[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVcUKOsI0FWAQvZFjlcySBwvuSd_W96T9_sznucXyy18":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":164,"fingerprints":305},"restricted-site-access","Restricted Site Access","7.6.1","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Limit access your site to visitors who are logged in or accessing the site from a set of specified IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. A great solution for Extranets, publicly hosted Intranets, or parallel development \u002F staging sites.\u003C\u002Fp>\n\u003Cp>Adds a number of new configuration options to the Reading settings panel as well as the Network Settings panel in multisite. From these panels you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable site restriction\u003C\u002Fli>\n\u003Cli>Change the restriction behavior: send to login, redirect, display a message, display a page\u003C\u002Fli>\n\u003Cli>Add IP addresses to an unrestricted list, including ranges\u003C\u002Fli>\n\u003Cli>Quickly add your current IP to the unrestricted list\u003C\u002Fli>\n\u003Cli>Customize the redirect location, including an option to send them to the same requested path and set the HTTP status code for SEO friendliness\u003C\u002Fli>\n\u003Cli>Define a simple message to show restricted visitors, or select a page to show them – great for “coming soon” teasers!\u003C\u002Fli>\n\u003C\u002Ful>\n","Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.",20000,1120245,96,62,"2026-01-04T21:22:00.000Z","6.9.4","6.6","7.4",[20,21,22,23,24],"limited","permissions","privacy","restrict","security","https:\u002F\u002F10up.com\u002Fplugins\u002Frestricted-site-access-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestricted-site-access.7.6.1.zip",100,1,0,"2022-08-31 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2022-1613","restricted-site-access-access-bypass-via-ip-spoofing","Restricted Site Access \u003C= 7.3.1 - Access Bypass via IP Spoofing","The Restricted Site Access plugin for WordPress is vulnerable to IP Spoofing in versions up to, and including, 7.3.1\r\ndue to prioritizing getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR. This makes it possible to bypass IP-based limitations in certain situations.",null,"\u003C7.3.2","7.3.2","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Authorization Bypass Through User-Controlled Key","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcd9e0044-263e-453a-b9e5-b3c6b98e90be?source=api-prod",510,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},23,1384530,98,546,78,"2026-04-04T07:04:14.352Z",[57,77,94,118,140],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":16,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"press-permit-core","PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags","4.6.4","PublishPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fpublishpress\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermissions\" rel=\"nofollow ugc\">PublishPress Permissions\u003C\u002Fa> allows you to enable or deny access to posts, pages, categories, tags and more. You can apply these permissions for user roles, individual users, and even custom groups.\u003C\u002Fp>\n\u003Cp>With PublishPress Permissions, you can control who can view and edit your WordPress content. You can choose who can access images and files in your site’s Media Library. For example, you can deny all direct access to files for logged out users.\u003C\u002Fp>\n\u003Cp>The Pro version of PublishPress Permissions has many advanced features such as teaser previews of restricted content, custom WordPress statuses, and automatically creating personal posts for users.\u003C\u002Fp>\n\u003Ch3>PublishPress Permissions Pro\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Upgrade to Permissions Pro\u003C\u002Fstrong>\u003Cbr \u002F>\n  This plugin is the free version of PublishPress Permissions. The Pro version of Permissions has all the features you need to control permissions for your WordPress users. With Permissions Pro you can manage access to posts, pages, media, taxonomies and custom post types. \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermisssions\" title=\"Permissions Pro\" rel=\"nofollow ugc\">Click here to control access to your WordPress site with Permissions Pro!\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key Features in PublishPress Permissions\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Viewing permissions\u003C\u002Fstrong>: Every post, page, and taxonomy term has a box where you can choose who can read this content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editing permissions\u003C\u002Fstrong>: Every post, page, and taxonomy term has a box where you can choose who can edit this content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media Library permissions\u003C\u002Fstrong>: You decide who gets to edit and view image files and documents in your Media Library.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide other users’ posts\u003C\u002Fstrong>: You can prevent users from seeing posts by other users in the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create user groups\u003C\u002Fstrong>: Build groups of users who can be given their own custom permissions. Two default groups include Logged in and Logged out users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show teasers for restricted content (Pro version)\u003C\u002Fstrong>: Have teaser text that is publicly available, followed by private content that is restricted to only your site’s users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Personal posts for each user (Pro version)\u003C\u002Fstrong>: You can automatically create individual posts for your users so they have their own private content to edit or read.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Publishing statuses (Pro version)\u003C\u002Fstrong>: Go beyond “Draft”, “Pending Review” and “Published” with your own custom, and far more advanced, workflow.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visibility statuses (Pro version)\u003C\u002Fstrong>: Create visibility options for your content. One example is a “Premium” status that makes content visible only for paying members. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editorial Circles and Visibility Circles (Pro version)\u003C\u002Fstrong>: Restrict users to editing or viewing posts that were authored by other users in the same group.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration with other plugins (Pro version)\u003C\u002Fstrong>: The Permissions plugin integrates with other popular plugins including bbPress, BuddyPress, WPML, and Relevanssi.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Feature 1. Viewing Permissions for WordPress Content\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions enables you to customize viewing access for WordPress content. Open any post and you’ll see a box with the label, “Permissions: Read this Post”. This box allows you to choose “Enabled” or “Blocked” for any user role, individual user, or user group. You can also set permissions for all users who are guests, and those who are logged in.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fviewing-permissions\u002F\" rel=\"nofollow ugc\">Click here to see how to control viewing permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 2. Editing Permissions for WordPress Content\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions allows you to customize the editing permissions for all your content. Open a Post, Page, Category, Tag, or custom post type and you can decide who is allowed to edit that content. You can even prevent users from editing child pages of a specific parent page. Open any content item and you’ll see a box with a label like this: “Permissions: Edit this Post”. This box allows you to choose “Enabled” or “Blocked” for any user role, individual user, or user group.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fediting-permissions\u002F\" rel=\"nofollow ugc\">Click here to see how to control editing permissions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 3. Access Permissions for the Media Library\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions gives you detailed control over access to media on your WordPress site. You decide who gets to edit and view files in your Media Library. For example, you can set up WordPress so that users only have access to files that they uploaded. Or you can add an exception so users can edit other people’s media files if they are attached to a post they can edit.\u003C\u002Fp>\n\u003Cp>The Pro version of Permissions allows you to deny any public access to files on your site. Nobody will be able to see your Media Library files unless they have access to a post that includes that file.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fpermissions-media-files\u002F\" rel=\"nofollow ugc\">Click here to see how to manage access to your media files\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 4. Hide Other Users’ Posts in the WordPress Admin\u003C\u002Fh3>\n\u003Cp>By default, WordPress users in the admin area can see all the Posts on the site, regardless of whether they are the author. This is not a problem for many sites. After all, most posts on most sites are publicly available – there’s no need to hide them. However, in some situations, site owners don’t want authors to see the posts that other users are working on. PublishPress Permissions can hide posts in the WordPress admin area, unless you have access to edit that post.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fblog\u002Fhide-peoples-posts-wordpress-admin\u002F\" rel=\"nofollow ugc\">Click here to see how to hide other users’ posts\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 5. Create Your Own User Groups\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions allows you to create your own user groups. Imagine you want to give some users access to a single Post. Instead of creating a new user role and applying all the permissions, you can easily add those users to a group. This is a simple and more flexible alternative to user roles. You can also prevent users from reading or editing content if they are not in a specific group. By default, this plugin gives you sample groups that include all Logged in and Logged out users so you can easily set public and private content.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fgroups\u002F\" rel=\"nofollow ugc\">Click here to see how to use custom user groups\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 6. Show Teasers for Restricted Content (Pro Version)\u003C\u002Fh3>\n\u003Cp>PublishPress Permissions Pro allows you to display a teaser for unreadable content. This is perfect for making small snippets of your content available to the public. You can have teaser text that is publicly available, followed by private content that is only visible for your site’s users. If you choose to display a login form, the redirect will go to the originally requested content.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fhow-to-create-a-teaser-for-private-content-in-wordpress\u002F\" rel=\"nofollow ugc\">Click here to see how to display content teasers\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 7. Automatically Create Posts for Users (Pro Version)\u003C\u002Fh3>\n\u003Cp>This Pro feature allows you to automatically create content for your users. For example, you can sync your staff members to Pages. This would allow your staff to each have their own page to edit and update. You can use this feature to automatically create posts, WooCommerce products, or any other post type that is defined on your site.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fhow-to-create-a-personal-page-for-each-wordpress-user\u002F\" rel=\"nofollow ugc\">Click here to see how to automatically create posts for users\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 8. Create Your Own Publishing Statuses (Pro Version)\u003C\u002Fh3>\n\u003Cp>WordPress provides some status options including “Draft”, “Pending Review” and “Published”. Permissions Pro enables you to design a far more advanced workflow. Each status you create can have its own unique capability requirements.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fmulti-step-moderation\u002F\" rel=\"nofollow ugc\">Click here to see how to build your own workflow statuses\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 9. Create Your Own Visibility Statuses (Pro Version)\u003C\u002Fh3>\n\u003Cp>With PublishPress Permissions Pro, you can create visibility options for your content. One example is a “Premium” status that makes content visible only for paying members. Another example is a “Staff” status, for the people who run your site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcustom-post-visibility\u002F\" rel=\"nofollow ugc\">Click here to see how to build your own visibility statuses\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 10. Editorial Circles and Visibility Circles (Pro Version)\u003C\u002Fh3>\n\u003Cp>Visibility Circles are a feature in PublishPress Permissions Pro that restrict users to viewing posts that were authored by other users in the same group. PublishPress Permissions also has Editorial Circles. If you are in an Editorial Circle for Pages, you will only be able to edit pages authored by other circle members.\u003C\u002Fp>\n\u003Cp>The most common way to use this feature is to restrict users in the Editor role so that they can only edit posts written by other Editors. This is because Editors are the only default WordPress role that can edit content (except for Administrators).\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcircles\u002F\" rel=\"nofollow ugc\">Click here to see how to build your own Editorial Circles\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fvisibility-circles\u002F\" rel=\"nofollow ugc\">click here to see how to build your own Visibility Circles\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Feature 11. Support for Other Plugins\u003C\u002Fh3>\n\u003Cp>The Permissions plugin integrates with other popular plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fbuddypress-content-permissions\u002F\" rel=\"nofollow ugc\">BuddyPress content permissions\u003C\u002Fa>: With the PublishPress Permissions Pro plugin, you can give users access to create WordPress content, based on their BuddyPress group membership.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Frelevanssi-and-presspermit-pro\u002F\" rel=\"nofollow ugc\">Relevanssi search permissions\u003C\u002Fa>: Relevanssi is an excellent plugin that replaces the standard WordPress search with a better search engine. PublishPress Permissions Pro has integration with Relevanssi. If you use PublishPress Permissions Pro, your Relevanssi search results will have the correct visibility. \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fwpml-and-presspermit-pro\u002F\" rel=\"nofollow ugc\">WPML language permissions\u003C\u002Fa>: PublishPress Permissions Pro does have support for the WPML plugin. By default, PublishPress Permissions Pro will automatically mirror your post \u002F category permissions to the translated content.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fbbpress-permissions\u002F\" rel=\"nofollow ugc\">bbPress language permissions\u003C\u002Fa>: bbPress is the most popular forum software for WordPress. With PublishPress Permissions Pro, you can manage access and to important bbPress features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Join PublishPress and get the Pro plugins\u003C\u002Fh3>\n\u003Cp>The Pro versions of the PublishPress plugins are well worth your investment. The Pro versions have extra features and faster support. \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Click here to join PublishPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Join PublishPress and you’ll get access to these nine Pro plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fauthors\" rel=\"nofollow ugc\">PublishPress Authors Pro\u003C\u002Fa> allows you to add multiple authors and guest authors to WordPress posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fblocks\" rel=\"nofollow ugc\">PublishPress Blocks Pro\u003C\u002Fa> has everything you need to build professional websites with the WordPress block editor.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fcapabilities\" rel=\"nofollow ugc\">PublishPress Capabilities Pro\u003C\u002Fa> is the plugin to manage your WordPress user roles, permissions, and capabilities.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fchecklists\" rel=\"nofollow ugc\">PublishPress Checklists Pro\u003C\u002Fa> enables you to define tasks that must be completed before content is published.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Ffuture\" rel=\"nofollow ugc\">PublishPress Future Pro\u003C\u002Fa>  is the plugin for scheduling changes to your posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermissions\" rel=\"nofollow ugc\">PublishPress Permissions Pro\u003C\u002Fa> is the plugin for advanced WordPress permissions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpublishpress\" rel=\"nofollow ugc\">PublishPress Planner Pro\u003C\u002Fa> is the plugin for managing and scheduling WordPress content.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Frevisions\" rel=\"nofollow ugc\">PublishPress Revisions Pro\u003C\u002Fa> allows you to update your published pages with teamwork and precision.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fseries\" rel=\"nofollow ugc\">PublishPress Series Pro\u003C\u002Fa> enables you to group content together into a series \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Together, these plugins are a suite of powerful publishing tools for WordPress. If you need to create a professional workflow in WordPress, with moderation, revisions, permissions and more, then you should try PublishPress.\u003C\u002Fp>\n\u003Ch3>Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports for PublishPress Permissions are welcomed in our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpublishpress\u002Fpublishpress-permissions\" rel=\"nofollow ugc\">repository on GitHub\u003C\u002Fa>. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed.\u003C\u002Fp>\n\u003Ch3>Follow the PublishPress team\u003C\u002Fh3>\n\u003Cp>Follow PublishPress on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpublishpress\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.twitter.com\u002Fpublishpresscom\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fpublishpress\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa>\u003C\u002Fp>\n","The permissions plugin for posts, pages, categories, tags and more. You can control permissions for roles, individual users, and even custom groups.",10000,812530,86,64,"2026-01-27T17:46:00.000Z","5.5","7.2.5",[73,74,21,22,23],"access","capabilities","https:\u002F\u002Fpublishpress.com\u002Fpresspermit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpress-permit-core.4.6.4.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":29,"downloaded":85,"rating":29,"num_ratings":29,"last_updated":86,"tested_up_to":16,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":88,"download_link":93,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"btn-admin-restrictor","BTN Admin Restrictor","1.0.0","btninfosolution","https:\u002F\u002Fprofiles.wordpress.org\u002Fbtninfosolution\u002F","\u003Cp>BTN Admin Restrictor is a lightweight, secure tool designed for developers and agency owners who need to simplify the WordPress dashboard for clients or other administrators.\u003C\u002Fp>\n\u003Cp>Unlike global restriction plugins, this tool allows you to select a specific administrator and choose exactly which sidebar menus they can see. It is perfect for “hiding” complex settings or third-party plugin menus from users who don’t need to see them.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Per-User Control:\u003C\u002Fstrong> Select any administrator and customize their unique dashboard view.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Detection:\u003C\u002Fstrong> Automatically detects menus from newly installed plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stealth Mode:\u003C\u002Fstrong> Option to hide the restrictor plugin itself from the menu list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Safety First:\u003C\u002Fstrong> Built-in caution notices prevent you from accidentally locking yourself out.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly:\u003C\u002Fstrong> Fully prefixed to prevent conflicts and built with modern WordPress security standards (Nonces, Sanitization, and Escaping).\u003C\u002Fli>\n\u003C\u002Ful>\n","Dynamically restrict access to dashboard menus for specific Admin users without changing their roles.",116,"2026-02-20T04:50:00.000Z","5.0","",[90,91,21,92,24],"admin","dashboard","restrict-menu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbtn-admin-restrictor.1.0.0.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":16,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":88,"download_link":114,"security_score":115,"vuln_count":116,"unpatched_count":29,"last_vuln_date":117,"fetched_at":31},"advanced-access-manager","Advanced Access Manager – Access Governance for WordPress","7.1.0","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>\u003Cstrong>Advanced Access Manager (AAM)\u003C\u002Fstrong> introduces \u003Cstrong>Access Governance for WordPress\u003C\u002Fstrong> – a systematic approach to securing your site by controlling who can access what, when, and why.\u003C\u002Fp>\n\u003Cp>Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the \u003Cstrong>root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Instead of reacting to attacks, AAM helps you \u003Cstrong>design security into your WordPress site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>What Access Governance means in practice\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mitigate Broken Access Controls\u003C\u002Fstrong>. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate Excessive Privileges\u003C\u002Fstrong>. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Content by Design\u003C\u002Fstrong>. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govern Access with Policy\u003C\u002Fstrong>. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Custom Security Logic\u003C\u002Fstrong>. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong>. Detect risky role assignments, misconfigurations, and compromised accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Access Control\u003C\u002Fstrong>. Manage permissions for any user, role, or visitor with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role & Capability Management\u003C\u002Fstrong>. Customize WordPress roles and capabilities beyond defaults.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin & Menu Control\u003C\u002Fstrong>. Restrict dashboard areas and tailor the admin experience per user or role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API & Endpoint Protection\u003C\u002Fstrong>. Secure REST and XML-RPC access with fine-grained controls.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication Options\u003C\u002Fstrong>. Support passwordless and secure login flows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Ready Framework\u003C\u002Fstrong>. Extend WordPress security using AAM’s powerful SDK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad-Free & Transparent\u003C\u002Fstrong>. – No ads, no tracking, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Security-Conscious WordPress Users\u003C\u002Fh4>\n\u003Cp>AAM is trusted by \u003Cstrong>150,000+ websites\u003C\u002Fstrong> to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you \u003Cstrong>full control over WordPress access — by design\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Most core features are free. Advanced capabilities are available via premium add-ons.\u003C\u002Fp>\n\u003Cp>No hidden tracking. No data collection. No unwanted changes.\u003Cbr \u002F>\nJust \u003Cstrong>security you can reason about, audit, and trust\u003C\u002Fstrong>.\u003C\u002Fp>\n","Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.",100000,7384389,84,420,"2026-03-08T15:53:00.000Z","5.8.0","5.6.0",[110,111,112,24,113],"access-governance","api-security","restricted-content","user-roles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-access-manager.7.1.0.zip",95,11,"2024-03-20 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":13,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":88,"tags":132,"homepage":137,"download_link":138,"security_score":139,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-force-login","Force Login","5.6.3","Kevin Vess","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevinvess\u002F","\u003Cp>Easily hide your WordPress site from public viewing by requiring visitors to log in first. As simple as flipping a switch.\u003C\u002Fp>\n\u003Cp>Make your website private until it’s ready to share publicly, or keep it private for members only.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Multisite compatible.\u003C\u002Fli>\n\u003Cli>Login redirects visitors back to the url they tried to visit.\u003C\u002Fli>\n\u003Cli>Extensive Developer API (hooks & filters).\u003C\u002Fli>\n\u003Cli>Customizable. Set a specific URL to always redirect to on login.\u003C\u002Fli>\n\u003Cli>Filter exceptions for certain pages or posts.\u003C\u002Fli>\n\u003Cli>Restrict REST API to authenticated users.\u003C\u002Fli>\n\u003Cli>Translation Ready & WPML certified.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Bug Reports\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Bug reports for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkevinvess\u002Fwp-force-login\" rel=\"nofollow ugc\">Force Login are welcomed on GitHub\u003C\u002Fa>. Please note that GitHub is \u003Cem>not\u003C\u002Fem> a support forum.\u003C\u002Fp>\n","Force Login is a simple lightweight plugin that requires visitors to log in to interact with the website.",30000,8925536,101,"2025-02-07T16:57:00.000Z","6.7.5","4.6",[22,133,134,135,136],"private","protected","registered-only","restricted","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-force-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-force-login.5.6.3.zip",92,{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":126,"downloaded":148,"rating":149,"num_ratings":150,"last_updated":151,"tested_up_to":16,"requires_at_least":152,"requires_php":153,"tags":154,"homepage":159,"download_link":160,"security_score":161,"vuln_count":162,"unpatched_count":29,"last_vuln_date":163,"fetched_at":31},"wpfront-user-role-editor","WPFront User Role Editor","4.2.4","Syam Mohan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsyammohanm\u002F","\u003Cp>WPFront User Role Editor plugin allows you to easily manage WordPress user roles within your site.\u003Cbr \u002F>\nYou can create, edit or delete user roles and manage role capabilities.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create new roles.\u003C\u002Fli>\n\u003Cli>Edit or rename existing roles.\u003C\u002Fli>\n\u003Cli>Clone existing roles.\u003C\u002Fli>\n\u003Cli>Manage capabilities.\u003C\u002Fli>\n\u003Cli>Allows you to add role capabilities.\u003C\u002Fli>\n\u003Cli>Change default user role.\u003C\u002Fli>\n\u003Cli>Add or Remove capabilities.\u003C\u002Fli>\n\u003Cli>Restore role.\u003C\u002Fli>\n\u003Cli>Assign multiple roles.\u003C\u002Fli>\n\u003Cli>Migrate users.\u003C\u002Fli>\n\u003Cli>Navigation menu permissions basic.\u003C\u002Fli>\n\u003Cli>Widget permissions basic.\u003C\u002Fli>\n\u003Cli>Login redirect basic.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmenu-editor\u002F\" rel=\"nofollow ugc\">Admin menu editor.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmedia-attachment-file-permissions\u002F\" rel=\"nofollow ugc\">Media library permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fuser-level-permissions\u002F\" rel=\"nofollow ugc\">User level permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fnavigation-menu-permissions\u002F\" rel=\"nofollow ugc\">Navigation menu permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fwidget-permissions\u002F\" rel=\"nofollow ugc\">Widget permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Flogin-redirect\u002F\" rel=\"nofollow ugc\">Login redirect advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fposts-pages-extended-permissions\u002F\" rel=\"nofollow ugc\">Post\u002FPage extended permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcustom-post-type-permissions\u002F\" rel=\"nofollow ugc\">Custom post type permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcontent-restriction-shortcodes\u002F\" rel=\"nofollow ugc\">Content restriction shortcodes.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fexport-roles\u002F\" rel=\"nofollow ugc\">Import\u002FExport.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmultisite-sync-roles\u002F\" rel=\"nofollow ugc\">Multisite support.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compare \u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fppro\" rel=\"nofollow ugc\">User Role Editor Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Spanish tutorial\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FYRZdWH-uukI?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.",962618,90,65,"2025-12-02T16:53:00.000Z","5.1","7.0",[155,156,24,157,158],"capability-manager","role-editor","user-access","user-permissions","http:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpfront-user-role-editor.4.2.4.zip",94,5,"2025-09-26 00:00:00",{"attackSurface":165,"codeSignals":285,"taintFlows":298,"riskAssessment":299,"analyzedAt":304},{"hooks":166,"ajaxHandlers":270,"restRoutes":281,"shortcodes":282,"cronEvents":283,"entryPointCount":284,"unprotectedCount":29},[167,173,177,181,184,188,191,196,200,203,207,210,214,218,222,226,229,232,235,239,243,245,248,251,254,258,260,262,266],{"type":168,"name":169,"callback":170,"file":171,"line":172},"action","admin_notices","render_php_compat_error","10up-lib\\wp-compat-validation-tool\\src\\Validator.php",137,{"type":168,"name":169,"callback":174,"file":175,"line":176},"closure","restricted_site_access.php",37,{"type":168,"name":178,"callback":179,"priority":28,"file":175,"line":180},"parse_request","restrict_access",141,{"type":168,"name":182,"callback":182,"priority":28,"file":175,"line":183},"admin_init",142,{"type":168,"name":185,"callback":186,"file":175,"line":187},"init","generate_nonce",143,{"type":168,"name":185,"callback":189,"file":175,"line":190},"populate_fields",144,{"type":168,"name":192,"callback":193,"priority":194,"file":175,"line":195},"wpmu_new_blog","set_defaults",10,149,{"type":168,"name":197,"callback":198,"file":175,"line":199},"admin_enqueue_scripts","enqueue_admin_script",150,{"type":168,"name":201,"callback":201,"file":175,"line":202},"admin_footer",153,{"type":204,"name":205,"callback":205,"priority":194,"file":175,"line":206},"filter","pre_option_blog_public",155,{"type":204,"name":208,"callback":205,"priority":194,"file":175,"line":209},"pre_site_option_blog_public",156,{"type":204,"name":211,"callback":212,"file":175,"line":213},"application_password_is_api_request","is_api_request",157,{"type":204,"name":215,"callback":216,"priority":194,"file":175,"line":217},"show_admin_bar","hide_admin_bar_for_roles",160,{"type":204,"name":219,"callback":220,"file":175,"line":221},"do_redirect_guess_404_permalink","__return_false",163,{"type":204,"name":223,"callback":224,"file":175,"line":225},"wp_headers","maybe_add_no_cache_headers",165,{"type":204,"name":227,"callback":227,"file":175,"line":228},"privacy_on_link_text",825,{"type":204,"name":230,"callback":230,"file":175,"line":231},"privacy_on_link_title",826,{"type":168,"name":233,"callback":233,"file":175,"line":234},"blog_privacy_selector",832,{"type":168,"name":236,"callback":237,"file":175,"line":238},"load-settings.php","load_network_settings_page",895,{"type":168,"name":240,"callback":241,"file":175,"line":242},"network_admin_notices","page_cache_notice",896,{"type":168,"name":169,"callback":241,"file":175,"line":244},899,{"type":168,"name":169,"callback":246,"file":175,"line":247},"admin_notice",1187,{"type":168,"name":249,"callback":249,"file":175,"line":250},"admin_head",1188,{"type":168,"name":252,"callback":252,"file":175,"line":253},"admin_body_class",1189,{"type":204,"name":255,"callback":256,"priority":194,"file":175,"line":257},"wp_dropdown_pages","filter_page_dropdown",1191,{"type":168,"name":252,"callback":252,"file":175,"line":259},1204,{"type":168,"name":249,"callback":249,"file":175,"line":261},1205,{"type":168,"name":263,"callback":264,"file":175,"line":265},"wpmu_options","show_network_settings",1206,{"type":168,"name":267,"callback":268,"file":175,"line":269},"update_wpmu_options","save_network_settings",1207,[271,277],{"action":272,"nopriv":273,"callback":274,"hasNonce":275,"hasCapCheck":273,"file":175,"line":276},"rsa_ip_check",false,"ajax_rsa_ip_check",true,145,{"action":278,"nopriv":273,"callback":279,"hasNonce":275,"hasCapCheck":275,"file":175,"line":280},"rsa_notice_dismiss","ajax_notice_dismiss",151,[],[],[],2,{"dangerousFunctions":286,"sqlUsage":287,"outputEscaping":289,"fileOperations":29,"externalRequests":29,"nonceChecks":284,"capabilityChecks":284,"bundledLibraries":297},[],{"prepared":29,"raw":29,"locations":288},[],{"escaped":290,"rawEcho":284,"locations":291},69,[292,295],{"file":175,"line":293,"context":294},946,"raw output",{"file":175,"line":296,"context":294},1576,[],[],{"summary":300,"deductions":301},"The plugin \"restricted-site-access\" v7.6.1 demonstrates a generally good security posture based on the static analysis. The complete absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. Furthermore, the plugin implements nonce and capability checks for all identified entry points, suggesting a strong defense against common attack vectors. The high percentage of properly escaped output also contributes positively to its security, minimizing risks associated with cross-site scripting.\n\nHowever, the vulnerability history presents a notable concern. With one known CVE, even though it's patched, it indicates a past susceptibility to vulnerabilities, specifically \"Authorization Bypass Through User-Controlled Key.\" While there are no currently unpatched vulnerabilities or critical\u002Fhigh severity issues from the past, the fact that a medium severity vulnerability of this nature existed warrants attention. The static analysis shows no current taint flows or unsanitized paths, which is positive, but the historical context of an authorization bypass is a reminder that code complexity, even when seemingly well-protected, can harbor subtle flaws.\n\nIn conclusion, \"restricted-site-access\" v7.6.1 is built with many secure coding practices. The robust implementation of authentication and authorization checks for its entry points is a significant strength. The absence of dangerous code constructs further bolsters its security. The primary weakness lies in its past vulnerability history, specifically the authorization bypass issue, which, although patched, highlights a potential area of complexity that has previously led to security flaws. Vigilance and ongoing security reviews are recommended.",[302],{"reason":303,"points":162},"Past medium severity vulnerability (Authorization Bypass)","2026-03-16T17:35:25.802Z",{"wat":306,"direct":315},{"assetPaths":307,"generatorPatterns":310,"scriptPaths":311,"versionParams":312},[308,309],"\u002Fwp-content\u002Fplugins\u002Frestricted-site-access\u002Fassets\u002Fcss\u002Fbackend.css","\u002Fwp-content\u002Fplugins\u002Frestricted-site-access\u002Fassets\u002Fjs\u002Fbackend.js",[],[309],[313,314],"restricted-site-access\u002Fassets\u002Fcss\u002Fbackend.css?ver=","restricted-site-access\u002Fassets\u002Fjs\u002Fbackend.js?ver=",{"cssClasses":316,"htmlComments":319,"htmlAttributes":320,"restEndpoints":322,"jsGlobals":324,"shortcodeOutput":329},[317,318],"rsa-notice","rsa-notice-wrapper",[],[321],"data-rsa-settings-nonce",[323],"\u002Fwp-json\u002Frsa\u002Fv1\u002Fip-check",[325,326,327,328],"RSA_IS_NETWORK","RSA_NONCE","RSA_ajax_url","RSA_options",[]]