[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3oqr7sz5tZ3KuHFdb3qe_TgmsR3-Y0go7MHdBkaqOiQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":129,"fingerprints":158},"protected-post-password-hint","Protected Post Password Hint","2.0.2","Nobody","https:\u002F\u002Fprofiles.wordpress.org\u002Fabelcheung\u002F","\u003Cp>Traditionally all password protected posts contain a boiler-plate password form without any hints. Without any capability to change the string, one must provide the hint in another post, which is a bit clumsy. Not to mention, people viewing the single protected post only will be unable to see the hint at all. With this plugin protected posts are more usable.\u003C\u002Fp>\n\u003Cp>The password hint is taken from a certain custom field within the protected post, with key name ‘password_hint’. If this key is present, the value of key is immediately taken as the password hint. Without the key, the standard password form is shown again.\u003C\u002Fp>\n","Replace boiler-plate password form shown in protected posts with a form containing hints taken from 'password_hint' custom field.",20,6117,100,1,"2012-06-26T21:23:00.000Z","3.4.2","2.7","",[20,21,22,23,24],"password","password-form","post","posts","protected-post","http:\u002F\u002Fme.abelcheung.org\u002Fdevel\u002Fprotected-post-password-hint\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotected-post-password-hint.RELEASE-2-0-2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"abelcheung",30,84,"2026-04-05T09:26:38.891Z",[38,61,79,97,114],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":57,"download_link":58,"security_score":35,"vuln_count":59,"unpatched_count":28,"last_vuln_date":60,"fetched_at":30},"protected-posts-logout-button","Protected Posts Logout Button","1.4.6","Nate Reist","https:\u002F\u002Fprofiles.wordpress.org\u002Fnatereist\u002F","\u003Cp>This plugin simply adds a logout button to the content of any password protected post. Sometimes clients want a password protected page to share information with privileged individuals and the default 10 days for the cookie to expire is too long for their liking. So I wrote a little plugin to do this with AJAX and set the cookie to expire immediately, well actually 10 days in the past.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works logged in or out as a WordPress user.\u003C\u002Fli>\n\u003Cli>Uses the same functionality WordPress uses to set post cookies.\u003C\u002Fli>\n\u003Cli>Has a simple settings page to make everything easier.\u003C\u002Fli>\n\u003Cli>Allows you to alert user they have logged out.\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatically adds a logout button to your password protected content.",1000,33408,98,13,"2023-02-16T00:46:00.000Z","6.1.10","2.8",[54,55,56],"logout","password-protected-posts-logout-button","wordpress-security","http:\u002F\u002Fmindutopia.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotected-posts-logout-button.1.4.6.zip",3,"2023-02-20 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":13,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":18,"download_link":78,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"p5","p5 : Plenty of Perishable Passwords for Protected Posts","1.4","Cyril Batillat","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyrilbatillat\u002F","\u003Cp>By default, WordPress can protect each post with one and only password. This plugin gives you the possibility to assign multiple passwords on each post, with an expiration date.\u003C\u002Fp>\n","Specify multiple passwords for pages \u002F posts \u002F custom post  types. An expiration date can be set for each password.",50,3354,5,"2014-05-20T09:45:00.000Z","3.9.40","3.5",[76,20,77],"expiration","protected-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fp5.1.4.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":34,"downloaded":87,"rating":13,"num_ratings":88,"last_updated":89,"tested_up_to":17,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":95,"download_link":96,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"protected-post-personalizer","Protected Post Personalizer","0.6","Orin","https:\u002F\u002Fprofiles.wordpress.org\u002Forin\u002F","\u003Cp>This plugin is a simple one, but good at what it does. It changes three elements of protected posts to make them more friendly to visitors.\u003C\u002Fp>\n\u003Ch3>Prefixes:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>customize prefix for password-protected posts from default “Protected: “\u003C\u002Fli>\n\u003Cli>customize prefix for private posts from “Private: “\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Custom Previews:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>ability to use the post’s excerpt (if one is saved) when no password is given\u003C\u002Fli>\n\u003Cli>ability to show custom text for all password-protected posts\u003C\u002Fli>\n\u003Cli>if no saved excerpt, show the default OR use custom site-wide text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Password Form:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>change text before the password input box\u003C\u002Fli>\n\u003Cli>change text of submit button\u003C\u002Fli>\n\u003Cli>add custom CSS; set class or ID for theme integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Change Log\u003C\u002Fh4>\n\u003Cp>0.6 – corrected for WordPress 2.7, which handles protected and private posts differently.\u003Cbr \u002F>\n0.5 – initial public release\u003C\u002Fp>\n","This plugin is a simple one, but good at what it does. It changes three elements of protected posts to make them more friendly to visitors.",5781,2,"2009-01-24T20:49:00.000Z","2.3",[92,20,23,93,94],"formatting","title","titles","http:\u002F\u002Fglot.homepie.org\u002Fplugins\u002Fprotected-post-personalizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotected-post-personalizer.0.6.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":13,"num_ratings":14,"last_updated":18,"tested_up_to":107,"requires_at_least":52,"requires_php":18,"tags":108,"homepage":111,"download_link":112,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":113},"password-protect-all-posts","Password Protect All Posts","0.1","volmar","https:\u002F\u002Fprofiles.wordpress.org\u002Fvolmar\u002F","\u003Cp>This plugin puts a global password selected by you on all posts. Based on Matt Mullenwegs plugin “Protect old posts”\u003C\u002Fp>\n\u003Cp>I’ve looked for a plugin like this but couldn’t find one that fitted my needs so i this one. I hope it will be helpfull for someone else to.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BEWARE: This will write over all old passwords and replace it with the one you select.\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin puts a global password selected by you on all posts. Based on Matt Mullenwegs plugin \"Protect old posts\"",10,2641,"3.0.5",[109,110],"password-protection","protect-posts","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpassword-protect-all-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-protect-all-posts.0.1.zip","2026-03-15T14:44:11.924Z",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":105,"downloaded":122,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":123,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":126,"download_link":127,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":128},"wp-posts-password-batch-manager","WP Posts Password Batch Manager","1.1","suifengtec","https:\u002F\u002Fprofiles.wordpress.org\u002Fsuifengtec\u002F","\u003Cp>This plugin allows you to add\u002Fdelete password for all your posts or some sepcial posts.\u003C\u002Fp>\n","Batch managing your posts password with me.",1367,"4.0.38","3.6",[20,23],"http:\u002F\u002Fsuoling.net\u002Fwp-posts-password-batch-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-posts-password-batch-manager.1.1.zip","2026-03-15T10:48:56.248Z",{"attackSurface":130,"codeSignals":142,"taintFlows":149,"riskAssessment":150,"analyzedAt":157},{"hooks":131,"ajaxHandlers":138,"restRoutes":139,"shortcodes":140,"cronEvents":141,"entryPointCount":28,"unprotectedCount":28},[132],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","the_password_form","get_the_password_form_with_hint","protected-post-password-hint.php",68,[],[],[],[],{"dangerousFunctions":143,"sqlUsage":144,"outputEscaping":146,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":148},[],{"prepared":28,"raw":28,"locations":145},[],{"escaped":14,"rawEcho":28,"locations":147},[],[],[],{"summary":151,"deductions":152},"The static analysis of the 'protected-post-password-hint' plugin v2.0.2 reveals a generally strong security posture. The plugin exhibits no known dangerous functions, no SQL queries without prepared statements, and all identified output is properly escaped. Furthermore, there are no file operations or external HTTP requests, and no vulnerabilities have been recorded in its history. This indicates a diligent approach to secure coding practices.  However, the complete absence of nonce checks and capability checks across all entry points, combined with a lack of any identified flows in taint analysis, while seemingly indicating no vulnerabilities currently, also raises a concern. This could imply that either the plugin has an extremely limited attack surface that doesn't necessitate these checks, or that the analysis tools were unable to identify potential weaknesses in how authorization and data integrity are handled.  A balanced conclusion is that while the plugin appears to be built with good practices concerning direct code execution and data handling, the lack of explicit authorization and data integrity checks on its (albeit currently non-existent) entry points represents a potential oversight that could become a weakness if functionality is added or expanded in the future.",[153,155],{"reason":154,"points":71},"No nonce checks implemented",{"reason":156,"points":71},"No capability checks implemented","2026-03-16T22:46:29.270Z",{"wat":159,"direct":164},{"assetPaths":160,"generatorPatterns":161,"scriptPaths":162,"versionParams":163},[],[],[],[],{"cssClasses":165,"htmlComments":168,"htmlAttributes":169,"restEndpoints":172,"jsGlobals":173,"shortcodeOutput":174},[166,167],"password-hint","password-box",[],[170,171],"name=\"post_password\"","id=\"pwbox-",[],[],[]]