\u002Fstrong>: Our Page and Post restriction plugin limits anonymous\u002Fother user roles to your site who are logged in from accessing site content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>HOW WE ARE DIFFERENT\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>miniOrange has various types of deployments that give the customer a safe and protective choice. miniOrange offers a plugin, Cloud, and On-premise server module. We provide a reliable plugin with extended functionality in a cost-beneficial manner to Protect content on your WordPress sites. Our Page restriction WordPress, Post restriction plugin for WordPress sites, carries a lot of features within it like protecting posts, pages, custom post types. . If you are looking for a greater amount of administrative control over your WordPress website in a cost-efficient manner miniOrange is best with the powerful content restriction feature.\u003C\u002Fp>\n\u003Ch3>CONTRIBUTED BY MINIORANGE\u003C\u002Fh3>\n\u003Cp>Page restriction WordPress – Protect WP Pages\u002FPosts is built by miniOrange. We create high-quality WordPress plugins that help you grow your WordPress sites.\u003Cbr \u002F>\nCheck out our website for other plugins \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fplugins.miniorange.com\u002F\u003C\u002Fa> or click here to see all our listed WordPress plugins.\u003C\u002Fp>\n\u003Ch3>DOCUMENTATION\u003C\u002Fh3>\n\u003Cp>Our Page restriction WordPress – Protect WP Pages\u002FPosts plugin for WordPress comes with detailed setup guidelines with ensured content, expectations to make sure you don’t get lost along the way.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-page-restriction#pagerestriction\" rel=\"nofollow ugc\">https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-page-restriction#pagerestriction\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>CONTACT SUPPORT\u003C\u002Fh3>\n\u003Cp>If you are still nervous about your website security or how the plugin would work for you specifically, customized solutions and Active support are available. You can always \u003Ca href=\"https:\u002F\u002Fwww.miniorange.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>, or Email us at samlsupport@xecurify.com and we would be happy to help you out.\u003C\u002Fp>\n","Restrict content access for WordPress (WP) | Restrict pages\u002Fposts in WP based on user roles and login status to protect content",2000,34948,84,14,"2025-06-02T06:20:00.000Z","6.8.5","3.7","5.6",[19,92,93,94,22],"page-restriction","post-restriction","restrict-access","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-and-post-restriction.1.3.9.zip",98,"2024-12-19 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":13,"num_ratings":13,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":95,"tags":112,"homepage":95,"download_link":117,"security_score":118,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"restrict-content-for-wp-bakery","Restrict Content for WP Bakery","1.0.0","mohan9a","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohan9a\u002F","\u003Cp>An extension for Visual Composer that restrict the content or block based on user role and display message for restricted role as well.\u003C\u002Fp>\n\u003Cp>WP Bakery plugin must be installed and activated to have this element in editor.\u003C\u002Fp>\n\u003Cp>Some of basic feature using this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Content restriction based on user role.\u003C\u002Fli>\n\u003Cli>Dynamic heading tag for showing title of section and it will be hide\u002Fshow based on selection.\u003C\u002Fli>\n\u003Cli>Banner image upload for restricted section.\u003C\u002Fli>\n\u003Cli>Set the custom description for section.\u003C\u002Fli>\n\u003Cli>Display message for logged in user or non-logged in user.\u003C\u002Fli>\n\u003Cli>You can show custom message for different users if users is not allowed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Still you have any suggestion \u002F feedback then let us know on \u003Ca href=\"mailto:mohan9a@gmail.com\" rel=\"nofollow ugc\">mohan9a@gmail.com\u003C\u002Fa>.\u003C\u002Fp>\n","An extension for Visual Composer that restrict the content or block based on user role and display message for restricted role as well.",60,1505,"2022-06-29T12:10:00.000Z","6.0.11","3.0.1",[19,113,114,115,116],"hide-content","restrict-content-wpbakery","wpbakery","wpbakery-content-restrict","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-content-for-wp-bakery.1.0.0.zip",85,{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":27,"last_updated":130,"tested_up_to":15,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":138,"download_link":139,"security_score":129,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":140},"restrictmate","RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin)","1.1.16","RestrictMate","https:\u002F\u002Fprofiles.wordpress.org\u002Furcm\u002F","\u003Cp>\u003Cstrong>RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin)\u003C\u002Fstrong> is a lightweight, flexible \u003Cstrong>content restriction and membership plugin for WordPress\u003C\u002Fstrong>.\u003Cbr \u002F>\nControl who can view your pages, posts, products, or lessons — by  membership levels.\u003C\u002Fp>\n\u003Cp>Whether you want to \u003Cstrong>create a members-only community\u003C\u002Fstrong>, \u003Cstrong>protect premium content\u003C\u002Fstrong>, or \u003Cstrong>restrict WooCommerce and LMS pages\u003C\u002Fstrong>, RestrictMate gives you total access control — without slowing down your site or adding bloat.\u003C\u002Fp>\n\u003Cp>Built following modern WordPress standards, RestrictMate is compatible with all major themes and builders.\u003Cbr \u002F>\nIts intuitive interface helps creators, bloggers, educators, and businesses protect valuable content in just a few clicks.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>⚡ Inspired by popular restriction frameworks — refined for simplicity, performance, and modern WordPress workflows.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>🎯 \u003Cstrong>Turn Your Content Into Revenue\u003C\u002Fstrong> – Create exclusive member areas, sell premium content, and build recurring subscription revenue with our comprehensive membership management system.\u003C\u002Fp>\n\u003Ch3>How to Install and Use RestrictMate\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F9ozagN8Cbbg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>🔒 \u003Cstrong>Why Choose RestrictMate\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Restrict anything instantly\u003C\u002Fstrong> – Hide or show any page, post, or custom post type.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-based control\u003C\u002Fstrong> – Limit visibility by membership, or login status.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible rules\u003C\u002Fstrong> – Apply restrictions globally or per-post for complete freedom.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatible with everything\u003C\u002Fstrong> – Works smoothly with WooCommerce, LearnDash, Elementor, Divi, and Bricks.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean & fast\u003C\u002Fstrong> – Lightweight codebase built for performance and SEO.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Beginner-friendly\u003C\u002Fstrong> – Simple settings and clear options — no coding required.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>Simple enough for beginners, powerful enough for pros.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>🚀 \u003Cstrong>How RestrictMate Helps You Grow\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create \u003Cstrong>membership websites\u003C\u002Fstrong> with protected premium content.  \u003C\u002Fli>\n\u003Cli>Build \u003Cstrong>private learning platforms\u003C\u002Fstrong> and restrict lessons or courses by membership level.  \u003C\u002Fli>\n\u003Cli>Protect \u003Cstrong>WooCommerce products\u003C\u002Fstrong> or pricing pages for logged-in customers.  \u003C\u002Fli>\n\u003Cli>Offer \u003Cstrong>exclusive tutorials, digital downloads, or subscriber-only posts\u003C\u002Fstrong>.  \u003C\u002Fli>\n\u003Cli>Manage internal dashboards or client portals securely.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>RestrictMate brings professional-grade content protection to WordPress — in a fast, friendly, and flexible package.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch3>🆓 \u003Cstrong>Free Version\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Restrict \u003Cstrong>pages or posts\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Limit access by \u003Cstrong>login status\u003C\u002Fstrong>, or \u003Cstrong>custom conditions\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Display a \u003Cstrong>custom message\u003C\u002Fstrong> or \u003Cstrong>redirect\u003C\u002Fstrong> unauthorized users  \u003C\u002Fli>\n\u003Cli>Enable or disable restrictions \u003Cstrong>globally\u003C\u002Fstrong> or \u003Cstrong>per post\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Works with \u003Cstrong>Gutenberg\u003C\u002Fstrong>, \u003Cstrong>Classic Editor\u003C\u002Fstrong>, \u003Cstrong>Elementor\u003C\u002Fstrong>, \u003Cstrong>Divi\u003C\u002Fstrong>, and others  \u003C\u002Fli>\n\u003Cli>Fully compatible with \u003Cstrong>caching and security plugins\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Lightweight, clean, and performance-optimized  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🚀 Pro Version (Coming Soon)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Cstrong>RestrictMate Pro\u003C\u002Fstrong> for advanced access control, membership automation, and monetization:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Restrict Custom Post Types\u003C\u002Fli>\n\u003Cli>Multiple \u003Cstrong>membership levels\u003C\u002Fstrong> and \u003Cstrong>subscription tiers\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce\u003C\u002Fstrong>, \u003Cstrong>LearnDash\u003C\u002Fstrong> integration  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Payment gateways\u003C\u002Fstrong> (PayPal, Stripe)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Drip content scheduling\u003C\u002Fstrong> and progressive access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email notifications\u003C\u002Fstrong> and automation triggers  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Member dashboard\u003C\u002Fstrong> and profile management  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics and reporting\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority support\u003C\u002Fstrong> and continuous feature updates  \u003C\u002Fli>\n\u003Cli>Generate Coupons\u003C\u002Fli>\n\u003Cli>Restrict Past Content \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>RestrictMate Pro extends your free version into a complete membership and content-monetization system — while staying light and easy to use.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>📋 Essential Shortcodes\u003C\u002Fh4>\n\u003Cp>• \u003Ccode>[restrictmate_register]\u003C\u002Fcode> – Display membership registration form\u003Cbr \u002F>\n• \u003Ccode>[restrictmate_account]\u003C\u002Fcode> – Member account dashboard\u003Cbr \u002F>\n• \u003Ccode>[restrictmate_thankyou]\u003C\u002Fcode> – Post-payment thank you page\u003C\u002Fp>\n\u003Ch4>⚡ Quick Setup Guide\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Install & Activate\u003C\u002Fstrong> – Get started in seconds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure Payments\u003C\u002Fstrong> – Set up Stripe or manual payments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create Membership Levels\u003C\u002Fstrong> – Define your pricing and access tiers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protect Content\u003C\u002Fstrong> – Restrict posts\u002Fpages to specific membership levels\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Launch\u003C\u002Fstrong> – Add registration and account pages, then go live!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>🌟 Why RestrictMate Stands Out\u003C\u002Fh4>\n\u003Cp>✅ \u003Cstrong>All-in-One Solution\u003C\u002Fstrong> – Everything you need in a single, powerful plugin\u003Cbr \u002F>\n✅ \u003Cstrong>User-Friendly Interface\u003C\u002Fstrong> – Intuitive for both admins and members\u003Cbr \u002F>\n✅ \u003Cstrong>Enterprise Security\u003C\u002Fstrong> – Built with WordPress security best practices\u003Cbr \u002F>\n✅ \u003Cstrong>Exceptional Support\u003C\u002Fstrong> – Comprehensive documentation and responsive help\u003Cbr \u002F>\n✅ \u003Cstrong>Regular Updates\u003C\u002Fstrong> – Continuous improvements and new features\u003Cbr \u002F>\n✅ \u003Cstrong>Performance Focused\u003C\u002Fstrong> – Optimized for speed and scalability\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Ready to monetize your content?\u003C\u002Fstrong> Transform your WordPress site into a profitable membership platform today!\u003C\u002Fp>\n\u003Ch3>Support & Documentation\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Need Help?\u003C\u002Fstrong> We’re here to support your success!\u003C\u002Fp>\n\u003Cp>🌐 \u003Cstrong>Official Website:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Frestrictmate.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Frestrictmate.com\u002F\u003C\u002Fa>\u003Cbr \u002F>\n💬 \u003Cstrong>Support Forum:\u003C\u002Fstrong> Available through WordPress.org support forums\u003Cbr \u002F>\n📧 \u003Cstrong>Direct Support:\u003C\u002Fstrong> Contact us through our website for premium support\u003C\u002Fp>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>RestrictMate Pro (coming soon)\u003C\u002Fstrong> unlocks advanced membership features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Full \u003Cstrong>membership management system\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurring subscriptions\u003C\u002Fstrong> with Stripe \u002F PayPal  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Drip content\u003C\u002Fstrong> and learning management integration  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend dashboards\u003C\u002Fstrong> and member profiles  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automation & analytics\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority support\u003C\u002Fstrong> and feature updates  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>RestrictMate Pro = the power of enterprise-grade access control in a plugin that feels native, clean, and fast.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Smart Content Restriction & Membership Control plugin for WordPress. Restrict pages, posts, or custom content by membership level, login, or membe …",20,1122,100,"2026-01-03T18:40:00.000Z","6.0","7.4",[134,135,22,136,137],"content-restriction-plugin","membership-plugin","restrict-page","restrict-post","https:\u002F\u002Frestrictmate.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrictmate.1.1.16.zip","2026-03-15T15:16:48.613Z",{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":11,"downloaded":149,"rating":129,"num_ratings":27,"last_updated":150,"tested_up_to":151,"requires_at_least":152,"requires_php":95,"tags":153,"homepage":157,"download_link":158,"security_score":118,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"content-permissions-for-pages-posts","Content Permissions for Pages & Posts","1.0","param","https:\u002F\u002Fprofiles.wordpress.org\u002Fparamsheoran\u002F","\u003Cblockquote>\n\u003Cp>Control your content based on logged in users, guests roles. Hide the content and show message to ask them to login.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Hide complete page content, post content with simple use of shortcode and your content inside this.\u003Cbr \u002F>\n  Special option to display the content only to guests, only to logged in users etc.\u003C\u002Fp>\n\u003Cp>The Plugin enable you to value your content and distribute your content based on login or guest.\u003Cbr \u002F>\n  Simple Shortcode to use , No Code, No Development Knowledge required.\u003C\u002Fp>\n\u003Ch4>Shortcode list:\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>[cpp_guests] Your content to display for guest only. [\u002Fcpp_guests]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>[cpp_users]  Display content for users\u002Fmembers\u002Flogged in only. [\u002Fcpp_users]\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Control your content permissions with simple shortcode. Restrict content access to members,guests or logged in one's.",1398,"2017-11-17T09:48:00.000Z","4.8.28","3.0",[154,155,21,22,156],"content-permissions","members","restrict-guest","https:\u002F\u002Fprofiles.wordpress.org\u002Fparamsheoran","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-permissions-for-pages-posts.zip",{"slug":160,"name":161,"version":102,"author":162,"author_profile":163,"description":164,"short_description":165,"active_installs":13,"downloaded":166,"rating":13,"num_ratings":13,"last_updated":167,"tested_up_to":168,"requires_at_least":169,"requires_php":170,"tags":171,"homepage":95,"download_link":176,"security_score":177,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":178},"dropp-payment-gateway-for-restrict-content-pro","Dropp Payment Gateway For Restrict Content Pro","Dropp Payment App","https:\u002F\u002Fprofiles.wordpress.org\u002Fdroppapp\u002F","\u003Cp>\u003Cstrong>Dropp Payment Gateway For Restrict Content Pro\u003C\u002Fstrong> is a WordPress plugin that integrates the Dropp payment gateway with Restrict Content Pro, allowing your users to make payments via Dropp when subscribing to your restricted content.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Seamless integration with Restrict Content Pro.\u003C\u002Fli>\n\u003Cli>Secure payment processing with Dropp.\u003C\u002Fli>\n\u003Cli>Easy setup and configuration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the “PaymentAPI” to process payments securely. This is needed to handle transactions when users make purchases via the plugin.\u003C\u002Fp>\n\u003Cp>It sends the following data:\u003Cbr \u002F>\n– User’s billing information and payment details are sent when the user initiates a purchase.\u003Cbr \u002F>\n– The data is sent to the PaymentAPI when a transaction is processed to ensure payment completion.\u003C\u002Fp>\n\u003Cp>This service is provided by “PaymentAPI”:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fpaymentapi.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fpaymentapi.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa> for details.\u003C\u002Fp>\n","Dropp payment gateway integration for Restrict Content Pro.",410,"2025-04-22T00:39:00.000Z","6.7.5","5.8","7.2",[19,172,173,174,175],"dropp","membership","payment-gateway","restrict-content-pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdropp-payment-gateway-for-restrict-content-pro.1.0.0.zip",92,"2026-04-06T09:54:40.288Z",{"attackSurface":180,"codeSignals":719,"taintFlows":937,"riskAssessment":1262,"analyzedAt":1275},{"hooks":181,"ajaxHandlers":591,"restRoutes":696,"shortcodes":697,"cronEvents":716,"entryPointCount":717,"unprotectedCount":718},[182,188,191,195,199,203,206,210,215,219,222,225,229,233,237,240,245,248,250,255,259,261,263,268,272,276,279,283,287,292,297,302,306,310,313,316,320,324,328,333,336,341,345,350,353,358,361,364,366,370,373,376,378,383,385,388,391,393,396,398,401,404,406,410,413,415,418,421,424,427,431,433,437,440,443,446,449,452,454,458,460,464,467,471,474,476,479,482,484,487,490,492,495,497,501,504,506,509,511,514,518,521,524,527,530,532,534,536,539,542,545,548,551,554,556,557,559,562,565,568,571,574,577,580,582,584,587],{"type":183,"name":184,"callback":185,"file":186,"line":187},"action","init","closure","builders_integration\\gutenberg.php",8,{"type":183,"name":189,"callback":185,"priority":27,"file":186,"line":190},"enqueue_block_editor_assets",35,{"type":192,"name":193,"callback":185,"priority":11,"file":186,"line":194},"filter","block_categories_all",105,{"type":183,"name":196,"callback":185,"priority":197,"file":186,"line":198},"admin_head",999,123,{"type":192,"name":200,"callback":201,"priority":11,"file":186,"line":202},"render_block_data","pc_guten_ToggleControl_val_fix",195,{"type":183,"name":189,"callback":185,"file":204,"line":205},"builders_integration\\guten_elements\\registr\\registr.php",7,{"type":183,"name":207,"callback":185,"file":208,"line":209},"wp_footer","classes\\pc_static.php",1425,{"type":183,"name":211,"callback":212,"priority":129,"file":213,"line":214},"delete_post","remove_del_post","classes\\posts_restr_cache.php",45,{"type":183,"name":216,"callback":217,"priority":129,"file":213,"line":218},"save_post","anonymous",50,{"type":183,"name":220,"callback":217,"priority":129,"file":213,"line":221},"deleted_term_taxonomy",51,{"type":183,"name":223,"callback":217,"priority":129,"file":213,"line":224},"pc_qe_restr_wiz_in_list_updated",52,{"type":183,"name":226,"callback":185,"priority":227,"file":213,"line":228},"wp_loaded",120,312,{"type":183,"name":220,"callback":230,"file":231,"line":232},"clean_db_on_terms_remove","classes\\restrictions_wizard.php",77,{"type":183,"name":234,"callback":235,"file":231,"line":236},"admin_init","pt_metabox_setup",81,{"type":183,"name":216,"callback":238,"priority":11,"file":231,"line":239},"post_fields_save",82,{"type":183,"name":241,"callback":242,"priority":243,"file":231,"line":244},"admin_enqueue_scripts","wp_pointer_load",1000,86,{"type":183,"name":196,"callback":246,"priority":129,"file":231,"line":247},"pc_pl_restr_wizard_js",1203,{"type":183,"name":226,"callback":185,"priority":129,"file":231,"line":249},1462,{"type":192,"name":251,"callback":252,"priority":253,"file":254,"line":177},"send_password_change_email","__return_false",999999,"classes\\wp_user_sync.php",{"type":192,"name":256,"callback":252,"priority":257,"file":254,"line":258},"send_email_change_email",9999999,93,{"type":192,"name":251,"callback":252,"priority":197,"file":254,"line":260},232,{"type":192,"name":256,"callback":252,"priority":197,"file":254,"line":262},233,{"type":183,"name":264,"callback":265,"priority":197,"file":266,"line":267},"admin_menu","pc_users_admin_menu","main_includes\\admin_menu.php",83,{"type":183,"name":269,"callback":270,"file":266,"line":271},"parent_file","user_cat_tax_menu_correction",110,{"type":183,"name":234,"callback":273,"priority":274,"file":266,"line":275},"pc_export_buffer",2,162,{"type":183,"name":234,"callback":277,"priority":27,"file":266,"line":278},"pc_settings_redirect_trick",177,{"type":192,"name":280,"callback":281,"priority":11,"file":266,"line":282},"hidden_columns","pc_ulist_hidden_columns",228,{"type":192,"name":284,"callback":285,"priority":11,"file":266,"line":286},"set-screen-option","pc_ulist_page_opts_save",238,{"type":183,"name":288,"callback":289,"priority":290,"file":266,"line":291},"admin_bar_menu","pc_pending_bar_warn",500,266,{"type":183,"name":293,"callback":294,"priority":295,"file":266,"line":296},"pvtcont_init","pc_pending_users_warning",800,269,{"type":192,"name":298,"callback":299,"priority":300,"file":266,"line":301},"admin_title","pc_edit_user_page_title",1100,327,{"type":183,"name":303,"callback":185,"priority":304,"file":305,"line":274},"admin_footer",9999,"main_includes\\adv_lcshop.php",{"type":183,"name":184,"callback":307,"priority":27,"file":308,"line":309},"pc_lightboxes_ct","main_includes\\cpt_and_ct.php",39,{"type":183,"name":184,"callback":311,"priority":27,"file":308,"line":312},"pc_reg_form_ct",80,{"type":183,"name":184,"callback":314,"priority":27,"file":308,"line":315},"register_pg_user_page",95,{"type":183,"name":317,"callback":318,"priority":27,"file":308,"line":319},"admin_head-post-new.php","pc_avoid_manual_pvt_page_creation",151,{"type":183,"name":321,"callback":322,"file":308,"line":323},"current_screen","pc_user_page_no_admin_list",164,{"type":183,"name":325,"callback":326,"priority":27,"file":308,"line":327},"template_redirect","pc_user_page_preview_url",247,{"type":183,"name":329,"callback":330,"priority":331,"file":308,"line":332},"admin_head-post.php","user_page_admin_script",15,262,{"type":183,"name":325,"callback":334,"priority":27,"file":308,"line":335},"pc_pvtpag_comment_redirect_fix",380,{"type":192,"name":337,"callback":338,"priority":339,"file":308,"line":340},"wpseo_sitemap_exclude_post_type","pc_exclude_upp_from_yoast_sitemaps",99999,397,{"type":183,"name":342,"callback":343,"priority":197,"file":308,"line":344},"add_meta_boxes","pc_exclude_yoast_metabox_from_upp",403,{"type":183,"name":346,"callback":185,"priority":347,"file":348,"line":349},"wp_enqueue_scripts",9000,"main_includes\\live_restr_preview.php",6,{"type":183,"name":288,"callback":351,"priority":352,"file":348,"line":86},"pvtcont_live_restr_topbar_switch_registr",501,{"type":183,"name":354,"callback":355,"file":356,"line":357},"widgets_init","pc_register_logform_widget","main_includes\\login_widget.php",79,{"type":183,"name":359,"callback":185,"priority":11,"file":360,"line":205},"wp_update_nav_menu_item","main_includes\\nav_menu_option.php",{"type":192,"name":362,"callback":185,"file":360,"line":363},"wp_setup_nav_menu_item",34,{"type":183,"name":303,"callback":185,"file":360,"line":365},42,{"type":183,"name":367,"callback":185,"priority":304,"file":368,"line":369},"admin_notices","main_includes\\pcfree_welcome.php",5,{"type":192,"name":371,"callback":185,"file":372,"line":205},"pcua_act_types","main_includes\\pcua_integration.php",{"type":192,"name":374,"callback":185,"file":372,"line":375},"pcua_act_triggers",106,{"type":192,"name":377,"callback":185,"priority":11,"file":372,"line":202},"pcua_add_act_metas",{"type":183,"name":346,"callback":379,"priority":380,"file":381,"line":382},"pvtcont_global_scripts",900,"main_includes\\scripts_n_styles_include.php",136,{"type":183,"name":241,"callback":379,"priority":304,"file":381,"line":384},137,{"type":183,"name":386,"callback":379,"file":381,"line":387},"login_enqueue_scripts",138,{"type":183,"name":389,"callback":379,"file":381,"line":390},"lc_guten_scripts",139,{"type":183,"name":196,"callback":185,"file":381,"line":392},156,{"type":192,"name":394,"callback":185,"file":381,"line":395},"body_class",169,{"type":183,"name":234,"callback":185,"file":397,"line":349},"main_includes\\tinymce_implementation.php",{"type":192,"name":399,"callback":185,"file":397,"line":400},"mce_external_plugins",12,{"type":192,"name":402,"callback":185,"file":397,"line":403},"mce_buttons",18,{"type":183,"name":303,"callback":185,"priority":27,"file":397,"line":405},28,{"type":192,"name":394,"callback":407,"priority":11,"file":408,"line":409},"pvtcont_user_status_body_class","main_includes\\user_auth.php",127,{"type":183,"name":293,"callback":411,"priority":27,"file":408,"line":412},"pvtcont_init_session_check_cookie",129,{"type":183,"name":293,"callback":185,"file":408,"line":414},158,{"type":192,"name":416,"callback":185,"priority":257,"file":408,"line":417},"wp_speculation_rules_href_exclude_paths",163,{"type":183,"name":419,"callback":185,"priority":304,"file":408,"line":420},"wp",178,{"type":183,"name":184,"callback":422,"priority":13,"file":423,"line":205},"pvtcont_user_cat_taxonomy","main_includes\\user_categories.php",{"type":192,"name":425,"callback":185,"priority":11,"file":423,"line":426},"manage_edit-pg_user_categories_columns",56,{"type":183,"name":428,"callback":429,"priority":11,"file":423,"line":430},"pg_user_categories_add_form_fields","pvtcont_ucat_fields",69,{"type":183,"name":432,"callback":429,"priority":11,"file":423,"line":70},"pg_user_categories_edit_form_fields",{"type":183,"name":434,"callback":435,"priority":11,"file":423,"line":436},"created_pg_user_categories","pvtcont_save_ucat_fields",214,{"type":183,"name":438,"callback":435,"priority":11,"file":423,"line":439},"edited_pg_user_categories",215,{"type":192,"name":425,"callback":441,"priority":11,"file":423,"line":442},"pvtcont_cat_order_column_headers",268,{"type":192,"name":444,"callback":445,"priority":11,"file":423,"line":296},"manage_pg_user_categories_custom_column","pvtcont_cat_order_column_row",{"type":183,"name":447,"callback":185,"file":423,"line":448},"delete_term_taxonomy",415,{"type":192,"name":450,"callback":185,"priority":27,"file":423,"line":451},"pc_custom_redirect_url",433,{"type":183,"name":325,"callback":185,"priority":13,"file":453,"line":205},"main_includes\\user_pvt_page.php",{"type":192,"name":455,"callback":456,"priority":290,"file":453,"line":457},"comments_template","pvtcont_user_page_comments_template",236,{"type":192,"name":455,"callback":456,"priority":290,"file":453,"line":459},253,{"type":192,"name":461,"callback":462,"priority":290,"file":453,"line":463},"the_content","pvtcont_user_page_contents_override",270,{"type":192,"name":461,"callback":465,"file":453,"line":466},"pvtcont_user_page_preset_texts",297,{"type":192,"name":468,"callback":469,"priority":27,"file":453,"line":470},"get_post_metadata","pvtcont_user_page_override_container_feat_img",368,{"type":192,"name":472,"callback":469,"priority":27,"file":453,"line":473},"default_post_metadata",369,{"type":183,"name":346,"callback":185,"priority":13,"file":453,"line":475},376,{"type":183,"name":346,"callback":185,"priority":477,"file":453,"line":478},99999999,406,{"type":192,"name":480,"callback":185,"priority":304,"file":453,"line":481},"pre_get_posts",421,{"type":183,"name":321,"callback":185,"file":453,"line":483},439,{"type":183,"name":184,"callback":185,"priority":27,"file":485,"line":486},"main_includes\\wp_user_tricks.php",11,{"type":183,"name":488,"callback":185,"priority":11,"file":485,"line":489},"wp_login",30,{"type":192,"name":491,"callback":185,"priority":197,"file":485,"line":417},"authenticate",{"type":183,"name":493,"callback":185,"priority":27,"file":485,"line":494},"woocommerce_before_customer_login_form",206,{"type":183,"name":293,"callback":185,"priority":129,"file":485,"line":496},225,{"type":183,"name":498,"callback":499,"priority":27,"file":485,"line":500},"clear_auth_cookie","pvtcont_wp_user_logout",305,{"type":183,"name":502,"callback":499,"priority":27,"file":485,"line":503},"wp_logout",306,{"type":183,"name":293,"callback":185,"priority":274,"file":485,"line":505},315,{"type":192,"name":507,"callback":252,"priority":339,"file":485,"line":508},"show_admin_bar",319,{"type":183,"name":241,"callback":185,"priority":27,"file":485,"line":510},326,{"type":183,"name":512,"callback":185,"priority":129,"file":485,"line":513},"profile_update",345,{"type":183,"name":515,"callback":516,"priority":197,"file":485,"line":517},"show_user_profile","pvtcont_wps_edit_user_pc_sync",477,{"type":183,"name":519,"callback":516,"priority":197,"file":485,"line":520},"edit_user_profile",478,{"type":192,"name":522,"callback":185,"priority":197,"file":485,"line":523},"registration_errors",484,{"type":183,"name":525,"callback":185,"priority":253,"file":485,"line":526},"user_register",509,{"type":183,"name":528,"callback":185,"priority":11,"file":485,"line":529},"after_password_reset",564,{"type":183,"name":303,"callback":185,"priority":27,"file":485,"line":531},588,{"type":183,"name":241,"callback":185,"priority":477,"file":485,"line":533},633,{"type":183,"name":234,"callback":185,"priority":27,"file":485,"line":535},746,{"type":192,"name":537,"callback":185,"file":485,"line":538},"views_users",778,{"type":183,"name":540,"callback":185,"file":485,"line":541},"pre_get_users",791,{"type":192,"name":543,"callback":185,"file":485,"line":544},"query",808,{"type":183,"name":546,"callback":185,"file":485,"line":547},"woocommerce_order_status_completed",832,{"type":183,"name":184,"callback":185,"priority":27,"file":549,"line":550},"privatecontent-free.php",47,{"type":183,"name":184,"callback":552,"priority":27,"file":549,"line":553},"pvtcont_db_constants",88,{"type":183,"name":234,"callback":555,"priority":27,"file":549,"line":258},"pvtcont_upgrader_operations::db_manag",{"type":183,"name":234,"callback":185,"priority":274,"file":549,"line":72},{"type":183,"name":226,"callback":185,"priority":27,"file":549,"line":558},116,{"type":183,"name":293,"callback":560,"priority":27,"file":549,"line":561},"pvtcont_setup_wp_use_pass",142,{"type":192,"name":563,"callback":185,"priority":304,"file":549,"line":564},"user_has_cap",161,{"type":192,"name":566,"callback":185,"priority":11,"file":549,"line":567},"display_post_states",197,{"type":192,"name":569,"callback":185,"priority":129,"file":549,"line":570},"plugin_row_meta",221,{"type":183,"name":234,"callback":572,"priority":27,"file":549,"line":573},"pvtcont_avoid_duplicates",322,{"type":183,"name":575,"callback":185,"file":549,"line":576},"before_woocommerce_init",328,{"type":192,"name":578,"callback":185,"priority":11,"file":549,"line":579},"plugin_action_links",337,{"type":183,"name":325,"callback":185,"priority":274,"file":581,"line":205},"restrictions\\redirect_engine.php",{"type":192,"name":480,"callback":185,"priority":477,"file":581,"line":583},210,{"type":192,"name":585,"callback":185,"priority":11,"file":581,"line":586},"widget_categories_args",254,{"type":183,"name":588,"callback":185,"file":589,"line":590},"pc_settings_extra_code","settings\\nfpcf.php",112,[592,596,599,602,605,608,611,614,617,620,623,626,629,632,635,638,641,645,648,651,654,657,660,663,666,670,672,675,677,680,682,685,687,689,693],{"action":593,"nopriv":57,"callback":593,"hasNonce":57,"hasCapCheck":57,"file":594,"line":595},"pvtcont_set_predefined_style","main_includes\\admin_ajax.php",48,{"action":597,"nopriv":57,"callback":597,"hasNonce":57,"hasCapCheck":57,"file":594,"line":598},"pvtcont_ulist_update_user_cols",73,{"action":600,"nopriv":57,"callback":600,"hasNonce":57,"hasCapCheck":57,"file":594,"line":601},"pvtcont_bulk_cat_change",148,{"action":603,"nopriv":57,"callback":603,"hasNonce":57,"hasCapCheck":57,"file":594,"line":604},"pvtcont_ulist_manage_users",245,{"action":606,"nopriv":57,"callback":606,"hasNonce":57,"hasCapCheck":57,"file":594,"line":607},"pvtcont_wp_sync_single_user",284,{"action":609,"nopriv":57,"callback":609,"hasNonce":57,"hasCapCheck":57,"file":594,"line":610},"pvtcont_wp_to_pc_single_user_sync",338,{"action":612,"nopriv":57,"callback":612,"hasNonce":57,"hasCapCheck":57,"file":594,"line":613},"pvtcont_wp_to_pc_bulk_user_sync",420,{"action":615,"nopriv":57,"callback":615,"hasNonce":57,"hasCapCheck":57,"file":594,"line":616},"pvtcont_wp_detach_single_user",445,{"action":618,"nopriv":57,"callback":618,"hasNonce":57,"hasCapCheck":57,"file":594,"line":619},"pvtcont_wp_global_sync",465,{"action":621,"nopriv":57,"callback":621,"hasNonce":57,"hasCapCheck":57,"file":594,"line":622},"pvtcont_wp_global_detach",485,{"action":624,"nopriv":57,"callback":624,"hasNonce":57,"hasCapCheck":57,"file":594,"line":625},"pvtcont_wps_search_and_sync_matches",505,{"action":627,"nopriv":57,"callback":627,"hasNonce":57,"hasCapCheck":57,"file":594,"line":628},"pvtcont_ausnp_search",570,{"action":630,"nopriv":57,"callback":630,"hasNonce":57,"hasCapCheck":57,"file":594,"line":631},"pvtcont_reg_form_builder",720,{"action":633,"nopriv":57,"callback":633,"hasNonce":57,"hasCapCheck":57,"file":594,"line":634},"pvtcont_update_reg_form",806,{"action":636,"nopriv":57,"callback":636,"hasNonce":57,"hasCapCheck":57,"file":594,"line":637},"pvtcont_menu_item_restrict",842,{"action":639,"nopriv":57,"callback":639,"hasNonce":57,"hasCapCheck":57,"file":594,"line":640},"pvtcont_set_live_restr_preview",888,{"action":642,"nopriv":57,"callback":642,"hasNonce":57,"hasCapCheck":643,"file":594,"line":644},"pvtcont_qe_restr_wiz_in_list_form",true,982,{"action":646,"nopriv":57,"callback":646,"hasNonce":57,"hasCapCheck":643,"file":594,"line":647},"pvtcont_qe_restr_wiz_in_list_update",1040,{"action":649,"nopriv":57,"callback":649,"hasNonce":57,"hasCapCheck":57,"file":594,"line":650},"pvtcont_pvtc_import_json_upload",1265,{"action":652,"nopriv":57,"callback":652,"hasNonce":57,"hasCapCheck":57,"file":594,"line":653},"pvtcont_pvtc_import",1401,{"action":655,"nopriv":57,"callback":655,"hasNonce":57,"hasCapCheck":57,"file":594,"line":656},"pvtcont_csv_import_csv_upload",1515,{"action":658,"nopriv":57,"callback":658,"hasNonce":57,"hasCapCheck":57,"file":594,"line":659},"pvtcont_csv_import",1653,{"action":661,"nopriv":57,"callback":661,"hasNonce":57,"hasCapCheck":643,"file":594,"line":662},"pvtcont_engine_import_json_upload",1751,{"action":664,"nopriv":57,"callback":664,"hasNonce":57,"hasCapCheck":643,"file":594,"line":665},"pvtcont_engine_import",1847,{"action":667,"nopriv":57,"callback":667,"hasNonce":57,"hasCapCheck":57,"file":668,"line":669},"pc_reg_form_submit","main_includes\\front_ajax.php",153,{"action":667,"nopriv":643,"callback":667,"hasNonce":57,"hasCapCheck":57,"file":668,"line":671},154,{"action":673,"nopriv":57,"callback":673,"hasNonce":57,"hasCapCheck":57,"file":668,"line":674},"pc_login_form_submit",292,{"action":673,"nopriv":643,"callback":673,"hasNonce":57,"hasCapCheck":57,"file":668,"line":676},293,{"action":678,"nopriv":57,"callback":678,"hasNonce":57,"hasCapCheck":57,"file":668,"line":679},"pc_logout_btn_handler",316,{"action":678,"nopriv":643,"callback":678,"hasNonce":57,"hasCapCheck":57,"file":668,"line":681},317,{"action":683,"nopriv":57,"callback":683,"hasNonce":57,"hasCapCheck":57,"file":668,"line":684},"pc_user_del_ajax",388,{"action":683,"nopriv":643,"callback":683,"hasNonce":57,"hasCapCheck":57,"file":668,"line":686},389,{"action":688,"nopriv":57,"callback":185,"hasNonce":57,"hasCapCheck":57,"file":368,"line":224},"pcf_dismiss_welcome",{"action":690,"nopriv":57,"callback":690,"hasNonce":57,"hasCapCheck":57,"file":691,"line":692},"pvtcont_save_user_dashboard_ajax","user_dashboard\\ajax.php",133,{"action":694,"nopriv":57,"callback":694,"hasNonce":57,"hasCapCheck":57,"file":691,"line":695},"pvtcont_user_dashboard_change_status",180,[],[698,701,704,707,710,713],{"tag":699,"callback":185,"file":700,"line":205},"pc-login-form","main_includes\\shortcodes.php",{"tag":702,"callback":185,"file":700,"line":703},"pc-logout-box",23,{"tag":705,"callback":185,"file":700,"line":706},"pc-user-del-box",38,{"tag":708,"callback":185,"file":700,"line":709},"pc-registration-form",101,{"tag":711,"callback":185,"file":700,"line":712},"pc-pvt-content",126,{"tag":714,"callback":185,"file":700,"line":715},"pc-user-pvt-page-contents",243,[],41,31,{"dangerousFunctions":720,"sqlUsage":753,"outputEscaping":775,"fileOperations":718,"externalRequests":27,"nonceChecks":274,"capabilityChecks":718,"bundledLibraries":933},[721,725,729,730,734,736,739,742,745,749],{"fn":722,"file":208,"line":723,"context":724},"unserialize",985,"$data = unserialize($data);",{"fn":722,"file":726,"line":727,"context":728},"classes\\users_import_export.php",62,"$as_params = unserialize(base64_decode($fdata['pc_targeted_export_params']));",{"fn":722,"file":726,"line":604,"context":728},{"fn":722,"file":731,"line":732,"context":733},"classes\\users_manag.php",364,"$users[$uid][$field] = ($field == 'categories') ? unserialize($val) : $val;",{"fn":722,"file":731,"line":735,"context":724},613,{"fn":722,"file":731,"line":737,"context":738},1360,"$clean = (array)unserialize(base64_decode($psw));",{"fn":722,"file":594,"line":740,"context":741},602,"$structure = unserialize(base64_decode($term->description));",{"fn":722,"file":668,"line":743,"context":744},43,"$form_structure = (array)unserialize(base64_decode($term->description));",{"fn":722,"file":746,"line":747,"context":748},"main_includes\\public_api.php",708,"$form_structure = unserialize(base64_decode($rf->description));",{"fn":722,"file":750,"line":751,"context":752},"main_includes\\users_list.php",36,"$targeted_export_args = unserialize(base64_decode(pc_static::sanitize_val($_GET['targeted_export']))",{"prepared":550,"raw":486,"locations":754},[755,758,760,762,765,768,769,770,771,772,774],{"file":254,"line":756,"context":757},22,"$wpdb->get_results() with variable interpolation",{"file":254,"line":759,"context":757},220,{"file":254,"line":761,"context":757},374,{"file":266,"line":763,"context":764},259,"$wpdb->query() with variable interpolation",{"file":766,"line":767,"context":764},"main_includes\\db_manag.php",21,{"file":766,"line":706,"context":764},{"file":766,"line":598,"context":764},{"file":766,"line":709,"context":757},{"file":766,"line":198,"context":757},{"file":766,"line":773,"context":757},172,{"file":549,"line":709,"context":764},{"escaped":776,"rawEcho":244,"locations":777},766,[778,781,783,786,788,790,792,794,795,797,799,801,803,805,807,809,811,812,814,815,817,819,820,822,824,825,826,827,829,830,832,833,835,837,839,841,843,845,847,849,851,852,854,855,856,857,859,861,864,866,868,869,871,873,874,876,877,879,881,883,885,887,889,891,893,896,898,900,901,903,906,908,909,911,912,914,916,917,920,921,923,924,927,928,930,932],{"file":208,"line":779,"context":780},1344,"raw output",{"file":208,"line":782,"context":780},1429,{"file":784,"line":785,"context":780},"classes\\pc_wp_user_caps_static.php",457,{"file":231,"line":787,"context":780},580,{"file":231,"line":789,"context":780},594,{"file":231,"line":791,"context":780},638,{"file":231,"line":793,"context":780},1049,{"file":594,"line":478,"context":780},{"file":594,"line":796,"context":780},411,{"file":594,"line":798,"context":780},567,{"file":594,"line":800,"context":780},604,{"file":594,"line":802,"context":780},629,{"file":594,"line":804,"context":780},704,{"file":594,"line":806,"context":780},712,{"file":594,"line":808,"context":780},839,{"file":305,"line":810,"context":780},239,{"file":305,"line":763,"context":780},{"file":356,"line":813,"context":780},53,{"file":356,"line":727,"context":780},{"file":356,"line":816,"context":780},67,{"file":356,"line":818,"context":780},71,{"file":360,"line":221,"context":780},{"file":368,"line":821,"context":780},16,{"file":381,"line":823,"context":780},157,{"file":397,"line":232,"context":780},{"file":397,"line":118,"context":780},{"file":397,"line":570,"context":780},{"file":397,"line":828,"context":780},255,{"file":750,"line":763,"context":780},{"file":750,"line":831,"context":780},383,{"file":750,"line":616,"context":780},{"file":750,"line":834,"context":780},459,{"file":750,"line":836,"context":780},462,{"file":750,"line":838,"context":780},512,{"file":750,"line":840,"context":780},542,{"file":750,"line":842,"context":780},562,{"file":750,"line":844,"context":780},565,{"file":750,"line":846,"context":780},654,{"file":423,"line":848,"context":780},117,{"file":423,"line":850,"context":780},186,{"file":453,"line":426,"context":780},{"file":853,"line":430,"context":780},"settings\\custom_fields.php",{"file":853,"line":818,"context":780},{"file":853,"line":848,"context":780},{"file":853,"line":483,"context":780},{"file":853,"line":858,"context":780},450,{"file":853,"line":860,"context":780},541,{"file":862,"line":863,"context":780},"settings\\settings_engine.php",109,{"file":862,"line":865,"context":780},125,{"file":862,"line":867,"context":780},160,{"file":862,"line":810,"context":780},{"file":862,"line":870,"context":780},251,{"file":862,"line":872,"context":780},276,{"file":862,"line":500,"context":780},{"file":862,"line":875,"context":780},331,{"file":862,"line":732,"context":780},{"file":862,"line":878,"context":780},442,{"file":862,"line":880,"context":780},464,{"file":862,"line":882,"context":780},483,{"file":862,"line":884,"context":780},498,{"file":862,"line":886,"context":780},503,{"file":862,"line":888,"context":780},929,{"file":862,"line":890,"context":780},944,{"file":862,"line":892,"context":780},951,{"file":894,"line":895,"context":780},"settings\\view.php",27,{"file":894,"line":897,"context":780},141,{"file":894,"line":899,"context":780},159,{"file":894,"line":275,"context":780},{"file":894,"line":902,"context":780},171,{"file":904,"line":905,"context":780},"users_import_export\\csv_export.php",168,{"file":904,"line":907,"context":780},170,{"file":904,"line":902,"context":780},{"file":910,"line":550,"context":780},"users_import_export\\imp_exp_hub.php",{"file":910,"line":553,"context":780},{"file":910,"line":913,"context":780},102,{"file":915,"line":275,"context":780},"users_import_export\\pvtc_export.php",{"file":915,"line":323,"context":780},{"file":918,"line":919,"context":780},"user_dashboard\\structure.php",191,{"file":918,"line":583,"context":780},{"file":918,"line":922,"context":780},278,{"file":918,"line":922,"context":780},{"file":925,"line":926,"context":780},"user_dashboard\\view.php",63,{"file":925,"line":239,"context":780},{"file":925,"line":929,"context":780},87,{"file":925,"line":931,"context":780},90,{"file":925,"line":194,"context":780},[934],{"name":935,"version":37,"knownCves":936},"TinyMCE",[],[938,975,985,997,1007,1019,1027,1038,1055,1070,1078,1090,1102,1115,1128,1157,1167,1175,1184,1192,1205,1223,1236,1246],{"entryPoint":939,"graph":940,"unsanitizedCount":274,"severity":40},"\u003Cuser_pvt_page> (main_includes\\user_pvt_page.php:0)",{"nodes":941,"edges":970},[942,946,951,953,958,961,965],{"id":943,"type":944,"label":945,"file":453,"line":767},"n0","source","$_GET",{"id":947,"type":948,"label":949,"file":453,"line":426,"wp_function":950},"n1","sink","echo() [XSS]","echo",{"id":952,"type":944,"label":945,"file":453,"line":767},"n2",{"id":954,"type":948,"label":955,"file":453,"line":956,"wp_function":957},"n3","wp_remote_get() [SSRF]",57,"wp_remote_get",{"id":959,"type":944,"label":945,"file":453,"line":960},"n4",458,{"id":962,"type":963,"label":964,"file":453,"line":960},"n5","transform","→ get_users()",{"id":966,"type":948,"label":967,"file":731,"line":968,"wp_function":969},"n6","get_results() [SQLi]",335,"get_results",[971,972,973,974],{"from":943,"to":947,"sanitized":57},{"from":952,"to":954,"sanitized":57},{"from":959,"to":962,"sanitized":57},{"from":962,"to":966,"sanitized":643},{"entryPoint":976,"graph":977,"unsanitizedCount":27,"severity":40},"get_code (settings\\settings_engine.php:101)",{"nodes":978,"edges":983},[979,982],{"id":943,"type":944,"label":980,"file":862,"line":981},"$_SERVER",103,{"id":947,"type":948,"label":949,"file":862,"line":194,"wp_function":950},[984],{"from":943,"to":947,"sanitized":57},{"entryPoint":986,"graph":987,"unsanitizedCount":27,"severity":40},"successful_save_redirect (settings\\settings_engine.php:841)",{"nodes":988,"edges":995},[989,991],{"id":943,"type":944,"label":945,"file":862,"line":990},849,{"id":947,"type":948,"label":992,"file":862,"line":993,"wp_function":994},"wp_redirect() [Open Redirect]",856,"wp_redirect",[996],{"from":943,"to":947,"sanitized":57},{"entryPoint":998,"graph":999,"unsanitizedCount":27,"severity":40},"get_code (user_dashboard\\dashboard_engine.php:27)",{"nodes":1000,"edges":1005},[1001,1004],{"id":943,"type":944,"label":1002,"file":1003,"line":405},"$_SERVER['REQUEST_URI']","user_dashboard\\dashboard_engine.php",{"id":947,"type":948,"label":949,"file":1003,"line":405,"wp_function":950},[1006],{"from":943,"to":947,"sanitized":57},{"entryPoint":1008,"graph":1009,"unsanitizedCount":13,"severity":1018},"pvtcont_init_session_check_cookie (main_includes\\user_auth.php:12)",{"nodes":1010,"edges":1016},[1011,1013],{"id":943,"type":944,"label":1012,"file":408,"line":365},"$_COOKIE",{"id":947,"type":948,"label":1014,"file":408,"line":550,"wp_function":1015},"get_row() [SQLi]","get_row",[1017],{"from":943,"to":947,"sanitized":643},"low",{"entryPoint":1020,"graph":1021,"unsanitizedCount":13,"severity":1018},"\u003Cuser_auth> (main_includes\\user_auth.php:0)",{"nodes":1022,"edges":1025},[1023,1024],{"id":943,"type":944,"label":1012,"file":408,"line":365},{"id":947,"type":948,"label":1014,"file":408,"line":550,"wp_function":1015},[1026],{"from":943,"to":947,"sanitized":643},{"entryPoint":1028,"graph":1029,"unsanitizedCount":13,"severity":1018},"\u003Csettings_engine> (settings\\settings_engine.php:0)",{"nodes":1030,"edges":1035},[1031,1032,1033,1034],{"id":943,"type":944,"label":980,"file":862,"line":981},{"id":947,"type":948,"label":949,"file":862,"line":194,"wp_function":950},{"id":952,"type":944,"label":945,"file":862,"line":990},{"id":954,"type":948,"label":992,"file":862,"line":993,"wp_function":994},[1036,1037],{"from":943,"to":947,"sanitized":643},{"from":952,"to":954,"sanitized":643},{"entryPoint":1039,"graph":1040,"unsanitizedCount":58,"severity":1018},"\u003Ccsv_export> (users_import_export\\csv_export.php:0)",{"nodes":1041,"edges":1051},[1042,1044,1045,1047,1048,1050],{"id":943,"type":944,"label":1043,"file":904,"line":905},"$_GET['pc_texp_label']",{"id":947,"type":948,"label":949,"file":904,"line":905,"wp_function":950},{"id":952,"type":944,"label":1046,"file":904,"line":907},"$_GET['pc_texp_conds']",{"id":954,"type":948,"label":949,"file":904,"line":907,"wp_function":950},{"id":959,"type":944,"label":1049,"file":904,"line":902},"$_GET['pc_targeted_export']",{"id":962,"type":948,"label":949,"file":904,"line":902,"wp_function":950},[1052,1053,1054],{"from":943,"to":947,"sanitized":57},{"from":952,"to":954,"sanitized":57},{"from":959,"to":962,"sanitized":57},{"entryPoint":1056,"graph":1057,"unsanitizedCount":274,"severity":1018},"\u003Cpvtc_export> (users_import_export\\pvtc_export.php:0)",{"nodes":1058,"edges":1066},[1059,1060,1061,1062,1063,1065],{"id":943,"type":944,"label":1043,"file":915,"line":275},{"id":947,"type":948,"label":949,"file":915,"line":275,"wp_function":950},{"id":952,"type":944,"label":1046,"file":915,"line":323},{"id":954,"type":948,"label":949,"file":915,"line":323,"wp_function":950},{"id":959,"type":944,"label":1049,"file":915,"line":1064},165,{"id":962,"type":948,"label":949,"file":915,"line":1064,"wp_function":950},[1067,1068,1069],{"from":943,"to":947,"sanitized":57},{"from":952,"to":954,"sanitized":57},{"from":959,"to":962,"sanitized":643},{"entryPoint":1071,"graph":1072,"unsanitizedCount":27,"severity":1018},"\u003Cdashboard_engine> (user_dashboard\\dashboard_engine.php:0)",{"nodes":1073,"edges":1076},[1074,1075],{"id":943,"type":944,"label":1002,"file":1003,"line":405},{"id":947,"type":948,"label":949,"file":1003,"line":405,"wp_function":950},[1077],{"from":943,"to":947,"sanitized":57},{"entryPoint":1079,"graph":1080,"unsanitizedCount":27,"severity":1089},"pvtcont_bulk_cat_change (main_includes\\admin_ajax.php:83)",{"nodes":1081,"edges":1087},[1082,1084],{"id":943,"type":944,"label":1083,"file":594,"line":315},"$_POST",{"id":947,"type":948,"label":1085,"file":594,"line":1086,"wp_function":543},"query() [SQLi]",130,[1088],{"from":943,"to":947,"sanitized":57},"high",{"entryPoint":1091,"graph":1092,"unsanitizedCount":27,"severity":1089},"pvtcont_wp_sync_single_user (main_includes\\admin_ajax.php:262)",{"nodes":1093,"edges":1099},[1094,1096,1098],{"id":943,"type":944,"label":1083,"file":594,"line":1095},279,{"id":947,"type":963,"label":1097,"file":594,"line":1095},"→ sync_wp_user()",{"id":952,"type":948,"label":1085,"file":254,"line":848,"wp_function":543},[1100,1101],{"from":943,"to":947,"sanitized":57},{"from":947,"to":952,"sanitized":57},{"entryPoint":1103,"graph":1104,"unsanitizedCount":27,"severity":1089},"pvtcont_wp_detach_single_user (main_includes\\admin_ajax.php:429)",{"nodes":1105,"edges":1112},[1106,1108,1110],{"id":943,"type":944,"label":1083,"file":594,"line":1107},440,{"id":947,"type":963,"label":1109,"file":594,"line":1107},"→ detach_wp_user()",{"id":952,"type":948,"label":1085,"file":254,"line":1111,"wp_function":543},424,[1113,1114],{"from":943,"to":947,"sanitized":57},{"from":947,"to":952,"sanitized":57},{"entryPoint":1116,"graph":1117,"unsanitizedCount":274,"severity":1089},"pvtcont_reg_form_builder (main_includes\\admin_ajax.php:585)",{"nodes":1118,"edges":1125},[1119,1121,1123,1124],{"id":943,"type":944,"label":1083,"file":594,"line":1120},599,{"id":947,"type":948,"label":1122,"file":594,"line":740,"wp_function":722},"unserialize() [Object Injection]",{"id":952,"type":944,"label":1083,"file":594,"line":1120},{"id":954,"type":948,"label":949,"file":594,"line":800,"wp_function":950},[1126,1127],{"from":943,"to":947,"sanitized":57},{"from":952,"to":954,"sanitized":57},{"entryPoint":1129,"graph":1130,"unsanitizedCount":274,"severity":1089},"\u003Cadmin_ajax> (main_includes\\admin_ajax.php:0)",{"nodes":1131,"edges":1149},[1132,1133,1134,1135,1136,1137,1138,1139,1141,1143,1145,1147],{"id":943,"type":944,"label":1083,"file":594,"line":315},{"id":947,"type":948,"label":1085,"file":594,"line":1086,"wp_function":543},{"id":952,"type":944,"label":1083,"file":594,"line":1120},{"id":954,"type":948,"label":1122,"file":594,"line":740,"wp_function":722},{"id":959,"type":944,"label":1083,"file":594,"line":1120},{"id":962,"type":948,"label":949,"file":594,"line":800,"wp_function":950},{"id":966,"type":944,"label":1083,"file":594,"line":1095},{"id":1140,"type":963,"label":1097,"file":594,"line":1095},"n7",{"id":1142,"type":948,"label":1085,"file":254,"line":848,"wp_function":543},"n8",{"id":1144,"type":944,"label":1083,"file":594,"line":1107},"n9",{"id":1146,"type":963,"label":1109,"file":594,"line":1107},"n10",{"id":1148,"type":948,"label":1085,"file":254,"line":1111,"wp_function":543},"n11",[1150,1151,1152,1153,1154,1155,1156],{"from":943,"to":947,"sanitized":643},{"from":952,"to":954,"sanitized":643},{"from":959,"to":962,"sanitized":643},{"from":966,"to":1140,"sanitized":57},{"from":1140,"to":1142,"sanitized":57},{"from":1144,"to":1146,"sanitized":57},{"from":1146,"to":1148,"sanitized":57},{"entryPoint":1158,"graph":1159,"unsanitizedCount":27,"severity":1089},"user_page_admin_script (main_includes\\cpt_and_ct.php:263)",{"nodes":1160,"edges":1165},[1161,1164],{"id":943,"type":944,"label":1162,"file":308,"line":1163},"$_REQUEST['post']",299,{"id":947,"type":948,"label":1014,"file":308,"line":466,"wp_function":1015},[1166],{"from":943,"to":947,"sanitized":57},{"entryPoint":1168,"graph":1169,"unsanitizedCount":27,"severity":1089},"\u003Ccpt_and_ct> (main_includes\\cpt_and_ct.php:0)",{"nodes":1170,"edges":1173},[1171,1172],{"id":943,"type":944,"label":1162,"file":308,"line":1163},{"id":947,"type":948,"label":1014,"file":308,"line":466,"wp_function":1015},[1174],{"from":943,"to":947,"sanitized":57},{"entryPoint":1176,"graph":1177,"unsanitizedCount":27,"severity":1089},"pc_reg_form_submit (main_includes\\front_ajax.php:9)",{"nodes":1178,"edges":1182},[1179,1181],{"id":943,"type":944,"label":1083,"file":668,"line":1180},26,{"id":947,"type":948,"label":1122,"file":668,"line":743,"wp_function":722},[1183],{"from":943,"to":947,"sanitized":57},{"entryPoint":1185,"graph":1186,"unsanitizedCount":27,"severity":1089},"\u003Cfront_ajax> (main_includes\\front_ajax.php:0)",{"nodes":1187,"edges":1190},[1188,1189],{"id":943,"type":944,"label":1083,"file":668,"line":1180},{"id":947,"type":948,"label":1122,"file":668,"line":743,"wp_function":722},[1191],{"from":943,"to":947,"sanitized":57},{"entryPoint":1193,"graph":1194,"unsanitizedCount":369,"severity":1089},"\u003Cusers_list> (main_includes\\users_list.php:0)",{"nodes":1195,"edges":1202},[1196,1198,1199,1201],{"id":943,"type":944,"label":1197,"file":750,"line":751},"$_GET['targeted_export']",{"id":947,"type":948,"label":1122,"file":750,"line":751,"wp_function":722},{"id":952,"type":944,"label":1200,"file":750,"line":315},"$_GET (x4)",{"id":954,"type":948,"label":949,"file":750,"line":831,"wp_function":950},[1203,1204],{"from":943,"to":947,"sanitized":57},{"from":952,"to":954,"sanitized":57},{"entryPoint":1206,"graph":1207,"unsanitizedCount":27,"severity":1089},"\u003Cwp_user_tricks> (main_includes\\wp_user_tricks.php:0)",{"nodes":1208,"edges":1219},[1209,1212,1213,1215,1217],{"id":943,"type":944,"label":1210,"file":485,"line":1211},"$_REQUEST (x2)",147,{"id":947,"type":948,"label":992,"file":485,"line":669,"wp_function":994},{"id":952,"type":944,"label":1214,"file":485,"line":791},"$_REQUEST['user_id']",{"id":954,"type":963,"label":1216,"file":485,"line":791},"→ wp_user_is_linked()",{"id":959,"type":948,"label":1014,"file":254,"line":1218,"wp_function":1015},448,[1220,1221,1222],{"from":943,"to":947,"sanitized":643},{"from":952,"to":954,"sanitized":57},{"from":954,"to":959,"sanitized":57},{"entryPoint":1224,"graph":1225,"unsanitizedCount":27,"severity":1089},"pvtcont_save_user_dashboard_ajax (user_dashboard\\ajax.php:10)",{"nodes":1226,"edges":1233},[1227,1229,1231],{"id":943,"type":944,"label":1083,"file":691,"line":1228},46,{"id":947,"type":963,"label":1230,"file":691,"line":1228},"→ pvtc_is_synced()",{"id":952,"type":948,"label":1014,"file":254,"line":1232,"wp_function":1015},471,[1234,1235],{"from":943,"to":947,"sanitized":57},{"from":947,"to":952,"sanitized":57},{"entryPoint":1237,"graph":1238,"unsanitizedCount":27,"severity":1089},"\u003Cajax> (user_dashboard\\ajax.php:0)",{"nodes":1239,"edges":1243},[1240,1241,1242],{"id":943,"type":944,"label":1083,"file":691,"line":1228},{"id":947,"type":963,"label":1230,"file":691,"line":1228},{"id":952,"type":948,"label":1014,"file":254,"line":1232,"wp_function":1015},[1244,1245],{"from":943,"to":947,"sanitized":57},{"from":947,"to":952,"sanitized":57},{"entryPoint":1247,"graph":1248,"unsanitizedCount":58,"severity":1089},"\u003Cview> (user_dashboard\\view.php:0)",{"nodes":1249,"edges":1258},[1250,1251,1252,1255,1257],{"id":943,"type":944,"label":945,"file":925,"line":187},{"id":947,"type":948,"label":949,"file":925,"line":926,"wp_function":950},{"id":952,"type":944,"label":1253,"file":925,"line":1254},"$_GET (x2)",68,{"id":954,"type":963,"label":1256,"file":925,"line":1254},"→ data_to_human()",{"id":959,"type":948,"label":1122,"file":731,"line":735,"wp_function":722},[1259,1260,1261],{"from":943,"to":947,"sanitized":57},{"from":952,"to":954,"sanitized":57},{"from":954,"to":959,"sanitized":57},{"summary":1263,"deductions":1264},"The \"privatecontent-free\" v1.2.0 plugin presents a mixed security posture.  While it demonstrates good practices in SQL query preparation (81%) and output escaping (90%), and boasts a clean vulnerability history with no recorded CVEs, significant concerns arise from its attack surface. A substantial number of AJAX handlers (31 out of 35) lack authentication checks, creating a wide entry point for potential attacks. The taint analysis reveals a concerning pattern with 14 high-severity flows without proper sanitization, and over two-thirds of analyzed flows (21 out of 24) involve unsanitized paths. The presence of the `unserialize` function, a known risk for deserialization vulnerabilities, further exacerbates these concerns, especially when combined with unsanitized inputs. The limited number of nonce and capability checks (2 and 31 respectively) compared to the large number of unprotected AJAX handlers suggests a significant oversight in securing these entry points.\n\nDespite the absence of publicly known vulnerabilities, the internal code analysis strongly indicates potential weaknesses. The high number of unprotected AJAX endpoints combined with unsanitized taint flows represents the most critical risk. This suggests that while the plugin may not have been targeted or discovered yet, it possesses exploitable flaws. The use of `unserialize` without clear input validation on potentially untrusted data is a significant red flag. The plugin's strengths lie in its handling of SQL and output, but these are overshadowed by the vulnerabilities in its input handling and authentication mechanisms for its AJAX endpoints. A proactive approach to securing these entry points and sanitizing all user-provided data is crucial.",[1265,1267,1269,1271,1273],{"reason":1266,"points":11},"Unprotected AJAX handlers",{"reason":1268,"points":86},"High severity taint flows (unsanitized)",{"reason":1270,"points":205},"Unsanitized paths in taint flows",{"reason":1272,"points":369},"Dangerous function 'unserialize' used",{"reason":1274,"points":369},"Limited nonce checks on AJAX handlers","2026-03-16T22:56:35.276Z",{"wat":1277,"direct":1286},{"assetPaths":1278,"generatorPatterns":1281,"scriptPaths":1282,"versionParams":1283},[1279,1280],"\u002Fwp-content\u002Fplugins\u002Fprivatecontent-free\u002Fcss\u002Fprivatecontent.css","\u002Fwp-content\u002Fplugins\u002Fprivatecontent-free\u002Fjs\u002Fprivatecontent.js",[],[1280],[1284,1285],"privatecontent-free\u002Fcss\u002Fprivatecontent.css?ver=","privatecontent-free\u002Fjs\u002Fprivatecontent.js?ver=",{"cssClasses":1287,"htmlComments":1293,"htmlAttributes":1296,"restEndpoints":1299,"jsGlobals":1300,"shortcodeOutput":1305},[1288,1289,1290,1291,1292],"pc-private-content","pc-form-restricted","pc-login-form-wrapper","pc-button-primary","pc-link-primary",[1294,1295],"\u003C!-- privatecontent-free -->","\u003C!-- privatecontent-free v1.2.0 -->",[1297,1298],"data-pc-lock","data-pc-lock-message",[],[1301,1302,1303,1304],"PC_URL","PC_DIR","PC_VERS","ISPCF",[1306,1307,1308,1309],"[privateContent]","[privateContent_form]","[privateContent_login]","[privateContent_users_list]",{"error":643,"url":1311,"statusCode":1312,"statusMessage":1313,"message":1313},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fprivatecontent-free\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":1315,"versions":1316},13,[1317,1322,1328,1336,1344,1352,1360,1368,1376,1384,1392,1400,1408],{"version":6,"download_url":25,"svn_tag_url":1318,"released_at":37,"has_diff":57,"diff_files_changed":1319,"diff_lines":37,"trac_diff_url":1320,"vulnerabilities":1321,"is_current":643},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.3.0&new_path=%2Fprivatecontent-free%2Ftags%2F1.3.1",[],{"version":39,"download_url":1323,"svn_tag_url":1324,"released_at":37,"has_diff":57,"diff_files_changed":1325,"diff_lines":37,"trac_diff_url":1326,"vulnerabilities":1327,"is_current":57},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.2.0&new_path=%2Fprivatecontent-free%2Ftags%2F1.3.0",[],{"version":1329,"download_url":1330,"svn_tag_url":1331,"released_at":37,"has_diff":57,"diff_files_changed":1332,"diff_lines":37,"trac_diff_url":1333,"vulnerabilities":1334,"is_current":57},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.1.0&new_path=%2Fprivatecontent-free%2Ftags%2F1.2.0",[1335],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":1337,"download_url":1338,"svn_tag_url":1339,"released_at":37,"has_diff":57,"diff_files_changed":1340,"diff_lines":37,"trac_diff_url":1341,"vulnerabilities":1342,"is_current":57},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.0.10&new_path=%2Fprivatecontent-free%2Ftags%2F1.1.0",[1343],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":1345,"download_url":1346,"svn_tag_url":1347,"released_at":37,"has_diff":57,"diff_files_changed":1348,"diff_lines":37,"trac_diff_url":1349,"vulnerabilities":1350,"is_current":57},"1.0.10","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.0.10.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.0.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.0.9&new_path=%2Fprivatecontent-free%2Ftags%2F1.0.10",[1351],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":1353,"download_url":1354,"svn_tag_url":1355,"released_at":37,"has_diff":57,"diff_files_changed":1356,"diff_lines":37,"trac_diff_url":1357,"vulnerabilities":1358,"is_current":57},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.0.8&new_path=%2Fprivatecontent-free%2Ftags%2F1.0.9",[1359],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":1361,"download_url":1362,"svn_tag_url":1363,"released_at":37,"has_diff":57,"diff_files_changed":1364,"diff_lines":37,"trac_diff_url":1365,"vulnerabilities":1366,"is_current":57},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.0.7&new_path=%2Fprivatecontent-free%2Ftags%2F1.0.8",[1367],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":1369,"download_url":1370,"svn_tag_url":1371,"released_at":37,"has_diff":57,"diff_files_changed":1372,"diff_lines":37,"trac_diff_url":1373,"vulnerabilities":1374,"is_current":57},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.0.6&new_path=%2Fprivatecontent-free%2Ftags%2F1.0.7",[1375],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":1377,"download_url":1378,"svn_tag_url":1379,"released_at":37,"has_diff":57,"diff_files_changed":1380,"diff_lines":37,"trac_diff_url":1381,"vulnerabilities":1382,"is_current":57},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.0.3&new_path=%2Fprivatecontent-free%2Ftags%2F1.0.6",[1383],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":1385,"download_url":1386,"svn_tag_url":1387,"released_at":37,"has_diff":57,"diff_files_changed":1388,"diff_lines":37,"trac_diff_url":1389,"vulnerabilities":1390,"is_current":57},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.0.2&new_path=%2Fprivatecontent-free%2Ftags%2F1.0.3",[1391],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":1393,"download_url":1394,"svn_tag_url":1395,"released_at":37,"has_diff":57,"diff_files_changed":1396,"diff_lines":37,"trac_diff_url":1397,"vulnerabilities":1398,"is_current":57},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.0.1&new_path=%2Fprivatecontent-free%2Ftags%2F1.0.2",[1399],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":1401,"download_url":1402,"svn_tag_url":1403,"released_at":37,"has_diff":57,"diff_files_changed":1404,"diff_lines":37,"trac_diff_url":1405,"vulnerabilities":1406,"is_current":57},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fprivatecontent-free%2Ftags%2F1.0.0&new_path=%2Fprivatecontent-free%2Ftags%2F1.0.1",[1407],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39},{"version":102,"download_url":1409,"svn_tag_url":1410,"released_at":37,"has_diff":57,"diff_files_changed":1411,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":1412,"is_current":57},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivatecontent-free.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fprivatecontent-free\u002Ftags\u002F1.0.0\u002F",[],[1413],{"id":33,"url_slug":34,"title":35,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":39}]