[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBKF7Yw9Lbq8tu_OzWjiXCjZ6NDXgX-myLQ3L9ZgOXQg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":131,"fingerprints":277},"restrict-registration-for-wp-members","Restrict Registration By Email for WP-Members","2.0.2","Stevish","https:\u002F\u002Fprofiles.wordpress.org\u002Fstevish\u002F","\u003Cp>Restricts registration to email addresses listed on the options page. Assumes WP Members is installed and active, and WP native registration is turned off. Includes both whitelist (accepted emails) and blacklist (blocked emails). The blacklist will override entries in the whitelist.\u003C\u002Fp>\n\u003Cp>If you’d like to present an issue or contribute a fix, the Github repository is located at https:\u002F\u002Fgithub.com\u002Fnewtribesmission\u002FRestrict-Registration-for-WPMem\u003C\u002Fp>\n","Restricts registration to email addresses listed within the options file. Assumes WP native registration is turned off.",50,3384,100,1,"2014-05-12T20:25:00.000Z","3.9.40","3.5","",[20,21,22,23,24],"blacklist","email","registration","verify-email","wpmembers","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Frestrict-registration-for-wp-members\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-registration-for-wp-members.2.0.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"stevish",2,850,30,84,"2026-04-04T17:02:26.787Z",[40,60,76,94,111],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":18,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":18,"download_link":58,"security_score":37,"vuln_count":14,"unpatched_count":28,"last_vuln_date":59,"fetched_at":30},"user-domain-whitelist","User Domain Whitelist","v1.5.1","Warren Harrison","https:\u002F\u002Fprofiles.wordpress.org\u002Fhungrymedia\u002F","\u003Cp>The User Domain Whitelist\u002FBlacklist plugin limits user registration to only registrants with an email address from the domain white list below OR prevents registrants with an email address from the domain black list below from registering. For example, \u003Cem>hortense@example.com\u003C\u002Fem> would only be allowed to register if \u003Cem>example.com\u003C\u002Fem> appeared in the domain white list. Conversely,  \u003Cem>hortense@example.com\u003C\u002Fem> would \u003Cstrong>not\u003C\u002Fstrong> be allowed to register if \u003Cem>example.com\u003C\u002Fem> appeared in the domain black list. Anyone attempting to register using an email address outside the white list or inside te black list will receive the error message below.Anyone attempting to register using an email address outside the white list will receive an error message. Both the domain whitelist and the error message can be modified via the plugin options page (available under the Settings menu).\u003C\u002Fp>\n","The User Domain Whitelist\u002FBlacklist plugin limits user registration to only registrants with an email address from the domain white list provided by t …",300,13738,82,9,"2017-12-25T21:53:00.000Z","2.8.2",[20,55,56,22,57],"domain","email-address","whitelist","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-domain-whitelist.zip","2014-02-22 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":34,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":18,"download_link":75,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"blacklist-whitelist-domains","Blacklist & Whitelist Domains for Registration","1.0","codicone","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodicone\u002F","\u003Cp>The whitelist\u002Fblacklist plugin gives you a strong layer of security for your website because not only does the plugin limits unauthorized user access to your site but also creates a log. The log helps to create new blacklist entries. The increase in your blacklist entries means a decrease in spam and security threats. So it is a great safety measure to start with.\u003C\u002Fp>\n\u003Cp>It is a very handy plugin that you can add to your WordPress site for added security. It helps you to tailor your preferences about which email addresses you want to allow for registration on your site.\u003C\u002Fp>\n\u003Cp>You can create a list of all email addresses or email domains that you wish to receive registrations. On the other hand, you can add a list for blacklist domains to not allow any registration from specific domains. Blacklisting is time-saving because most of the time you have already figured where the spam comes from. So you close those doors already. It is relatively safe also because you are not risking anything prospective.\u003C\u002Fp>\n\u003Ch4>Compatible With\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>bbpress\u003C\u002Fli>\n\u003Cli>buddypress\u003C\u002Fli>\n\u003Cli>Profile Builder\u003C\u002Fli>\n\u003Cli>WP User Frontend\u003C\u002Fli>\n\u003Cli>User Registration\u003C\u002Fli>\n\u003Cli>Ultimate member\u003C\u002Fli>\n\u003C\u002Ful>\n","The whitelist\u002Fblacklist plugin gives you a strong layer of security for your website because not only does the plugin limits unauthorized user access  …",40,1681,60,"2021-12-15T18:33:00.000Z","5.8.13","4.0",[20,55,21,22,57],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblacklist-whitelist-domains.1.0.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":28,"num_ratings":28,"last_updated":86,"tested_up_to":87,"requires_at_least":18,"requires_php":18,"tags":88,"homepage":91,"download_link":92,"security_score":93,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bp-blacklist-signup-by-email-domain","BP Blacklist Signup by Email Domain","1.1.0","Venutius","https:\u002F\u002Fprofiles.wordpress.org\u002Fvenutius\u002F","\u003Cp>User registration spam is prevalent in BuddyPress.\u003C\u002Fp>\n\u003Cp>One way to dramatically decrease signup spam is to restrict the email address domains that users can sign up with.\u003C\u002Fp>\n\u003Cp>WordPress multisite has a native option called “Limited Email Registrations”.  But this option requires you to enter the full email domain.  For example, if you only wanted to allow .edu email addresses to register, this is not possible.\u003C\u002Fp>\n\u003Cp>This plugin restricts registrations to the email domains that you are not specified in the blacklist and works in WordPress single-site and multi-site.\u003C\u002Fp>\n\u003Cp>Plugin is a fork of r-a-y’s BP Restrict Signup by Email Domain.\u003C\u002Fp>\n\u003Cp>Tested on BuddyPress 2.5, but should work all the way down to BuddyPress 1.6.\u003C\u002Fp>\n","Only allow users with email addresses not on the domain blacklist to register in BuddyPress.",10,2527,"2024-07-20T20:53:00.000Z","6.6.5",[89,90,22],"buddypress","email-blacklist","https:\u002F\u002Fbuddyuser.com\u002Fplugin-bp-blcklist-signup-by-email-domain\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-blacklist-signup-by-email-domain.1.1.0.zip",92,{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":28,"downloaded":102,"rating":13,"num_ratings":14,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":18,"download_link":110,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"restusre-restrict-users-registration","Restrict Users Registration by EmailVerifierPro.app","1.0.1","Tuhin Bhuiyan","https:\u002F\u002Fprofiles.wordpress.org\u002Ftuhinbhuiyan\u002F","\u003Cp>\u003Cstrong>Restrict Users Registration by EmailVerifierPro.app\u003C\u002Fstrong> is a powerful plugin to help you control who can register on your WordPress site. Block disposable, blacklisted, or suspicious emails and domains, prevent duplicate IP signups, and connect to Third Party API for real-time email validation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email Blacklist: Block specific email addresses from registering.\u003C\u002Fli>\n\u003Cli>Domain Blacklist: Block entire email domains (e.g., @tempmail.com).\u003C\u002Fli>\n\u003Cli>API Integration: Connect to your own EmailVerifierPro.app \u002F VerifyEmail.app instance for advanced email validation.\u003C\u002Fli>\n\u003Cli>Prevent Duplicate IP Signups: Block multiple registrations from the same IP.\u003C\u002Fli>\n\u003Cli>Invalid Email Retry Limit: Automatically blacklist emails after repeated invalid attempts.\u003C\u002Fli>\n\u003Cli>Debug Logging: Enable for troubleshooting (not recommended in production).\u003C\u002Fli>\n\u003Cli>Delete All Data on Deactivation: Optionally remove all plugin data when deactivating.\u003C\u002Fli>\n\u003Cli>Admin Activity Log: View recent signup attempts and actions.\u003C\u002Fli>\n\u003Cli>AJAX-powered admin interface for fast, modern management.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support or questions, contact:\u003Cbr \u002F>\n– info@emailverifierpro.app\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Tuhin Bhuiyan (https:\u002F\u002Ftuhin.dev)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software, released under the GPLv2 or later.\u003C\u002Fp>\n","Easily control who can register. Block bad emails\u002Fdomains, prevent duplicate IPs, and real-time email validation during signup.",322,"2026-02-24T04:15:00.000Z","6.8.5","5.0",[107,90,108,22,109],"domain-blacklist","email-verification","spam-prevention","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestusre-restrict-users-registration.1.0.1.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":13,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":129,"download_link":130,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"allow-multiple-accounts","Allow Multiple Accounts","3.0.4","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>Allow multiple user accounts to be created, registered, and updated having the same email address.\u003C\u002Fp>\n\u003Cp>By default, WordPress only allows a specific email address to be used for a single user account. This plugin removes that restriction.\u003C\u002Fp>\n\u003Cp>The plugin’s settings page (accessed via Users -> Multiple Accounts or via the Settings link next to the plugin on the Manage Plugins page) provides the ability to allow only certain email addresses the ability to have multiple accounts (such as if you only want admins to have that ability; by default all email addresses can be used more than once). You may also specify a limit to the number of accounts an email address can have (by default there is no limit).\u003C\u002Fp>\n\u003Cp>The settings page also provides a table listing all user accounts that share email addresses (see screenshot).\u003C\u002Fp>\n\u003Cp>Compatible with Multisite and BuddyPress as well.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fallow-multiple-accounts\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fallow-multiple-accounts\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Template Tags\u003C\u002Fh3>\n\u003Cp>The plugin provides three optional template tags for use in your theme templates.\u003C\u002Fp>\n\u003Ch4>Functions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>\u003C?php c2c_count_multiple_accounts( $email ); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Returns a count of the number of users associated with the given email.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u003C?php c2c_get_users_by_email( $email ); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Returns the users associated with the given email.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u003C?php c2c_has_multiple_accounts( $email ); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Returns a boolean indicating if the given email is associated with more than one user account.\u003C\u002Fp>\n\u003Ch4>Arguments\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>$email\u003C\u002Fcode> (string)\u003Cbr \u002F>\nAn email address.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>The plugin exposes three filters for hooking. Typically, customizations utilizing these hooks would be put into your active theme’s functions.php file, or used by another plugin.\u003C\u002Fp>\n\u003Ch4>c2c_count_multiple_accounts (filter)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_count_multiple_accounts’ hook allows you to use an alternative approach to safely invoke \u003Ccode>c2c_count_multiple_accounts()\u003C\u002Fcode> in such a way that if the plugin were deactivated or deleted, then your calls to the function won’t cause errors in your site.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>same as for \u003Ccode>c2c_count_multiple_accounts()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>Instead of:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo c2c_count_multiple_accounts( $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Do:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo apply_filters( 'c2c_count_multiple_accounts', $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>c2c_get_users_by_email (filter)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_get_users_by_email’ hook allows you to use an alternative approach to safely invoke \u003Ccode>c2c_get_users_by_email()\u003C\u002Fcode> in such a way that if the plugin were deactivated or deleted, then your calls to the function won’t cause errors in your site.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>same as for \u003Ccode>c2c_get_users_by_email()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>Instead of:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo c2c_get_users_by_email( $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Do:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo apply_filters( 'c2c_get_users_by_email', $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>c2c_has_multiple_accounts (filter)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_has_multiple_accounts’ hook allows you to use an alternative approach to safely invoke \u003Ccode>c2c_has_multiple_accounts()\u003C\u002Fcode> in such a way that if the plugin were deactivated or deleted, then your calls to the function won’t cause errors in your site.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>same as for \u003Ccode>c2c_has_multiple_accounts()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>Instead of:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo c2c_has_multiple_accounts( $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Do:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo apply_filters( 'c2c_has_multiple_accounts', $email ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Allow multiple user accounts to be created, registered, and updated having the same email address.",10000,79839,22,"2017-11-28T17:31:00.000Z","4.2.39","3.6",[126,21,127,22,128],"account","multiple-accounts","signup","http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fallow-multiple-accounts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fallow-multiple-accounts.3.0.4.zip",{"attackSurface":132,"codeSignals":169,"taintFlows":190,"riskAssessment":267,"analyzedAt":276},{"hooks":133,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":168,"entryPointCount":14,"unprotectedCount":28},[134,140,145,149,153,157],{"type":135,"name":136,"callback":137,"priority":84,"file":138,"line":139},"filter","registration_errors","ntmrr_validate_email_default","restrict-registration-wpmem.php",103,{"type":141,"name":142,"callback":143,"file":138,"line":144},"action","wpmem_pre_register_data","ntmrr_validate_email_wpmem",131,{"type":135,"name":146,"callback":147,"file":138,"line":148},"wpmem_register_form_before","ntmrr_registration_requirements",139,{"type":135,"name":150,"callback":151,"file":138,"line":152},"posts_where","ntmrr_increase_wpmem_to_secondary_actions",165,{"type":141,"name":154,"callback":155,"file":138,"line":156},"admin_menu","ntmrr_add_options_menu",272,{"type":141,"name":158,"callback":159,"file":138,"line":160},"admin_head","ntmrr_admin_stylesheet",280,[],[],[164],{"tag":165,"callback":166,"file":138,"line":167},"ntmrr_registration_error","ntmrr_sc_redirect_error",176,[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":173,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":189},[],{"prepared":14,"raw":28,"locations":172},[],{"escaped":174,"rawEcho":174,"locations":175},6,[176,179,181,183,185,187],{"file":138,"line":177,"context":178},225,"raw output",{"file":138,"line":180,"context":178},237,{"file":138,"line":182,"context":178},247,{"file":138,"line":184,"context":178},252,{"file":138,"line":186,"context":178},258,{"file":138,"line":188,"context":178},277,[],[191,244],{"entryPoint":192,"graph":193,"unsanitizedCount":28,"severity":243},"ntmrr_options (restrict-registration-wpmem.php:182)",{"nodes":194,"edges":235},[195,200,205,209,211,215,217,221,223,227,229,233],{"id":196,"type":197,"label":198,"file":138,"line":199},"n0","source","$_POST['ntmrr_registration_form_message']",189,{"id":201,"type":202,"label":203,"file":138,"line":199,"wp_function":204},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":206,"type":197,"label":207,"file":138,"line":208},"n2","$_POST['ntmrr_email_not_approved_message']",190,{"id":210,"type":202,"label":203,"file":138,"line":208,"wp_function":204},"n3",{"id":212,"type":197,"label":213,"file":138,"line":214},"n4","$_POST['ntmrr_redirect_on_unapproved']",191,{"id":216,"type":202,"label":203,"file":138,"line":214,"wp_function":204},"n5",{"id":218,"type":197,"label":219,"file":138,"line":220},"n6","$_POST['ntmrr_redirect_on_unapproved_url']",192,{"id":222,"type":202,"label":203,"file":138,"line":220,"wp_function":204},"n7",{"id":224,"type":197,"label":225,"file":138,"line":226},"n8","$_POST['ntmrr_whitelisted_emails']",193,{"id":228,"type":202,"label":203,"file":138,"line":226,"wp_function":204},"n9",{"id":230,"type":197,"label":231,"file":138,"line":232},"n10","$_POST['ntmrr_blacklisted_emails']",194,{"id":234,"type":202,"label":203,"file":138,"line":232,"wp_function":204},"n11",[236,238,239,240,241,242],{"from":196,"to":201,"sanitized":237},true,{"from":206,"to":210,"sanitized":237},{"from":212,"to":216,"sanitized":237},{"from":218,"to":222,"sanitized":237},{"from":224,"to":228,"sanitized":237},{"from":230,"to":234,"sanitized":237},"low",{"entryPoint":245,"graph":246,"unsanitizedCount":28,"severity":243},"\u003Crestrict-registration-wpmem> (restrict-registration-wpmem.php:0)",{"nodes":247,"edges":260},[248,249,250,251,252,253,254,255,256,257,258,259],{"id":196,"type":197,"label":198,"file":138,"line":199},{"id":201,"type":202,"label":203,"file":138,"line":199,"wp_function":204},{"id":206,"type":197,"label":207,"file":138,"line":208},{"id":210,"type":202,"label":203,"file":138,"line":208,"wp_function":204},{"id":212,"type":197,"label":213,"file":138,"line":214},{"id":216,"type":202,"label":203,"file":138,"line":214,"wp_function":204},{"id":218,"type":197,"label":219,"file":138,"line":220},{"id":222,"type":202,"label":203,"file":138,"line":220,"wp_function":204},{"id":224,"type":197,"label":225,"file":138,"line":226},{"id":228,"type":202,"label":203,"file":138,"line":226,"wp_function":204},{"id":230,"type":197,"label":231,"file":138,"line":232},{"id":234,"type":202,"label":203,"file":138,"line":232,"wp_function":204},[261,262,263,264,265,266],{"from":196,"to":201,"sanitized":237},{"from":206,"to":210,"sanitized":237},{"from":212,"to":216,"sanitized":237},{"from":218,"to":222,"sanitized":237},{"from":224,"to":228,"sanitized":237},{"from":230,"to":234,"sanitized":237},{"summary":268,"deductions":269},"The plugin \"restrict-registration-for-wp-members\" v2.0.2 exhibits a generally good security posture, with several positive indicators. The absence of known CVEs and the presence of capability checks on its single entry point (a shortcode) are strong points.  Furthermore, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, minimizing common attack vectors.\n\nHowever, there are areas for improvement. A significant concern is the lack of proper output escaping for half of the identified output points. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly rendered on the page without proper sanitization. Additionally, the absence of nonce checks, while not directly tied to a specific entry point in this analysis, is a standard WordPress security practice that is missing and could be exploited in conjunction with other vulnerabilities, especially if new AJAX or administrative actions are introduced in future versions.\n\nThe vulnerability history is clean, with no recorded CVEs, suggesting a mature and relatively secure development process. However, the lack of nonce checks and the unescaped outputs represent potential weaknesses that, if exploited in conjunction with other factors, could lead to security issues. The overall assessment is that the plugin is reasonably secure for its current version and feature set, but the unescaped outputs represent a tangible risk that should be addressed.",[270,273],{"reason":271,"points":272},"Unescaped output detected",15,{"reason":274,"points":275},"Missing nonce checks",5,"2026-03-16T22:02:56.352Z",{"wat":278,"direct":284},{"assetPaths":279,"generatorPatterns":281,"scriptPaths":282,"versionParams":283},[280],"\u002Fwp-content\u002Fplugins\u002Frestrict-registration-for-wp-members\u002Frestrict-registration-wpmem.php",[],[],[],{"cssClasses":285,"htmlComments":286,"htmlAttributes":287,"restEndpoints":288,"jsGlobals":289,"shortcodeOutput":290},[],[],[],[],[],[291],"[ntmrr_registration_error]"]