[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3J-cpJAXiN62Nk6saM3rPkJYhO_NmIqdcwkTiO2xPxY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":138,"fingerprints":370},"remind-me-to-change-my-password","Remind me to change my password","1.0","Kantari Samy","https:\u002F\u002Fprofiles.wordpress.org\u002Fleprincenoir\u002F","\u003Ch4>Enhance the security of your website by managing the passwords expiry date and the suspension of inactive accounts\u003C\u002Fh4>\n\u003Cp>\u003Cem>Remind me to change my password\u003C\u002Fem> is the perfect plugin if you have to handle certain security requirements on your websites. Some fields of activity happen to require a frequent update of passwords. If this is you, this plugin will be of valuable help!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With the \u003Cem>Remind me to change my password\u003C\u002Fem> plugin, you can easily:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>set up the passwords period of validity\u003C\u002Fli>\n\u003Cli>set up a delay before the password has to be updated, once the expiry date is reached.\u003C\u002Fli>\n\u003Cli>define the roles this rule applies to\u003C\u002Fli>\n\u003Cli>automatically suspend the accounts that exceeded the delay for password update\u003C\u002Fli>\n\u003Cli>delete or reactivate a suspended account.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Some little extras:\u003C\u002Fstrong>\u003Cbr \u002F>\nA \u003Cem>privileged\u003C\u002Fem> account: in order to avoid losing access to the website, an admin account is appointed as impossible to suspend. This way, there will always be someone able to reactivate the suspended accounts. This account will not be submitted to the set up rule.\u003Cbr \u002F>\nA nice and simple visibility in your back-office: you can set up a highlight color. It will help you visualize, at a glance to your users list, if some of them have reached their expiry date and need to update their password shortly.\u003C\u002Fp>\n\u003Cp>The plugin set up interface is placed under the “Users” menu of your website, as this is where you manage the users and their passwords. The plugin sets up both an access to the basic parameters management screen (validity period, delays, etc), and to a suspended accounts management screen.\u003C\u002Fp>\n\u003Ch3>Features and Options:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Passwords validity period management screen (validity period, delay before account suspension, roles the rule applies to, non suspendable account…)\u003C\u002Fli>\n\u003Cli>Automatic email alert sent to the user when the password has reached its expiry date\u003C\u002Fli>\n\u003Cli>Display of a warning message with a call-to-action button to update the password (the CTA send an autmatic email to the user with a password renewal link)\u003C\u002Fli>\n\u003Cli>Automatic suspension of the accounts that have exceeded the set up validity period without updating their password.\u003C\u002Fli>\n\u003Cli>Suspended accounts management screen, that allows to reactivate or delete these accounts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Available languages\u003C\u002Fh3>\n\u003Cp>The plugin is currently available in French and English.\u003C\u002Fp>\n\u003Ch3>About us\u003C\u002Fh3>\n\u003Cp>“Remind me to change my password” is one of the WordPress plugins made by \u003Ca href=\"https:\u002F\u002Fwww.whodunit.agency\u002F\" rel=\"nofollow ugc\">Whodunit Agency.\u003C\u002Fa>\u003Cbr \u002F>\nWhodunit is a full-remote French WordPress agency. Founded in 2009, we are deeply involved in open-source development. Whodunit is the biggest agency in France in terms of contribution to the WordPress ecosystem.\u003Cbr \u002F>\nWe are building tailor-made editorial experiences for our clients and also providing high-level maintenance services. This activity is strongly related to our commitment to WordPress core development.\u003C\u002Fp>\n\u003Ch3>Help and support\u003C\u002Fh3>\n\u003Ch4>How does the user know he has to update his password?\u003C\u002Fh4>\n\u003Cp>Once the password expiry date is reached, an automatic email is sent to ethe user to request that he updates his password. Plus, once the users want to log in with an expired password, a warning message requests that he updates it, with a call-to-action button to send (or re-send) the automatic email with the password renewal link. The user does not have the ability to log in before updating his password.\u003C\u002Fp>\n\u003Ch4>When the account is suspended, is it deleted?\u003C\u002Fh4>\n\u003Cp>No. When the account is suspended, the user no longer has access to the website, the account no longer appears in the website accounts list, however it does appear in the suspended accounts list (under Users > Suspended accounts), where the admin can chose to reactivate the account or delete it permanently. Both actions request manual action from the admin, which is why the deletion is not automatic.\u003C\u002Fp>\n\u003Ch4>If the account has been suspended but the user tries to log in, what happens?\u003C\u002Fh4>\n\u003Cp>If the account is suspended (the user did not update his password in time), when the user tries to log in, an error message indicates that the account is suspended and advise to reach out to the website admin in order to reactivate the account. Then, the website admin can go to the suspended accounts management screen and manually reactivate the account. The user will receive a new email to update his password and finalize the procedure.\u003C\u002Fp>\n\u003Ch4>If I am an admin of the website, can my account be suspended?\u003C\u002Fh4>\n\u003Cp>The password management rules can apply to the “Administrator” role, therefore an admin can have his account suspended if he doesn’t update his password in due time. However, when setting up the plugin, an admin account is appointed as impossible to suspend. This way, there is always someone who can access the website, whatever the context, and reactivate the suspended accounts when needed.\u003C\u002Fp>\n\u003Ch4>Does the password management rule defined with the plugin apply to all of the users roles?\u003C\u002Fh4>\n\u003Cp>Not necessarily. The settings (password management and account suspension) apply to the roles selected by the admin when setting up the plugin. You are the one selecting the one or several role that are submitted to the rule: all of them, a selection, only one, depending on your own needs.\u003C\u002Fp>\n\u003Ch4>When updating the password, is it possible to re-use the same one?\u003C\u002Fh4>\n\u003Cp>No. A security rule prevents to use the same password as before. The user will have to define a new password and this way we can keep a good security level for his account.\u003C\u002Fp>\n\u003Ch4>How, as an admin, can I reactivate a suspended account?\u003C\u002Fh4>\n\u003Cp>In the administration panel, under Users > Suspended account(s), the admin can reactivate a suspended account that to the “magic wand” icon.\u003C\u002Fp>\n","Enhance the security of your website by managing the passwords expiry date and the suspension of inactive accounts.",10,1522,0,"2022-01-26T13:03:00.000Z","5.9.13","5.0","",[19,20,21],"manage-passwords","password","reset-password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremind-me-to-change-my-password.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"leprincenoir",4,460,30,84,"2026-04-04T10:43:26.445Z",[35,55,79,100,119],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":17,"download_link":53,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"frontend-reset-password","Frontend Reset Password","1.3.3","Wp Enhanced","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpenhanced\u002F","\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> lets your site users reset their lost or forgotten passwords in the frontend of your site. No more default WordPress reset form! Users fill in their username or email address and a reset password link is emailed to them. When they click this link they’ll be redirected to your site and asked for a new password. Everything is handled using default WordPress methods including security, so you don’t have to worry.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> is perfect for sites that have disabled access to the WordPress dashboard, or if you want to include a lost\u002Freset password form on one of your custom site pages. It also works great with \u003Cstrong>Easy Digital Downloads\u003C\u002Fstrong>!\u003C\u002Fp>\n\u003Cp>Any error messages display right on the form, including whether the username or email address is invalid.\u003C\u002Fp>\n\u003Cp>The plugin works by hooking into the \u003Ccode>lostpassword_url\u003C\u002Fcode> WordPress filter, meaning compatibility with other plugins can be better maintained.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Frontend Reset Password\u003C\u002Fstrong> is also translation ready.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Modern settings framework for easy configuration & searching our documentation\u003Cbr \u002F>\n– Password requirements and eye icon toggle\u003Cbr \u002F>\n– Customizable reset link text and email templates\u003Cbr \u002F>\n– Full documentation at https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation and setup guide:\u003Cbr \u002F>\nhttps:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\u003C\u002Fp>\n\u003Cp>Find answers, usage examples, and troubleshooting tips on our official documentation site.\u003C\u002Fp>\n\u003Ch3>Setup Guide\u003C\u002Fh3>\n\u003Cp>Quick Start:\u003Cbr \u002F>\n1. Add the shortcode \u003Ccode>[reset_password]\u003C\u002Fcode> to any page.\u003Cbr \u002F>\n2. Visit \u003Cstrong>Settings > Frontend Reset Password\u003C\u002Fstrong> in your WordPress admin to select your reset page and configure options.\u003Cbr \u002F>\n3. (Optional) Customize form text, password requirements, and email templates.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\" rel=\"nofollow ugc\">online documentation\u003C\u002Fa> for screenshots and advanced usage.\u003C\u002Fp>\n\u003Ch3>Customisation\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Customisation Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Change all form text and labels\u003Cbr \u002F>\n– Set password requirements (length, character types)\u003Cbr \u002F>\n– Show\u002Fhide eye icon for password fields\u003Cbr \u002F>\n– Customize email subject, sender, and template\u003Cbr \u002F>\n– Display login link after password reset\u003C\u002Fp>\n\u003Cp>Very little CSS styling is used, so the forms should style with your website theme beautifully.\u003C\u002Fp>\n\u003Cp>If you use a frontend login page you can set that in the plugin also. Users are told they can login and are shown the url when they successfully change their password.\u003C\u002Fp>\n\u003Cp>You can also set the minimum number of characters required for a password. Default is 0.\u003C\u002Fp>\n\u003Ch3>Support & Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.wpenhanced.com\u002Ffrontend-reset-password\u002F\" rel=\"nofollow ugc\">Full Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Quick start guide in plugin settings\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffrontend-reset-password\u002F\" rel=\"ugc\">WordPress.org Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Let your users reset their forgotten passwords from the frontend of your website.",10000,167187,88,38,"2026-01-30T10:23:00.000Z","6.9.4","4.4",[51,52,20,21],"login","lost-password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffrontend-reset-password.zip",100,{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":45,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":17,"download_link":75,"security_score":76,"vuln_count":77,"unpatched_count":13,"last_vuln_date":78,"fetched_at":25},"password-policy-manager","Password Policy Manager | Password Manager","2.0.6","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpassword-policy-manager\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-password-policy-manager-to-enforce-wordpress-password-security\" rel=\"nofollow ugc\">Setup Guide\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpassword-policy-manager#free-demo\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Enforce Strong and Secure Password Policies with Password Policy Manager\u003C\u002Fh3>\n\u003Cp>The miniOrange \u003Cstrong>Password Policy Manager\u003C\u002Fstrong> plugin helps you enforce strong and secure password policies with features like \u003Cstrong>password reset\u003C\u002Fstrong>, \u003Cstrong>password expiry\u003C\u002Fstrong>, \u003Cstrong>password score\u003C\u002Fstrong>, and \u003Cstrong>strong password rules\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You can manage user passwords efficiently using the user password manager, password strength meter, and history manager to enhance overall password security.\u003Cbr \u002F>\nIn case of a breach, take quick action with one-click password reset, lock inactive users, and enforce random password rules.\u003C\u002Fp>\n\u003Cp>This ensures complete protection by securing passwords, and managing both active and lock inactive users to prevent password-based attacks.\u003Cbr \u002F>\nHave questions? Reach us at \u003Cstrong>mfasupport@xecurify.com\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What is the Password Policy Manager Plugin for WordPress?\u003C\u002Fh3>\n\u003Cp>WordPress plugin for password expiry, strength check, and secure policy enforcement. Easy to install and configure, this Password Security plugin secures your site without disrupting the user experience.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FZnwEDbedz1A?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>WordPress PPM Key Features (Free Version)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enforce strong passwords:\u003C\u002Fstrong> Force all users to create strong passwords according to the password policy set by the admin for high Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-setup-password-policy-setting-wordpress-password-policy-plugin\" rel=\"nofollow ugc\">Users password manager:\u003C\u002Fa>\u003C\u002Fstrong> User password manager allows the admin to manage the users’ passwords (like password strength, how many passwords are strong, etc) to check the Password Security. [password policy setup guide]\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enforce password change:\u003C\u002Fstrong> Administrators can force users to change their password on their next login using this functionality use to enforce strong passwords on their users and ensure strong Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-one-click-reset-password-setting-wordpress-password-policy-plugin\" rel=\"nofollow ugc\">One click reset password:\u003C\u002Fa>\u003C\u002Fstrong> This feature allows the admin to invalidate the current password and force their users to generate a new strong password. This can be done for all users in case of any breach. This will kill all the current sessions and users will be forced to set a new strong password via email hence reinforcing the Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-password-score-or-password-strength-checker-password-policy\" rel=\"nofollow ugc\">Password Score:\u003C\u002Fa>\u003C\u002Fstrong> It will show all the users’ password strengths. You can check whether the passwords being used are strong, medium or weak. Based on that you can use the enforce strong passwords feature to improve Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-setup-password-expiry-time-wordpress-password-policy-plugin\" rel=\"nofollow ugc\">Auto Password Expiry:\u003C\u002Fa>\u003C\u002Fstrong> This feature allows the admin to enforce a custom time-based password expiry to improve Password Security. Once the password has expired, the users will be forced to create a new password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password strength:\u003C\u002Fstrong> The admin can set the minimum and maximum length of the password. You can also add constraints that you want your users to follow while setting a strong password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Users:\u003C\u002Fstrong> There is no user limit on the password policy manager plugin and it can be used to create password policies for unlimited users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Which Key Features does Password Policy Manager support in the Enterprise Plan?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Role-Based Enforce Strong Password on First Login:\u003C\u002Fstrong> Force specific users roles to create strong passwords according to the password policy set by the admin on their first login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Based One-click password Reset and Logout:\u003C\u002Fstrong> Admin can reset passwords of users at once and terminate their logged-in sessions with just one click in case of any suspicious activity using the One-click reset password. Admin can then send password reset links over email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect URL:\u003C\u002Fstrong> The admin can redirect their users to a different \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-custom-redirect-url-password-policy-manager-on-wordpress\" rel=\"nofollow ugc\">custom URL\u003C\u002Fa> using this functionality.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Active & Inactive Users Activity Log:\u003C\u002Fstrong> The admin can track the activity of all active as well as lock inactive users using this tool of the Password Policy Enterprise plan.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logout Inactive Users:\u003C\u002Fstrong> When this setting is enabled, a user is logged out and their session is destroyed if they are inactive for more than the customizable set time limit.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite:\u003C\u002Fstrong> The Password Policy Manager Enterprise plugin is multisite compatible and can be used to create password policies for an entire multisite network.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For any customization-related queries, reach us at mfasupport@xecurify.com or call us at +1 9786589387.\u003C\u002Fp>\n\u003Ch3>Upgrade to miniOrange Password Policy Manager Premium Plan for Advanced Security\u003C\u002Fh3>\n\u003Cp>The premium plan of miniOrange WordPress Password Policy Manager gives you complete control over how users can secure passwords, helping you enforce policies across all roles, customize the login experience, and secure even the most complex WordPress setups.\u003C\u002Fp>\n\u003Cp>With the premium \u003Cstrong>Password Policy Manager\u003C\u002Fstrong> plugin offers advanced \u003Cstrong>password security features\u003C\u002Fstrong>, including role-based and user-based password policies. It also supports custom login forms like WooCommerce, Elementor, Ultimate Member, and more.\u003C\u002Fp>\n\u003Ch4>Premium Features List\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-password-policy-role-based\" rel=\"nofollow ugc\">Role-Based and User-Based Password Policies:\u003C\u002Fa>\u003C\u002Fstrong> Admin can set different [role-based as well as user-based policies] and enforce password policy changes to ensure strong Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Based Enforce Strong Password on First Login:\u003C\u002Fstrong> Force a specific set of users to create strong passwords according to the password policy set by the admin on their first login to maintain strong Password Security. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Enforce Password Change:\u003C\u002Fstrong> Administrators can enforce specific sets of roles to change their passwords on their next login using this configuration to enhance Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-one-click-reset-password-policy-role-based\" rel=\"nofollow ugc\">Role-Based One-click password Reset and Logout:\u003C\u002Fa>\u003C\u002Fstrong> Using [one-click reset password])  feature, the admin can reset passwords of all users \u002F particular roles at once and terminate all logged-in sessions with just one click in case of any suspicious activity. Admin can then send the password reset link over email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-generate-random-password\" rel=\"nofollow ugc\">Generate Random Passwords:\u003C\u002Fa>\u003C\u002Fstrong> Generate random passwords generates a random strong password containing all variations to make the password security strong and secure against brute force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-apply-automatically-lock-inactive-user\" rel=\"nofollow ugc\">Automatically Lock Inactive Users:\u003C\u002Fa>\u003C\u002Fstrong> It will lock the user automatically if the user is inactive for the custom-specified time period. This can be set for particular roles as well as users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-password-history-management\" rel=\"nofollow ugc\">Password History Manager:\u003C\u002Fa>\u003C\u002Fstrong> It will manage the history of all the recently used passwords for each user, so no user can reuse a previous password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Active Users Activity Log:\u003C\u002Fstrong> The admin can track the activity of all Active Users using this setting of the Password Policy Premium plan.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Login Forms Supported:\u003C\u002Fstrong>  The Premium plan also supports the following custom login forms: WooCommerce, Ultimate Member, Elementor Pro, BBPress, Gravity Forms, Ninja Forms, Buddy Press, User Registration, User Pro, MemberPress, and many others.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single Site:\u003C\u002Fstrong> The Password Policy Manager Premium plugin is single-site compatible and can be used to create password policies on only one site at a time.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Ch3>Why You Need to Register with miniOrange\u003C\u002Fh3>\n\u003Cp>Some advanced features in the \u003Cstrong>Password Policy Manager\u003C\u002Fstrong> plugin, like one-click password reset and random password generation.\u003Cbr \u002F>\nCore functionalities such as enforcing strong password policies, password expiry, password history, and locking inactive users work without registration.\u003C\u002Fp>\n\u003Cp>Customized solutions and active support for the miniOrange Password Policy Manager plugin are available. Email us at mfasupport@xecurify.com or call us at +1 9786589387.\u003C\u002Fp>\n","Enforce strong passwords with expiry, reset, score checks, inactive user lock, and user password management using Password Policy Manager.",6000,93974,14,"2025-10-20T08:18:00.000Z","6.8.5","4.6","5.3.0",[71,72,21,73,74],"password-security","password-strength","secure-password","strong-password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-policy-manager.2.0.6.zip",96,2,"2025-10-24 18:09:09",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":11,"last_updated":90,"tested_up_to":48,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":98,"download_link":99,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"mass-users-password-reset","MASS Users Password Reset","2.1.1","KrishaWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fkrishaweb\u002F","\u003Cp>Managing passwords for hundreds or thousands of WordPress users can quickly become a time-consuming and frustrating task. Resetting passwords manually for each user is inefficient and increases administrative overhead.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Mass Users Password Reset\u003C\u002Fstrong> solves this problem by allowing administrators to reset passwords for multiple users at once directly from the WordPress dashboard.\u003C\u002Fp>\n\u003Cp>With a simple interface, administrators can filter users by role, review user details, and generate new secure passwords for multiple accounts in just a few clicks.\u003C\u002Fp>\n\u003Cp>Once the reset process is complete, affected users automatically receive an email containing their new password so they can log in immediately.\u003C\u002Fp>\n\u003Cp>This plugin is especially useful for Learning Management Systems (LMS), Membership websites, Corporate employee portals, Educational institutions, Community platforms, Multi-author blogs, Websites with large numbers of registered users. Whenever you need to enforce password changes across many users, this plugin helps you do it quickly and securely.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bulk Password Reset: Reset passwords for multiple users at once instead of manually updating each account.\u003C\u002Fli>\n\u003Cli>Role-Based User Filtering: Filter users by role to target specific groups for password resets.\u003C\u002Fli>\n\u003Cli>Support for Custom User Roles: Works with custom roles created by membership plugins, LMS systems, or other user management tools.\u003C\u002Fli>\n\u003Cli>Secure Auto-Generated Passwords: Automatically generates secure random passwords for selected users.\u003C\u002Fli>\n\u003Cli>Email Notification to Users: Users receive an email notification containing their newly generated password after the reset process is completed.\u003C\u002Fli>\n\u003Cli>User List Overview: View user details such as username, name, and email address before performing password reset operations.\u003C\u002Fli>\n\u003Cli>Simple Admin Interface: Easy-to-use interface integrated directly within the WordPress admin dashboard.\u003C\u002Fli>\n\u003Cli>Multilingual Support: Fully translatable with support for multiple languages.\u003C\u002Fli>\n\u003Cli>WooCommerce Compatible: Works with WooCommerce user roles.\u003C\u002Fli>\n\u003Cli>Free Support: Get help with any issues or questions you may have.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Free Version Limitations\u003C\u002Fh3>\n\u003Cp>The free version includes core functionality but has some limitations designed for smaller websites.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Maximum 100 users per reset operation\u003C\u002Fli>\n\u003Cli>New secure passwords are sent via email\u003C\u002Fli>\n\u003Cli>Secure reset link \u002F OTP reset not available\u003C\u002Fli>\n\u003Cli>WP-CLI support not available\u003C\u002Fli>\n\u003Cli>Sandbox \u002F test mode not available\u003C\u002Fli>\n\u003Cli>Email template customization not available\u003C\u002Fli>\n\u003Cli>Multisite support not available\u003C\u002Fli>\n\u003Cli>Limited advanced filtering options\u003C\u002Fli>\n\u003Cli>WooCommerce compatible custom roles not supported\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Unlimited Password Resets: Reset passwords for unlimited users in a single operation.\u003C\u002Fli>\n\u003Cli>Secure Password Reset Links: Send secure password reset links instead of plain passwords in emails.\u003C\u002Fli>\n\u003Cli>Reset Password from Users Page: Reset passwords for individual users directly from the WordPress Users page.\u003C\u002Fli>\n\u003Cli>Bulk Reset from Users Table: Perform bulk password resets directly from the users table.\u003C\u002Fli>\n\u003Cli>Custom Email Templates: Customize the email notifications sent to users after password resets.\u003C\u002Fli>\n\u003Cli>Advanced User Filtering: Filter users using additional parameters such as metadata or custom fields.\u003C\u002Fli>\n\u003Cli>WP-CLI Support: Run password reset operations using WP-CLI, ideal for automation and server-level operations.\u003C\u002Fli>\n\u003Cli>Test \u002F Sandbox Mode: Test the reset process before executing it on live users.\u003C\u002Fli>\n\u003Cli>Optimized for Large Websites: Improved performance when handling thousands of users.\u003C\u002Fli>\n\u003Cli>WooCommerce Compatible Custom Roles: Works with WooCommerce custom roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fstore.krishaweb.com\u002Fdocs\u002Fmass-users-password-reset\u002F?utm_source=readme&utm_medium=wporg&utm_campaign=MUPR\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcodecanyon.net\u002Fitem\u002Fmass-users-password-reset-pro\u002F20809350\" rel=\"nofollow ugc\">Download the Mass Users Password Reset Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Free vs Pro: What You Gain with the Upgrade\u003C\u002Fh3>\n\u003Cp>While the Free version gives you the basics auto-password generation Pro unlocks essential tools if you run heavy sites or care about customized workflows. Pro adds email template editing, advanced user filters, reset-link expiration, test\u002Fsandbox modes, and the ability to exclude users already having valid reset links. If you manage a WooCommerce store, BuddyPress community, Dokan marketplace, or large multisite network, Pro pays for itself in time savings, peace of mind, and fewer support headaches.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fstore.krishaweb.com\u002Fschedule-password-reset-mupr-add-on\u002F?utm_source=readme&utm_medium=wporg&utm_campaign=MUPR\" rel=\"nofollow ugc\">Get Schedule Password Reset Add On\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pre-defined password reset schedule\u003C\u002Fli>\n\u003Cli>Unlimited password reset\u003C\u002Fli>\n\u003Cli>Role based schedule option\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fstore.krishaweb.com\u002Fproduct\u002Fpassword-reset-log\u002F?utm_source=readme&utm_medium=wporg&utm_campaign=MUPR\" rel=\"nofollow ugc\">Get Password Reset Log Add On\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Maintain the password reset log reset by MUPR plugin\u003C\u002Fli>\n\u003Cli>Accurate user password reset log\u003C\u002Fli>\n\u003Cli>Available for MUPR and MUPR Pro\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Our Customer Says:\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Awesome plugin\u003C\u002Fstrong>\u003Cbr \u002F>\n  “it’s very useful and great plugin to reset all the users password.” ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fawesome-plugin-3939\u002F\" rel=\"ugc\">@ashkanram\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Does a really good job\u003C\u002Fstrong>\u003Cbr \u002F>\n  “Seems to do a really good job of sending out password resets for multiple users. The pro version is definitely worth paying for the extra features.” ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fdoes-a-really-good-job-2\u002F\" rel=\"ugc\">@lightwavin\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Very nice\u003C\u002Fstrong>\u003Cbr \u002F>\n  “This is for the Pro version, which is a very nice plugin!” ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fvery-nice-1679\u002F\" rel=\"ugc\">@kostas45\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Reset passwords for multiple WordPress users at once. Filter users by role and send new passwords via email.",600,27269,72,"2026-03-12T10:59:00.000Z","5.9","8.1",[94,95,21,96,97],"email-notification","logs","schedule","user-role","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmass-users-password-reset\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmass-users-password-reset.2.1.1.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":76,"num_ratings":29,"last_updated":110,"tested_up_to":67,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":17,"download_link":118,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"custom-forgot-mail","Custom Forgot Password Mail","1.4","Rajat Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fgwlwp\u002F","\u003Cp>The Custom Forgot Password Mail plugin for WordPress is a free tool that lets you send personalized emails to users when they attempt to reset their passwords.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage your users efficiently\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customize your recovery emails:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Boost user engagement on your WordPress site by providing clear, easy-to-follow instructions in your recovery emails with the Custom Forgot Password Mail plugin!\u003C\u002Fstrong>\u003Cbr \u002F>\nMany users appreciate immediate support.\u003C\u002Fp>\n\u003Cp>The Custom Forgot Password Mail plugin is developed and maintained by \u003Ca href=\"https:\u002F\u002Fwww.galaxyweblinks.com\" rel=\"nofollow ugc\">Galaxy Weblinks\u003C\u002Fa> a technology company dedicated to delivering high-quality products at affordable prices on time.\u003C\u002Fp>\n\u003Cp>Here’s a link to the documentation for the plugin. This will help you learn more about its features and how to use it.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fwp-plugins\u002Fcustom-forgot-password-mail\u002Fdoc\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\nFor any feedback or queries regarding this plugin, please contact our \u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Support team\u003C\u002Fa>.\u003C\u002Fp>\n","Enables you to send custom forgot password emails to users.",300,10602,"2025-04-16T15:33:00.000Z","6.0","7.4",[114,115,116,21,117],"custom-mail","edit-mail","forgot-password","send-mail","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-forgot-mail.1.4.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":54,"downloaded":127,"rating":128,"num_ratings":77,"last_updated":129,"tested_up_to":48,"requires_at_least":130,"requires_php":112,"tags":131,"homepage":136,"download_link":137,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"password-reset-enforcement","Password Reset Enforcement","1.11.1","Teydea Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fteydeastudio\u002F","\u003Cp>\u003Cstrong>Enhance your WordPress website’s security by forcing users to reset their passwords.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Password Reset Enforcement is a simple yet powerful security plugin that allows site administrators to require users to update their passwords—ideal after a potential data breach, routine security checks, or during onboarding\u002Foffboarding processes.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Force password reset for all users\u003C\u002Fstrong>, specific user roles, or individual users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional email notification\u003C\u002Fstrong> to users with a direct reset link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible login behavior\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>\u003Cem>Allow login before resetting\u003C\u002Fem>: users log in with the old password, are immediately prompted to set a new one.\u003C\u002Fli>\n\u003Cli>\u003Cem>Block login until reset\u003C\u002Fem>: users must reset their password before accessing the dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose reset timing\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>\u003Cem>Immediately\u003C\u002Fem>: forces logout and password reset on next login.\u003C\u002Fli>\n\u003Cli>\u003Cem>After session expiry\u003C\u002Fem>: users are asked to reset after their current session ends.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-CLI support\u003C\u002Fstrong> for command-line password management and automation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite compatible\u003C\u002Fstrong> (network-wide reset only).\u003C\u002Fli>\n\u003Cli>Optimized for performance on large-scale and enterprise WordPress installations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Responding to a \u003Cstrong>security breach\u003C\u002Fstrong> or suspected compromise.\u003C\u002Fli>\n\u003Cli>Enforcing \u003Cstrong>routine password changes\u003C\u002Fstrong> in corporate environments.\u003C\u002Fli>\n\u003Cli>Applying \u003Cstrong>onboarding\u002Foffboarding security policies\u003C\u002Fstrong> for teams or membership sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works on both single-site and multisite (network) WordPress setups.\u003C\u002Fli>\n\u003Cli>Supports PHP 7.4+ and WordPress 6.6 through 6.8.\u003C\u002Fli>\n\u003Cli>Compatible with modern WordPress admin experience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP-CLI Commands\u003C\u002Fh3>\n\u003Cp>This plugin provides WP-CLI commands for automated password reset management:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Force Password Reset\u003C\u002Fstrong>\u003Cbr \u002F>\n    wp password-reset-enforcement force [–to_all] [–to_roles=] [–to_users=] [–applicability=] [–with_email] [–with_current_password_allowed] [–limit=] [–paged=]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Clear Password Reset Enforcement\u003C\u002Fstrong>\u003Cbr \u002F>\n    wp password-reset-enforcement clear [–to_all] [–to_roles=] [–to_users=] [–limit=] [–paged=]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>List Users with Enforced Password Reset\u003C\u002Fstrong>\u003Cbr \u002F>\n    wp password-reset-enforcement list [–limit=] [–paged=]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check Password Reset Status\u003C\u002Fstrong>\u003Cbr \u002F>\n    wp password-reset-enforcement status [–to_all] [–to_roles=] [–to_users=] [–limit=] [–paged=]\u003C\u002Fp>\n\u003Ch4>Command Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>--to_all\u003C\u002Fcode>: Target all users on the site\u003C\u002Fli>\n\u003Cli>\u003Ccode>--to_roles=\u003Croles>\u003C\u002Fcode>: Comma-separated list of user roles (e.g., editor,administrator)\u003C\u002Fli>\n\u003Cli>\u003Ccode>--to_users=\u003Cuser_ids>\u003C\u002Fcode>: Comma-separated list of specific user IDs (e.g., 1,5,10)\u003C\u002Fli>\n\u003Cli>\u003Ccode>--applicability=\u003Cwhen>\u003C\u002Fcode>: When reset takes effect (immediately, after_session_expiry)\u003C\u002Fli>\n\u003Cli>\u003Ccode>--with_email\u003C\u002Fcode>: Send email notifications to affected users (default: true)\u003C\u002Fli>\n\u003Cli>\u003Ccode>--with_current_password_allowed\u003C\u002Fcode>: Allow users to reuse current password (default: false)\u003C\u002Fli>\n\u003Cli>\u003Ccode>--limit=\u003Cnumber>\u003C\u002Fcode>: Maximum users to process in single operation\u003C\u002Fli>\n\u003Cli>\u003Ccode>--paged=\u003Cpage>\u003C\u002Fcode>: Page number for pagination\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Command Examples\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>wp password-reset-enforcement force --to_all\nwp password-reset-enforcement force --to_roles=editor,administrator --applicability=after_session_expiry\nwp password-reset-enforcement clear --to_users=1,5,10\nwp password-reset-enforcement list --limit=50 --paged=2\nwp password-reset-enforcement status --to_all --limit=50 --paged=2\u003Ch3>Related Plugins\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Want to go beyond forced password resets? Check our \u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002F?utm_source=Password+Reset+Enforcement\" rel=\"nofollow ugc\">WP Password Policy\u003C\u002Fa> plugin to enforce strong password rules, block weak passwords, and set automatic expiry policies — so you’ll never need to force a password reset again. [https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-requirements\u002F](Free version available on WordPress.org).\u003C\u002Fp>\n","Easily enforce password reset for WordPress users. Choose to force password changes site-wide, by user and\u002For by role, to boost your site's security.",3589,80,"2025-11-28T14:31:00.000Z","6.6",[132,133,21,134,135],"force-password-change","password-enforcement","secure-login","wordpress-security","https:\u002F\u002Fteydeastudio.com\u002F?utm_source=Password+Reset+Enforcement","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-reset-enforcement.1.11.1.zip",{"attackSurface":139,"codeSignals":227,"taintFlows":257,"riskAssessment":357,"analyzedAt":369},{"hooks":140,"ajaxHandlers":223,"restRoutes":224,"shortcodes":225,"cronEvents":226,"entryPointCount":13,"unprotectedCount":13},[141,146,149,153,157,160,163,166,169,172,176,178,179,181,184,186,191,194,198,200,202,205,207,209,211,215,217,219],{"type":142,"name":143,"callback":143,"file":144,"line":145},"action","admin_menu","core\\admin\\Menu.php",7,{"type":142,"name":147,"callback":147,"file":144,"line":148},"admin_enqueue_scripts",9,{"type":142,"name":150,"callback":150,"priority":151,"file":144,"line":152},"admin_bar_menu",500,11,{"type":142,"name":154,"callback":154,"file":155,"line":156},"admin_init","core\\admin\\MenuSettings.php",8,{"type":142,"name":147,"callback":158,"priority":159,"file":155,"line":11},"admin_enqueue_scripts_child",1,{"type":142,"name":161,"callback":161,"file":155,"line":162},"admin_notices",12,{"type":142,"name":164,"callback":164,"file":165,"line":11},"init","core\\Core.php",{"type":142,"name":167,"callback":168,"file":165,"line":152},"plugins_loaded","plugin_loaded",{"type":142,"name":170,"callback":170,"file":165,"line":171},"pre_user_query",16,{"type":173,"name":174,"callback":174,"file":165,"line":175},"filter","editable_roles",18,{"type":142,"name":164,"callback":164,"file":177,"line":156},"core\\user\\Actions.php",{"type":142,"name":154,"callback":154,"file":177,"line":11},{"type":142,"name":180,"callback":180,"file":177,"line":162},"user_register",{"type":142,"name":182,"callback":182,"file":177,"line":183},"profile_update",17,{"type":142,"name":161,"callback":161,"file":177,"line":185},20,{"type":173,"name":187,"callback":188,"priority":189,"file":177,"line":190},"retrieve_password_message","closure",60,106,{"type":173,"name":192,"callback":188,"file":177,"line":193},"wp_mail_content_type",129,{"type":142,"name":195,"callback":195,"priority":11,"file":196,"line":197},"wp_login","core\\user\\Login.php",13,{"type":173,"name":199,"callback":199,"file":196,"line":183},"login_message",{"type":142,"name":201,"callback":201,"file":196,"line":185},"login_form_rmtcmp",{"type":142,"name":203,"callback":203,"priority":11,"file":204,"line":152},"validate_password_reset","core\\user\\Password.php",{"type":173,"name":206,"callback":206,"priority":11,"file":204,"line":171},"lostpassword_errors",{"type":142,"name":208,"callback":208,"priority":11,"file":204,"line":175},"resetpass_form",{"type":142,"name":210,"callback":210,"file":204,"line":185},"password_reset",{"type":173,"name":212,"callback":212,"priority":213,"file":214,"line":197},"views_users",15,"core\\user\\Views.php",{"type":173,"name":216,"callback":216,"priority":11,"file":214,"line":175},"manage_users_custom_column",{"type":173,"name":218,"callback":218,"file":214,"line":185},"manage_users_columns",{"type":142,"name":220,"callback":221,"file":214,"line":222},"load-user-edit.php","load_user_edit",22,[],[],[],[],{"dangerousFunctions":228,"sqlUsage":229,"outputEscaping":238,"fileOperations":13,"externalRequests":13,"nonceChecks":230,"capabilityChecks":13,"bundledLibraries":256},[],{"prepared":230,"raw":77,"locations":231},3,[232,236],{"file":233,"line":234,"context":235},"core\\utility\\Helpers.php",35,"$wpdb->get_row() with variable interpolation",{"file":233,"line":237,"context":235},54,{"escaped":239,"rawEcho":156,"locations":240},45,[241,243,244,246,249,251,253,254],{"file":155,"line":185,"context":242},"raw output",{"file":155,"line":23,"context":242},{"file":155,"line":245,"context":242},171,{"file":247,"line":248,"context":242},"views\\admin\\blocked-users-list.php",34,{"file":247,"line":250,"context":242},76,{"file":247,"line":252,"context":242},90,{"file":247,"line":76,"context":242},{"file":247,"line":255,"context":242},109,[],[258,277,292,300,320,330,342],{"entryPoint":259,"graph":260,"unsanitizedCount":159,"severity":276},"resetpass_form (core\\user\\Password.php:63)",{"nodes":261,"edges":273},[262,267],{"id":263,"type":264,"label":265,"file":204,"line":266},"n0","source","$_COOKIE",64,{"id":268,"type":269,"label":270,"file":204,"line":271,"wp_function":272},"n1","sink","echo() [XSS]",67,"echo",[274],{"from":263,"to":268,"sanitized":275},false,"medium",{"entryPoint":278,"graph":279,"unsanitizedCount":13,"severity":291},"admin_init (core\\user\\Actions.php:90)",{"nodes":280,"edges":288},[281,284],{"id":263,"type":264,"label":282,"file":177,"line":283},"$_REQUEST",156,{"id":268,"type":269,"label":285,"file":177,"line":286,"wp_function":287},"wp_redirect() [Open Redirect]",161,"wp_redirect",[289],{"from":263,"to":268,"sanitized":290},true,"low",{"entryPoint":293,"graph":294,"unsanitizedCount":13,"severity":291},"\u003CActions> (core\\user\\Actions.php:0)",{"nodes":295,"edges":298},[296,297],{"id":263,"type":264,"label":282,"file":177,"line":283},{"id":268,"type":269,"label":285,"file":177,"line":286,"wp_function":287},[299],{"from":263,"to":268,"sanitized":290},{"entryPoint":301,"graph":302,"unsanitizedCount":159,"severity":319},"login_message (core\\user\\Login.php:44)",{"nodes":303,"edges":316},[304,307,310],{"id":263,"type":264,"label":305,"file":196,"line":306},"$_COOKIE[?]",53,{"id":268,"type":308,"label":309,"file":196,"line":306},"transform","→ maybe_invalid_key()",{"id":311,"type":269,"label":312,"file":313,"line":314,"wp_function":315},"n2","get_row() [SQLi]","core\\user\\User.php",115,"get_row",[317,318],{"from":263,"to":268,"sanitized":275},{"from":268,"to":311,"sanitized":275},"high",{"entryPoint":321,"graph":322,"unsanitizedCount":159,"severity":319},"\u003CLogin> (core\\user\\Login.php:0)",{"nodes":323,"edges":327},[324,325,326],{"id":263,"type":264,"label":305,"file":196,"line":306},{"id":268,"type":308,"label":309,"file":196,"line":306},{"id":311,"type":269,"label":312,"file":313,"line":314,"wp_function":315},[328,329],{"from":263,"to":268,"sanitized":275},{"from":268,"to":311,"sanitized":275},{"entryPoint":331,"graph":332,"unsanitizedCount":159,"severity":319},"password_reset (core\\user\\Password.php:23)",{"nodes":333,"edges":339},[334,337,338],{"id":263,"type":264,"label":335,"file":204,"line":336},"$_REQUEST['rmtcmp-reset']",25,{"id":268,"type":308,"label":309,"file":204,"line":336},{"id":311,"type":269,"label":312,"file":313,"line":314,"wp_function":315},[340,341],{"from":263,"to":268,"sanitized":275},{"from":268,"to":311,"sanitized":275},{"entryPoint":343,"graph":344,"unsanitizedCount":159,"severity":319},"\u003CPassword> (core\\user\\Password.php:0)",{"nodes":345,"edges":353},[346,347,348,349,351],{"id":263,"type":264,"label":265,"file":204,"line":266},{"id":268,"type":269,"label":270,"file":204,"line":271,"wp_function":272},{"id":311,"type":264,"label":335,"file":204,"line":336},{"id":350,"type":308,"label":309,"file":204,"line":336},"n3",{"id":352,"type":269,"label":312,"file":313,"line":314,"wp_function":315},"n4",[354,355,356],{"from":263,"to":268,"sanitized":290},{"from":311,"to":350,"sanitized":275},{"from":350,"to":352,"sanitized":275},{"summary":358,"deductions":359},"The \"remind-me-to-change-my-password\" plugin v1.0 presents a mixed security posture. On the positive side, the plugin boasts a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. Furthermore, it demonstrates good practices in terms of output escaping, with a high percentage properly handled, and the absence of file operations or external HTTP requests. The presence of nonce checks, although limited in number, is also a positive sign.\n\nHowever, significant concerns arise from the taint analysis. While no critical severity flows were detected, a substantial number of flows (5 out of 7 analyzed) have unsanitized paths, with 4 of them being of high severity. This indicates a potential for attackers to inject malicious data that is not properly validated or sanitized, which could lead to various vulnerabilities depending on how these unsanitized paths are utilized within the plugin's logic. The fact that 60% of SQL queries use prepared statements is a positive, but the remaining 40% are a potential risk if they handle user-supplied data without proper sanitization. The absence of any capability checks is a notable weakness, as it implies that actions within the plugin might be accessible to users who should not have those privileges.\n\nThe plugin's vulnerability history is currently clean, with zero known CVEs. This, combined with the absence of dangerous functions and bundled libraries, suggests that the plugin has not been a target of major exploits in the past or has had its past issues promptly addressed. However, the current taint analysis findings, particularly the high-severity unsanitized paths, present a potential for future vulnerabilities if not rectified. In conclusion, while the plugin has a minimal attack surface and some good security practices in place, the identified high-severity taint flows and the lack of capability checks represent significant areas of concern that require immediate attention to improve its overall security.",[360,362,364,366],{"reason":361,"points":213},"High severity taint flows",{"reason":363,"points":11},"Unsanitized paths found",{"reason":365,"points":145},"No capability checks",{"reason":367,"points":368},"SQL queries without prepared statements",5,"2026-03-17T01:44:05.857Z",{"wat":371,"direct":380},{"assetPaths":372,"generatorPatterns":375,"scriptPaths":376,"versionParams":377},[373,374],"\u002Fwp-content\u002Fplugins\u002Fremind-me-to-change-my-password\u002Fassets\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fremind-me-to-change-my-password\u002Fassets\u002Fjs\u002Fmain.js",[],[374],[378,379],"remind-me-to-change-my-password\u002Fassets\u002Fcss\u002Fstyles.css?ver=","remind-me-to-change-my-password\u002Fassets\u002Fjs\u002Fmain.js?ver=",{"cssClasses":381,"htmlComments":386,"htmlAttributes":387,"restEndpoints":391,"jsGlobals":392,"shortcodeOutput":394},[382,383,384,385],"update-plugins","count-","plugin-count","screen-reader-text",[],[388,389,390],"name=\"rmtcmp_form[max_days]\"","name=\"rmtcmp_form[lock_days]\"","name=\"rmtcmp_form[colors_exceeted]\"",[],[393],"rmtcmp",[]]