[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftt7Cc4ga-pINFPcp_PXN7iU-AbvCfezGCqXSSY66Cx0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":52,"analysis":160,"fingerprints":941},"pz-frontend-manager","PZ Frontend Manager","1.0.6","Project Zealous","https:\u002F\u002Fprofiles.wordpress.org\u002Fprojectzealous01\u002F","\u003Cp>PZ Frontend Manager is a free plugin that allows your clients to manage their users and posts without accessing the WordPress admin. That way, you can reduce the possibility of the error caused by accidental clicks and also reduce the confusion on your client’s end to not access pages that are not necessary to their needs or capabilities.\u003C\u002Fp>\n\u003Ch4>Key features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>User login and registration – Allow your visitors or site users to create their accounts by enabling your user registration in your Frontend Manager Settings. Verify their emails by enabling the account activation which will be sent to the email they have registered with.\u003C\u002Fli>\n\u003Cli>User Profile – Allow your users to customize their profiles. You can add more user information fields on their profile page to fill in. It also has a password field to allow your users to change their passwords anytime they want.\u003C\u002Fli>\n\u003Cli>Post Management – Add or manage your posts through the Frontend Manager with the same functionality as the wp-admin. Add your content and featured images and categorize your posts based on your preference. You can also create your categories and tags.\u003C\u002Fli>\n\u003Cli>User Management – Add or manage your user’s data including their passwords. You can add\u002Fupdate\u002Fremove fields based on your desired information from your users. \u003C\u002Fli>\n\u003Cli>User role capability – Control what can be accessed by the users based on their user role.\u003C\u002Fli>\n\u003C\u002Ful>\n","PZ Frontend Manager allows your clients to manage their platform without accessing the wp-admin dashboard.",10,1449,100,4,"2024-06-27T07:35:00.000Z","6.5.8","6.1","7.4",[20,21,22,23,24],"admin","dashboard","frontend","frontend-dashboard","role","https:\u002F\u002Fproj-z.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpz-frontend-manager.zip",91,1,0,"2024-07-01 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-6244","pz-frontend-manager-cross-site-request-forgery-to-profile-picture-update","PZ Frontend Manager \u003C= 1.0.5 - Cross-Site Request Forgery to Profile Picture Update","The PZ Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the pzfm_upload_avatar_callback() function. This makes it possible for unauthenticated attackers to update profile pictures via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.5","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-07-03 16:38:27",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4cb5d487-0f22-4a34-8558-fe06c19a375b?source=api-prod",3,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":47,"trust_score":50,"computed_at":51},"projectzealous01",94,"2026-04-04T14:00:30.341Z",[53,74,94,117,138],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":29,"num_ratings":29,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":71,"download_link":72,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"frontend-dashboard-notification","Frontend Dashboard Notification","1.1","M A Vinoth Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinoth06\u002F","\u003Cblockquote>\n\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>This is an Add-on plugin of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffrontend-dashboard\u002F\" rel=\"ugc\">Frontend Dashboard\u003C\u002Fa>, So please install \u003Ca href=\"https:\u002F\u002Fbuffercode.com\u002Fplugin\u002Ffrontend-dashboard\" rel=\"nofollow ugc\">Frontend Dashboard\u003C\u002Fa> to use this plugin\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Frontend Dashboard Notification is an add-on for Frontend Dashboard WordPress plugin which allows user to show notification in Frontend Dashboard page. There are six notification slots where users can show content, image, slider, post or gutenberg blocks. The six notification slots can be restricted to users by their user role or dashboard menu or notification slot.\u003C\u002Fp>\n","Frontend Dashboard Notification is an add-on for Frontend Dashboard WordPress plugin which allows user to show notification in Frontend Dashboard page &hellip;",60,71909,"2020-05-27T03:56:00.000Z","5.4.19","4.6","",[68,69,70,21,23],"custom-login","custom-register","custom-roles","https:\u002F\u002Fbuffercode.com\u002Fplugin\u002Ffrontend-dashboard-notification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffrontend-dashboard-notification.1.1.zip",85,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":11,"downloaded":82,"rating":29,"num_ratings":29,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":92,"download_link":93,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"rimplates","Rimplates","1.0.5","The Rimplates Team","https:\u002F\u002Fprofiles.wordpress.org\u002Frimplates\u002F","\u003Cp>Rimplates is a dashboard maker for wordpress. Using this Plugin is simple, install it, Rimplates will appear on your admin dashboard menu (with ability to add \u002F create templates, dashboard ~ it supports both admin dashboard & user dashboard).\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>You might need the \u003Ca href=\"http:\u002F\u002Frimplates.tawk.help\u002F\" rel=\"nofollow ugc\">Docs – http:\u002F\u002Frimplates.tawk.help\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>FEATURES OF RIMPLATES\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create Stylish User Dashboard\u003C\u002Fli>\n\u003Cli>Create Admin Dashbaord \u003C\u002Fli>\n\u003Cli>Customize dashboard settings, title, footer text etc\u003C\u002Fli>\n\u003Cli>Easy User Menu Setup for any created dashboard\u003C\u002Fli>\n\u003Cli>It’s free and open source\u003C\u002Fli>\n\u003C\u002Fol>\n","Rimplates is a dashboard maker for wordpress. Using this Plugin is simple, install it, Rimplates will appear on your admin dashboard menu (with abilit &hellip;",986,"2022-02-27T22:01:00.000Z","5.9.13","3.0.1","5.6",[88,23,89,90,91],"admin-dashboard","portal-maker","user-dashboard","user-menu","https:\u002F\u002Frimplates.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frimplates.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":66,"tags":109,"homepage":112,"download_link":113,"security_score":114,"vuln_count":115,"unpatched_count":29,"last_vuln_date":116,"fetched_at":31},"announce-from-the-dashboard","Announce from the Dashboard","1.5.3","gqevu6bsiz","https:\u002F\u002Fprofiles.wordpress.org\u002Fgqevu6bsiz\u002F","\u003Cp>This plugin to show announce for per user roles.\u003C\u002Fp>\n\u003Cp>And, if you want to change plugin capability, please refer to this code.\u003C\u002Fp>\n\u003Cp>For example add filter:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function afd_custom_change_capability( $capability ) {\n    \u002F\u002F plugin minimum capability\n    $capability = 'edit_posts';\n    return $capability;\n}\nadd_filter( 'afd_capability_manager' , 'afd_custom_change_capability' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>And, if you want to add filter, please refer to this code.\u003C\u002Fp>\n\u003Cp>For example add filter:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function afd_custom_filter( $announces ) {\n    \u002F\u002F filter\n    return $announces;\n}\n\nadd_filter( 'afd_before_announce' , 'afd_custom_filter' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>日本語でのご説明(Japanese description)\u003C\u002Fh3>\n\u003Cp>このプラグインは、ダッシュボードにお知らせを表示するプラグインです。\u003Cbr \u002F>\nユーザーの権限グループ別に、編集者のみへの表示、\u003Cbr \u002F>\n投稿者と寄稿者と購読者のみに表示する設定もできます。\u003C\u002Fp>\n","Announcement to users on the Dashboard.",7000,24375,86,6,"2024-03-30T05:56:00.000Z","4.3.34","3.8",[20,110,21,111,24],"announce","news","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fannounce-from-the-dashboard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fannounce-from-the-dashboard.1.5.3.zip",84,2,"2024-04-03 00:00:00",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":86,"tags":132,"homepage":66,"download_link":137,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"role-based-redirect","Role Based Redirect","1.6","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>Role Based Redirect allows you to customize the login and logout redirection URLs based on user roles. Additionally, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Redirect users after login based on their role.\u003C\u002Fli>\n\u003Cli>Redirect users after logout based on their role.\u003C\u002Fli>\n\u003Cli>Hide the WordPress admin bar for selected user roles.\u003C\u002Fli>\n\u003Cli>Restrict dashboard access by user role.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is useful for membership sites, multi-role websites, or any WordPress setup where you want to provide a tailored user experience.\u003C\u002Fp>\n","Redirect users after login\u002Flogout by role. Optionally hide admin bar and block dashboard access for selected roles.",2000,24663,96,17,"2025-07-18T04:36:00.000Z","6.9.4","4.0",[133,134,135,24,136],"hide-admin-bar","redirection","restrict-dashboard","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frole-based-redirect.zip",{"slug":139,"name":140,"version":141,"author":142,"author_profile":143,"description":144,"short_description":145,"active_installs":146,"downloaded":147,"rating":148,"num_ratings":149,"last_updated":150,"tested_up_to":151,"requires_at_least":152,"requires_php":66,"tags":153,"homepage":156,"download_link":157,"security_score":158,"vuln_count":28,"unpatched_count":29,"last_vuln_date":159,"fetched_at":31},"display-admin-page-on-frontend","WP Frontend Admin – Display WP Admin Pages in the Frontend","1.22.8","Jose Vega","https:\u002F\u002Fprofiles.wordpress.org\u002Fjosevega\u002F","\u003Cp>WP Frontend Admin is a plugin for managing your site from the front end, Display WP Admin Pages in the Frontend, and Create custom dashboards in the frontend.\u003C\u002Fp>\n\u003Cp>When you are in wp-admin you will see a “View in the frontend” option in the toolbar.\u003C\u002Fp>\n\u003Cp>When you click the option you can automatically see the same page in the frontend as a normal user.\u003C\u002Fp>\n\u003Cp>Yes. It´s that easy.\u003C\u002Fp>\n\u003Cp>One click is all you need to display an admin page in the frontend and share the link with your clients, employees, or users.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fcj4F8yE_O_8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Show Gutenberg in the Frontend\u003C\u002Fh4>\n\u003Cp>You can allow your users to submit posts in the frontend using the Gutenberg editor. So they can create beautiful posts easily.\u003C\u002Fp>\n\u003Ch4>Use cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>View and edit posts from the frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View and edit blog categories from the frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View and edit blog tags from the frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Publish and edit posts from the frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Create custom dashboards for your clients\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Create apps using WordPress. Just display the admin pages required by your app.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Hide the fact that you use WordPress\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Change the CSS of the admin pages , so they look the same as your theme design.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Limitation\u003C\u002Fh4>\n\u003Cp>The free plugin is for blogs, it lets you view these pages in the frontend only:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>The list of blog posts\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The blog post editor\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The list of blog categories\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The list of blog tags\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Go Premium\u003C\u002Fh4>\n\u003Cp>The premium version lets you \u003Cstrong>display ANY admin page\u003C\u002Fstrong> in the frontend:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>View settings pages in the frontend.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View theme settings in the frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View WooCommerce settings in the frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View WooCommerce sales stats in the frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow your users to Edit WooCommerce Products in the Frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow your users to publish Events from the Frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow to Manage your WooCommerce Store in the Frontend\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Basically you can display the pages of ANY PLUGIN in the frontend. For example, Jetpack, WooCommerce, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fgo\u002Fstart-free-trial-wporg\" rel=\"nofollow ugc\">Try Premium Version for FREE – 7 Days\u003C\u002Fa>\u003Cbr \u002F>\nTry the plugin without worries.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEG1NE3X5yNs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fgo\u002Fstart-free-trial-wporg\" rel=\"nofollow ugc\">Try Premium Version for FREE – 7 Days\u003C\u002Fa>\u003Cbr \u002F>\nTry the plugin without worries.\u003C\u002Fp>\n\u003Ch4>Free version examples\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow Post Submissions from the Frontend \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fallow-post-submissions-from-the-frontend\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium version examples\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Change Permalink Settings from the Frontend in WordPress \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fchange-permalink-settings-from-the-frontend-in-wordpress\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Change Site Settings from the Frontend in WordPress \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fchange-site-settings-from-the-frontend-in-wordpress\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create and Manage Users from the Frontend \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fcreate-and-manage-users-from-the-frontend\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create WooCommerce Coupons from the Frontend \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fcreate-woocommerce-coupons-from-the-frontend\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create WooCommerce Products from the Frontend \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fcreate-woocommerce-products-from-the-frontend\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Install Themes from the Frontend in WordPress \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Finstall-themes-from-the-frontend-in-wordpress\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Install Updates from the Frontend in WordPress \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Finstall-updates-from-the-frontend-in-wordpress\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Install WordPress Plugins from the Frontend \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Finstall-wordpress-plugins-from-the-frontend\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Manage Nav Menus from the Frontend \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fmanage-nav-menus-from-the-frontend\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Manage User Comments from the Frontend in WordPress \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fmanage-user-comments-from-the-frontend-in-wordpress\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Manage Widgets from the Frontend in WordPress \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fmanage-widgets-from-the-frontend-in-wordpress\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Manage WooCommerce Settings from the Frontend \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fmanage-woocommerce-settings-from-the-frontend\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Setup a Theme from the Frontend in WordPress \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fsetup-a-theme-from-the-frontend-in-wordpress\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>View and Dispatch WooCommerce Orders from the Frontend \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fview-and-dispatch-woocommerce-orders-from-the-frontend\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>View WooCommerce Sales Reports from the Frontend \u003Ca href=\"https:\u002F\u002Fwpfrontendadmin.com\u002Fview-woocommerce-sales-reports-from-the-frontend\u002F?utm_source=wp.org&utm_campaign=tutorials-list&utm_medium=readme\" rel=\"nofollow ugc\">View tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Show Gutenberg Editor in the Frontend. Display WP Admin Pages in the Frontend. Create custom dashboards in the front end, Allow to Edit in the Fronten &hellip;",600,39552,98,54,"2025-10-24T23:54:00.000Z","6.8.5","3.6",[154,21,155,23,90],"custom-dashboard","frontend-editor","https:\u002F\u002Fwpfrontendadmin.com\u002F?utm_source=wp-admin&utm_medium=plugins-list","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-admin-page-on-frontend.1.22.8.zip",99,"2025-09-22 00:00:00",{"attackSurface":161,"codeSignals":462,"taintFlows":775,"riskAssessment":925,"analyzedAt":940},{"hooks":162,"ajaxHandlers":409,"restRoutes":446,"shortcodes":447,"cronEvents":460,"entryPointCount":461,"unprotectedCount":11},[163,169,173,176,179,182,185,188,191,194,198,201,204,208,213,217,221,225,228,233,236,239,242,244,247,252,256,260,264,267,269,272,275,279,283,287,291,295,300,304,308,311,315,319,322,326,330,334,338,341,344,348,351,354,358,362,366,370,374,378,382,386,390,394,398,401,405],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","after_setup_theme","login_user","admin\\classes\\class-core.php",13,{"type":164,"name":170,"callback":171,"file":167,"line":172},"init","pzfm_allow_uploads",15,{"type":164,"name":170,"callback":174,"file":167,"line":175},"pzfm_init_uninstall",16,{"type":164,"name":177,"callback":178,"file":167,"line":128},"wp","pzfm_sessions",{"type":164,"name":177,"callback":180,"file":167,"line":181},"pzfm_user_registration",18,{"type":164,"name":177,"callback":183,"file":167,"line":184},"save_settings",19,{"type":164,"name":177,"callback":186,"file":167,"line":187},"save_user_profile",20,{"type":164,"name":177,"callback":189,"file":167,"line":190},"save_user",21,{"type":164,"name":177,"callback":192,"file":167,"line":193},"save_post",22,{"type":164,"name":195,"callback":196,"file":167,"line":197},"template_redirect","redirection_notification",23,{"type":164,"name":195,"callback":199,"file":167,"line":200},"user_regerror_redirection",24,{"type":164,"name":195,"callback":202,"file":167,"line":203},"user_session_redirection",25,{"type":164,"name":205,"callback":206,"file":167,"line":207},"wp_footer","pzfm_login_popup",26,{"type":209,"name":210,"callback":211,"priority":11,"file":167,"line":212},"filter","theme_page_templates","pzfm_add_wp_template",28,{"type":209,"name":214,"callback":215,"file":167,"line":216},"page_template","pzfm_page_template",29,{"type":209,"name":218,"callback":219,"file":167,"line":220},"body_class","closure",40,{"type":209,"name":222,"callback":223,"file":167,"line":224},"show_admin_bar","__return_false",240,{"type":164,"name":226,"callback":219,"file":167,"line":227},"admin_notices",675,{"type":164,"name":229,"callback":230,"file":231,"line":232},"wp_enqueue_scripts","pzfm_styles_scripts","admin\\classes\\class-scripts.php",7,{"type":164,"name":234,"callback":230,"file":231,"line":235},"admin_enqueue_scripts",8,{"type":164,"name":205,"callback":237,"file":231,"line":238},"pzfm_autocomplete_script",9,{"type":164,"name":240,"callback":241,"priority":11,"file":231,"line":11},"wp_print_styles","dequeue_scripts",{"type":164,"name":226,"callback":219,"file":231,"line":243},192,{"type":164,"name":226,"callback":245,"file":246,"line":149},"pzfm_dashboard_page_notification","admin\\includes\\activation-hooks.php",{"type":164,"name":248,"callback":249,"priority":250,"file":246,"line":251},"admin_bar_menu","pzfm__admin_bar_item",500,70,{"type":209,"name":253,"callback":254,"priority":11,"file":246,"line":255},"display_post_states","pzfm__dashboard_post_states",77,{"type":209,"name":257,"callback":258,"priority":11,"file":246,"line":259},"plugin_action_links","pzfm_disable_plugin_deactivation",87,{"type":164,"name":261,"callback":262,"file":263,"line":11},"plugins_loaded","pzfm_set_dashboard","admin\\includes\\hooks.php",{"type":209,"name":265,"callback":265,"priority":11,"file":263,"line":266},"pzfm_post_row_data_author",12,{"type":209,"name":268,"callback":268,"priority":11,"file":263,"line":184},"pzfm_post_row_data_date",{"type":209,"name":270,"callback":271,"priority":11,"file":263,"line":197},"pzfm_post_row_data_categories","pzfm_post_row_data_tax_categories",{"type":209,"name":273,"callback":273,"priority":11,"file":263,"line":274},"pzfm_post_row_data_tags",41,{"type":164,"name":276,"callback":277,"priority":28,"file":263,"line":278},"pzfm_dashboard_content","pzfm_dashboard_content_cb",59,{"type":209,"name":280,"callback":281,"file":263,"line":282},"pzfm_personal_info_fields","pzfm_personal_info_fields_content",63,{"type":209,"name":284,"callback":285,"file":263,"line":286},"ajax_query_attachments_args","pzfm_show_current_user_attachments",71,{"type":164,"name":288,"callback":289,"file":263,"line":290},"wp_head","pzfm_inline_styles",79,{"type":209,"name":292,"callback":293,"file":263,"line":294},"pzfm_email_meta_tags","pzfm_personal_info_meta_tags",93,{"type":164,"name":296,"callback":297,"priority":298,"file":263,"line":299},"pzfm_after_users_header","after_contacts_role_header",80,102,{"type":164,"name":301,"callback":302,"priority":298,"file":263,"line":303},"pzfm_after_users_details","after_contacts_role_details",108,{"type":164,"name":296,"callback":305,"priority":306,"file":263,"line":307},"pzfm_user_registered_column",90,123,{"type":164,"name":301,"callback":309,"priority":306,"file":263,"line":310},"pzfm_user_date_registered",130,{"type":164,"name":312,"callback":313,"priority":11,"file":263,"line":314},"pzfm_send_email_notif","pzfm_email_new_contact",142,{"type":164,"name":316,"callback":317,"priority":11,"file":263,"line":318},"pzfm_after_save_user_profile","pzfm_save_new_password",160,{"type":164,"name":316,"callback":320,"priority":11,"file":263,"line":321},"pzfm_save_billing_profile",186,{"type":164,"name":323,"callback":324,"priority":158,"file":263,"line":325},"pzfm_after_footer_hook","pzfm_general_setting_alerts",207,{"type":164,"name":327,"callback":328,"file":263,"line":329},"pzfm_before_registration_form","pzfm_registration_failed_callback",239,{"type":164,"name":331,"callback":332,"file":263,"line":333},"pzfm_after_registration_form","pzfm_registration_captcha_callback",259,{"type":164,"name":335,"callback":336,"file":263,"line":337},"pzfm_after_registration_form_fields","pzfm_registration_captcha_sitekey_callback",266,{"type":164,"name":205,"callback":339,"file":263,"line":340},"pzfm_registration_captcha_script_callback",273,{"type":164,"name":342,"callback":342,"file":263,"line":343},"pzfm_after_save_pop",274,{"type":209,"name":345,"callback":346,"file":263,"line":347},"pzfm_users_args","pzfm_users_args_management",285,{"type":164,"name":316,"callback":349,"file":263,"line":350},"pzfm_save_author_cover",301,{"type":164,"name":170,"callback":352,"file":263,"line":353},"add_upload_capabilities",326,{"type":164,"name":355,"callback":356,"priority":11,"file":263,"line":357},"pzfm_after_save_user_registration","pzfm_send_email_notification",334,{"type":164,"name":359,"callback":360,"priority":11,"file":263,"line":361},"pzfm_after_save_contact","pzfm_send_email_account_created",374,{"type":164,"name":363,"callback":364,"priority":11,"file":263,"line":365},"pzfm_field_generator_after_label_phone","pzfm_registration_phone_error",404,{"type":164,"name":367,"callback":368,"file":263,"line":369},"gsfd_posts_table_filter","gsfd_posts_table_filter_status",406,{"type":209,"name":371,"callback":372,"file":263,"line":373},"pzfm_post_query","pzfm_post_query_status",421,{"type":164,"name":375,"callback":376,"file":263,"line":377},"pzfm_after_save_settings","pzfm_save_capability_settings_callback",453,{"type":164,"name":379,"callback":380,"file":263,"line":381},"pzfm_after_save_admin_settings","pzfm_save_userrole_editor",454,{"type":209,"name":383,"callback":384,"file":263,"line":385},"pzfm_login_url","pzfm_custom_loggedin_url",498,{"type":209,"name":387,"callback":388,"file":263,"line":389},"pzfm_register_url","pzfm_custom_register_url",515,{"type":209,"name":391,"callback":392,"file":263,"line":393},"pzfm_logout_url","pzfm_new_logout_redirect",533,{"type":209,"name":395,"callback":396,"file":263,"line":397},"tiny_mce_before_init","changeMceDefaults",537,{"type":164,"name":359,"callback":399,"priority":11,"file":263,"line":400},"pzfm_after_save_contact_avatar_callback",566,{"type":209,"name":402,"callback":403,"file":404,"line":181},"option_active_plugins","pzfm_option_active_plugins","admin\\includes\\mu-plugins\\disable-plugins.php",{"type":164,"name":261,"callback":406,"file":407,"line":408},"pzfm_load_textdomain","pz-frontend-manager.php",58,[410,415,418,420,423,426,429,432,435,438,442],{"action":411,"nopriv":412,"callback":413,"hasNonce":412,"hasCapCheck":412,"file":414,"line":115},"pzfm_remove_item",false,"pzfm_remove_item_callback","admin\\includes\\ajax-hooks.php",{"action":416,"nopriv":412,"callback":416,"hasNonce":412,"hasCapCheck":412,"file":414,"line":417},"pzfm_generate_password",129,{"action":416,"nopriv":419,"callback":416,"hasNonce":412,"hasCapCheck":412,"file":414,"line":310},true,{"action":421,"nopriv":412,"callback":421,"hasNonce":412,"hasCapCheck":412,"file":414,"line":422},"pzfm_bg_images_remove",137,{"action":424,"nopriv":412,"callback":424,"hasNonce":412,"hasCapCheck":412,"file":414,"line":425},"pzfm_get_categories",147,{"action":427,"nopriv":412,"callback":427,"hasNonce":412,"hasCapCheck":412,"file":414,"line":428},"pzfm_save_categories",161,{"action":430,"nopriv":412,"callback":430,"hasNonce":412,"hasCapCheck":412,"file":414,"line":431},"pzfm_get_tag",209,{"action":433,"nopriv":412,"callback":433,"hasNonce":412,"hasCapCheck":412,"file":414,"line":434},"pzfm_save_tag",222,{"action":436,"nopriv":412,"callback":436,"hasNonce":412,"hasCapCheck":412,"file":414,"line":437},"pzfm_user_activation_action",270,{"action":439,"nopriv":412,"callback":440,"hasNonce":412,"hasCapCheck":412,"file":414,"line":441},"pzfm_user_request_action","pzfm_user_request_action_callback",290,{"action":443,"nopriv":412,"callback":444,"hasNonce":419,"hasCapCheck":412,"file":414,"line":445},"pzfm_upload_avatar","pzfm_upload_avatar_callback",347,[],[448,452,456],{"tag":449,"callback":450,"file":167,"line":451},"pzfm-login-form","pzfm_get_loginpage",31,{"tag":453,"callback":454,"file":167,"line":455},"pzfm-register","pzfm_get_registerpage",32,{"tag":457,"callback":458,"file":167,"line":459},"pzfm-popup-login","pzfm_dashboard_menu",33,[],14,{"dangerousFunctions":463,"sqlUsage":464,"outputEscaping":468,"fileOperations":47,"externalRequests":29,"nonceChecks":238,"capabilityChecks":29,"bundledLibraries":771},[],{"prepared":266,"raw":28,"locations":465},[466],{"file":246,"line":105,"context":467},"$wpdb->get_row() with variable interpolation",{"escaped":469,"rawEcho":470,"locations":471},601,206,[472,475,477,479,481,483,486,487,489,490,492,494,496,498,500,502,504,506,507,509,511,512,513,515,516,517,520,521,523,524,526,528,529,531,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,549,550,551,553,554,555,556,558,559,560,561,562,563,564,566,567,568,570,571,573,574,575,576,577,578,580,582,583,585,586,587,589,591,592,593,594,595,596,598,600,602,604,605,606,607,609,611,613,614,616,617,619,620,622,623,624,625,627,628,630,631,633,634,635,636,638,639,640,642,644,646,648,649,651,652,653,655,656,658,660,661,662,663,664,665,666,668,670,671,672,674,676,679,680,681,682,683,684,686,687,689,691,692,693,694,695,696,698,699,701,702,703,704,705,707,709,710,712,714,716,718,719,720,721,722,723,724,726,727,729,730,732,734,735,736,737,738,740,741,742,744,746,748,749,750,752,754,756,757,758,759,760,761,763,765,767,769],{"file":167,"line":473,"context":474},56,"raw output",{"file":167,"line":476,"context":474},269,{"file":231,"line":478,"context":474},168,{"file":231,"line":480,"context":474},185,{"file":414,"line":482,"context":474},133,{"file":484,"line":485,"context":474},"admin\\includes\\function-fields.php",66,{"file":484,"line":114,"context":474},{"file":488,"line":377,"context":474},"admin\\includes\\functions.php",{"file":263,"line":73,"context":474},{"file":263,"line":491,"context":474},88,{"file":263,"line":493,"context":474},105,{"file":263,"line":495,"context":474},128,{"file":263,"line":497,"context":474},218,{"file":263,"line":499,"context":474},235,{"file":263,"line":501,"context":474},264,{"file":263,"line":503,"context":474},402,{"file":505,"line":105,"context":474},"templates\\dashboard-cards-tpl.php",{"file":505,"line":235,"context":474},{"file":508,"line":451,"context":474},"templates\\dashboard.php",{"file":508,"line":510,"context":474},76,{"file":508,"line":73,"context":474},{"file":508,"line":104,"context":474},{"file":508,"line":514,"context":474},89,{"file":508,"line":27,"context":474},{"file":508,"line":294,"context":474},{"file":518,"line":519,"context":474},"templates\\emails\\email-admin-activation.tpl.php",27,{"file":518,"line":212,"context":474},{"file":518,"line":522,"context":474},30,{"file":518,"line":459,"context":474},{"file":518,"line":525,"context":474},34,{"file":518,"line":527,"context":474},46,{"file":518,"line":527,"context":474},{"file":530,"line":11,"context":474},"templates\\emails\\email-create-acount.tpl.php",{"file":530,"line":532,"context":474},11,{"file":530,"line":532,"context":474},{"file":530,"line":207,"context":474},{"file":530,"line":212,"context":474},{"file":530,"line":216,"context":474},{"file":530,"line":522,"context":474},{"file":530,"line":451,"context":474},{"file":530,"line":451,"context":474},{"file":530,"line":455,"context":474},{"file":530,"line":455,"context":474},{"file":530,"line":455,"context":474},{"file":530,"line":527,"context":474},{"file":530,"line":527,"context":474},{"file":530,"line":527,"context":474},{"file":530,"line":527,"context":474},{"file":530,"line":548,"context":474},47,{"file":530,"line":548,"context":474},{"file":530,"line":548,"context":474},{"file":530,"line":552,"context":474},49,{"file":530,"line":552,"context":474},{"file":530,"line":552,"context":474},{"file":530,"line":552,"context":474},{"file":557,"line":238,"context":474},"templates\\emails\\email-lost-password.tpl.php",{"file":557,"line":532,"context":474},{"file":557,"line":266,"context":474},{"file":557,"line":128,"context":474},{"file":557,"line":181,"context":474},{"file":557,"line":193,"context":474},{"file":557,"line":193,"context":474},{"file":565,"line":207,"context":474},"templates\\emails\\email-proof-of-payment.tpl.php",{"file":565,"line":519,"context":474},{"file":565,"line":216,"context":474},{"file":565,"line":569,"context":474},42,{"file":565,"line":569,"context":474},{"file":572,"line":197,"context":474},"templates\\emails\\email-registration-activation.tpl.php",{"file":572,"line":203,"context":474},{"file":572,"line":519,"context":474},{"file":572,"line":455,"context":474},{"file":572,"line":459,"context":474},{"file":572,"line":525,"context":474},{"file":572,"line":579,"context":474},37,{"file":572,"line":581,"context":474},38,{"file":572,"line":149,"context":474},{"file":572,"line":584,"context":474},55,{"file":572,"line":473,"context":474},{"file":572,"line":278,"context":474},{"file":572,"line":588,"context":474},65,{"file":590,"line":238,"context":474},"templates\\emails\\email-registration-confirmation.tpl.php",{"file":590,"line":519,"context":474},{"file":590,"line":212,"context":474},{"file":590,"line":522,"context":474},{"file":590,"line":525,"context":474},{"file":590,"line":581,"context":474},{"file":590,"line":597,"context":474},44,{"file":590,"line":599,"context":474},45,{"file":590,"line":601,"context":474},57,{"file":603,"line":238,"context":474},"templates\\emails\\email-reset-password.tpl.php",{"file":603,"line":519,"context":474},{"file":603,"line":216,"context":474},{"file":603,"line":451,"context":474},{"file":603,"line":608,"context":474},35,{"file":603,"line":610,"context":474},36,{"file":603,"line":612,"context":474},48,{"file":603,"line":612,"context":474},{"file":615,"line":11,"context":474},"templates\\header.php",{"file":615,"line":187,"context":474},{"file":618,"line":181,"context":474},"templates\\login-form.tpl.php",{"file":618,"line":200,"context":474},{"file":621,"line":47,"context":474},"templates\\login.tpl.php",{"file":621,"line":11,"context":474},{"file":621,"line":11,"context":474},{"file":621,"line":184,"context":474},{"file":626,"line":519,"context":474},"templates\\lostpassword.tpl.php",{"file":626,"line":455,"context":474},{"file":629,"line":522,"context":474},"templates\\nav-menu.tpl.php",{"file":629,"line":581,"context":474},{"file":629,"line":632,"context":474},39,{"file":629,"line":569,"context":474},{"file":629,"line":597,"context":474},{"file":629,"line":527,"context":474},{"file":637,"line":408,"context":474},"templates\\posts\\categories.tpl.php",{"file":637,"line":588,"context":474},{"file":637,"line":294,"context":474},{"file":637,"line":641,"context":474},97,{"file":637,"line":643,"context":474},127,{"file":637,"line":645,"context":474},159,{"file":647,"line":569,"context":474},"templates\\posts\\form.tpl.php",{"file":647,"line":599,"context":474},{"file":647,"line":650,"context":474},52,{"file":647,"line":584,"context":474},{"file":647,"line":588,"context":474},{"file":647,"line":654,"context":474},74,{"file":647,"line":27,"context":474},{"file":647,"line":657,"context":474},107,{"file":659,"line":184,"context":474},"templates\\posts\\posts.tpl.php",{"file":659,"line":212,"context":474},{"file":659,"line":455,"context":474},{"file":659,"line":149,"context":474},{"file":659,"line":149,"context":474},{"file":659,"line":584,"context":474},{"file":659,"line":584,"context":474},{"file":659,"line":667,"context":474},122,{"file":669,"line":408,"context":474},"templates\\posts\\tags.tpl.php",{"file":669,"line":588,"context":474},{"file":669,"line":251,"context":474},{"file":669,"line":673,"context":474},158,{"file":669,"line":675,"context":474},190,{"file":677,"line":678,"context":474},"templates\\registration-form.tpl.php",5,{"file":677,"line":678,"context":474},{"file":677,"line":11,"context":474},{"file":677,"line":172,"context":474},{"file":677,"line":581,"context":474},{"file":677,"line":599,"context":474},{"file":677,"line":685,"context":474},50,{"file":677,"line":601,"context":474},{"file":688,"line":184,"context":474},"templates\\settings\\capability-settings.php",{"file":690,"line":581,"context":474},"templates\\settings\\license-key-settings.php",{"file":690,"line":581,"context":474},{"file":690,"line":632,"context":474},{"file":690,"line":220,"context":474},{"file":690,"line":650,"context":474},{"file":690,"line":650,"context":474},{"file":690,"line":697,"context":474},53,{"file":690,"line":149,"context":474},{"file":700,"line":266,"context":474},"templates\\settings\\logo-banner-settings.php",{"file":700,"line":168,"context":474},{"file":700,"line":184,"context":474},{"file":700,"line":207,"context":474},{"file":700,"line":519,"context":474},{"file":706,"line":632,"context":474},"templates\\settings\\registration-settings.php",{"file":706,"line":708,"context":474},43,{"file":706,"line":282,"context":474},{"file":706,"line":711,"context":474},67,{"file":706,"line":713,"context":474},73,{"file":715,"line":212,"context":474},"templates\\settings.tpl.php",{"file":717,"line":47,"context":474},"templates\\sidebar.php",{"file":717,"line":678,"context":474},{"file":717,"line":232,"context":474},{"file":717,"line":461,"context":474},{"file":717,"line":175,"context":474},{"file":717,"line":552,"context":474},{"file":717,"line":473,"context":474},{"file":717,"line":725,"context":474},72,{"file":717,"line":255,"context":474},{"file":717,"line":728,"context":474},82,{"file":717,"line":127,"context":474},{"file":717,"line":731,"context":474},103,{"file":733,"line":232,"context":474},"templates\\single-posts.tpl.php",{"file":733,"line":238,"context":474},{"file":733,"line":190,"context":474},{"file":733,"line":608,"context":474},{"file":733,"line":569,"context":474},{"file":739,"line":168,"context":474},"templates\\thank-you.php",{"file":739,"line":168,"context":474},{"file":739,"line":181,"context":474},{"file":743,"line":197,"context":474},"templates\\users\\form.tpl.php",{"file":743,"line":745,"context":474},64,{"file":747,"line":522,"context":474},"templates\\users\\profile.tpl.php",{"file":747,"line":114,"context":474},{"file":747,"line":73,"context":474},{"file":747,"line":751,"context":474},117,{"file":747,"line":753,"context":474},146,{"file":755,"line":11,"context":474},"templates\\users\\users.tpl.php",{"file":755,"line":207,"context":474},{"file":755,"line":588,"context":474},{"file":755,"line":158,"context":474},{"file":755,"line":299,"context":474},{"file":755,"line":299,"context":474},{"file":755,"line":762,"context":474},116,{"file":755,"line":764,"context":474},132,{"file":755,"line":766,"context":474},157,{"file":755,"line":768,"context":474},162,{"file":770,"line":168,"context":474},"templates\\users\\view.tpl.php",[772],{"name":773,"version":38,"knownCves":774},"Select2",[],[776,792,806,819,827,846,857,865,873,881,889,906],{"entryPoint":777,"graph":778,"unsanitizedCount":28,"severity":40},"user_regerror_redirection (admin\\classes\\class-core.php:656)",{"nodes":779,"edges":790},[780,785],{"id":781,"type":782,"label":783,"file":167,"line":784},"n0","source","$_POST['pzfm-process_error']",660,{"id":786,"type":787,"label":788,"file":167,"line":784,"wp_function":789},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[791],{"from":781,"to":786,"sanitized":412},{"entryPoint":793,"graph":794,"unsanitizedCount":29,"severity":805},"save_settings (admin\\classes\\class-core.php:506)",{"nodes":795,"edges":803},[796,799],{"id":781,"type":782,"label":797,"file":167,"line":798},"$_POST (x12)",521,{"id":786,"type":787,"label":800,"file":167,"line":801,"wp_function":802},"update_option() [Settings Manipulation]",525,"update_option",[804],{"from":781,"to":786,"sanitized":419},"low",{"entryPoint":807,"graph":808,"unsanitizedCount":29,"severity":805},"pzfm_upload_avatar_callback (admin\\includes\\ajax-hooks.php:348)",{"nodes":809,"edges":817},[810,813],{"id":781,"type":782,"label":811,"file":414,"line":812},"$_POST",356,{"id":786,"type":787,"label":814,"file":414,"line":815,"wp_function":816},"file_put_contents() [File Write]",364,"file_put_contents",[818],{"from":781,"to":786,"sanitized":419},{"entryPoint":820,"graph":821,"unsanitizedCount":29,"severity":805},"\u003Cajax-hooks> (admin\\includes\\ajax-hooks.php:0)",{"nodes":822,"edges":825},[823,824],{"id":781,"type":782,"label":811,"file":414,"line":812},{"id":786,"type":787,"label":814,"file":414,"line":815,"wp_function":816},[826],{"from":781,"to":786,"sanitized":419},{"entryPoint":828,"graph":829,"unsanitizedCount":29,"severity":805},"pzfm_registration_failed_callback (admin\\includes\\hooks.php:223)",{"nodes":830,"edges":843},[831,834,838,841],{"id":781,"type":782,"label":832,"file":263,"line":833},"$_GET",231,{"id":786,"type":787,"label":835,"file":263,"line":836,"wp_function":837},"echo() [XSS]",233,"echo",{"id":839,"type":782,"label":840,"file":263,"line":836},"n2","$_GET['message']",{"id":842,"type":787,"label":835,"file":263,"line":836,"wp_function":837},"n3",[844,845],{"from":781,"to":786,"sanitized":419},{"from":839,"to":842,"sanitized":419},{"entryPoint":847,"graph":848,"unsanitizedCount":29,"severity":805},"\u003Chooks> (admin\\includes\\hooks.php:0)",{"nodes":849,"edges":854},[850,851,852,853],{"id":781,"type":782,"label":832,"file":263,"line":833},{"id":786,"type":787,"label":835,"file":263,"line":836,"wp_function":837},{"id":839,"type":782,"label":840,"file":263,"line":836},{"id":842,"type":787,"label":835,"file":263,"line":836,"wp_function":837},[855,856],{"from":781,"to":786,"sanitized":419},{"from":839,"to":842,"sanitized":419},{"entryPoint":858,"graph":859,"unsanitizedCount":28,"severity":805},"\u003Cheader> (templates\\header.php:0)",{"nodes":860,"edges":863},[861,862],{"id":781,"type":782,"label":832,"file":615,"line":181},{"id":786,"type":787,"label":835,"file":615,"line":187,"wp_function":837},[864],{"from":781,"to":786,"sanitized":412},{"entryPoint":866,"graph":867,"unsanitizedCount":28,"severity":805},"\u003Csettings.tpl> (templates\\settings.tpl.php:0)",{"nodes":868,"edges":871},[869,870],{"id":781,"type":782,"label":832,"file":715,"line":28},{"id":786,"type":787,"label":835,"file":715,"line":212,"wp_function":837},[872],{"from":781,"to":786,"sanitized":412},{"entryPoint":874,"graph":875,"unsanitizedCount":29,"severity":805},"\u003Csidebar> (templates\\sidebar.php:0)",{"nodes":876,"edges":879},[877,878],{"id":781,"type":782,"label":832,"file":717,"line":527},{"id":786,"type":787,"label":835,"file":717,"line":552,"wp_function":837},[880],{"from":781,"to":786,"sanitized":419},{"entryPoint":882,"graph":883,"unsanitizedCount":29,"severity":805},"\u003Cusers.tpl> (templates\\users\\users.tpl.php:0)",{"nodes":884,"edges":887},[885,886],{"id":781,"type":782,"label":832,"file":755,"line":149},{"id":786,"type":787,"label":835,"file":755,"line":762,"wp_function":837},[888],{"from":781,"to":786,"sanitized":419},{"entryPoint":890,"graph":891,"unsanitizedCount":28,"severity":905},"pzfm_user_registration (admin\\classes\\class-core.php:569)",{"nodes":892,"edges":902},[893,895,898],{"id":781,"type":782,"label":894,"file":167,"line":146},"$_SERVER",{"id":786,"type":896,"label":897,"file":167,"line":146},"transform","→ pzfm_spam_registration()",{"id":839,"type":787,"label":899,"file":488,"line":900,"wp_function":901},"get_var() [SQLi]",947,"get_var",[903,904],{"from":781,"to":786,"sanitized":412},{"from":786,"to":839,"sanitized":412},"high",{"entryPoint":907,"graph":908,"unsanitizedCount":28,"severity":905},"\u003Cclass-core> (admin\\classes\\class-core.php:0)",{"nodes":909,"edges":920},[910,911,912,913,914,916,918],{"id":781,"type":782,"label":797,"file":167,"line":798},{"id":786,"type":787,"label":800,"file":167,"line":801,"wp_function":802},{"id":839,"type":782,"label":783,"file":167,"line":784},{"id":842,"type":787,"label":788,"file":167,"line":784,"wp_function":789},{"id":915,"type":782,"label":894,"file":167,"line":146},"n4",{"id":917,"type":896,"label":897,"file":167,"line":146},"n5",{"id":919,"type":787,"label":899,"file":488,"line":900,"wp_function":901},"n6",[921,922,923,924],{"from":781,"to":786,"sanitized":419},{"from":839,"to":842,"sanitized":419},{"from":915,"to":917,"sanitized":412},{"from":917,"to":919,"sanitized":412},{"summary":926,"deductions":927},"The \"pz-frontend-manager\" plugin exhibits a mixed security posture.  While it shows good practices in SQL query preparation (92% prepared) and output escaping (74% properly escaped), significant concerns arise from its attack surface. A large number of AJAX handlers (10 out of 11) lack authentication checks, creating a wide potential entry point for attackers.  Furthermore, the taint analysis revealed two high-severity flows with unsanitized data, indicating a risk of cross-site scripting (XSS) or other injection vulnerabilities if these flows are triggered by user input.  The plugin's vulnerability history shows one previously disclosed medium-severity CVE, a Cross-Site Request Forgery (CSRF), which suggests that the developers have addressed past issues. However, the presence of unprotected AJAX endpoints and high-severity taint flows, even without currently unpatched CVEs, indicates that new vulnerabilities could be introduced or exploited.",[928,930,932,934,936,938],{"reason":929,"points":11},"10 unprotected AJAX handlers",{"reason":931,"points":266},"2 high severity taint flows",{"reason":933,"points":235},"5 flows with unsanitized paths",{"reason":935,"points":11},"0 capability checks on entry points",{"reason":937,"points":47},"Bundled Select2 library",{"reason":939,"points":11},"1 medium severity CVE (past)","2026-03-16T23:49:48.661Z",{"wat":942,"direct":957},{"assetPaths":943,"generatorPatterns":950,"scriptPaths":951,"versionParams":952},[944,945,946,947,948,949],"\u002Fwp-content\u002Fplugins\u002Fpz-frontend-manager\u002Fassets\u002Fcss\u002Fdashboard-style.css","\u002Fwp-content\u002Fplugins\u002Fpz-frontend-manager\u002Fassets\u002Fcss\u002Ffrontend-style.css","\u002Fwp-content\u002Fplugins\u002Fpz-frontend-manager\u002Fassets\u002Fjs\u002Ffrontend.js","\u002Fwp-content\u002Fplugins\u002Fpz-frontend-manager\u002Fassets\u002Fjs\u002Ffrontend.min.js","\u002Fwp-content\u002Fplugins\u002Fpz-frontend-manager\u002Fassets\u002Fjs\u002Fautocomplete.js","\u002Fwp-content\u002Fplugins\u002Fpz-frontend-manager\u002Fassets\u002Fjs\u002Fautocomplete.min.js",[],[946,948],[953,954,955,956],"pz-frontend-manager\u002Fassets\u002Fcss\u002Fdashboard-style.css?ver=","pz-frontend-manager\u002Fassets\u002Fcss\u002Ffrontend-style.css?ver=","pz-frontend-manager\u002Fassets\u002Fjs\u002Ffrontend.js?ver=","pz-frontend-manager\u002Fassets\u002Fjs\u002Fautocomplete.js?ver=",{"cssClasses":958,"htmlComments":964,"htmlAttributes":965,"restEndpoints":968,"jsGlobals":969,"shortcodeOutput":972},[449,959,960,961,962,963],"pzfm-register-form","pzfm-dashboard-container","pzfm-user-profile","pzfm-post-list","pzfm-media-uploader",[],[966,967],"data-pzfm-action","data-pzfm-id",[],[970,971],"pzfm_ajax_object","pzfm_vars",[973,974,975,976,977,978],"[pzfm-login]","[pzfm-register]","[pzfm-dashboard]","[pzfm-user-profile]","[pzfm-post-list]","[pzfm-media-uploader]"]